package org.apache.hadoop.security.authentication.util;

import java.util.Arrays;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.curator.RetryPolicy;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.imps.DefaultACLProvider;
import org.apache.curator.retry.ExponentialBackoffRetry;
import org.apache.curator.utils.ConfigurableZookeeperFactory;
import org.apache.curator.utils.ZookeeperFactory;
import org.apache.hadoop.security.authentication.server.TestAuthenticationFilter;
import org.apache.hadoop.security.authentication.util.ZookeeperClient;
import org.apache.zookeeper.client.ZKClientConfig;
import org.apache.zookeeper.common.ClientX509Util;
import org.apache.zookeeper.data.ACL;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.IsNull;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/security/authentication/util/TestZookeeperClientCreation.class */
public class TestZookeeperClientCreation {
    private ZookeeperClient clientConfigurer;
    private CuratorFrameworkFactory.Builder cfBuilder;

    @BeforeEach
    public void setup() {
        this.clientConfigurer = (ZookeeperClient) Mockito.spy(ZookeeperClient.configure());
        this.clientConfigurer.withConnectionString(TestAuthenticationFilter.DummyAuthenticationHandler.TYPE);
        this.cfBuilder = (CuratorFrameworkFactory.Builder) Mockito.spy(CuratorFrameworkFactory.builder());
        Mockito.when(this.clientConfigurer.createFrameworkFactoryBuilder()).thenReturn(this.cfBuilder);
    }

    @Test
    public void testConnectionStringSet() {
        this.clientConfigurer.withConnectionString("conn").create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).connectString("conn");
        verifyDefaultZKFactory();
        verifyDefaultNamespace();
        verifyDefaultSessionTimeout();
        verifyDefaultConnectionTimeout();
        verifyDefaultRetryPolicy();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
    }

    @Test
    public void testZookeeperFactorySet() {
        ZookeeperFactory zookeeperFactory = (ZookeeperFactory) Mockito.mock(ZookeeperFactory.class);
        this.clientConfigurer.withZookeeperFactory(zookeeperFactory).create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).zookeeperFactory(zookeeperFactory);
        verifyDummyConnectionString();
        verifyDefaultNamespace();
        verifyDefaultSessionTimeout();
        verifyDefaultConnectionTimeout();
        verifyDefaultRetryPolicy();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
    }

    @Test
    public void testNameSpaceSet() {
        this.clientConfigurer.withNamespace("someNS/someSubSpace").create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).namespace("someNS/someSubSpace");
        verifyDummyConnectionString();
        verifyDefaultZKFactory();
        verifyDefaultSessionTimeout();
        verifyDefaultConnectionTimeout();
        verifyDefaultRetryPolicy();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
    }

    @Test
    public void testSessionTimeoutSet() {
        this.clientConfigurer.withSessionTimeout(20000).create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).sessionTimeoutMs(20000);
        verifyDummyConnectionString();
        verifyDefaultZKFactory();
        verifyDefaultNamespace();
        verifyDefaultConnectionTimeout();
        verifyDefaultRetryPolicy();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
    }

    @Test
    public void testDefaultSessionTimeoutIsAffectedBySystemProperty() {
        System.setProperty("curator-default-session-timeout", "20000");
        setup();
        this.clientConfigurer.create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).sessionTimeoutMs(20000);
        verifyDummyConnectionString();
        verifyDefaultZKFactory();
        verifyDefaultNamespace();
        verifyDefaultConnectionTimeout();
        verifyDefaultRetryPolicy();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
        System.clearProperty("curator-default-session-timeout");
    }

    @Test
    public void testConnectionTimeoutSet() {
        this.clientConfigurer.withConnectionTimeout(50).create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).connectionTimeoutMs(50);
        verifyDummyConnectionString();
        verifyDefaultZKFactory();
        verifyDefaultNamespace();
        verifyDefaultSessionTimeout();
        verifyDefaultRetryPolicy();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
    }

    @Test
    public void testDefaultConnectionTimeoutIsAffectedBySystemProperty() {
        System.setProperty("curator-default-connection-timeout", "50");
        setup();
        this.clientConfigurer.create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).connectionTimeoutMs(50);
        verifyDummyConnectionString();
        verifyDefaultZKFactory();
        verifyDefaultNamespace();
        verifyDefaultSessionTimeout();
        verifyDefaultRetryPolicy();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
        System.clearProperty("curator-default-connection-timeout");
    }

