package com.cloudera.cmf.security;

import com.cloudera.cmf.command.BasicCmdArgs;
import com.cloudera.cmf.model.ClusterType;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.model.DbConfigContainer;
import com.cloudera.cmf.model.DbCredential;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.Enums;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.security.GenerateCredentialsCommand;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.cloudera.server.cmf.BaseTest;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.Future;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/security/GenerateCredentialsCommandTest.class */
public class GenerateCredentialsCommandTest extends BaseTest {
    private static List<String> expectedPrincipals;
    private static List<String> expectedPrincipalsImmutable;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cloudera/cmf/security/GenerateCredentialsCommandTest$MockGenerateCredentialsCommand.class */
    public static class MockGenerateCredentialsCommand extends GenerateCredentialsCommand {
        private final Semaphore start;

        MockGenerateCredentialsCommand(ServiceDataProvider serviceDataProvider, Semaphore semaphore) {
            super(serviceDataProvider, new BaseTest.MockKerberosCredentialsReader(serviceDataProvider));
            this.start = semaphore;
        }

        public String getName() {
            return "MockGenerateCredentials";
        }

        public final Callable<GenerateCredentialsCommand.GenerateCredentialsResult> createCallable(final GenerateCredentialsCommand.CredentialsToGenerate credentialsToGenerate) {
            return new Callable<GenerateCredentialsCommand.GenerateCredentialsResult>() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.MockGenerateCredentialsCommand.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public GenerateCredentialsCommand.GenerateCredentialsResult call() throws Exception {
                    Assert.assertEquals(GenerateCredentialsCommandTest.expectedPrincipals.remove(0), Iterables.getOnlyElement(credentialsToGenerate.role2Princ.values()));
                    GenerateCredentialsCommand.GenerateCredentialsResult generateCredentialsResult = new GenerateCredentialsCommand.GenerateCredentialsResult();
                    for (Long l : credentialsToGenerate.role2Princ.keySet()) {
                        generateCredentialsResult.mergedKeytabs.put(l, GenerateCredentialsCommandTest.genKeytabBytes(credentialsToGenerate.role2Princ.get(l), "mergedKeytab"));
                        for (String str : credentialsToGenerate.role2Princ.get(l)) {
                            generateCredentialsResult.credentials.put(str, str.getBytes());
                        }
                    }
                    MockGenerateCredentialsCommand.this.start.acquire();
                    return generateCredentialsResult;
                }
            };
        }
    }

    @Before
    public void setupTest() throws Exception {
        TestUtils.interpretCli(sdp, ImmutableList.of("createcluster c1 5", "createservice zk1 ZOOKEEPER c1", "createconfig enableSecurity true zk1", "createhost h1 h1 1.1.1.1 /default", "createhost h2 h2 2.2.2.2 /default"));
        expectedPrincipals = Lists.newArrayList();
        expectedPrincipals.add("zookeeper/h1@HADOOP.COM");
        expectedPrincipals.add("zookeeper/h2@HADOOP.COM");
        expectedPrincipalsImmutable = ImmutableList.copyOf(expectedPrincipals);
    }

    @After
    public void cleanup() {
        cleanDatabase();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] genKeytabBytes(Collection<String> collection, String str) throws Exception {
        EncryptionKey encryptionKey = new EncryptionKey(0, str.getBytes());
        Keytab keytab = new Keytab();
        collection.forEach(str2 -> {
            keytab.addEntry(new KeytabEntry(new PrincipalName(str2), new KerberosTime(), -1, encryptionKey));
        });
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keytab.store(byteArrayOutputStream);
        byteArrayOutputStream.flush();
        return byteArrayOutputStream.toByteArray();
    }

