package org.apache.hadoop.hdfs.server.datanode.web.webhdfs;

import com.google.common.base.Supplier;
import com.google.common.collect.Lists;
import io.netty.handler.codec.http.QueryStringDecoder;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
import org.apache.hadoop.hdfs.web.SWebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.hdfs.web.resources.DelegationParam;
import org.apache.hadoop.hdfs.web.resources.LengthParam;
import org.apache.hadoop.hdfs.web.resources.NamenodeAddressParam;
import org.apache.hadoop.hdfs.web.resources.OffsetParam;
import org.apache.hadoop.hdfs.web.resources.Param;
import org.apache.hadoop.hdfs.web.resources.UserParam;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/datanode/web/webhdfs/TestDataNodeUGIProvider.class */
public class TestDataNodeUGIProvider {
    private final URI uri = URI.create("swebhdfs://127.0.0.1:0");
    private final String PATH = "/foo";
    private final int OFFSET = 42;
    private final int LENGTH = 512;
    private static final int EXPIRE_AFTER_ACCESS = 5000;
    private Configuration conf;

    @Before
    public void setUp() {
        this.conf = WebHdfsTestUtil.createConf();
        this.conf.setInt("dfs.webhdfs.ugi.expire.after.access", EXPIRE_AFTER_ACCESS);
        DataNodeUGIProvider.init(this.conf);
    }

    @Test
    public void testUGICacheSecure() throws Exception {
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, this.conf);
        UserGroupInformation.setConfiguration(this.conf);
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("test-user");
        createRemoteUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
        UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser("test-proxy-user", createRemoteUser);
        UserGroupInformation.setLoginUser(createProxyUser);
        ArrayList newArrayList = Lists.newArrayList();
        getWebHdfsFileSystem(createProxyUser, this.conf, newArrayList);
        String str = "/webhdfs/v1/foo?op=OPEN" + Param.toSortedString("&", new Param[]{new NamenodeAddressParam("127.0.0.1:1010"), new OffsetParam(42L), new LengthParam(512L), new DelegationParam(newArrayList.get(0).encodeToUrlString())});
        String str2 = "/webhdfs/v1/foo?op=OPEN" + Param.toSortedString("&", new Param[]{new NamenodeAddressParam("127.0.0.1:1010"), new OffsetParam(42L), new LengthParam(512L), new DelegationParam(newArrayList.get(1).encodeToUrlString())});
        DataNodeUGIProvider dataNodeUGIProvider = new DataNodeUGIProvider(new ParameterParser(new QueryStringDecoder(URI.create(str)), this.conf));
        UserGroupInformation ugi = dataNodeUGIProvider.ugi();
        Assert.assertEquals("With UGI cache, two UGIs returned by the same token should be same", ugi, dataNodeUGIProvider.ugi());
        DataNodeUGIProvider dataNodeUGIProvider2 = new DataNodeUGIProvider(new ParameterParser(new QueryStringDecoder(URI.create(str2)), this.conf));
        UserGroupInformation ugi2 = dataNodeUGIProvider2.ugi();
        UserGroupInformation ugi3 = dataNodeUGIProvider2.ugi();
        Assert.assertEquals("With UGI cache, two UGIs returned by the same token should be same", ugi2, ugi3);
        Assert.assertNotEquals("With UGI cache, two UGIs for the different token should not be same", ugi, ugi3);
        dataNodeUGIProvider2.clearCache();
        awaitCacheEmptyDueToExpiration();
        UserGroupInformation ugi4 = dataNodeUGIProvider.ugi();
        UserGroupInformation ugi5 = dataNodeUGIProvider2.ugi();
        Assert.assertNotEquals("With cache eviction, two UGIs returned by the same token should not be same", ugi, ugi4);
        Assert.assertNotEquals("With cache eviction, two UGIs returned by the same token should not be same", ugi2, ugi5);
        Assert.assertNotEquals("With UGI cache, two UGIs for the different token should not be same", ugi, ugi5);
    }

