package org.apache.bookkeeper.sasl;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicLong;
import javax.security.auth.login.Configuration;
import org.apache.bookkeeper.bookie.BookieImpl;
import org.apache.bookkeeper.client.BKException;
import org.apache.bookkeeper.client.BookKeeper;
import org.apache.bookkeeper.client.LedgerEntry;
import org.apache.bookkeeper.client.LedgerHandle;
import org.apache.bookkeeper.conf.ClientConfiguration;
import org.apache.bookkeeper.conf.ServerConfiguration;
import org.apache.bookkeeper.conf.TestBKConfiguration;
import org.apache.bookkeeper.proto.BookieServer;
import org.apache.bookkeeper.test.BookKeeperClusterTestCase;
import org.apache.zookeeper.KeeperException;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.class */
public class GSSAPIBookKeeperTest extends BookKeeperClusterTestCase {
    private static MiniKdc kdc;
    private static Properties conf;
    private static final String non_default_sasl_service_name = "non_default_servicename";
    static final Logger LOG = LoggerFactory.getLogger(GSSAPIBookKeeperTest.class);
    private static final byte[] PASSWD = "testPasswd".getBytes();
    private static final byte[] ENTRY = "TestEntry".getBytes();

    @ClassRule
    public static TemporaryFolder kdcDir = new TemporaryFolder();

    @ClassRule
    public static TemporaryFolder kerberosWorkDir = new TemporaryFolder();

    @BeforeClass
    public static void startMiniKdc() throws Exception {
        conf = MiniKdc.createConf();
        kdc = new MiniKdc(conf, kdcDir.getRoot());
        kdc.start();
        ServerConfiguration newServerConfiguration = TestBKConfiguration.newServerConfiguration();
        newServerConfiguration.setUseHostNameAsBookieID(true);
        String hostName = BookieImpl.getBookieAddress(newServerConfiguration).getHostName();
        String str = "non_default_servicename/" + hostName;
        String str2 = "non_default_servicename/" + hostName + "@" + kdc.getRealm();
        LOG.info("principalServer: " + str2);
        String str3 = "bookkeeperclient/" + hostName;
        String str4 = str3 + "@" + kdc.getRealm();
        LOG.info("principalClient: " + str4);
        File file = new File(kerberosWorkDir.getRoot(), "bookkeeperclient.keytab");
        kdc.createPrincipal(file, str3);
        File file2 = new File(kerberosWorkDir.getRoot(), "bookkeeperserver.keytab");
        kdc.createPrincipal(file2, str);
        File file3 = new File(kerberosWorkDir.getRoot(), "jaas.conf");
        FileWriter fileWriter = new FileWriter(file3);
        try {
            fileWriter.write("\nBookie {\n  com.sun.security.auth.module.Krb5LoginModule required debug=true\n  useKeyTab=true\n  keyTab=\"" + file2.getAbsolutePath() + "\n  storeKey=true\n  useTicketCache=false\n  principal=\"" + str2 + "\";\n};\n\n\n\nBookKeeper {\n  com.sun.security.auth.module.Krb5LoginModule required debug=true\n  useKeyTab=true\n  keyTab=\"" + file.getAbsolutePath() + "\n  storeKey=true\n  useTicketCache=false\n  principal=\"" + str4 + "\";\n};\n");
            fileWriter.close();
            File file4 = new File(kerberosWorkDir.getRoot(), "krb5.conf");
            fileWriter = new FileWriter(file4);
            try {
                String str5 = "[libdefaults]\n default_realm = " + kdc.getRealm() + "\n udp_preference_limit = 1\n\n\n[realms]\n " + kdc.getRealm() + "  = {\n  kdc = " + kdc.getHost() + ":" + kdc.getPort() + "\n }";
                fileWriter.write(str5);
                LOG.info("krb5.conf:\n" + str5);
                fileWriter.close();
                System.setProperty("java.security.auth.login.config", file3.getAbsolutePath());
                System.setProperty(MiniKdc.JAVA_SECURITY_KRB5_CONF, file4.getAbsolutePath());
                Configuration.getConfiguration().refresh();
            } finally {
            }
        } finally {
        }
    }

