package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.HandlerUtil;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.csd.components.JsonSdlObjectMapper;
import com.cloudera.csd.components.JsonSdlParser;
import com.cloudera.csd.descriptors.KerberosPrincipalDescriptor;
import com.cloudera.csd.descriptors.RoleDescriptor;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.cloudera.server.cmf.BaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.cloudera.spring.components.PrototypeFactory;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Iterator;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mock;

/* loaded from: input_file:com/cloudera/cmf/service/config/AuthToLocalEvaluatorTest.class */
public class AuthToLocalEvaluatorTest extends BaseTest {
    private static final String HDFS_PROP = "hadoop.security.auth_to_local";

    @Mock
    private PrototypeFactory<CmfEntityManager> cmfEmFactory;
    private final AuthToLocalEvaluator HDFS_EVAL = new AuthToLocalEvaluator(HDFS_PROP);

    private void setupCluster(Long l) {
        TestUtils.interpretCli(sdp, Lists.newArrayList(new String[]{"createcluster testcluster " + l, "createhost host1 host1 127.0.0.1 /default", "createservice hdfs HDFS testcluster", "createservice mr MAPREDUCE testcluster", "createservice oozie OOZIE testcluster", "createrole nn hdfs host1 NAMENODE", "createrole jt mr host1 JOBTRACKER", "createrole os oozie host1 OOZIE_SERVER", "createconfig hdfs_service hdfs mr", "createconfig trusted_realms REALM1 hdfs", "createservice zk ZOOKEEPER testcluster", "createconfig zookeeper_service zk hdfs", "createrole zks zk host1 SERVER"}));
        TestUtils.interpretCli(sdp, Lists.newArrayList(new String[]{"createconfig mapreduce_yarn_service mr oozie"}));
    }

    @After
    public void tearDown() {
        cleanDatabase();
    }

    @Test
    public void testCDHEvaluators() {
        setupCluster(5L);
        checkEvaluatedValueForRealm("nn", this.HDFS_EVAL, "REALM1", "REALM2");
        checkEvaluatedValueForRealm("jt", this.HDFS_EVAL, "REALM1", "REALM2");
        checkEvaluatedValueForRealm("zks", this.HDFS_EVAL, "REALM1", "REALM2");
    }

    private void checkEvaluatedValueForRealm(final String str, final AuthToLocalEvaluator authToLocalEvaluator, final String str2, final String str3) {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.config.AuthToLocalEvaluatorTest.1
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                DbRole findRoleByName = cmfEntityManager.findRoleByName(str);
                DbService service = findRoleByName.getService();
                RoleHandler roleHandler = AuthToLocalEvaluatorTest.sdp.getServiceHandlerRegistry().get(service).getRoleHandler(findRoleByName.getRoleType());
                try {
                    String value = ((EvaluatedConfig) Iterables.getOnlyElement(authToLocalEvaluator.evaluateConfig(AuthToLocalEvaluatorTest.sdp, service, findRoleByName, roleHandler, HandlerUtil.getConfigs(AuthToLocalEvaluatorTest.sdp, service, findRoleByName, roleHandler)))).getValue();
                    Assert.assertTrue(value.contains(str2));
                    Assert.assertFalse(value.contains(str3));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    @Test
    public void checkCsd() throws IOException {
        for (RoleDescriptor roleDescriptor : new JsonSdlParser(new JsonSdlObjectMapper()).parse(Files.readAllBytes(Paths.get("../csd/RANGER/src/descriptor/service.sdl", new String[0]))).getRoles()) {
            if (roleDescriptor.getName().equals(MockTestCluster.RANGERADMIN_RT)) {
                Iterator it = roleDescriptor.getKerberosPrincipals().iterator();
                while (it.hasNext()) {
                    if (((KerberosPrincipalDescriptor) it.next()).getName().equals("rangeradmin_principal")) {
                        Assert.assertTrue(roleDescriptor.getRunAs().getPrincipal().equals("rangeradmin"));
                    }
                }
            } else if (roleDescriptor.getName().equals(MockTestCluster.RANGERTAGSYNC_RT)) {
                Iterator it2 = roleDescriptor.getKerberosPrincipals().iterator();
                while (it2.hasNext()) {
                    if (((KerberosPrincipalDescriptor) it2.next()).getName().equals("rangertagsync_principal")) {
                        Assert.assertTrue(roleDescriptor.getRunAs().getPrincipal().equals("rangertagsync"));
                    }
                }
            } else if (roleDescriptor.getName().equals(MockTestCluster.RANGERUSERSYNC_RT)) {
                Iterator it3 = roleDescriptor.getKerberosPrincipals().iterator();
                while (it3.hasNext()) {
                    if (((KerberosPrincipalDescriptor) it3.next()).getName().equals("rangerusersync_principal")) {
                        Assert.assertTrue(roleDescriptor.getRunAs().getPrincipal().equals("rangerusersync"));
                    }
                }
            }
        }
    }
}
