package org.apache.hadoop.security.authentication.client;

import java.io.File;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.CharacterCodingException;
import java.util.Arrays;
import java.util.Properties;
import java.util.concurrent.Callable;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.reflect.FieldUtils;
import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.class */
public class TestKerberosAuthenticator extends KerberosSecurityTestcase {
    @Before
    public void setup() throws Exception {
        File file = new File(KerberosTestUtils.getKeytabFile());
        String clientPrincipal = KerberosTestUtils.getClientPrincipal();
        String serverPrincipal = KerberosTestUtils.getServerPrincipal();
        getKdc().createPrincipal(file, new String[]{clientPrincipal.substring(0, clientPrincipal.lastIndexOf("@")), serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@"))});
    }

    private Properties getAuthenticationHandlerConfiguration() {
        Properties properties = new Properties();
        properties.setProperty("type", "kerberos");
        properties.setProperty("kerberos.principal", KerberosTestUtils.getServerPrincipal());
        properties.setProperty("kerberos.keytab", KerberosTestUtils.getKeytabFile());
        properties.setProperty("kerberos.name.rules", "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm() + ")s/@.*//\n");
        properties.setProperty("kerberos.name.rules.mechanism", "hadoop");
        return properties;
    }

    private Properties getMultiAuthHandlerConfiguration() {
        Properties properties = new Properties();
        properties.setProperty("type", "multi-scheme");
        properties.setProperty("multi-scheme-auth-handler.schemes", "negotiate");
        properties.setProperty(String.format("multi-scheme-auth-handler.schemes.%s.handler", "negotiate"), "kerberos");
        properties.setProperty("kerberos.principal", KerberosTestUtils.getServerPrincipal());
        properties.setProperty("kerberos.keytab", KerberosTestUtils.getKeytabFile());
        properties.setProperty("kerberos.name.rules", "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm() + ")s/@.*//\n");
        return properties;
    }

    @Test(timeout = 60000)
    public void testFallbacktoPseudoAuthenticator() throws Exception {
        AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        Properties properties = new Properties();
        properties.setProperty("type", "simple");
        properties.setProperty("simple.anonymous.allowed", "false");
        AuthenticatorTestCase.setAuthenticationHandlerConfig(properties);
        authenticatorTestCase._testAuthentication(new KerberosAuthenticator(), false);
    }

    @Test(timeout = 60000)
    public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception {
        AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        Properties properties = new Properties();
        properties.setProperty("type", "simple");
        properties.setProperty("simple.anonymous.allowed", "true");
        AuthenticatorTestCase.setAuthenticationHandlerConfig(properties);
        authenticatorTestCase._testAuthentication(new KerberosAuthenticator(), false);
    }

    @Test(timeout = 60000)
    public void testNotAuthenticated() throws Exception {
        AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
        authenticatorTestCase.start();
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(authenticatorTestCase.getBaseURL()).openConnection();
            httpURLConnection.connect();
            Assert.assertEquals(401L, httpURLConnection.getResponseCode());
            Assert.assertTrue(httpURLConnection.getHeaderField("WWW-Authenticate") != null);
            authenticatorTestCase.stop();
        } catch (Throwable th) {
            authenticatorTestCase.stop();
            throw th;
        }
    }

    @Test(timeout = 60000)
    public void testAuthentication() throws Exception {
        final AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                authenticatorTestCase._testAuthentication(new KerberosAuthenticator(), false);
                return null;
            }
        });
    }

    @Test(timeout = 60000)
    public void testAuthenticationPost() throws Exception {
        final AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                authenticatorTestCase._testAuthentication(new KerberosAuthenticator(), true);
                return null;
            }
        });
    }

    @Test(timeout = 60000)
    public void testAuthenticationHttpClient() throws Exception {
        final AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                authenticatorTestCase._testAuthenticationHttpClient(new KerberosAuthenticator(), false);
                return null;
            }
        });
    }

    @Test(timeout = 60000)
    public void testAuthenticationHttpClientPost() throws Exception {
        final AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration());
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                authenticatorTestCase._testAuthenticationHttpClient(new KerberosAuthenticator(), true);
                return null;
            }
        });
    }

    @Test(timeout = 60000)
    public void testNotAuthenticatedWithMultiAuthHandler() throws Exception {
        AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getMultiAuthHandlerConfiguration());
        authenticatorTestCase.start();
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(authenticatorTestCase.getBaseURL()).openConnection();
            httpURLConnection.connect();
            Assert.assertEquals(401L, httpURLConnection.getResponseCode());
            Assert.assertTrue(httpURLConnection.getHeaderField("WWW-Authenticate") != null);
            authenticatorTestCase.stop();
        } catch (Throwable th) {
            authenticatorTestCase.stop();
            throw th;
        }
    }

