package org.apache.hadoop.hdfs.server.namenode;

import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.security.PrivilegedExceptionAction;
import javax.management.ObjectName;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferTestCase;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.class */
public class TestSecureNameNode extends SaslDataTransferTestCase {
    private static final int NUM_OF_DATANODES = 0;

    @Rule
    public ExpectedException exception = ExpectedException.none();

    @Test
    public void testName() throws Exception {
        final MiniDFSCluster miniDFSCluster = null;
        try {
            miniDFSCluster = new MiniDFSCluster.Builder(createSecureConfig("authentication,privacy")).numDataNodes(0).build();
            miniDFSCluster.waitActive();
            FileSystem fileSystem = (FileSystem) UserGroupInformation.loginUserFromKeytabAndReturnUGI(getHdfsPrincipal(), getHdfsKeytab()).doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    return miniDFSCluster.getFileSystem();
                }
            });
            fileSystem.mkdirs(new Path("/tmp"));
            fileSystem.setPermission(new Path("/tmp"), new FsPermission((short) 511));
            UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(getUserPrincipal(), getUserKeyTab());
            FileSystem fileSystem2 = (FileSystem) loginUserFromKeytabAndReturnUGI.doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    return miniDFSCluster.getFileSystem();
                }
            });
            Path path = new Path("/mydir");
            this.exception.expect(IOException.class);
            fileSystem2.mkdirs(path);
            Path path2 = new Path("/tmp/alpha");
            fileSystem2.mkdirs(path2);
            Assert.assertNotNull(fileSystem2.listStatus(path2));
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, loginUserFromKeytabAndReturnUGI.getAuthenticationMethod());
            if (miniDFSCluster != null) {
                miniDFSCluster.shutdown();
            }
        } catch (Throwable th) {
            if (miniDFSCluster != null) {
                miniDFSCluster.shutdown();
            }
            throw th;
        }
    }

    @Test
    public void testKerberosHdfsBlockTokenInconsistencyNNStartup() throws Exception {
        MiniDFSCluster miniDFSCluster = null;
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication,privacy");
        try {
            createSecureConfig.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, false);
            this.exception.expect(IOException.class);
            this.exception.expectMessage("Security is enabled but block access tokens");
            miniDFSCluster = new MiniDFSCluster.Builder(createSecureConfig).numDataNodes(1).build();
            miniDFSCluster.waitActive();
            if (miniDFSCluster != null) {
                miniDFSCluster.shutdown();
            }
        } catch (Throwable th) {
            if (miniDFSCluster != null) {
                miniDFSCluster.shutdown();
            }
            throw th;
        }
    }

    @Test
    public void testNameNodeStatusMXBeanSecurityEnabled() throws Exception {
        Configuration configuration = new Configuration();
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication");
        UserGroupInformation.setConfiguration(configuration);
        MiniDFSCluster build = new MiniDFSCluster.Builder(configuration).build();
        Throwable th = null;
        try {
            build.waitActive();
            NameNode nameNode = build.getNameNode();
            boolean booleanValue = ((Boolean) ManagementFactory.getPlatformMBeanServer().getAttribute(new ObjectName("Hadoop:service=NameNode,name=NameNodeStatus"), "SecurityEnabled")).booleanValue();
            Assert.assertFalse(booleanValue);
            Assert.assertEquals(Boolean.valueOf(nameNode.isSecurityEnabled()), Boolean.valueOf(booleanValue));
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    build.close();
                }
            }
            MiniDFSCluster build2 = new MiniDFSCluster.Builder(createSecureConfig).build();
            Throwable th3 = null;
            try {
                build2.waitActive();
                NameNode nameNode2 = build2.getNameNode();
                boolean booleanValue2 = ((Boolean) ManagementFactory.getPlatformMBeanServer().getAttribute(new ObjectName("Hadoop:service=NameNode,name=NameNodeStatus"), "SecurityEnabled")).booleanValue();
                Assert.assertTrue(booleanValue2);
                Assert.assertEquals(Boolean.valueOf(nameNode2.isSecurityEnabled()), Boolean.valueOf(booleanValue2));
                if (build2 != null) {
                    if (0 == 0) {
                        build2.close();
                        return;
                    }
                    try {
                        build2.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (build2 != null) {
                    if (0 != 0) {
                        try {
                            build2.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        build2.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    build.close();
                }
            }
            throw th7;
        }
    }
}
