package org.apache.accumulo.test.functional;

import java.util.Iterator;
import org.apache.accumulo.cluster.ClusterUser;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.ClientConfiguration;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.Scanner;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.harness.AccumuloClusterHarness;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/accumulo/test/functional/CredentialsIT.class */
public class CredentialsIT extends AccumuloClusterHarness {
    private boolean saslEnabled;
    private String username;
    private String password;
    private Instance inst;

    @Override // org.apache.accumulo.harness.AccumuloITBase
    public int defaultTimeoutSeconds() {
        return 120;
    }

    @Before
    public void createLocalUser() throws AccumuloException, AccumuloSecurityException {
        Connector connector = getConnector();
        this.inst = connector.getInstance();
        ClientConfiguration clientConfig = cluster.getClientConfig();
        ClusterUser user = getUser(0);
        this.username = user.getPrincipal();
        this.saslEnabled = clientConfig.getBoolean(ClientConfiguration.ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false);
        if (connector.securityOperations().listLocalUsers().contains(this.username)) {
            return;
        }
        PasswordToken passwordToken = null;
        if (!this.saslEnabled) {
            this.password = user.getPassword();
            passwordToken = new PasswordToken(this.password);
        }
        connector.securityOperations().createLocalUser(this.username, passwordToken);
    }

    @After
    public void deleteLocalUser() throws Exception {
        if (this.saslEnabled) {
            ClusterUser adminUser = getAdminUser();
            UserGroupInformation.loginUserFromKeytab(adminUser.getPrincipal(), adminUser.getKeytab().getAbsolutePath());
        }
        getConnector().securityOperations().dropLocalUser(this.username);
    }

    @Test
    public void testConnectorWithDestroyedToken() throws Exception {
        AuthenticationToken token = getUser(0).getToken();
        Assert.assertFalse(token.isDestroyed());
        token.destroy();
        Assert.assertTrue(token.isDestroyed());
        try {
            this.inst.getConnector("non_existent_user", token);
            Assert.fail();
        } catch (AccumuloSecurityException e) {
            Assert.assertTrue(e.getSecurityErrorCode().equals(SecurityErrorCode.TOKEN_EXPIRED));
        }
    }

    @Test
    public void testDestroyTokenBeforeRPC() throws Exception {
        AuthenticationToken token = getUser(0).getToken();
        Scanner createScanner = this.inst.getConnector(this.username, token).createScanner("accumulo.metadata", Authorizations.EMPTY);
        Assert.assertFalse(token.isDestroyed());
        token.destroy();
        Assert.assertTrue(token.isDestroyed());
        try {
            Iterator it = createScanner.iterator();
            while (it.hasNext()) {
                Assert.fail();
            }
            Assert.fail();
        } catch (Exception e) {
            Assert.assertTrue(e instanceof RuntimeException);
            Assert.assertTrue(e.getCause() instanceof AccumuloSecurityException);
            Assert.assertTrue(((AccumuloSecurityException) AccumuloSecurityException.class.cast(e.getCause())).getSecurityErrorCode().equals(SecurityErrorCode.TOKEN_EXPIRED));
        }
    }
}