    @Test(timeout = 60000)
    public void testAuthenticationWithMultiAuthHandler() throws Exception {
        final AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getMultiAuthHandlerConfiguration());
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                authenticatorTestCase._testAuthentication(new KerberosAuthenticator(), false);
                return null;
            }
        });
    }

    @Test(timeout = 60000)
    public void testAuthenticationHttpClientPostWithMultiAuthHandler() throws Exception {
        final AuthenticatorTestCase authenticatorTestCase = new AuthenticatorTestCase();
        AuthenticatorTestCase.setAuthenticationHandlerConfig(getMultiAuthHandlerConfiguration());
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                authenticatorTestCase._testAuthenticationHttpClient(new KerberosAuthenticator(), true);
                return null;
            }
        });
    }

    @Test(timeout = 60000)
    public void testWrapExceptionWithMessage() {
        IOException iOException = (IOException) KerberosAuthenticator.wrapExceptionWithMessage(new IOException("Induced exception"), "Error while authenticating with endpoint: localhost");
        Assert.assertEquals("Induced exception", iOException.getCause().getMessage());
        Assert.assertEquals("Error while authenticating with endpoint: localhost", iOException.getMessage());
        IOException iOException2 = (IOException) KerberosAuthenticator.wrapExceptionWithMessage(new AuthenticationException("Auth exception"), "Error while authenticating with endpoint: localhost");
        Assert.assertEquals("Auth exception", iOException2.getCause().getMessage());
        Assert.assertEquals("Error while authenticating with endpoint: localhost", iOException2.getMessage());
        CharacterCodingException characterCodingException = new CharacterCodingException();
        Exception wrapExceptionWithMessage = KerberosAuthenticator.wrapExceptionWithMessage(characterCodingException, "Error while authenticating with endpoint: localhost");
        Assert.assertTrue(characterCodingException instanceof CharacterCodingException);
        Assert.assertTrue(characterCodingException.equals(wrapExceptionWithMessage));
    }

    @Test(timeout = 60000)
    public void testNegotiate() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, IOException {
        KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
        HttpURLConnection httpURLConnection = (HttpURLConnection) Mockito.mock(HttpURLConnection.class);
        Mockito.when(httpURLConnection.getHeaderField("WWW-Authenticate")).thenReturn("Negotiate");
        Mockito.when(Integer.valueOf(httpURLConnection.getResponseCode())).thenReturn(401);
        Method declaredMethod = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate", HttpURLConnection.class);
        declaredMethod.setAccessible(true);
        Assert.assertTrue(((Boolean) declaredMethod.invoke(kerberosAuthenticator, httpURLConnection)).booleanValue());
    }

    @Test(timeout = 60000)
    public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, IOException {
        KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
        HttpURLConnection httpURLConnection = (HttpURLConnection) Mockito.mock(HttpURLConnection.class);
        Mockito.when(httpURLConnection.getHeaderField("www-authenticate")).thenReturn("Negotiate");
        Mockito.when(Integer.valueOf(httpURLConnection.getResponseCode())).thenReturn(401);
        Method declaredMethod = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate", HttpURLConnection.class);
        declaredMethod.setAccessible(true);
        Assert.assertTrue(((Boolean) declaredMethod.invoke(kerberosAuthenticator, httpURLConnection)).booleanValue());
    }

    @Test(timeout = 60000)
    public void testReadToken() throws NoSuchMethodException, IOException, IllegalAccessException, InvocationTargetException {
        KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
        FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
        Base64 base64 = new Base64();
        HttpURLConnection httpURLConnection = (HttpURLConnection) Mockito.mock(HttpURLConnection.class);
        Mockito.when(Integer.valueOf(httpURLConnection.getResponseCode())).thenReturn(401);
        Mockito.when(httpURLConnection.getHeaderField("WWW-Authenticate")).thenReturn("Negotiate " + Arrays.toString(base64.encode("foobar".getBytes())));
        Method declaredMethod = KerberosAuthenticator.class.getDeclaredMethod("readToken", HttpURLConnection.class);
        declaredMethod.setAccessible(true);
        declaredMethod.invoke(kerberosAuthenticator, httpURLConnection);
    }

    @Test(timeout = 60000)
    public void testReadTokenLowerCase() throws NoSuchMethodException, IOException, IllegalAccessException, InvocationTargetException {
        KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
        FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
        Base64 base64 = new Base64();
        HttpURLConnection httpURLConnection = (HttpURLConnection) Mockito.mock(HttpURLConnection.class);
        Mockito.when(Integer.valueOf(httpURLConnection.getResponseCode())).thenReturn(401);
        Mockito.when(httpURLConnection.getHeaderField("www-authenticate")).thenReturn("Negotiate" + Arrays.toString(base64.encode("foobar".getBytes())));
        Method declaredMethod = KerberosAuthenticator.class.getDeclaredMethod("readToken", HttpURLConnection.class);
        declaredMethod.setAccessible(true);
        declaredMethod.invoke(kerberosAuthenticator, httpURLConnection);
    }
}
