package com.cloudera.cmf.service.hbase;

import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.cmf.service.ValidationContext;
import com.cloudera.cmf.service.config.BooleanParamSpec;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.StringEnumParamSpec;
import com.cloudera.cmf.service.hbase.HBaseThriftAuthenticationValidator;
import com.cloudera.cmf.service.upgrade.KeystoreIndexer70Test;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.enterprise.I18nKeyTestHelper;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableSet;
import java.util.Collections;
import java.util.Set;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/hbase/HBaseThriftAuthenticationValidatorTest.class */
public class HBaseThriftAuthenticationValidatorTest extends MockBaseTest {
    private MockTestCluster cluster;
    private static final Set<MessageWithArgs> EMPTY_SET = Collections.emptySet();

    private void setupCluster(Release release) {
        this.cluster = MockTestCluster.builder(this).cdhVersion(release).hostCount(4).services(MockTestCluster.YARN_ST, "HDFS", MockTestCluster.HBASE_ST).roles("yarn1", "host1", MockTestCluster.RM_RT).roles("hdfs1", "host1", MockTestCluster.NN_RT).roles("hdfs1", "host1", MockTestCluster.DN_RT).roles("hdfs1", "host2", MockTestCluster.DN_RT).roles("hdfs1", "host3", MockTestCluster.DN_RT).roles("hdfs1", "host4", MockTestCluster.DN_RT).roles(KeystoreIndexer70Test.HBASE, "host1", MockTestCluster.HBMASTER_RT).roles(KeystoreIndexer70Test.HBASE, "host1", MockTestCluster.RS_RT).roles(KeystoreIndexer70Test.HBASE, "host2", MockTestCluster.RS_RT).roles(KeystoreIndexer70Test.HBASE, "host3", MockTestCluster.RS_RT).roles(KeystoreIndexer70Test.HBASE, "host4", MockTestCluster.RS_RT).roles(KeystoreIndexer70Test.HBASE, "host1", MockTestCluster.HBTS_RT).roles(KeystoreIndexer70Test.HBASE, "host2", MockTestCluster.HBTS_RT).roles(KeystoreIndexer70Test.HBASE, "host3", MockTestCluster.HBTS_RT).roles(KeystoreIndexer70Test.HBASE, "host4", MockTestCluster.HBTS_RT).build();
    }

    private void enableHBaseSecureAuthorization(boolean z) {
        createConfig(this.cluster.getService(KeystoreIndexer70Test.HBASE), (ParamSpec<BooleanParamSpec>) HbaseParams.HBASE_SECURE_AUTHORIZATION, (BooleanParamSpec) Boolean.valueOf(z));
    }

    private void enableHBaseThriftHTTP(boolean z) {
        createConfig(this.cluster.getService(KeystoreIndexer70Test.HBASE), (ParamSpec<BooleanParamSpec>) HbaseParams.HBASE_THRIFTSERVER_HTTP, (BooleanParamSpec) Boolean.valueOf(z));
    }

    private void setHBaseThriftSecureAuthentication(String str) {
        createConfig(this.cluster.getService(KeystoreIndexer70Test.HBASE), (ParamSpec<StringEnumParamSpec>) HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION, (StringEnumParamSpec) str);
    }

    private void enableHBaseThriftProxyUser(boolean z) {
        createConfig(this.cluster.getService(KeystoreIndexer70Test.HBASE), (ParamSpec<BooleanParamSpec>) HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER, (BooleanParamSpec) Boolean.valueOf(z));
    }

    private void enableHBaseThriftSSL(String str, boolean z) {
        createConfig(this.cluster.getRole(KeystoreIndexer70Test.HBASE, str, MockTestCluster.HBTS_RT), (ParamSpec<BooleanParamSpec>) HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE, (BooleanParamSpec) Boolean.valueOf(z));
    }

    private void enableHBaseThriftSSLOnRoleGroup(boolean z) {
        createConfig(this.cluster.getService(KeystoreIndexer70Test.HBASE).getBaseRoleConfigGroup(MockTestCluster.HBTS_RT), (ParamSpec<BooleanParamSpec>) HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE, (BooleanParamSpec) Boolean.valueOf(z));
    }

    private void testValidation(Set<MessageWithArgs> set, Set<MessageWithArgs> set2, Set<MessageWithArgs> set3) {
        testValidation(true, set, set2, set3);
    }

    private void testValidation(boolean z, Set<MessageWithArgs> set, Set<MessageWithArgs> set2, Set<MessageWithArgs> set3) {
        ValidationContext of;
        if (z) {
            of = ValidationContext.of(this.cluster.getRole(KeystoreIndexer70Test.HBASE, "host1", MockTestCluster.HBTS_RT));
        } else {
            DbService service = this.cluster.getService(KeystoreIndexer70Test.HBASE);
            of = ValidationContext.of(service, service.getBaseRoleConfigGroup(MockTestCluster.HBTS_RT));
        }
        HBaseThriftAuthenticationValidator hBaseThriftAuthenticationValidator = new HBaseThriftAuthenticationValidator();
        Assert.assertTrue("Validator should be suppressable", hBaseThriftAuthenticationValidator.isSuppressible());
        Assert.assertEquals("Wrong validator", "hbase_kerberos_secure_thrift_validator", hBaseThriftAuthenticationValidator.getNotificationProducerId());
        TestUtils.verifyValidations(of, new HBaseThriftAuthenticationValidator(), shr, set, set2, set3);
    }

