package org.apache.hadoop.metrics2.sink;

import java.io.File;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.metrics2.MetricsSystem;
import org.apache.hadoop.metrics2.sink.RollingFileSystemSinkTestBase;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.NullGroupsMapping;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-hdfs-2.10.0-tests.jar:org/apache/hadoop/metrics2/sink/TestRollingFileSystemSinkWithSecureHdfs.class */
public class TestRollingFileSystemSinkWithSecureHdfs extends RollingFileSystemSinkTestBase {
    private static final int NUM_DATANODES = 4;
    private static MiniKdc kdc;
    private static String sinkPrincipal;
    private static String sinkKeytab;
    private static String hdfsPrincipal;
    private static String hdfsKeytab;
    private static String spnegoPrincipal;
    private MiniDFSCluster cluster = null;
    private UserGroupInformation sink = null;

    @BeforeClass
    public static void initKdc() throws Exception {
        kdc = new MiniKdc(MiniKdc.createConf(), ROOT_TEST_DIR);
        kdc.start();
        File file = new File(ROOT_TEST_DIR, "sink.keytab");
        sinkKeytab = file.getAbsolutePath();
        kdc.createPrincipal(file, new String[]{"sink/localhost"});
        sinkPrincipal = "sink/localhost@" + kdc.getRealm();
        File file2 = new File(ROOT_TEST_DIR, "hdfs.keytab");
        hdfsKeytab = file2.getAbsolutePath();
        kdc.createPrincipal(file2, new String[]{"hdfs/localhost", "HTTP/localhost"});
        hdfsPrincipal = "hdfs/localhost@" + kdc.getRealm();
        spnegoPrincipal = "HTTP/localhost@" + kdc.getRealm();
    }

    @Before
    public void initCluster() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication,privacy");
        RollingFileSystemSink.hasFlushed = false;
        RollingFileSystemSink.suppliedConf = createSecureConfig;
        this.cluster = new MiniDFSCluster.Builder(createSecureConfig).numDataNodes(4).build();
        this.cluster.waitActive();
        createDirectoriesSecurely();
    }

    @After
    public void stopCluster() {
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
        UserGroupInformation.setConfiguration(new Configuration());
        RollingFileSystemSink.suppliedConf = null;
        RollingFileSystemSink.suppliedFilesystem = null;
    }

    @AfterClass
    public static void shutdownKdc() {
        if (kdc != null) {
            kdc.stop();
        }
    }

    @Test
    public void testWithSecureHDFS() throws Exception {
        final String str = "hdfs://" + this.cluster.getNameNode().getHostAndPort() + "/tmp/test";
        final MetricsSystem initMetricsSystem = initMetricsSystem(str, true, false, true);
        assertMetricsContents((String) this.sink.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.metrics2.sink.TestRollingFileSystemSinkWithSecureHdfs.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws Exception {
                return TestRollingFileSystemSinkWithSecureHdfs.this.doWriteTest(initMetricsSystem, str, 1);
            }
        }));
    }

    @Test
    public void testMissingPropertiesWithSecureHDFS() throws Exception {
        initMetricsSystem("hdfs://" + this.cluster.getNameNode().getHostAndPort() + "/tmp/test", true, false);
        Assert.assertTrue("No exception was generated initializing the sink against a secure cluster even though the principal and keytab properties were missing", RollingFileSystemSinkTestBase.MockSink.errored);
    }

    protected void createDirectoriesSecurely() throws IOException, InterruptedException {
        Path path = new Path("/tmp");
        Path path2 = new Path(path, "test");
        FileSystem fileSystem = (FileSystem) UserGroupInformation.loginUserFromKeytabAndReturnUGI(hdfsPrincipal, hdfsKeytab).doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.hadoop.metrics2.sink.TestRollingFileSystemSinkWithSecureHdfs.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public FileSystem run() throws Exception {
                return TestRollingFileSystemSinkWithSecureHdfs.this.cluster.getFileSystem();
            }
        });
        fileSystem.mkdirs(path);
        fileSystem.setPermission(path, new FsPermission((short) 511));
        this.sink = UserGroupInformation.loginUserFromKeytabAndReturnUGI(sinkPrincipal, sinkKeytab);
        FileSystem fileSystem2 = (FileSystem) this.sink.doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.hadoop.metrics2.sink.TestRollingFileSystemSinkWithSecureHdfs.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public FileSystem run() throws Exception {
                return TestRollingFileSystemSinkWithSecureHdfs.this.cluster.getFileSystem();
            }
        });
        fileSystem2.mkdirs(path2);
        RollingFileSystemSink.suppliedFilesystem = fileSystem2;
    }

    protected HdfsConfiguration createSecureConfig(String str) throws Exception {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, hdfsConfiguration);
        hdfsConfiguration.set("dfs.namenode.kerberos.principal", hdfsPrincipal);
        hdfsConfiguration.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, hdfsKeytab);
        hdfsConfiguration.set("dfs.datanode.kerberos.principal", hdfsPrincipal);
        hdfsConfiguration.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, hdfsKeytab);
        hdfsConfiguration.set("rfssink.principal", sinkPrincipal);
        hdfsConfiguration.set("rfssink.keytab", sinkKeytab);
        hdfsConfiguration.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
        hdfsConfiguration.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
        hdfsConfiguration.set("dfs.data.transfer.protection", str);
        hdfsConfiguration.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
        hdfsConfiguration.set("dfs.namenode.https-address", "localhost:0");
        hdfsConfiguration.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
        hdfsConfiguration.setInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);
        hdfsConfiguration.set("hadoop.security.group.mapping", NullGroupsMapping.class.getName());
        KeyStoreTestUtil.setupSSLConfig(methodDir.getAbsolutePath(), KeyStoreTestUtil.getClasspathDir(getClass()), hdfsConfiguration, false);
        hdfsConfiguration.set("dfs.client.https.keystore.resource", KeyStoreTestUtil.getClientSSLConfigFileName());
        hdfsConfiguration.set(DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, KeyStoreTestUtil.getServerSSLConfigFileName());
        return hdfsConfiguration;
    }
}