    @Test
    public void testRetryPolicySet() {
        RetryPolicy retryPolicy = (RetryPolicy) Mockito.mock(RetryPolicy.class);
        this.clientConfigurer.withRetryPolicy(retryPolicy).create();
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).retryPolicy(retryPolicy);
        verifyDummyConnectionString();
        verifyDefaultZKFactory();
        verifyDefaultNamespace();
        verifyDefaultSessionTimeout();
        verifyDefaultConnectionTimeout();
        verifyDefaultAclProvider();
        verifyDefaultZKClientConfig();
    }

    @Test
    public void testSaslAutTypeWithIBMJava() {
        testSaslAuthType("IBMJava");
    }

    @Test
    public void testSaslAuthTypeWithNonIBMJava() {
        testSaslAuthType("OracleJava");
    }

    @Test
    public void testSSLConfiguration() {
        this.clientConfigurer.enableSSL(true).withKeystore("keystoreLoc").withKeystorePassword("ksPass").withTruststore("truststoreLoc").withTruststorePassword("tsPass").create();
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ZKClientConfig.class);
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).zkClientConfig((ZKClientConfig) forClass.capture());
        ZKClientConfig zKClientConfig = (ZKClientConfig) forClass.getValue();
        MatcherAssert.assertThat(zKClientConfig.getProperty("zookeeper.client.secure"), CoreMatchers.is("true"));
        MatcherAssert.assertThat(zKClientConfig.getProperty("zookeeper.clientCnxnSocket"), CoreMatchers.is("org.apache.zookeeper.ClientCnxnSocketNetty"));
        ClientX509Util clientX509Util = new ClientX509Util();
        Throwable th = null;
        try {
            try {
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslKeystoreLocationProperty()), CoreMatchers.is("keystoreLoc"));
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslKeystorePasswdProperty()), CoreMatchers.is("ksPass"));
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslTruststoreLocationProperty()), CoreMatchers.is("truststoreLoc"));
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslTruststorePasswdProperty()), CoreMatchers.is("tsPass"));
                if (clientX509Util != null) {
                    if (0 != 0) {
                        try {
                            clientX509Util.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        clientX509Util.close();
                    }
                }
                verifyDummyConnectionString();
                verifyDefaultZKFactory();
                verifyDefaultNamespace();
                verifyDefaultSessionTimeout();
                verifyDefaultConnectionTimeout();
                verifyDefaultRetryPolicy();
                verifyDefaultAclProvider();
            } finally {
            }
        } catch (Throwable th3) {
            if (clientX509Util != null) {
                if (th != null) {
                    try {
                        clientX509Util.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    clientX509Util.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testNoConnectionString() {
        this.clientConfigurer.withConnectionString((String) null);
        MatcherAssert.assertThat(Assertions.assertThrows(NullPointerException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.containsString("Zookeeper connection string cannot be null!"));
    }

    @Test
    public void testNoRetryPolicy() {
        this.clientConfigurer.withRetryPolicy((RetryPolicy) null);
        MatcherAssert.assertThat(Assertions.assertThrows(NullPointerException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.containsString("Zookeeper connection retry policy cannot be null!"));
    }

    @Test
    public void testNoAuthType() {
        this.clientConfigurer.withAuthType((String) null);
        MatcherAssert.assertThat(Assertions.assertThrows(NullPointerException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.containsString("Zookeeper authType cannot be null!"));
    }

    @Test
    public void testUnrecognizedAuthType() {
        this.clientConfigurer.withAuthType("something");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("Zookeeper authType must be one of [none, sasl]!"));
    }

    @Test
    public void testSaslAuthTypeWithoutKeytab() {
        this.clientConfigurer.withAuthType("sasl");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("Zookeeper client's Kerberos Keytab must be specified!"));
    }

    @Test
    public void testSaslAuthTypeWithEmptyKeytab() {
        this.clientConfigurer.withAuthType("sasl").withKeytab("");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("Zookeeper client's Kerberos Keytab must be specified!"));
    }

    @Test
    public void testSaslAuthTypeWithoutPrincipal() {
        this.clientConfigurer.withAuthType("sasl").withKeytab("keytabLoc");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("Zookeeper client's Kerberos Principal must be specified!"));
    }

    @Test
    public void testSaslAuthTypeWithEmptyPrincipal() {
        this.clientConfigurer.withAuthType("sasl").withKeytab("keytabLoc").withPrincipal("");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("Zookeeper client's Kerberos Principal must be specified!"));
    }