    @Test
    public void testUGICacheInSecure() throws Exception {
        String str = "/webhdfs/v1/foo?op=OPEN" + Param.toSortedString("&", new Param[]{new OffsetParam(42L), new LengthParam(512L), new UserParam("root")});
        String str2 = "/webhdfs/v1/foo?op=OPEN" + Param.toSortedString("&", new Param[]{new OffsetParam(42L), new LengthParam(512L), new UserParam("hdfs")});
        DataNodeUGIProvider dataNodeUGIProvider = new DataNodeUGIProvider(new ParameterParser(new QueryStringDecoder(URI.create(str)), this.conf));
        UserGroupInformation ugi = dataNodeUGIProvider.ugi();
        Assert.assertEquals("With UGI cache, two UGIs for the same user should be same", ugi, dataNodeUGIProvider.ugi());
        DataNodeUGIProvider dataNodeUGIProvider2 = new DataNodeUGIProvider(new ParameterParser(new QueryStringDecoder(URI.create(str2)), this.conf));
        UserGroupInformation ugi2 = dataNodeUGIProvider2.ugi();
        UserGroupInformation ugi3 = dataNodeUGIProvider2.ugi();
        Assert.assertEquals("With UGI cache, two UGIs for the same user should be same", ugi2, ugi3);
        Assert.assertNotEquals("With UGI cache, two UGIs for the different user should not be same", ugi, ugi3);
        awaitCacheEmptyDueToExpiration();
        UserGroupInformation ugi4 = dataNodeUGIProvider.ugi();
        UserGroupInformation ugi5 = dataNodeUGIProvider2.ugi();
        Assert.assertNotEquals("With cache eviction, two UGIs returned by the same user should not be same", ugi, ugi4);
        Assert.assertNotEquals("With cache eviction, two UGIs returned by the same user should not be same", ugi2, ugi5);
        Assert.assertNotEquals("With UGI cache, two UGIs for the different user should not be same", ugi, ugi5);
    }

    private void awaitCacheEmptyDueToExpiration() throws Exception {
        GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.hdfs.server.datanode.web.webhdfs.TestDataNodeUGIProvider.1
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Boolean m261get() {
                DataNodeUGIProvider.ugiCache.cleanUp();
                return Boolean.valueOf(DataNodeUGIProvider.ugiCache.size() == 0);
            }
        }, EXPIRE_AFTER_ACCESS, 50000);
    }

    private WebHdfsFileSystem getWebHdfsFileSystem(UserGroupInformation userGroupInformation, Configuration configuration, List<Token<DelegationTokenIdentifier>> list) throws IOException {
        if (UserGroupInformation.isSecurityEnabled()) {
            DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier(new Text(userGroupInformation.getUserName()), (Text) null, (Text) null);
            DelegationTokenSecretManager delegationTokenSecretManager = new DelegationTokenSecretManager(86400000L, 86400000L, 86400000L, 86400000L, (FSNamesystem) Mockito.mock(FSNamesystem.class));
            delegationTokenSecretManager.startThreads();
            Token<DelegationTokenIdentifier> token = new Token<>(delegationTokenIdentifier, delegationTokenSecretManager);
            Token<DelegationTokenIdentifier> token2 = new Token<>(delegationTokenIdentifier, delegationTokenSecretManager);
            SecurityUtil.setTokenService(token, NetUtils.createSocketAddr(this.uri.getAuthority()));
            SecurityUtil.setTokenService(token2, NetUtils.createSocketAddr(this.uri.getAuthority()));
            token.setKind(SWebHdfsFileSystem.TOKEN_KIND);
            token2.setKind(SWebHdfsFileSystem.TOKEN_KIND);
            list.add(token);
            list.add(token2);
            userGroupInformation.addToken(token);
            userGroupInformation.addToken(token2);
        }
        return FileSystem.get(this.uri, configuration);
    }
}
