package com.cloudera.cmf.service.csd.components;

import com.cloudera.cmf.model.DbConfigContainer;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.AbstractServiceTest;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.cmf.service.config.ConfigFile;
import com.cloudera.cmf.service.config.ConfigFileGenerator;
import com.cloudera.cmf.service.config.ConfigSpec;
import com.cloudera.cmf.service.config.EvaluatedConfig;
import com.cloudera.cmf.service.config.KerberosKeytabGenerator;
import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.csd.descriptors.KerberosPrincipalDescriptor;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.UnmodifiableIterator;
import java.io.FileNotFoundException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/service/csd/components/DynamicServiceKerberosTest.class */
public class DynamicServiceKerberosTest extends AbstractServiceTest {
    private static final String DEFAULT_REALM = (String) ScmParams.SECURITY_REALM.getDefaultValueNoVersion();
    private static long cdhVersion = 5;
    private static DynamicServiceHandler sh;

    @BeforeClass
    public static void setupCluster() throws FileNotFoundException {
        sh = CsdTestUtils.createServiceFullServiceHandler(shr, sdp, cdhVersion);
        TestUtils.interpretCli(sdp, Lists.newArrayList(new String[]{"createcluster cluster1 " + cdhVersion, "createservice hdfs1 HDFS cluster1", "createservice echo1 ECHO cluster1", "createconfig hdfs_service hdfs1 echo1", "createconfig dfs_name_dir_list /blah hdfs1 NAMENODE", "createconfig service_var1 foobar echo1", "createhost h1 h1 1.1.1.1 /default", "createrole nn1 hdfs1 h1 NAMENODE", "createrole m1 echo1 h1 ECHO_MASTER_SERVER", "createrole w1 echo1 h1 ECHO_WEBSERVER"}));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkAuthToLocalConfig(Map<ConfigFile, ConfigFileGenerator> map, boolean z) {
        boolean z2 = false;
        for (Map.Entry<ConfigFile, ConfigFileGenerator> entry : map.entrySet()) {
            if ("gateway-log4j.properties".equals(entry.getKey().getFilename())) {
                UnmodifiableIterator it = entry.getKey().getConfigs().iterator();
                while (it.hasNext()) {
                    EvaluatedConfig evaluatedConfig = (EvaluatedConfig) it.next();
                    if (evaluatedConfig.getName().equals("auth.to.local.rules")) {
                        Assert.assertFalse(z2);
                        z2 = true;
                        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(evaluatedConfig.getValue().contains("BLAH.COM")));
                    }
                }
            }
        }
        Assert.assertTrue(z2);
    }

    @Test
    public void testAuthToLocalEvaluator() {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.DynamicServiceKerberosTest.1
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName = cmfEntityManager.findServiceByName("echo1");
                ServiceHandler serviceHandler = DynamicServiceKerberosTest.shr.get(findServiceByName);
                try {
                    DynamicServiceKerberosTest.this.checkAuthToLocalConfig(serviceHandler.getClientConfigHandler().buildClientConfigFiles(findServiceByName), false);
                    DynamicServiceKerberosTest.om.setConfig(cmfEntityManager, HdfsParams.TRUSTED_REALMS, ImmutableList.of("BLAH.COM"), cmfEntityManager.findServiceByName("hdfs1"), (DbRole) null, (DbRoleConfigGroup) null, (DbConfigContainer) null, (DbHost) null);
                    DynamicServiceKerberosTest.this.checkAuthToLocalConfig(serviceHandler.getClientConfigHandler().buildClientConfigFiles(findServiceByName), true);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    @Test
    public void testKeytabFile() {
        Assert.assertNull(getKeytabGenerator(shr.get("ECHO", CdhReleases.of(cdhVersion)).getRoleHandler("ECHO_WEBSERVER")));
        Assert.assertEquals("echo.keytab", getKeytabGenerator(shr.get("ECHO", CdhReleases.of(cdhVersion)).getRoleHandler("ECHO_MASTER_SERVER")).getOutputFileName());
    }

    private KerberosKeytabGenerator getKeytabGenerator(RoleHandler roleHandler) {
        for (KerberosKeytabGenerator kerberosKeytabGenerator : roleHandler.getConfigSpec().getAllGenerators()) {
            if (kerberosKeytabGenerator instanceof KerberosKeytabGenerator) {
                return kerberosKeytabGenerator;
            }
        }
        return null;
    }

    @Test
    public void testDoesntRequiresCredentials() {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.DynamicServiceKerberosTest.2
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                Assert.assertFalse(DynamicServiceKerberosTest.sh.requiresCredentials(cmfEntityManager, cmfEntityManager.findServiceByName("echo1")));
            }
        });
    }