    @Test
    public void testIsAvailableAndExecutionOnUpdate() throws Exception {
        Semaphore semaphore = new Semaphore(0);
        MockGenerateCredentialsCommand mockGenerateCredentialsCommand = new MockGenerateCredentialsCommand(sdp, semaphore);
        ConcurrentMap runningCommands = mockGenerateCredentialsCommand.getRunningCommands();
        CmfEntityManager cmfEntityManager = new CmfEntityManager(emf);
        try {
            cmfEntityManager.begin();
            om.beginConfigWork(cmfEntityManager, "Test generate credentials");
            Assert.assertTrue(mockGenerateCredentialsCommand.isAvailable(null));
            om.createRole(cmfEntityManager, "zk1", "h1", "SERVER", false);
            DbCommand execute = mockGenerateCredentialsCommand.execute(null, BasicCmdArgs.of(new String[0]), null);
            Assert.assertFalse(mockGenerateCredentialsCommand.isAvailable(null));
            Assert.assertEquals(0L, runningCommands.size());
            mockGenerateCredentialsCommand.update(cmfEntityManager, execute);
            Assert.assertTrue(mockGenerateCredentialsCommand.isAvailable(null));
            Assert.assertEquals(execute.getId(), Iterables.getOnlyElement(runningCommands.keySet()));
            om.createRole(cmfEntityManager, "zk1", "h2", "SERVER", false);
            DbCommand execute2 = mockGenerateCredentialsCommand.execute(null, BasicCmdArgs.of(new String[0]), null);
            mockGenerateCredentialsCommand.update(cmfEntityManager, execute);
            mockGenerateCredentialsCommand.update(cmfEntityManager, execute2);
            Assert.assertEquals(execute.getId(), Iterables.getOnlyElement(runningCommands.keySet()));
            semaphore.release();
            ((Future) Iterables.getOnlyElement(runningCommands.values())).get(10L, TimeUnit.SECONDS);
            mockGenerateCredentialsCommand.update(cmfEntityManager, execute);
            Assert.assertEquals(0L, runningCommands.size());
            mockGenerateCredentialsCommand.update(cmfEntityManager, execute2);
            Assert.assertEquals(execute2.getId(), Iterables.getOnlyElement(runningCommands.keySet()));
            semaphore.release();
            ((Future) Iterables.getOnlyElement(runningCommands.values())).get(10L, TimeUnit.SECONDS);
            cmfEntityManager.rollback();
            cmfEntityManager.close();
        } catch (Throwable th) {
            cmfEntityManager.rollback();
            cmfEntityManager.close();
            throw th;
        }
    }

    @Test
    public void testOneOffHackForHttpPricipal() throws Exception {
        CmfEntityManager cmfEntityManager = (CmfEntityManager) Mockito.mock(CmfEntityManager.class);
        DbRole dbRole = (DbRole) Mockito.mock(DbRole.class);
        Mockito.when(dbRole.getId()).thenReturn(1L);
        Mockito.when(cmfEntityManager.findRoles(ImmutableList.of(1L))).thenReturn(ImmutableList.of(dbRole));
        GenerateCredentialsCommand.CredentialsToGenerate credentialsToGenerate = new GenerateCredentialsCommand.CredentialsToGenerate();
        credentialsToGenerate.role2Princ.put(1L, "oozie/host-1.cloudera.com@CLOUDERA.COM");
        credentialsToGenerate.role2Princ.put(1L, "HTTP/host-1.cloudera.com@CLOUDERA.COM");
        credentialsToGenerate.role2Princ.put(1L, "oozie/host-2.cloudera.com@CLOUDERA.COM");
        credentialsToGenerate.role2Princ.put(1L, "oozie/host-3.cloudera.com@CLOUDERA.COM");
        credentialsToGenerate.role2Princ.put(1L, "HTTP/host-2.cloudera.com@CLOUDERA.COM");
        GenerateCredentialsCommand generateCredentialsCommand = (GenerateCredentialsCommand) Mockito.spy(new GenerateCredentialsCommand(sdp) { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.1
            protected Map<String, String> setupEnv() throws IOException {
                return null;
            }

            byte[] generateKeytab(String str, Map<String, String> map, long j) throws IOException, InterruptedException {
                if (str.startsWith("HTTP/")) {
                    return "http-key-tab".getBytes();
                }
                if (str.startsWith("oozie/")) {
                    return "oozie-key-tab".getBytes();
                }
                Assert.fail();
                return null;
            }

            byte[] mergeKeytabsInternal(LinkedHashSet<byte[]> linkedHashSet) throws IOException, InterruptedException {
                StringBuilder sb = new StringBuilder();
                Iterator<byte[]> it = linkedHashSet.iterator();
                while (it.hasNext()) {
                    sb.append(new String(it.next())).append(",");
                }
                return sb.toString().getBytes();
            }
        });
        Mockito.when(generateCredentialsCommand.setupEnv()).thenReturn(Maps.newHashMap());
        byte[] bArr = (byte[]) ((GenerateCredentialsCommand.GenerateCredentialsResult) generateCredentialsCommand.createCallable(credentialsToGenerate).call()).mergedKeytabs.get(1L);
        Assert.assertNotNull(bArr);
        Assert.assertEquals("http-key-tab,http-key-tab,oozie-key-tab,oozie-key-tab,oozie-key-tab,", new String(bArr));
    }

