package org.apache.hadoop.hbase.security;

import com.google.common.collect.Lists;
import com.google.protobuf.ServiceException;
import java.io.File;
import java.io.IOException;
import java.lang.Thread;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import javax.security.sasl.SaslException;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.Server;
import org.apache.hadoop.hbase.ipc.BlockingRpcClient;
import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
import org.apache.hadoop.hbase.ipc.NettyRpcClient;
import org.apache.hadoop.hbase.ipc.RpcClient;
import org.apache.hadoop.hbase.ipc.RpcClientFactory;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.ipc.TestProtoBufRpc;
import org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl;
import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProtos;
import org.apache.hadoop.hbase.ipc.protobuf.generated.TestRpcServiceProtos;
import org.apache.hadoop.hbase.regionserver.TestSettingTimeoutOnBlockingPoint;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
@Category({SecurityTests.class, SmallTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/TestSecureIPC.class */
public class TestSecureIPC {
    private static MiniKdc KDC;
    private static String PRINCIPAL;
    String krbKeytab;
    String krbPrincipal;
    UserGroupInformation ugi;
    Configuration clientConf;
    Configuration serverConf;

    @Rule
    public ExpectedException exception = ExpectedException.none();

    @Parameterized.Parameter
    public String rpcClientImpl;
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());
    private static String HOST = TestProtoBufRpc.ADDRESS;

    /* loaded from: input_file:org/apache/hadoop/hbase/security/TestSecureIPC$TestThread.class */
    public static class TestThread extends Thread {
        private final TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface stub;

        public TestThread(TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface blockingInterface) {
            this.stub = blockingInterface;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                for (int i : new int[]{100, 1000, TestSettingTimeoutOnBlockingPoint.SleepCoprocessor.SLEEP_TIME}) {
                    String random = RandomStringUtils.random(i);
                    Assert.assertEquals(random, this.stub.echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage(random).m1180build()).getMessage());
                }
            } catch (ServiceException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    @Parameterized.Parameters(name = "{index}: rpcClientImpl={0}")
    public static Collection<Object[]> parameters() {
        return Arrays.asList(new Object[]{BlockingRpcClient.class.getName()}, new Object[]{NettyRpcClient.class.getName()});
    }

    @BeforeClass
    public static void setUp() throws Exception {
        KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
        PRINCIPAL = "hbase/" + HOST;
        KDC.createPrincipal(KEYTAB_FILE, new String[]{PRINCIPAL});
        HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
    }

    @AfterClass
    public static void tearDown() throws IOException {
        if (KDC != null) {
            KDC.stop();
        }
        TEST_UTIL.cleanupTestDir();
    }

    @Before
    public void setUpTest() throws Exception {
        this.krbKeytab = HBaseKerberosUtils.getKeytabFileForTesting();
        this.krbPrincipal = HBaseKerberosUtils.getPrincipalForTesting();
        this.ugi = loginKerberosPrincipal(this.krbKeytab, this.krbPrincipal);
        this.clientConf = HBaseKerberosUtils.getSecuredConfiguration();
        this.clientConf.set("hbase.rpc.client.impl", this.rpcClientImpl);
        this.serverConf = HBaseKerberosUtils.getSecuredConfiguration();
    }

    @Test
    public void testRpcCallWithEnabledKerberosSaslAuth() throws Exception {
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        Assert.assertSame(this.ugi, currentUser);
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, this.ugi.getAuthenticationMethod());
        Assert.assertEquals(this.krbPrincipal, this.ugi.getUserName());
        callRpcService(User.create(currentUser));
    }

    @Test
    public void testRpcFallbackToSimpleAuth() throws Exception {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("testuser", new String[]{"testuser"});
        Assert.assertNotSame(this.ugi, createUserForTesting);
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, createUserForTesting.getAuthenticationMethod());
        Assert.assertEquals("testuser", createUserForTesting.getUserName());
        this.clientConf.set("hbase.security.authentication", "simple");
        this.serverConf.setBoolean("hbase.ipc.server.fallback-to-simple-auth-allowed", true);
        callRpcService(User.create(createUserForTesting));
    }

    void setRpcProtection(String str, String str2) {
        this.clientConf.set("hbase.rpc.protection", str);
        this.serverConf.set("hbase.rpc.protection", str2);
    }

    @Test
    public void testSaslWithCommonQop() throws Exception {
        setRpcProtection("privacy,authentication", "authentication");
        callRpcService(User.create(this.ugi));
        setRpcProtection("authentication", "privacy,authentication");
        callRpcService(User.create(this.ugi));
        setRpcProtection("integrity,authentication", "privacy,authentication");
        callRpcService(User.create(this.ugi));
        setRpcProtection("integrity,authentication", "integrity,authentication");
        callRpcService(User.create(this.ugi));
        setRpcProtection("privacy,authentication", "privacy,authentication");
        callRpcService(User.create(this.ugi));
    }

    @Test
    @Ignore
    public void testSaslNoCommonQop() throws Exception {
        this.exception.expect(SaslException.class);
        this.exception.expectMessage("No common protection layer between client and server");
        setRpcProtection("integrity", "privacy");
        callRpcService(User.create(this.ugi));
    }

    private UserGroupInformation loginKerberosPrincipal(String str, String str2) throws Exception {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation.loginUserFromKeytab(str2, str);
        return UserGroupInformation.getLoginUser();
    }

    private void callRpcService(User user) throws Exception {
        SecurityInfo securityInfo = (SecurityInfo) Mockito.mock(SecurityInfo.class);
        Mockito.when(securityInfo.getServerPrincipal()).thenReturn(HBaseKerberosUtils.KRB_PRINCIPAL);
        SecurityInfo.addInfo("TestProtobufRpcProto", securityInfo);
        RpcServer rpcServer = new RpcServer((Server) null, "AbstractTestSecureIPC", Lists.newArrayList(new RpcServer.BlockingServiceAndInterface[]{new RpcServer.BlockingServiceAndInterface(TestProtobufRpcServiceImpl.SERVICE, (Class) null)}), new InetSocketAddress(HOST, 0), this.serverConf, new FifoRpcScheduler(this.serverConf, 1));
        rpcServer.start();
        try {
            RpcClient createClient = RpcClientFactory.createClient(this.clientConf, HConstants.DEFAULT_CLUSTER_ID.toString());
            Throwable th = null;
            try {
                try {
                    TestThread testThread = new TestThread(TestProtobufRpcServiceImpl.newBlockingStub(createClient, rpcServer.getListenerAddress(), user));
                    final Throwable[] thArr = new Throwable[1];
                    Collections.synchronizedList(new ArrayList());
                    testThread.setUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() { // from class: org.apache.hadoop.hbase.security.TestSecureIPC.1
                        @Override // java.lang.Thread.UncaughtExceptionHandler
                        public void uncaughtException(Thread thread, Throwable th2) {
                            thArr[0] = th2;
                        }
                    });
                    testThread.start();
                    testThread.join();
                    if (thArr[0] != null) {
                        while (thArr[0].getCause() != null) {
                            thArr[0] = thArr[0].getCause();
                        }
                        throw ((Exception) thArr[0]);
                    }
                    if (createClient != null) {
                        if (0 != 0) {
                            try {
                                createClient.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            createClient.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            rpcServer.stop();
        }
    }
}