    @Test
    public void testRequiresCredentialsForDependency() {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.DynamicServiceKerberosTest.3
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                DynamicServiceKerberosTest.om.beginConfigWork(cmfEntityManager, "Make HDFS secure");
                DynamicServiceKerberosTest.om.setConfig(cmfEntityManager, SecurityParams.SECURE_AUTHENTICATION, "kerberos", cmfEntityManager.findServiceByName("hdfs1"), (DbRole) null, (DbRoleConfigGroup) null, (DbConfigContainer) null, (DbHost) null);
                Assert.assertTrue(DynamicServiceKerberosTest.sh.requiresCredentials(cmfEntityManager, cmfEntityManager.findServiceByName("echo1")));
                DynamicServiceKerberosTest.this.checkRolePrincipals(cmfEntityManager);
            }
        });
    }

    @Test
    public void testRequiresCredentialsForItself() {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.DynamicServiceKerberosTest.4
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName = cmfEntityManager.findServiceByName("echo1");
                DynamicServiceKerberosTest.om.beginConfigWork(cmfEntityManager, "Make Echo secure");
                DynamicServiceKerberosTest.om.setConfigUnsafe(cmfEntityManager, DynamicServiceKerberosTest.sh.getConfigSpec().getParam("service_kerb_var"), "true", findServiceByName, (DbRole) null, (DbRoleConfigGroup) null, (DbConfigContainer) null, (DbHost) null);
                Assert.assertTrue(DynamicServiceKerberosTest.sh.requiresCredentials(cmfEntityManager, findServiceByName));
                DynamicServiceKerberosTest.this.checkRolePrincipals(cmfEntityManager);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkRolePrincipals(CmfEntityManager cmfEntityManager) {
        DbRole findRoleByName = cmfEntityManager.findRoleByName("w1");
        RoleHandler roleHandler = shr.getRoleHandler(findRoleByName);
        Assert.assertFalse(roleHandler.requiresCredentials(cmfEntityManager, findRoleByName));
        Assert.assertTrue(roleHandler.getRequiredPrincipals(findRoleByName, (String) null).isEmpty());
        DbRole findRoleByName2 = cmfEntityManager.findRoleByName("m1");
        DynamicDaemonRoleHandler roleHandler2 = shr.getRoleHandler(findRoleByName2);
        Assert.assertTrue(roleHandler2.requiresCredentials(cmfEntityManager, findRoleByName2));
        Assert.assertEquals(ImmutableMap.of("ECHO_PRINCIPAL", "serviceprinc/h1@HADOOP.COM", "HTTP_PRINCIPAL", "HTTP/foobar@HADOOP.COM"), roleHandler2.getRequiredPrincipals(findRoleByName2, (String) null));
        Map environment = roleHandler2.getEnvironment(findRoleByName2, roleHandler2.prepareConfiguration(findRoleByName2));
        Assert.assertEquals("serviceprinc/h1@HADOOP.COM", environment.get("ECHO_PRINCIPAL"));
        Assert.assertEquals("HTTP/foobar@HADOOP.COM", environment.get("HTTP_PRINCIPAL"));
    }

    @Test
    public void testExternalPrincipals() {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.DynamicServiceKerberosTest.5
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                Assert.assertEquals(ImmutableMap.of("EXT_HARDCODED", "ext@HADOOP.COM", "EXT_CONFIG", "ext2/foobar@HADOOP.COM"), DynamicServiceKerberosTest.sh.getExternalPrincipals(cmfEntityManager.findServiceByName("echo1"), (String) null));
            }
        });
    }