    @Test
    public void testResultProcessor() {
        CmfEntityManager cmfEntityManager = (CmfEntityManager) Mockito.mock(CmfEntityManager.class);
        GenerateCredentialsCommand.GenerateCredentialsResult generateCredentialsResult = new GenerateCredentialsCommand.GenerateCredentialsResult();
        generateCredentialsResult.credentials.put("cred1", "cred1bytes".getBytes());
        generateCredentialsResult.mergedKeytabs.put(1L, "role1bytes".getBytes());
        DbRole dbRole = (DbRole) Mockito.mock(DbRole.class);
        Mockito.when(dbRole.getId()).thenReturn(1L);
        Mockito.when(cmfEntityManager.findRoles(ImmutableList.of(1L))).thenReturn(ImmutableList.of(dbRole));
        GenerateCredentialsCommand.RESULT_PROCESSOR.processResult(cmfEntityManager, generateCredentialsResult);
        ((CmfEntityManager) Mockito.verify(cmfEntityManager)).persistCredential(new DbCredential("cred1", "cred1bytes".getBytes()));
        ((DbRole) Mockito.verify(dbRole)).setMergedKeytab("role1bytes".getBytes());
    }

    @Test
    public void testSetupEnv() throws IOException {
        final MockGenerateCredentialsCommand mockGenerateCredentialsCommand = new MockGenerateCredentialsCommand(sdp, null);
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.2
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                GenerateCredentialsCommandTest.om.beginConfigWork(cmfEntityManager, "Test setup scripts");
                DbConfigContainer configContainer = cmfEntityManager.getScmConfigProvider().getConfigContainer();
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_KDC_DOMAIN, "fooDomain", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.KDC_HOST, "fooHost", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_ACCOUNT_PREFIX, "foo_123-x ", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_DELETE_ON_REGENERATE, true, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_SET_ENCRYPTION_TYPES, true, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
            }
        });
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.3
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                Map map = null;
                try {
                    map = mockGenerateCredentialsCommand.setupGenCredEnv();
                } catch (Exception e) {
                    Assert.fail();
                }
                Assert.assertEquals(ImmutableMap.of("KDC_TYPE", "MIT KDC"), map);
            }
        });
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.4
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                GenerateCredentialsCommandTest.om.beginConfigWork(cmfEntityManager, "Test setup scripts");
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.KDC_TYPE, "Active Directory", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
            }
        });
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.5
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                Map map = null;
                try {
                    map = mockGenerateCredentialsCommand.setupGenCredEnv();
                } catch (Exception e) {
                    Assert.fail();
                }
                HashMap newHashMap = Maps.newHashMap();
                newHashMap.put("KDC_TYPE", "Active Directory");
                newHashMap.put("DOMAIN", "fooDomain");
                newHashMap.put("AD_SERVER", "fooHost");
                newHashMap.put("LDAPS_PORT", "636");
                newHashMap.put("LDAP_PORT", "389");
                newHashMap.put("ENC_TYPES", ScmParams.KRB_ENC_TYPES.toConfigFileString(ScmParams.KRB_ENC_TYPES.getDefaultValueNoVersion()));
                newHashMap.put("ACC_PREFIX", "foo_123-x ");
                newHashMap.put("AD_DELETE_ON_REGENERATE", "true");
                newHashMap.put("AD_SET_ENCRYPTION_TYPES", "true");
                Assert.assertEquals(newHashMap, map);
            }
        });
    }

    @Test
    public void testSetupAdParams() throws IOException {
        final MockGenerateCredentialsCommand mockGenerateCredentialsCommand = new MockGenerateCredentialsCommand(sdp, null);
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.6
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                GenerateCredentialsCommandTest.om.beginConfigWork(cmfEntityManager, "Test setup scripts");
                DbConfigContainer configContainer = cmfEntityManager.getScmConfigProvider().getConfigContainer();
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.KDC_TYPE, "Active Directory", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_KDC_DOMAIN, "fooDomain", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.KDC_HOST, "fooHost", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_ACCOUNT_PREFIX, "foo_123-x ", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
            }
        });
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.7
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                Map map = null;
                try {
                    map = mockGenerateCredentialsCommand.setupGenCredEnv();
                } catch (Exception e) {
                    Assert.fail();
                }
                HashMap newHashMap = Maps.newHashMap();
                newHashMap.put("KDC_TYPE", "Active Directory");
                newHashMap.put("DOMAIN", "fooDomain");
                newHashMap.put("AD_SERVER", "fooHost");
                newHashMap.put("LDAPS_PORT", "636");
                newHashMap.put("LDAP_PORT", "389");
                newHashMap.put("ENC_TYPES", ScmParams.KRB_ENC_TYPES.toConfigFileString(ScmParams.KRB_ENC_TYPES.getDefaultValueNoVersion()));
                newHashMap.put("ACC_PREFIX", "foo_123-x ");
                newHashMap.put("AD_DELETE_ON_REGENERATE", "false");
                newHashMap.put("AD_SET_ENCRYPTION_TYPES", "false");
                Assert.assertEquals(newHashMap, map);
            }
        });
    }

