package org.apache.hadoop.hbase.security.token;

import com.google.protobuf.BlockingService;
import com.google.protobuf.Descriptors;
import com.google.protobuf.RpcCallback;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hbase.ChoreService;
import org.apache.hadoop.hbase.ClusterId;
import org.apache.hadoop.hbase.CoordinatedStateManager;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.Server;
import org.apache.hadoop.hbase.ServerName;
import org.apache.hadoop.hbase.client.ClusterConnection;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.DummyConnectionRegistry;
import org.apache.hadoop.hbase.coprocessor.HasRegionServerServices;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
import org.apache.hadoop.hbase.ipc.NettyRpcServer;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.ipc.RpcServerFactory;
import org.apache.hadoop.hbase.ipc.RpcServerInterface;
import org.apache.hadoop.hbase.ipc.ServerRpcController;
import org.apache.hadoop.hbase.ipc.SimpleRpcServer;
import org.apache.hadoop.hbase.log.HBaseMarkers;
import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos;
import org.apache.hadoop.hbase.regionserver.RegionServerServices;
import org.apache.hadoop.hbase.security.SecurityInfo;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
import org.apache.hadoop.hbase.util.MultiThreadedReader;
import org.apache.hadoop.hbase.util.Sleeper;
import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.hbase.util.Threads;
import org.apache.hadoop.hbase.util.Writables;
import org.apache.hadoop.hbase.zookeeper.ZKClusterId;
import org.apache.hadoop.hbase.zookeeper.ZKWatcher;
import org.apache.hadoop.net.DNS;
import org.apache.hadoop.security.authorize.PolicyProvider;
import org.apache.hadoop.security.authorize.Service;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hbase.thirdparty.com.google.protobuf.Descriptors;
import org.apache.hbase.thirdparty.com.google.protobuf.Message;
import org.apache.hbase.thirdparty.com.google.protobuf.RpcController;
import org.apache.hbase.thirdparty.com.google.protobuf.ServiceException;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RunWith(Parameterized.class)
@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestTokenAuthentication.class */
public class TestTokenAuthentication {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestTokenAuthentication.class);

    @Parameterized.Parameter(MultiThreadedReader.DEFAULT_KEY_WINDOW)
    public String rpcServerImpl;
    private HBaseTestingUtility TEST_UTIL;
    private TokenServer server;
    private Thread serverThread;
    private AuthenticationTokenSecretManager secretManager;
    private ClusterId clusterId = new ClusterId();

    /* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestTokenAuthentication$NonShadedBlockingRpcCallback.class */
    private static class NonShadedBlockingRpcCallback<R> implements RpcCallback<R> {
        private R result;
        private boolean resultSet;

        private NonShadedBlockingRpcCallback() {
            this.resultSet = false;
        }

        public void run(R r) {
            synchronized (this) {
                this.result = r;
                this.resultSet = true;
                notifyAll();
            }
        }

        public synchronized R get() throws IOException {
            while (!this.resultSet) {
                try {
                    wait();
                } catch (InterruptedException e) {
                    InterruptedIOException interruptedIOException = new InterruptedIOException(e.getMessage());
                    interruptedIOException.initCause(e);
                    throw interruptedIOException;
                }
            }
            return this.result;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestTokenAuthentication$TokenServer.class */
    private static class TokenServer extends TokenProvider implements AuthenticationProtos.AuthenticationService.BlockingInterface, Runnable, Server {
        private static final Logger LOG = LoggerFactory.getLogger(TokenServer.class);
        private Configuration conf;
        private HBaseTestingUtility TEST_UTIL;
        private RpcServerInterface rpcServer;
        private InetSocketAddress isa;
        private ZKWatcher zookeeper;
        private Sleeper sleeper;
        private boolean started = false;
        private boolean aborted = false;
        private boolean stopped = false;
        private long startcode = EnvironmentEdgeManager.currentTime();

        public TokenServer(Configuration configuration, HBaseTestingUtility hBaseTestingUtility) throws IOException {
            this.conf = configuration;
            this.TEST_UTIL = hBaseTestingUtility;
            InetSocketAddress inetSocketAddress = new InetSocketAddress(Strings.domainNamePointerToHostName(DNS.getDefaultHost("default", "default")), 0);
            if (inetSocketAddress.getAddress() == null) {
                throw new IllegalArgumentException("Failed resolve of " + inetSocketAddress);
            }
            ArrayList arrayList = new ArrayList(1);
            final BlockingService newReflectiveBlockingService = AuthenticationProtos.AuthenticationService.newReflectiveBlockingService(this);
            arrayList.add(new RpcServer.BlockingServiceAndInterface(new org.apache.hbase.thirdparty.com.google.protobuf.BlockingService() { // from class: org.apache.hadoop.hbase.security.token.TestTokenAuthentication.TokenServer.1
                public Message callBlockingMethod(Descriptors.MethodDescriptor methodDescriptor, RpcController rpcController, Message message) throws ServiceException {
                    Descriptors.MethodDescriptor findMethodByName = newReflectiveBlockingService.getDescriptorForType().findMethodByName(methodDescriptor.getName());
                    try {
                        newReflectiveBlockingService.callBlockingMethod(findMethodByName, (com.google.protobuf.RpcController) null, newReflectiveBlockingService.getRequestPrototype(findMethodByName));
                        return null;
                    } catch (com.google.protobuf.ServiceException e) {
                        throw new ServiceException(e);
                    }
                }

