package org.apache.sqoop.authentication;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.sqoop.infrastructure.kerberos.MiniKdcInfrastructureRule;
import org.apache.sqoop.testcategories.KerberizedTest;
import org.apache.sqoop.testcategories.sqooptest.IntegrationTest;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;

@Category({KerberizedTest.class, IntegrationTest.class})
/* loaded from: input_file:org/apache/sqoop/authentication/TestKerberosAuthenticator.class */
public class TestKerberosAuthenticator {
    private static final String KERBEROS_RULE_TEMPLATE = "RULE:[2:$1@$0](.*@%s)s/@%s//";

    @ClassRule
    public static MiniKdcInfrastructureRule miniKdc = new MiniKdcInfrastructureRule();
    private KerberosAuthenticator kerberosAuthenticator;

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Test
    public void testAuthenticateReturnsCurrentUserIfKerberosIsNotEnabled() throws Exception {
        this.kerberosAuthenticator = new KerberosAuthenticator(new Configuration(), miniKdc.getTestPrincipal(), miniKdc.getKeytabFilePath());
        Assert.assertSame(UserGroupInformation.getCurrentUser(), this.kerberosAuthenticator.authenticate());
    }

    @Test
    public void testAuthenticateReturnsAUserDifferentThanCurrentUserIfKerberosIsEnabled() throws Exception {
        this.kerberosAuthenticator = new KerberosAuthenticator(createKerberosConfiguration(), miniKdc.getTestPrincipal(), miniKdc.getKeytabFilePath());
        Assert.assertNotSame(UserGroupInformation.getCurrentUser(), this.kerberosAuthenticator.authenticate());
    }

    @Test
    public void testAuthenticateReturnsAKerberosAuthenticatedUserIfKerberosIsEnabled() throws Exception {
        this.kerberosAuthenticator = new KerberosAuthenticator(createKerberosConfiguration(), miniKdc.getTestPrincipal(), miniKdc.getKeytabFilePath());
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, this.kerberosAuthenticator.authenticate().getRealAuthenticationMethod());
    }

    @Test
    public void testAuthenticateReturnsAnAuthenticatedUserWithProperUsernameIfKerberosIsEnabled() throws Exception {
        this.kerberosAuthenticator = new KerberosAuthenticator(createKerberosConfiguration(), miniKdc.getTestPrincipal(), miniKdc.getKeytabFilePath());
        Assert.assertEquals(miniKdc.getTestPrincipal(), this.kerberosAuthenticator.authenticate().getUserName());
    }

    @Test
    public void testAuthenticateThrowsIfKerberosIsEnabledAndInvalidKeytabIsProvided() throws Exception {
        this.kerberosAuthenticator = new KerberosAuthenticator(createKerberosConfiguration(), miniKdc.getTestPrincipal(), "invalid_keytab_location");
        this.expectedException.expect(RuntimeException.class);
        this.expectedException.expectMessage("Kerberos authentication failed!");
        this.kerberosAuthenticator.authenticate();
    }

    @Test
    public void testAuthenticateThrowsIfKerberosIsEnabledAndInvalidPrincipalIsProvided() throws Exception {
        this.kerberosAuthenticator = new KerberosAuthenticator(createKerberosConfiguration(), "invalid_principal", miniKdc.getKeytabFilePath());
        this.expectedException.expect(RuntimeException.class);
        this.expectedException.expectMessage("Kerberos authentication failed!");
        this.kerberosAuthenticator.authenticate();
    }

    private Configuration createKerberosConfiguration() {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "kerberos");
        configuration.set("hadoop.security.auth_to_local", buildKerberosRule());
        return configuration;
    }

    private String buildKerberosRule() {
        return String.format(KERBEROS_RULE_TEMPLATE, miniKdc.getRealm(), miniKdc.getRealm());
    }
}
