package org.apache.impala.customcluster;

import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.util.Iterator;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.impala.testutil.LdapUtil;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
@CreateDS(name = "myDS", partitions = {@CreatePartition(name = "test", suffix = "dc=myorg,dc=com")})
/* loaded from: input_file:org/apache/impala/customcluster/LdapSearchBindImpalaShellTest.class */
public class LdapSearchBindImpalaShellTest extends LdapImpalaShellTest {

    @ClassRule
    public static KerberosKdcEnvironment kerberosKdcEnvironment = new KerberosKdcEnvironment(new TemporaryFolder());
    private final boolean kerberosAuthenticationEnabled;

    @Parameterized.Parameters(name = "kerberosAuthenticationEnabled={0}")
    public static Boolean[] kerberosAuthenticationEnabled() {
        return new Boolean[]{Boolean.FALSE, Boolean.TRUE};
    }

    public LdapSearchBindImpalaShellTest(boolean z) {
        this.kerberosAuthenticationEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.impala.customcluster.LdapImpalaShellTest
    public int startImpalaCluster(String str) throws IOException, InterruptedException {
        return this.kerberosAuthenticationEnabled ? kerberosKdcEnvironment.startImpalaClusterWithArgs(str) : super.startImpalaCluster(str);
    }

    @Override // org.apache.impala.customcluster.LdapImpalaShellTest
    public void setUp(String str) throws Exception {
        super.setUp(String.format("--ldap_search_bind_authentication=true --ldap_bind_dn=%s --ldap_bind_password_cmd='echo -n %s' %s %s", LdapUtil.TEST_USER_DN_1, LdapUtil.TEST_PASSWORD_1, getKerberosArgs(), str));
    }

    private String getKerberosArgs() throws IOException {
        return this.kerberosAuthenticationEnabled ? LdapKerberosImpalaShellTestBase.flagsToArgs(LdapKerberosImpalaShellTestBase.mergeFlags(kerberosKdcEnvironment.getKerberosAuthFlags(), ImmutableMap.of("allow_custom_ldap_filters_with_kerberos_auth", "true"))) : "";
    }

    @Test
    public void testShellLdapAuth() throws Exception {
        setUp("--ldap_user_search_basedn=dc=myorg,dc=com --ldap_user_filter=(&(objectClass=person)(cn={0}))");
        testShellLdapAuthImpl(null);
    }

    @Test
    public void testHttpImpersonation() throws Exception {
        setUp(String.format("--authorized_proxy_user_config=%s=%s --ldap_user_search_basedn=dc=myorg,dc=com --ldap_user_filter=(cn={0})", LdapUtil.TEST_USER_1, "proxyUser$"));
        testHttpImpersonationImpl();
    }

    @Test
    public void testLdapFilters() throws Exception {
        setUp(String.format("--ldap_user_search_basedn=dc=myorg,dc=com --ldap_group_search_basedn=ou=Groups,dc=myorg,dc=com --ldap_user_filter=(&(objectClass=person)(cn={0})(!(cn=%s))) --ldap_group_filter=(uniqueMember={0})", LdapUtil.TEST_USER_2));
        testLdapFiltersImpl();
    }

    @Test
    public void testLdapFiltersWithNarrowGroupSearch() throws Exception {
        setUp(String.format("--ldap_user_search_basedn=dc=myorg,dc=com --ldap_group_search_basedn=ou=Groups,dc=myorg,dc=com --ldap_user_filter=(&(objectClass=person)(cn={0})(!(cn=%s))) --ldap_group_filter=(&(cn=%s)(uniqueMember={0}))", LdapUtil.TEST_USER_2, LdapUtil.TEST_USER_GROUP));
        testLdapFiltersImpl();
    }

    @Test
    public void testLdapFiltersWithProxy() throws Exception {
        setUp(String.format("--ldap_user_search_basedn=dc=myorg,dc=com --ldap_group_search_basedn=ou=Groups,dc=myorg,dc=com --ldap_user_filter=(&(objectClass=person)(cn={0})(!(cn=Test2Ldap))) --ldap_group_filter=(&(cn=group1)(uniqueMember={0})) --authorized_proxy_user_config=%s=* ", LdapUtil.TEST_USER_4));
        testLdapFiltersWithProxyImpl();
    }

    @Test
    public void testLdapFiltersWithProxyWithoutDoAsUser() throws Exception {
        setUp(String.format("--ldap_user_search_basedn=dc=myorg,dc=com --ldap_group_search_basedn=ou=Groups,dc=myorg,dc=com --ldap_user_filter=(&(objectClass=person)(cn={0})(!(cn=Test2Ldap))) --ldap_group_filter=(&(cn=group1)(uniqueMember={0})) --authorized_proxy_user_config=%s=* ", LdapUtil.TEST_USER_1));
        Iterator<String> it = getProtocolsToTest().iterator();
        while (it.hasNext()) {
            RunShellCommand.Run(buildCommand("select logged_in_user()", it.next(), LdapUtil.TEST_USER_1, LdapUtil.TEST_PASSWORD_1, "/cliservice"), true, LdapUtil.TEST_USER_1, "");
        }
    }

    @Test
    public void testAuthenticationOverMultipleOUs() throws Exception {
        setUp("--ldap_user_search_basedn=dc=myorg,dc=com --ldap_user_filter=(cn={0})");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_2, LdapUtil.TEST_PASSWORD_2, "/cliservice"), true, "", "");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_5, LdapUtil.TEST_PASSWORD_5, "/cliservice"), true, "", "");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", "invalid", "123", "/cliservice"), false, "", "");
    }

    @Test
    public void testEscapedCharactersInDN() throws Exception {
        setUp("--ldap_user_search_basedn=dc=myorg,dc=com --ldap_group_search_basedn=ou=Groups,dc=myorg,dc=com --ldap_user_filter=(cn={0}) --ldap_group_filter=(uniqueMember={0}) ");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_6, LdapUtil.TEST_PASSWORD_6, "/cliservice"), true, LdapUtil.TEST_USER_6, "");
    }
}