                public Descriptors.ServiceDescriptor getDescriptorForType() {
                    return null;
                }

                public Message getRequestPrototype(Descriptors.MethodDescriptor methodDescriptor) {
                    return null;
                }

                public Message getResponsePrototype(Descriptors.MethodDescriptor methodDescriptor) {
                    return null;
                }
            }, AuthenticationProtos.AuthenticationService.BlockingInterface.class));
            this.rpcServer = RpcServerFactory.createRpcServer(this, "tokenServer", arrayList, inetSocketAddress, configuration, new FifoRpcScheduler(configuration, 1));
            InetSocketAddress listenerAddress = this.rpcServer.getListenerAddress();
            if (listenerAddress == null) {
                throw new IOException("Listener channel is closed");
            }
            this.isa = listenerAddress;
            this.sleeper = new Sleeper(1000, this);
        }

        public Configuration getConfiguration() {
            return this.conf;
        }

        /* renamed from: getConnection, reason: merged with bridge method [inline-methods] */
        public ClusterConnection m1344getConnection() {
            return null;
        }

        public ZKWatcher getZooKeeper() {
            return this.zookeeper;
        }

        public CoordinatedStateManager getCoordinatedStateManager() {
            return null;
        }

        public boolean isAborted() {
            return this.aborted;
        }

        public ServerName getServerName() {
            return ServerName.valueOf(this.isa.getHostName(), this.isa.getPort(), this.startcode);
        }

        public FileSystem getFileSystem() {
            return null;
        }

        public boolean isStopping() {
            return this.stopped;
        }

        public void abort(String str, Throwable th) {
            LOG.error(HBaseMarkers.FATAL, "Aborting on: " + str, th);
            this.aborted = true;
            this.stopped = true;
            this.sleeper.skipSleepCycle();
        }

        private void initialize() throws IOException {
            Configuration configuration = new Configuration(this.conf);
            configuration.set("hbase.security.authentication", "simple");
            this.zookeeper = new ZKWatcher(configuration, TokenServer.class.getSimpleName(), this, true);
            this.rpcServer.start();
            HasRegionServerServices hasRegionServerServices = (RegionCoprocessorEnvironment) Mockito.mock(RegionCoprocessorEnvironment.class, Mockito.withSettings().extraInterfaces(new Class[]{HasRegionServerServices.class}));
            Mockito.when(hasRegionServerServices.getConfiguration()).thenReturn(this.conf);
            Mockito.when(hasRegionServerServices.getClassLoader()).then(invocationOnMock -> {
                return Thread.currentThread().getContextClassLoader();
            });
            RegionServerServices regionServerServices = (RegionServerServices) Mockito.mock(RegionServerServices.class);
            Mockito.when(regionServerServices.getRpcServer()).thenReturn(this.rpcServer);
            Mockito.when(hasRegionServerServices.getRegionServerServices()).thenReturn(regionServerServices);
            super.start(hasRegionServerServices);
            this.started = true;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                initialize();
                while (!this.stopped) {
                    this.sleeper.sleep();
                }
            } catch (Exception e) {
                abort(e.getMessage(), e);
            }
            this.rpcServer.stop();
        }

        public boolean isStarted() {
            return this.started;
        }

        public void stop(String str) {
            LOG.info("Stopping due to: " + str);
            this.stopped = true;
            this.sleeper.skipSleepCycle();
        }

        public boolean isStopped() {
            return this.stopped;
        }

        public InetSocketAddress getAddress() {
            return this.isa;
        }

        public SecretManager<? extends TokenIdentifier> getSecretManager() {
            return this.rpcServer.getSecretManager();
        }

        public AuthenticationProtos.GetAuthenticationTokenResponse getAuthenticationToken(com.google.protobuf.RpcController rpcController, AuthenticationProtos.GetAuthenticationTokenRequest getAuthenticationTokenRequest) throws com.google.protobuf.ServiceException {
            LOG.debug("Authentication token request from " + ((String) RpcServer.getRequestUserName().orElse(null)));
            ServerRpcController serverRpcController = new ServerRpcController();
            NonShadedBlockingRpcCallback nonShadedBlockingRpcCallback = new NonShadedBlockingRpcCallback();
            getAuthenticationToken(null, getAuthenticationTokenRequest, nonShadedBlockingRpcCallback);
            try {
                serverRpcController.checkFailed();
                return (AuthenticationProtos.GetAuthenticationTokenResponse) nonShadedBlockingRpcCallback.get();
            } catch (IOException e) {
                throw new com.google.protobuf.ServiceException(e);
            }
        }