    @AfterClass
    public static void stopMiniKdc() {
        System.clearProperty("java.security.auth.login.config");
        System.clearProperty(MiniKdc.JAVA_SECURITY_KRB5_CONF);
        if (kdc != null) {
            kdc.stop();
        }
    }

    public GSSAPIBookKeeperTest() {
        super(0);
    }

    private void connectAndWriteToBookie(ClientConfiguration clientConfiguration, AtomicLong atomicLong) throws BKException, InterruptedException, IOException, KeeperException {
        LOG.info("Connecting to bookie");
        BookKeeper bookKeeper = new BookKeeper(clientConfiguration, this.zkc);
        try {
            LedgerHandle createLedger = bookKeeper.createLedger(1, 1, BookKeeper.DigestType.CRC32, PASSWD);
            atomicLong.set(createLedger.getId());
            createLedger.addEntry(ENTRY);
            createLedger.close();
            bookKeeper.close();
        } catch (Throwable th) {
            try {
                bookKeeper.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private int entryCount(long j, ClientConfiguration clientConfiguration) throws Exception {
        LOG.info("Counting entries in {}", Long.valueOf(j));
        clientConfiguration.setClientAuthProviderFactoryClass(SASLClientProviderFactory.class.getName());
        restartBookies(serverConfiguration -> {
            serverConfiguration.setUseHostNameAsBookieID(true);
            serverConfiguration.setBookieAuthProviderFactoryClass(SASLBookieAuthProviderFactory.class.getName());
            return serverConfiguration;
        });
        BookKeeper bookKeeper = new BookKeeper(clientConfiguration, this.zkc);
        try {
            LedgerHandle openLedger = bookKeeper.openLedger(j, BookKeeper.DigestType.CRC32, PASSWD);
            try {
                if (openLedger.getLastAddConfirmed() < 0) {
                    if (openLedger != null) {
                        openLedger.close();
                    }
                    bookKeeper.close();
                    return 0;
                }
                Enumeration readEntries = openLedger.readEntries(0L, openLedger.getLastAddConfirmed());
                int i = 0;
                while (readEntries.hasMoreElements()) {
                    i++;
                    Assert.assertTrue("Should match what we wrote", Arrays.equals(((LedgerEntry) readEntries.nextElement()).getEntry(), ENTRY));
                }
                int i2 = i;
                if (openLedger != null) {
                    openLedger.close();
                }
                bookKeeper.close();
                return i2;
            } catch (Throwable th) {
                if (openLedger != null) {
                    try {
                        openLedger.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            try {
                bookKeeper.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    public void testSingleMessageAuth() throws Exception {
        ServerConfiguration newServerConfiguration = newServerConfiguration();
        newServerConfiguration.setUseHostNameAsBookieID(true);
        newServerConfiguration.setBookieAuthProviderFactoryClass(SASLBookieAuthProviderFactory.class.getName());
        ClientConfiguration newClientConfiguration = newClientConfiguration();
        newClientConfiguration.setClientAuthProviderFactoryClass(SASLClientProviderFactory.class.getName());
        startAndStoreBookie(newServerConfiguration);
        AtomicLong atomicLong = new AtomicLong(-1L);
        connectAndWriteToBookie(newClientConfiguration, atomicLong);
        Assert.assertFalse(atomicLong.get() == -1);
        Assert.assertEquals("Should have entry", 1L, entryCount(atomicLong.get(), newClientConfiguration));
    }

    @Test
    public void testNotAllowedClientId() throws Exception {
        ServerConfiguration newServerConfiguration = newServerConfiguration();
        newServerConfiguration.setUseHostNameAsBookieID(true);
        newServerConfiguration.setBookieAuthProviderFactoryClass(SASLBookieAuthProviderFactory.class.getName());
        newServerConfiguration.setProperty("saslJaasClientAllowedIds", "nobody");
        ClientConfiguration newClientConfiguration = newClientConfiguration();
        newClientConfiguration.setClientAuthProviderFactoryClass(SASLClientProviderFactory.class.getName());
        startAndStoreBookie(newServerConfiguration);
        try {
            connectAndWriteToBookie(newClientConfiguration, new AtomicLong(-1L));
            Assert.fail("should not be able to access the bookie");
        } catch (BKException.BKUnauthorizedAccessException e) {
        }
    }

    BookieServer startAndStoreBookie(ServerConfiguration serverConfiguration) throws Exception {
        System.setProperty("bookkeeper.sasl.servicename", non_default_sasl_service_name);
        return startAndAddBookie(serverConfiguration).getServer();
    }

    @AfterClass
    public static void resetJAAS() {
        System.clearProperty("java.security.auth.login.config");
        Configuration.getConfiguration().refresh();
    }
}