    @Test
    public void testSaslAuthTypeWithoutJaasLoginEntryName() {
        this.clientConfigurer.withAuthType("sasl").withKeytab("keytabLoc").withPrincipal("principal").withJaasLoginEntryName((String) null);
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("JAAS Login Entry name must be specified!"));
    }

    @Test
    public void testSaslAuthTypeWithEmptyJaasLoginEntryName() {
        this.clientConfigurer.withAuthType("sasl").withKeytab("keytabLoc").withPrincipal("principal").withJaasLoginEntryName("");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("JAAS Login Entry name must be specified!"));
    }

    @Test
    public void testSSLWithoutKeystore() {
        this.clientConfigurer.enableSSL(true);
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("The keystore location parameter is empty for the ZooKeeper client connection."));
    }

    @Test
    public void testSSLWithEmptyKeystore() {
        this.clientConfigurer.enableSSL(true).withKeystore("");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("The keystore location parameter is empty for the ZooKeeper client connection."));
    }

    @Test
    public void testSSLWithoutTruststore() {
        this.clientConfigurer.enableSSL(true).withKeystore("keyStoreLoc");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("The truststore location parameter is empty for the ZooKeeper client connection."));
    }

    @Test
    public void testSSLWithEmptyTruststore() {
        this.clientConfigurer.enableSSL(true).withKeystore("keyStoreLoc").withTruststore("");
        MatcherAssert.assertThat(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.clientConfigurer.create();
        }).getMessage(), CoreMatchers.is("The truststore location parameter is empty for the ZooKeeper client connection."));
    }

    private void testSaslAuthType(String str) {
        String property = System.getProperty("java.vendor");
        System.setProperty("java.vendor", str);
        Configuration configuration = Configuration.getConfiguration();
        try {
            this.clientConfigurer.withAuthType("sasl").withKeytab("keytabLoc").withPrincipal("principal@some.host/SOME.REALM").withJaasLoginEntryName("TestEntry").create();
            ArgumentCaptor forClass = ArgumentCaptor.forClass(ZookeeperClient.SASLOwnerACLProvider.class);
            ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).aclProvider((ACLProvider) forClass.capture());
            ZookeeperClient.SASLOwnerACLProvider sASLOwnerACLProvider = (ZookeeperClient.SASLOwnerACLProvider) forClass.getValue();
            MatcherAssert.assertThat(Integer.valueOf(sASLOwnerACLProvider.getDefaultAcl().size()), CoreMatchers.is(1));
            MatcherAssert.assertThat(((ACL) sASLOwnerACLProvider.getDefaultAcl().get(0)).getId().getScheme(), CoreMatchers.is("sasl"));
            MatcherAssert.assertThat(((ACL) sASLOwnerACLProvider.getDefaultAcl().get(0)).getId().getId(), CoreMatchers.is("principal"));
            MatcherAssert.assertThat(Integer.valueOf(((ACL) sASLOwnerACLProvider.getDefaultAcl().get(0)).getPerms()), CoreMatchers.is(31));
            Arrays.stream(new String[]{"/", "/foo", "/foo/bar/baz", "/random/path"}).forEach(str2 -> {
                MatcherAssert.assertThat(Integer.valueOf(sASLOwnerACLProvider.getAclForPath(str2).size()), CoreMatchers.is(1));
                MatcherAssert.assertThat(((ACL) sASLOwnerACLProvider.getAclForPath(str2).get(0)).getId().getScheme(), CoreMatchers.is("sasl"));
                MatcherAssert.assertThat(((ACL) sASLOwnerACLProvider.getAclForPath(str2).get(0)).getId().getId(), CoreMatchers.is("principal"));
                MatcherAssert.assertThat(Integer.valueOf(((ACL) sASLOwnerACLProvider.getAclForPath(str2).get(0)).getPerms()), CoreMatchers.is(31));
            });
            MatcherAssert.assertThat(System.getProperty("zookeeper.sasl.clientconfig"), CoreMatchers.is("TestEntry"));
            MatcherAssert.assertThat(System.getProperty("zookeeper.authProvider.1"), CoreMatchers.is("org.apache.zookeeper.server.auth.SASLAuthenticationProvider"));
            Configuration configuration2 = Configuration.getConfiguration();
            MatcherAssert.assertThat(Integer.valueOf(configuration2.getAppConfigurationEntry("TestEntry").length), CoreMatchers.is(1));
            AppConfigurationEntry appConfigurationEntry = configuration2.getAppConfigurationEntry("TestEntry")[0];
            MatcherAssert.assertThat(appConfigurationEntry.getOptions().get("keyTab"), CoreMatchers.is("keytabLoc"));
            MatcherAssert.assertThat(appConfigurationEntry.getOptions().get("principal"), CoreMatchers.is("principal@some.host/SOME.REALM"));
            MatcherAssert.assertThat(appConfigurationEntry.getOptions().get("useKeyTab"), CoreMatchers.is("true"));
            MatcherAssert.assertThat(appConfigurationEntry.getOptions().get("storeKey"), CoreMatchers.is("true"));
            MatcherAssert.assertThat(appConfigurationEntry.getOptions().get("useTicketCache"), CoreMatchers.is("false"));
            MatcherAssert.assertThat(appConfigurationEntry.getOptions().get("refreshKrb5Config"), CoreMatchers.is("true"));
            if (System.getProperty("java.vendor").contains("IBM")) {
                MatcherAssert.assertThat(appConfigurationEntry.getLoginModuleName(), CoreMatchers.is("com.ibm.security.auth.module.Krb5LoginModule"));
            } else {
                MatcherAssert.assertThat(appConfigurationEntry.getLoginModuleName(), CoreMatchers.is("com.sun.security.auth.module.Krb5LoginModule"));
            }
            verifyDummyConnectionString();
            verifyDefaultZKFactory();
            verifyDefaultNamespace();
            verifyDefaultSessionTimeout();
            verifyDefaultConnectionTimeout();
            verifyDefaultRetryPolicy();
            verifyDefaultZKClientConfig();
        } finally {
            Configuration.setConfiguration(configuration);
            System.setProperty("java.vendor", property);
        }
    }