    @Test
    public void testPrincipalGeneration() {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.DynamicServiceKerberosTest.6
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                DbRole findRoleByName = cmfEntityManager.findRoleByName("w1");
                DynamicDaemonRoleHandler roleHandler = DynamicServiceKerberosTest.shr.getRoleHandler(findRoleByName);
                DynamicServiceKerberosTest.this.runPrincipalTest(roleHandler, findRoleByName, ImmutableMap.of(new String[]{"key1", "FOO", "${host}"}, "FOO/h1@" + DynamicServiceKerberosTest.DEFAULT_REALM));
                DynamicServiceKerberosTest.this.runPrincipalTest(roleHandler, findRoleByName, ImmutableMap.of(new String[]{"key1", "FOO", "${host}"}, "FOO/h1@" + DynamicServiceKerberosTest.DEFAULT_REALM, new String[]{"key2", "FOO", "other_host"}, "FOO/other_host@" + DynamicServiceKerberosTest.DEFAULT_REALM));
                DynamicServiceKerberosTest.this.runPrincipalTest(roleHandler, findRoleByName, ImmutableMap.of(new String[]{"key1", "FOO", "${host}"}, "FOO/h1@" + DynamicServiceKerberosTest.DEFAULT_REALM, new String[]{"key2", "FOO", "http://other_host:1234/suffix"}, "FOO/other_host@" + DynamicServiceKerberosTest.DEFAULT_REALM));
                DynamicServiceKerberosTest.this.runPrincipalTest(roleHandler, findRoleByName, ImmutableMap.of(new String[]{"FOO", "FOO", "${host}"}, "FOO/h1@" + DynamicServiceKerberosTest.DEFAULT_REALM, new String[]{"BAR", "BAR", null}, "BAR@" + DynamicServiceKerberosTest.DEFAULT_REALM));
                ParamSpec param = roleHandler.getConfigSpec().getParam("role_var5");
                Assert.assertNotNull(param);
                Assert.assertNull(param.getDefaultValue(findRoleByName.getService().getServiceVersion()));
                DynamicServiceKerberosTest.this.runPrincipalTest(roleHandler, findRoleByName, ImmutableMap.of(new String[]{"FOO", "FOO", "${role_var5}"}, "FOO@" + DynamicServiceKerberosTest.DEFAULT_REALM, new String[]{"BAR", "BAR", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER}, "BAR@" + DynamicServiceKerberosTest.DEFAULT_REALM));
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void runPrincipalTest(DynamicDaemonRoleHandler dynamicDaemonRoleHandler, DbRole dbRole, Map<String[], String> map) {
        HashMap newHashMap = Maps.newHashMap();
        ArrayList newArrayList = Lists.newArrayList();
        for (Map.Entry<String[], String> entry : map.entrySet()) {
            KerberosPrincipalDescriptor kerberosPrincipalDescriptor = (KerberosPrincipalDescriptor) Mockito.mock(KerberosPrincipalDescriptor.class);
            Mockito.when(kerberosPrincipalDescriptor.getName()).thenReturn(entry.getKey()[0]);
            Mockito.when(kerberosPrincipalDescriptor.getPrimary()).thenReturn(entry.getKey()[1]);
            Mockito.when(kerberosPrincipalDescriptor.getInstance()).thenReturn(entry.getKey()[2]);
            newArrayList.add(kerberosPrincipalDescriptor);
            newHashMap.put(kerberosPrincipalDescriptor.getName(), entry.getValue());
        }
        Assert.assertEquals(newHashMap, dynamicDaemonRoleHandler.constructPrincipals(newArrayList, dbRole, (String) null));
    }

    @Test
    public void testGetConfigChangesForKerberos() {
        ImmutableMap of = ImmutableMap.of(sh.getConfigSpec().getParam("service_kerb_var"), "true");
        DbService dbService = (DbService) Mockito.mock(DbService.class);
        Mockito.when(dbService.getServiceVersion()).thenReturn(CdhReleases.CDH5_0_0);
        Assert.assertEquals(of, sh.getConfigChangesForKerberos(dbService));
        DynamicServiceHandler dynamicServiceHandler = (DynamicServiceHandler) Mockito.spy(sh);
        ConfigSpec configSpec = (ConfigSpec) Mockito.mock(ConfigSpec.class);
        Mockito.when(configSpec.getParam("service_kerb_var")).thenReturn(SecurityParams.SECURE_AUTHENTICATION);
        Mockito.when(dynamicServiceHandler.getConfigSpec()).thenReturn(configSpec);
        Assert.assertEquals(ImmutableMap.of(SecurityParams.SECURE_AUTHENTICATION, "kerberos"), dynamicServiceHandler.getConfigChangesForKerberos(dbService));
    }

    @Test
    public void testGetKerberosPrincipal() {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.DynamicServiceKerberosTest.7
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                DbService findServiceByName = cmfEntityManager.findServiceByName("echo1");
                Assert.assertEquals("serviceprinc", DynamicServiceKerberosTest.sh.getKerberosPrincipalName(findServiceByName));
                DynamicServiceKerberosTest.om.setConfigUnsafe(cmfEntityManager, DynamicServiceKerberosTest.sh.getConfigSpec().getParam("kerberos_princ_name"), "foobar", findServiceByName, (DbRole) null, (DbRoleConfigGroup) null, (DbConfigContainer) null, (DbHost) null);
                Assert.assertEquals("foobar", DynamicServiceKerberosTest.sh.getKerberosPrincipalName(findServiceByName));
            }
        });
    }
}
