package org.apache.hadoop.security.authorize;

import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.ipc.TestRPC;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-common-2.6.4-tests.jar:org/apache/hadoop/security/authorize/TestServiceAuthorization.class
  input_file:hadoop-common-2.6.4/share/hadoop/common/hadoop-common-2.6.4-tests.jar:org/apache/hadoop/security/authorize/TestServiceAuthorization.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/security/authorize/TestServiceAuthorization.class */
public class TestServiceAuthorization {
    private static final String ACL_CONFIG = "test.protocol.acl";
    private static final String ACL_CONFIG1 = "test.protocol1.acl";
    private static final String ADDRESS = "0.0.0.0";

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-common-2.6.4-tests.jar:org/apache/hadoop/security/authorize/TestServiceAuthorization$TestPolicyProvider.class
      input_file:hadoop-common-2.6.4/share/hadoop/common/hadoop-common-2.6.4-tests.jar:org/apache/hadoop/security/authorize/TestServiceAuthorization$TestPolicyProvider.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/security/authorize/TestServiceAuthorization$TestPolicyProvider.class */
    private static class TestPolicyProvider extends PolicyProvider {
        private TestPolicyProvider() {
        }

        @Override // org.apache.hadoop.security.authorize.PolicyProvider
        public Service[] getServices() {
            return new Service[]{new Service(TestServiceAuthorization.ACL_CONFIG, TestRPC.TestProtocol.class), new Service(TestServiceAuthorization.ACL_CONFIG1, TestProtocol1.class)};
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-common-2.6.4-tests.jar:org/apache/hadoop/security/authorize/TestServiceAuthorization$TestProtocol1.class
      input_file:hadoop-common-2.6.4/share/hadoop/common/hadoop-common-2.6.4-tests.jar:org/apache/hadoop/security/authorize/TestServiceAuthorization$TestProtocol1.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/security/authorize/TestServiceAuthorization$TestProtocol1.class */
    public interface TestProtocol1 extends TestRPC.TestProtocol {
    }

    @Test
    public void testDefaultAcl() {
        ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager();
        Configuration configuration = new Configuration();
        configuration.set(ACL_CONFIG, "user1 group1");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        Assert.assertEquals("user1 group1", serviceAuthorizationManager.getProtocolsAcls(TestRPC.TestProtocol.class).getAclString());
        Assert.assertEquals("*", serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class).getAclString());
        configuration.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, "user2 group2");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        Assert.assertEquals("user1 group1", serviceAuthorizationManager.getProtocolsAcls(TestRPC.TestProtocol.class).getAclString());
        Assert.assertEquals("user2 group2", serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class).getAclString());
    }

    @Test
    public void testBlockedAcl() throws UnknownHostException {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[]{"group1", "group2"});
        ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager();
        Configuration configuration = new Configuration();
        configuration.set(ACL_CONFIG, "user1 group1");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestRPC.TestProtocol.class, configuration, InetAddress.getByName("0.0.0.0"));
        } catch (AuthorizationException e) {
            Assert.fail();
        }
        configuration.set("test.protocol.acl.blocked", "drwho2 group3");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestRPC.TestProtocol.class, configuration, InetAddress.getByName("0.0.0.0"));
        } catch (AuthorizationException e2) {
            Assert.fail();
        }
        configuration.set("test.protocol.acl.blocked", "drwho group3");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestRPC.TestProtocol.class, configuration, InetAddress.getByName("0.0.0.0"));
            Assert.fail();
        } catch (AuthorizationException e3) {
        }
        configuration.set("test.protocol.acl.blocked", "drwho2 group3");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestRPC.TestProtocol.class, configuration, InetAddress.getByName("0.0.0.0"));
        } catch (AuthorizationException e4) {
            Assert.fail();
        }
        configuration.set("test.protocol.acl.blocked", "drwho2 group2");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestRPC.TestProtocol.class, configuration, InetAddress.getByName("0.0.0.0"));
            Assert.fail();
        } catch (AuthorizationException e5) {
        }
        configuration.set("test.protocol.acl.blocked", "");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestRPC.TestProtocol.class, configuration, InetAddress.getByName("0.0.0.0"));
        } catch (AuthorizationException e6) {
            Assert.fail();
        }
    }

    @Test
    public void testDefaultBlockedAcl() throws UnknownHostException {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[]{"group1", "group2"});
        ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager();
        Configuration configuration = new Configuration();
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestProtocol1.class, configuration, InetAddress.getByName("0.0.0.0"));
        } catch (AuthorizationException e) {
            Assert.fail();
        }
        configuration.set(CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_BLOCKED_ACL, "user2 group2");
        configuration.set("test.protocol.acl.blocked", "user2");
        serviceAuthorizationManager.refresh(configuration, new TestPolicyProvider());
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestRPC.TestProtocol.class, configuration, InetAddress.getByName("0.0.0.0"));
        } catch (AuthorizationException e2) {
            Assert.fail();
        }
        try {
            serviceAuthorizationManager.authorize(createUserForTesting, TestProtocol1.class, configuration, InetAddress.getByName("0.0.0.0"));
            Assert.fail();
        } catch (AuthorizationException e3) {
        }
    }
}