    private void verifyDummyConnectionString() {
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).connectString(TestAuthenticationFilter.DummyAuthenticationHandler.TYPE);
    }

    private void verifyDefaultNamespace() {
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).namespace((String) null);
    }

    private void verifyDefaultZKFactory() {
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).zookeeperFactory((ZookeeperFactory) ArgumentMatchers.isA(ConfigurableZookeeperFactory.class));
    }

    private void verifyDefaultSessionTimeout() {
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).sessionTimeoutMs(60000);
    }

    private void verifyDefaultConnectionTimeout() {
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).connectionTimeoutMs(15000);
    }

    private void verifyDefaultRetryPolicy() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ExponentialBackoffRetry.class);
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).retryPolicy((RetryPolicy) forClass.capture());
        ExponentialBackoffRetry exponentialBackoffRetry = (ExponentialBackoffRetry) forClass.getValue();
        MatcherAssert.assertThat(Integer.valueOf(exponentialBackoffRetry.getBaseSleepTimeMs()), CoreMatchers.is(1000));
        MatcherAssert.assertThat(Integer.valueOf(exponentialBackoffRetry.getN()), CoreMatchers.is(3));
    }

    private void verifyDefaultAclProvider() {
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).aclProvider((ACLProvider) ArgumentMatchers.isA(DefaultACLProvider.class));
    }

    private void verifyDefaultZKClientConfig() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ZKClientConfig.class);
        ((CuratorFrameworkFactory.Builder) Mockito.verify(this.cfBuilder)).zkClientConfig((ZKClientConfig) forClass.capture());
        ZKClientConfig zKClientConfig = (ZKClientConfig) forClass.getValue();
        MatcherAssert.assertThat(zKClientConfig.getProperty("zookeeper.client.secure"), isEmptyOrFalse());
        ClientX509Util clientX509Util = new ClientX509Util();
        Throwable th = null;
        try {
            try {
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslKeystoreLocationProperty()), isEmpty());
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslKeystorePasswdProperty()), isEmpty());
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslTruststoreLocationProperty()), isEmpty());
                MatcherAssert.assertThat(zKClientConfig.getProperty(clientX509Util.getSslTruststorePasswdProperty()), isEmpty());
                if (clientX509Util != null) {
                    if (0 == 0) {
                        clientX509Util.close();
                        return;
                    }
                    try {
                        clientX509Util.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (clientX509Util != null) {
                if (th != null) {
                    try {
                        clientX509Util.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    clientX509Util.close();
                }
            }
            throw th4;
        }
    }

    private Matcher<String> isEmptyOrFalse() {
        return CoreMatchers.anyOf(isEmpty(), CoreMatchers.is("false"));
    }

    private Matcher<String> isEmpty() {
        return CoreMatchers.anyOf(new IsNull(), CoreMatchers.is(""));
    }
}
