package io.hops.security;

import java.net.InetAddress;
import java.security.cert.X509Certificate;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:io/hops/security/TestHopsX509Authenticator.class */
public class TestHopsX509Authenticator {
    private Configuration conf;
    private HopsX509AuthenticatorFactory authFactory;

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    /* loaded from: input_file:io/hops/security/TestHopsX509Authenticator$CustomHopsX509Authenticator.class */
    private class CustomHopsX509Authenticator extends HopsX509Authenticator {
        private boolean iscached;

        CustomHopsX509Authenticator(Configuration configuration) {
            super(configuration);
            this.iscached = false;
        }

        protected String isTrustedAddress(InetAddress inetAddress) {
            String isTrustedAddress = super.isTrustedAddress(inetAddress);
            this.iscached = isTrustedAddress != null;
            return isTrustedAddress;
        }
    }

    @Before
    public void before() {
        this.conf = new Configuration();
        this.conf.setBoolean("ipc.server.ssl.enabled", true);
        this.authFactory = HopsX509AuthenticatorFactory.getInstance(this.conf);
    }

    @After
    public void after() {
        if (this.authFactory != null) {
            this.authFactory.clearFactory();
        }
    }

    @Test
    public void TestAuthenticatedNormalUser() throws Exception {
        X509Certificate generateX509Certificate = generateX509Certificate("CN=bob, O=application_id");
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("bob");
        this.authFactory.getAuthenticator().authenticateConnection(createRemoteUser, generateX509Certificate, InetAddress.getLocalHost());
        Assert.assertEquals("application_id", createRemoteUser.getApplicationId());
    }

    @Test
    public void TestAuthenticatedNormalUserWebHDFS() throws Exception {
        X509Certificate generateX509Certificate = generateX509Certificate("CN=bob, O=application_id");
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("bob");
        this.authFactory.getAuthenticator().authenticateConnection(createRemoteUser, generateX509Certificate, InetAddress.getLocalHost(), "WebHDFS");
        Assert.assertNull(createRemoteUser.getApplicationId());
    }

    @Test
    public void TestNotAuthenticatedNormalUser() throws Exception {
        X509Certificate generateX509Certificate = generateX509Certificate("CN=bob");
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("trudy");
        InetAddress localHost = InetAddress.getLocalHost();
        HopsX509Authenticator authenticator = this.authFactory.getAuthenticator();
        this.expectedException.expect(HopsX509AuthenticationException.class);
        authenticator.authenticateConnection(createRemoteUser, generateX509Certificate, localHost);
    }

    @Test
    public void TestAuthenticatedSuperUser() throws Exception {
        InetAddress localHost = InetAddress.getLocalHost();
        X509Certificate generateX509Certificate = generateX509Certificate("CN=" + localHost.getCanonicalHostName() + ", O=application_id");
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("alice");
        this.authFactory.getAuthenticator().authenticateConnection(createRemoteUser, generateX509Certificate, localHost);
        Assert.assertEquals("application_id", createRemoteUser.getApplicationId());
    }

    @Test
    public void TestNotAuthenticatedSuperUser() throws Exception {
        InetAddress localHost = InetAddress.getLocalHost();
        X509Certificate generateX509Certificate = generateX509Certificate("CN=i_hope_this_is_not_routable");
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("chuck");
        HopsX509Authenticator authenticator = this.authFactory.getAuthenticator();
        this.expectedException.expect(HopsX509AuthenticationException.class);
        authenticator.authenticateConnection(createRemoteUser, generateX509Certificate, localHost);
    }

    @Test
    public void TestFQDNCache() throws Exception {
        InetAddress localHost = InetAddress.getLocalHost();
        X509Certificate generateX509Certificate = generateX509Certificate("CN=" + localHost.getCanonicalHostName());
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("alice");
        CustomHopsX509Authenticator customHopsX509Authenticator = new CustomHopsX509Authenticator(this.conf);
        customHopsX509Authenticator.authenticateConnection(createRemoteUser, generateX509Certificate, localHost);
        Assert.assertFalse(customHopsX509Authenticator.iscached);
        customHopsX509Authenticator.authenticateConnection(createRemoteUser, generateX509Certificate, localHost);
        Assert.assertTrue(customHopsX509Authenticator.iscached);
    }

    private X509Certificate generateX509Certificate(String str) throws Exception {
        return KeyStoreTestUtil.generateCertificate(str, KeyStoreTestUtil.generateKeyPair("RSA"), 30, "SHA1withRSA");
    }
}
