package org.apache.pulsar.shade.org.apache.zookeeper.server.quorum.auth;

import java.io.File;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/pulsar/shade/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.class */
public class MiniKdcTest extends KerberosSecurityTestcase {
    private static final boolean IBM_JAVA = System.getProperty("java.vendor").contains("IBM");

    /* loaded from: input_file:org/apache/pulsar/shade/org/apache/zookeeper/server/quorum/auth/MiniKdcTest$KerberosConfiguration.class */
    private static class KerberosConfiguration extends Configuration {
        private String principal;
        private String keytab;
        private boolean isInitiator;

        private KerberosConfiguration(String str, File file, boolean z) {
            this.principal = str;
            this.keytab = file.getAbsolutePath();
            this.isInitiator = z;
        }

        public static Configuration createClientConfig(String str, File file) {
            return new KerberosConfiguration(str, file, true);
        }

        public static Configuration createServerConfig(String str, File file) {
            return new KerberosConfiguration(str, file, false);
        }

        private static String getKrb5LoginModuleName() {
            return System.getProperty("java.vendor").contains("IBM") ? "com.ibm.security.auth.module.Krb5LoginModule" : "org.apache.pulsar.shade.com.sun.security.auth.module.Krb5LoginModule";
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("principal", this.principal);
            hashMap.put("refreshKrb5Config", "true");
            if (MiniKdcTest.IBM_JAVA) {
                hashMap.put("useKeytab", this.keytab);
                hashMap.put("credsType", "both");
            } else {
                hashMap.put("keyTab", this.keytab);
                hashMap.put("useKeyTab", "true");
                hashMap.put("storeKey", "true");
                hashMap.put("doNotPrompt", "true");
                hashMap.put("useTicketCache", "true");
                hashMap.put("renewTGT", "true");
                hashMap.put("isInitiator", Boolean.toString(this.isInitiator));
            }
            String str2 = System.getenv("KRB5CCNAME");
            if (str2 != null) {
                hashMap.put("ticketCache", str2);
            }
            hashMap.put(MiniKdc.DEBUG, "true");
            return new AppConfigurationEntry[]{new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    @Test(timeout = 60000)
    public void testMiniKdcStart() {
        Assert.assertNotSame(0, Integer.valueOf(getKdc().getPort()));
    }

    @Test(timeout = 60000)
    public void testKeytabGen() throws Exception {
        MiniKdc kdc = getKdc();
        File workDir = getWorkDir();
        kdc.createPrincipal(new File(workDir, "keytab"), "foo/bar", "bar/foo");
        List principals = Keytab.loadKeytab(new File(workDir, "keytab")).getPrincipals();
        HashSet hashSet = new HashSet();
        Iterator it = principals.iterator();
        while (it.hasNext()) {
            hashSet.add(((PrincipalName) it.next()).getName());
        }
        Assert.assertEquals(new HashSet(Arrays.asList("foo/bar@" + kdc.getRealm(), "bar/foo@" + kdc.getRealm())), hashSet);
    }

    @Test(timeout = 60000)
    public void testKerberosLogin() throws Exception {
        MiniKdc kdc = getKdc();
        LoginContext loginContext = null;
        try {
            File file = new File(getWorkDir(), "foo.keytab");
            kdc.createPrincipal(file, "foo");
            HashSet hashSet = new HashSet();
            hashSet.add(new KerberosPrincipal("foo"));
            LoginContext loginContext2 = new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, KerberosConfiguration.createClientConfig("foo", file));
            loginContext2.login();
            Subject subject = loginContext2.getSubject();
            Assert.assertEquals(1L, subject.getPrincipals().size());
            Assert.assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass());
            Assert.assertEquals("foo@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName());
            loginContext2.logout();
            loginContext = new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, KerberosConfiguration.createServerConfig("foo", file));
            loginContext.login();
            Subject subject2 = loginContext.getSubject();
            Assert.assertEquals(1L, subject2.getPrincipals().size());
            Assert.assertEquals(KerberosPrincipal.class, subject2.getPrincipals().iterator().next().getClass());
            Assert.assertEquals("foo@" + kdc.getRealm(), subject2.getPrincipals().iterator().next().getName());
            loginContext.logout();
            if (loginContext == null || loginContext.getSubject() == null || loginContext.getSubject().getPrincipals().isEmpty()) {
                return;
            }
            loginContext.logout();
        } catch (Throwable th) {
            if (loginContext != null && loginContext.getSubject() != null && !loginContext.getSubject().getPrincipals().isEmpty()) {
                loginContext.logout();
            }
            throw th;
        }
    }
}