        public AuthenticationProtos.WhoAmIResponse whoAmI(com.google.protobuf.RpcController rpcController, AuthenticationProtos.WhoAmIRequest whoAmIRequest) throws com.google.protobuf.ServiceException {
            LOG.debug("whoAmI() request from " + ((String) RpcServer.getRequestUserName().orElse(null)));
            ServerRpcController serverRpcController = new ServerRpcController();
            NonShadedBlockingRpcCallback nonShadedBlockingRpcCallback = new NonShadedBlockingRpcCallback();
            whoAmI(null, whoAmIRequest, nonShadedBlockingRpcCallback);
            try {
                serverRpcController.checkFailed();
                return (AuthenticationProtos.WhoAmIResponse) nonShadedBlockingRpcCallback.get();
            } catch (IOException e) {
                throw new com.google.protobuf.ServiceException(e);
            }
        }

        public ChoreService getChoreService() {
            return null;
        }

        public ClusterConnection getClusterConnection() {
            return null;
        }

        public Connection createConnection(Configuration configuration) throws IOException {
            return null;
        }
    }

    @Parameterized.Parameters(name = "{index}: rpcServerImpl={0}")
    public static Collection<Object[]> parameters() {
        return Arrays.asList(new Object[]{SimpleRpcServer.class.getName()}, new Object[]{NettyRpcServer.class.getName()});
    }

    @Before
    public void setUp() throws Exception {
        this.TEST_UTIL = new HBaseTestingUtility();
        this.TEST_UTIL.getConfiguration().set(DummyConnectionRegistry.REGISTRY_IMPL_CONF_KEY, "org.apache.hadoop.hbase.client.ZKConnectionRegistry");
        this.TEST_UTIL.startMiniZKCluster();
        SecurityInfo.addInfo(AuthenticationProtos.AuthenticationService.getDescriptor().getName(), new SecurityInfo("hbase.test.kerberos.principal", AuthenticationProtos.TokenIdentifier.Kind.HBASE_AUTH_TOKEN));
        Configuration configuration = this.TEST_UTIL.getConfiguration();
        configuration.set("hadoop.security.authentication", "kerberos");
        configuration.set("hbase.security.authentication", "kerberos");
        configuration.setBoolean("hadoop.security.authorization", true);
        configuration.set("hbase.rpc.server.impl", this.rpcServerImpl);
        this.server = new TokenServer(configuration, this.TEST_UTIL);
        this.serverThread = new Thread(this.server);
        Threads.setDaemonThreadRunning(this.serverThread, "TokenServer:" + this.server.getServerName().toString());
        while (!this.server.isStarted() && !this.server.isStopped()) {
            Thread.sleep(10L);
        }
        this.server.rpcServer.refreshAuthManager(configuration, new PolicyProvider() { // from class: org.apache.hadoop.hbase.security.token.TestTokenAuthentication.1
            public Service[] getServices() {
                return new Service[]{new Service("security.client.protocol.acl", AuthenticationProtos.AuthenticationService.BlockingInterface.class)};
            }
        });
        ZKClusterId.setClusterId(this.server.getZooKeeper(), this.clusterId);
        this.secretManager = this.server.getSecretManager();
        while (this.secretManager.getCurrentKey() == null) {
            Thread.sleep(1L);
        }
    }

    @After
    public void tearDown() throws Exception {
        this.server.stop("Test complete");
        Threads.shutdown(this.serverThread);
        this.TEST_UTIL.shutdownMiniZKCluster();
    }

    @Test
    public void testTokenCreation() throws Exception {
        Token generateToken = this.secretManager.generateToken("testuser");
        AuthenticationTokenIdentifier authenticationTokenIdentifier = new AuthenticationTokenIdentifier();
        Writables.getWritable(generateToken.getIdentifier(), authenticationTokenIdentifier);
        Assert.assertEquals("Token username should match", "testuser", authenticationTokenIdentifier.getUsername());
        Assert.assertTrue("Token password and password from secret manager should match", Bytes.equals(generateToken.getPassword(), this.secretManager.retrievePassword(authenticationTokenIdentifier)));
    }

    @Test
    public void testUseExistingToken() throws Exception {
        User createUserForTesting = User.createUserForTesting(this.TEST_UTIL.getConfiguration(), "testuser2", new String[]{"testgroup"});
        Token generateToken = this.secretManager.generateToken(createUserForTesting.getName());
        Assert.assertNotNull(generateToken);
        createUserForTesting.addToken(generateToken);
        Token selectToken = new AuthenticationTokenSelector().selectToken(generateToken.getService(), createUserForTesting.getTokens());
        Assert.assertNotNull(selectToken);
        Assert.assertEquals(generateToken, selectToken);
        Connection createConnection = ConnectionFactory.createConnection(this.TEST_UTIL.getConfiguration());
        try {
            Assert.assertFalse(TokenUtil.addTokenIfMissing(createConnection, createUserForTesting));
            Assert.assertEquals(selectToken, new AuthenticationTokenSelector().selectToken(generateToken.getService(), createUserForTesting.getTokens()));
            createConnection.close();
        } catch (Throwable th) {
            createConnection.close();
            throw th;
        }
    }

    static {
        System.setProperty("java.security.krb5.realm", "hbase");
        System.setProperty("java.security.krb5.kdc", "blah");
    }
}