    @Test
    public void testDefault() {
        setupCluster(CdhReleases.CDH5_11_0);
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndQOPAuthConf() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-conf");
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndQOPAuth() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth");
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndQOPAuthInt() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-int");
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndQOPNone() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("none");
        testValidation(EMPTY_SET, ImmutableSet.of(MessageWithArgs.of(HBaseThriftAuthenticationValidator.I18nKeys.SECURE_THRIFT_AUTH_MUST_SET_QOP.getKey(), new String[]{HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION.getDisplayName(), "auth-conf", "auth-int"})), EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationDisabledAndQOPNotNone() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(false);
        setHBaseThriftSecureAuthentication("auth-conf");
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPEnabledAndQOPAuthConfAddHTTPSSLEnabled() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-conf");
        enableHBaseThriftHTTP(true);
        enableHBaseThriftSSL("host1", true);
        enableHBaseThriftSSL("host2", true);
        enableHBaseThriftSSL("host3", true);
        enableHBaseThriftSSL("host4", true);
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPEnabledAndQOPAuthConfAddHTTPSSLDisabled() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-conf");
        enableHBaseThriftHTTP(true);
        enableHBaseThriftSSL("host1", false);
        enableHBaseThriftSSL("host2", false);
        enableHBaseThriftSSL("host3", false);
        enableHBaseThriftSSL("host4", false);
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPEnabledAndProxyAndHTTPSSLSetOnROle() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        enableHBaseThriftProxyUser(true);
        enableHBaseThriftHTTP(true);
        enableHBaseThriftSSL("host1", true);
        enableHBaseThriftSSL("host2", true);
        enableHBaseThriftSSL("host3", true);
        enableHBaseThriftSSL("host4", true);
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPEnabledAndProxyAndHTTPSSLNotSetOnROle() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        enableHBaseThriftProxyUser(true);
        enableHBaseThriftHTTP(true);
        enableHBaseThriftSSL("host1", false);
        enableHBaseThriftSSL("host2", true);
        enableHBaseThriftSSL("host3", true);
        enableHBaseThriftSSL("host4", true);
        testValidation(EMPTY_SET, ImmutableSet.of(MessageWithArgs.of(HBaseThriftAuthenticationValidator.I18nKeys.REQUIRE_SECURE_THRIFT_AUTH_SSL.getKey(), new String[]{HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_HTTP.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER.getDisplayName()})), EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPDisabledAndProxyUserEnabled() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-conf");
        enableHBaseThriftHTTP(false);
        enableHBaseThriftProxyUser(true);
        testValidation(EMPTY_SET, ImmutableSet.of(MessageWithArgs.of(HBaseThriftAuthenticationValidator.I18nKeys.HTTP_SERVER_REQUIRED.getKey(), new String[]{HbaseParams.HBASE_THRIFTSERVER_HTTP.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER.getDisplayName()})), EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPEnabledAndQOPAuthConfAndHTTPSSLEnabled() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-conf");
        enableHBaseThriftHTTP(true);
        enableHBaseThriftSSL("host1", true);
        enableHBaseThriftSSL("host2", true);
        enableHBaseThriftSSL("host3", true);
        enableHBaseThriftSSL("host4", true);
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPEnabledAndProxyAndOneHTTPSSLDisabledOnRoleGroup() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        enableHBaseThriftProxyUser(true);
        enableHBaseThriftHTTP(true);
        enableHBaseThriftSSLOnRoleGroup(false);
        testValidation(false, EMPTY_SET, ImmutableSet.of(MessageWithArgs.of(HBaseThriftAuthenticationValidator.I18nKeys.REQUIRE_SECURE_THRIFT_AUTH_SSL.getKey(), new String[]{HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_HTTP.getDisplayName(), HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER.getDisplayName()})), EMPTY_SET);
    }

    @Test
    public void testHBaseSecureAuthorizationEnabledAndThriftHTTPEnabledAndProxyAndOneHTTPSSLEnabledOnRoleGroup() {
        setupCluster(CdhReleases.CDH5_11_0);
        enableHBaseSecureAuthorization(true);
        enableHBaseThriftProxyUser(true);
        enableHBaseThriftHTTP(true);
        enableHBaseThriftSSLOnRoleGroup(true);
        testValidation(false, EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseQOPUnsupported() {
        setupCluster(CdhReleases.CDH5_1_0);
        enableHBaseSecureAuthorization(true);
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseHTTPAndProxyAndSSLUnsupportedAndQOPAuthConf() {
        setupCluster(CdhReleases.CDH5_3_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-conf");
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseHTTPAndProxyAndSSLUnsupportedAndQOPAuth() {
        setupCluster(CdhReleases.CDH5_3_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth");
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testHBaseHTTPAndProxyAndSSLUnsupportedAndQOPAuthInt() {
        setupCluster(CdhReleases.CDH5_3_0);
        enableHBaseSecureAuthorization(true);
        setHBaseThriftSecureAuthentication("auth-int");
        testValidation(EMPTY_SET, EMPTY_SET, EMPTY_SET);
    }

    @Test
    public void testI18n() {
        I18nKeyTestHelper.test(HBaseThriftAuthenticationValidator.I18nKeys.values());
    }
}