    private List<String> populateGenScriptArgs() {
        GenerateCredentialsCommand generateCredentialsCommand = new GenerateCredentialsCommand(sdp);
        File file = (File) Mockito.mock(File.class);
        File file2 = (File) Mockito.mock(File.class);
        HashMap newHashMap = Maps.newHashMap();
        Mockito.when(file.getAbsolutePath()).thenReturn("badkeytabfile");
        Mockito.when(file2.getAbsolutePath()).thenReturn("badkeygenfile");
        return generateCredentialsCommand.generateScriptArgs(expectedPrincipals.get(0), newHashMap, 432000L, file, file2);
    }

    @Test
    public void testGenerateEncTypes() {
        GenerateCredentialsCommand generateCredentialsCommand = new GenerateCredentialsCommand(sdp);
        Assert.assertEquals(28L, generateCredentialsCommand.generateEncTypes("rc4-hmac aes128-cts aes256-cts"));
        Assert.assertEquals(12L, generateCredentialsCommand.generateEncTypes("rc4-hmac aes128-cts"));
        Assert.assertEquals(3L, generateCredentialsCommand.generateEncTypes("des-cbc-crc des-cbc-md5"));
    }

    @Test
    public void testGenerateUac() {
        GenerateCredentialsCommand generateCredentialsCommand = new GenerateCredentialsCommand(sdp);
        Assert.assertEquals(2163200L, generateCredentialsCommand.generateUac(1));
        Assert.assertEquals(66048L, generateCredentialsCommand.generateUac(16));
        Assert.assertEquals(2163200L, generateCredentialsCommand.generateUac(2));
        Assert.assertEquals(2163200L, generateCredentialsCommand.generateUac(3));
        Assert.assertEquals(66048L, generateCredentialsCommand.generateUac(4));
        Assert.assertEquals(66048L, generateCredentialsCommand.generateUac(12));
        Assert.assertEquals(66048L, generateCredentialsCommand.generateUac(8));
        Assert.assertEquals(66048L, generateCredentialsCommand.generateUac(16));
        Assert.assertEquals(66048L, generateCredentialsCommand.generateUac(28));
        Assert.assertEquals(2163200L, generateCredentialsCommand.generateUac(5));
        Assert.assertEquals(2163200L, generateCredentialsCommand.generateUac(7));
    }

    @Test
    public void testGenerateScriptArgs() throws IOException {
        Assert.assertEquals(4L, populateGenScriptArgs().size());
    }

    @Test
    public void testGenerateCustomScriptArgs() throws IOException {
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.8
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                GenerateCredentialsCommandTest.om.beginConfigWork(cmfEntityManager, "Test setup scripts");
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.GEN_KEYTAB_SCRIPT, "custom", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
            }
        });
        Assert.assertEquals(3L, populateGenScriptArgs().size());
    }

    private int charCounter(String str, String str2) {
        int i = 0;
        while (Pattern.compile(str2).matcher(str).find()) {
            i++;
        }
        return i;
    }

    @Test
    public void testGeneratePassword() {
        GenerateCredentialsCommand generateCredentialsCommand = new GenerateCredentialsCommand(sdp);
        generateCredentialsCommand.passwordProperties = new PasswordProperties(15, 2, 2, 3, 1, 1, "?.!$-_+=~".toCharArray());
        String generateRandomPassword = generateCredentialsCommand.generateRandomPassword();
        Assert.assertEquals(15L, generateRandomPassword.length());
        Assert.assertTrue(generateRandomPassword.matches(".*[a-z].*"));
        Assert.assertTrue(generateRandomPassword.matches(".*[A-Z].*"));
        Assert.assertTrue(generateRandomPassword.matches(".*\\d.*"));
        Assert.assertEquals(1L, countSpecialChars(generateRandomPassword, generateCredentialsCommand.passwordProperties.specialChars));
        Assert.assertTrue(generateRandomPassword.matches(".*[\\s].*"));
        Assert.assertTrue(charCounter(generateRandomPassword, "\\d") >= 3);
        Assert.assertTrue(charCounter(generateRandomPassword, "[a-z]") >= 2);
        Assert.assertTrue(charCounter(generateRandomPassword, "[A-Z]") >= 2);
    }

