package com.cloudera.server.web.cmf;

import com.cloudera.cmf.model.DbConfigContainer;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.server.cmf.BaseTest;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:com/cloudera/server/web/cmf/CmfKerberosUserDetailsServiceTest.class */
public class CmfKerberosUserDetailsServiceTest extends BaseTest {
    private CMFKerberosUserDetailsService kerberosUds;
    private static final String alice = "alice";
    private static final String bob = "bob";

    @Before
    public void beforeTests() {
        CmfEntityManager cmfEntityManager = new CmfEntityManager(emf);
        try {
            try {
                cmfEntityManager.begin();
                cmfEntityManager.createBuiltInAuthRoles();
                om.addUser(cmfEntityManager, bob, "passwordBob");
                om.assignUserRoles(cmfEntityManager, om.addUser(cmfEntityManager, alice, "passwordAlice"), ImmutableSet.of(UserRole.ROLE_ADMIN));
                cmfEntityManager.commit();
                cmfEntityManager.close();
            } catch (Exception e) {
                cmfEntityManager.rollback();
                cmfEntityManager.close();
            }
            this.kerberosUds = new CMFKerberosUserDetailsService(emf);
            this.kerberosUds.setDelegateUds(uds);
        } catch (Throwable th) {
            cmfEntityManager.close();
            throw th;
        }
    }

    private void assertRole(UserRole userRole, Collection<? extends GrantedAuthority> collection) {
        if (userRole == null) {
            Assert.assertEquals(0L, collection.size());
            return;
        }
        HashSet newHashSet = Sets.newHashSet();
        Iterator<? extends GrantedAuthority> it = collection.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().getAuthority());
        }
        Assert.assertEquals(userRole.getAuthorities(), newHashSet);
    }

    @Test(expected = UsernameNotFoundException.class)
    public void testLoadUserByUsernameNonExistentUser() {
        this.kerberosUds.loadUserByUsername("doesnotexist");
    }

    @Test
    public void testLoadProxyUser() {
        this.kerberosUds.checkCreateFirstUser("admin");
        CmfEntityManager cmfEntityManager = new CmfEntityManager(emf);
        try {
            try {
                cmfEntityManager.begin();
                DbConfigContainer configContainer = cmfEntityManager.getScmConfigProvider().getConfigContainer();
                om.beginConfigWork(cmfEntityManager, "Setting proxy user principal");
                om.setConfig(cmfEntityManager, ScmParams.PROXYUSER_KNOX_PRINCIPAL, "proxyuser", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, configContainer, (DbHost) null);
                cmfEntityManager.commit();
                cmfEntityManager.close();
                UserDetails loadUserByUsername = this.kerberosUds.loadUserByUsername("proxyuser/host@REALM");
                Assert.assertEquals("proxyuser", loadUserByUsername.getUsername());
                Assert.assertEquals(ImmutableSet.of(), loadUserByUsername.getAuthorities());
                cmfEntityManager.close();
            } catch (RuntimeException e) {
                cmfEntityManager.rollback();
                throw e;
            }
        } catch (Throwable th) {
            cmfEntityManager.close();
            throw th;
        }
    }

    @Test
    public void testLoadUserByFullPrincipal() {
        this.kerberosUds.checkCreateFirstUser("admin");
        UserDetails loadUserByUsername = this.kerberosUds.loadUserByUsername(alice);
        Assert.assertEquals(alice, loadUserByUsername.getUsername());
        assertRole(UserRole.ROLE_ADMIN, loadUserByUsername.getAuthorities());
        UserDetails loadUserByUsername2 = this.kerberosUds.loadUserByUsername("alice@REALM");
        Assert.assertEquals(alice, loadUserByUsername2.getUsername());
        assertRole(UserRole.ROLE_ADMIN, loadUserByUsername2.getAuthorities());
        UserDetails loadUserByUsername3 = this.kerberosUds.loadUserByUsername("bob/host@REALM");
        Assert.assertEquals(bob, loadUserByUsername3.getUsername());
        assertRole(null, loadUserByUsername3.getAuthorities());
    }

    @Test
    public void testExcludeUsers() {
        try {
            this.kerberosUds.loadUserByUsername("admin@REALM");
            Assert.fail("Did not get expected UsernameNotFound");
        } catch (UsernameNotFoundException e) {
            Assert.assertEquals("User: admin is not allowed to authenticate using Kerberos", e.getMessage());
        }
        try {
            this.kerberosUds.loadUserByUsername("admin/host@REALM");
            Assert.fail("Did not get expected UsernameNotFound");
        } catch (UsernameNotFoundException e2) {
            Assert.assertEquals("User: admin is not allowed to authenticate using Kerberos", e2.getMessage());
        }
    }

    @Test
    public void testKerberosUserViaLdapAuth() {
        try {
            this.kerberosUds.setCmfUserLoader(new CmfLdapAuthenticationProvider(ImmutableList.of("ldap://w2k19-1.adv.sec.cloudera.com:389"), "proxyuser@ad.sec.cloudera.com", "REDACTED", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, "OU=Cloudera,DC=adv,DC=sec,DC=cloudera,DC=com", "sAMAccountName={0}", "OU=Cloudera,DC=adv,DC=sec,DC=cloudera,DC=com", "member={0}"));
            this.kerberosUds.loadUserByUsername("test99@root.hwx.site");
            throw new AssertionError("couldn't reach this point");
        } catch (Exception e) {
            Assert.assertNotEquals(e.getClass(), AssertionError.class);
            this.kerberosUds.setCmfUserLoader(new CmfPamAuthenticationProvider("root"));
            try {
                this.kerberosUds.loadUserByUsername("docker@root.hwx.site");
                throw new AssertionError("couldn't reach this point");
            } catch (Exception e2) {
                Assert.assertNotEquals(e2.getClass(), AssertionError.class);
            }
        }
    }
}