    @Test
    public void testBadAdEncTypes() throws IOException {
        final MockGenerateCredentialsCommand mockGenerateCredentialsCommand = new MockGenerateCredentialsCommand(sdp, null);
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.9
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                GenerateCredentialsCommandTest.om.beginConfigWork(cmfEntityManager, "Test setup scripts");
                DbConfigContainer configContainer = cmfEntityManager.getScmConfigProvider().getConfigContainer();
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.KDC_TYPE, "Active Directory", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_KDC_DOMAIN, "fooDomain", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.KDC_HOST, "fooHost", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_ACCOUNT_PREFIX, "foo_123-x ", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.AD_SET_ENCRYPTION_TYPES, true, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                GenerateCredentialsCommandTest.om.setConfig(cmfEntityManager, ScmParams.KRB_ENC_TYPES, ImmutableList.of("INVALID"), (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
            }
        });
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.security.GenerateCredentialsCommandTest.10
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                DbCommand execute = mockGenerateCredentialsCommand.execute(null, BasicCmdArgs.of(new String[0]), null);
                Assert.assertEquals("GenerateCredentialsCommand did not finish:", execute.getState(), Enums.CommandState.FINISHED.toString());
                Assert.assertFalse("GenerateCredentialsCommand did not fail:", execute.isSuccess());
            }
        });
    }

    @Test
    public void testArePrincipalsMissingInMergedKeytab() throws Exception {
        ArrayList newArrayList = Lists.newArrayList(new String[]{"hive/host1.cloudera.com@CLOUDERA.COM", "yarn/host1.cloudera.com@CLOUDERA.COM", "HTTP/host1.cloudera.com@CLOUDERA.COM"});
        byte[] genKeytabBytes = genKeytabBytes(newArrayList, "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.");
        byte[] genKeytabBytes2 = genKeytabBytes((Collection) newArrayList.stream().filter(str -> {
            return !str.startsWith("hive");
        }).collect(Collectors.toList()), "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.");
        Assert.assertFalse(GenerateCredentialsCommand.arePrincipalsMissingInMergedKeytab(genKeytabBytes, newArrayList));
        Assert.assertTrue(GenerateCredentialsCommand.arePrincipalsMissingInMergedKeytab(genKeytabBytes2, newArrayList));
    }

    @Test
    public void testFindMissingCredentials() {
        TestUtils.interpretCli(sdp, ImmutableList.of("createrole zk1s1 zk1 h1 SERVER", "createrole zk1s2 zk1 h2 SERVER", "createcluster proxycluster 5", "createservice zk2 ZOOKEEPER proxycluster", "createconfig enableSecurity true zk2", "createhost h3 h3 3.3.3.3 /default", "createhost h4 h4 4.4.4.4 /default", "createrole zk2s1 zk2 h3 SERVER", "createrole zk2s2 zk2 h4 SERVER"));
        GenerateCredentialsCommand generateCredentialsCommand = new GenerateCredentialsCommand(sdp);
        runInTransaction(cmfEntityManager -> {
            cmfEntityManager.findClusterByName("proxycluster").setClusterType(ClusterType.PROXY_CLUSTER);
            GenerateCredentialsCommand.CredentialsToGenerate findMissingCredentials = generateCredentialsCommand.findMissingCredentials(cmfEntityManager, (List) null);
            Assert.assertEquals(2L, findMissingCredentials.role2Princ.size());
            Collection values = findMissingCredentials.role2Princ.values();
            Iterator<String> it = expectedPrincipalsImmutable.iterator();
            while (it.hasNext()) {
                Assert.assertTrue(values.contains(it.next()));
            }
        });
    }

    private int countSpecialChars(String str, char[] cArr) {
        int i = 0;
        for (char c : cArr) {
            if (str.indexOf(c) != -1) {
                i++;
            }
        }
        return i;
    }
}
