package org.apache.falcon.security;

import java.io.IOException;
import org.apache.falcon.FalconException;
import org.apache.falcon.entity.v0.process.ACL;
import org.apache.falcon.entity.v0.process.Process;
import org.apache.falcon.service.GroupsService;
import org.apache.falcon.service.ProxyUserService;
import org.apache.falcon.service.Services;
import org.apache.falcon.util.FalconTestUtil;
import org.apache.falcon.util.RuntimeProperties;
import org.apache.falcon.util.StartupProperties;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/falcon/security/SecurityUtilTest.class */
public class SecurityUtilTest {
    private ProxyUserService proxyUserService;
    private GroupsService groupsService;

    @BeforeClass
    public void setUp() throws Exception {
        Services.get().register(new ProxyUserService());
        Services.get().register(new GroupsService());
        this.groupsService = Services.get().getService(GroupsService.SERVICE_NAME);
        this.proxyUserService = Services.get().getService(ProxyUserService.SERVICE_NAME);
        this.groupsService.init();
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
        this.proxyUserService.init();
    }

    @AfterClass
    public void tearDown() throws Exception {
        this.proxyUserService.destroy();
        this.groupsService.destroy();
        Services.get().reset();
    }

    @Test
    public void testDefaultGetAuthenticationType() throws Exception {
        Assert.assertEquals(SecurityUtil.getAuthenticationType(), "simple");
    }

    @Test
    public void testGetAuthenticationType() throws Exception {
        try {
            StartupProperties.get().setProperty("falcon.authentication.type", "kerberos");
            Assert.assertEquals(SecurityUtil.getAuthenticationType(), "kerberos");
            StartupProperties.get().setProperty("falcon.authentication.type", "simple");
        } catch (Throwable th) {
            StartupProperties.get().setProperty("falcon.authentication.type", "simple");
            throw th;
        }
    }

    @Test
    public void testIsSecurityEnabledByDefault() throws Exception {
        Assert.assertFalse(SecurityUtil.isSecurityEnabled());
    }

    @Test
    public void testIsSecurityEnabled() throws Exception {
        try {
            StartupProperties.get().setProperty("falcon.authentication.type", "kerberos");
            Assert.assertTrue(SecurityUtil.isSecurityEnabled());
            StartupProperties.get().setProperty("falcon.authentication.type", "simple");
        } catch (Throwable th) {
            StartupProperties.get().setProperty("falcon.authentication.type", "simple");
            throw th;
        }
    }

    @Test
    public void testIsAuthorizationEnabledByDefault() throws Exception {
        Assert.assertFalse(SecurityUtil.isAuthorizationEnabled());
    }

    @Test
    public void testIsAuthorizationEnabled() throws Exception {
        try {
            StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
            Assert.assertTrue(SecurityUtil.isAuthorizationEnabled());
            StartupProperties.get().setProperty("falcon.security.authorization.enabled", "false");
        } catch (Throwable th) {
            StartupProperties.get().setProperty("falcon.security.authorization.enabled", "false");
            throw th;
        }
    }

    @Test
    public void testGetAuthorizationProviderByDefault() throws Exception {
        Assert.assertNotNull(SecurityUtil.getAuthorizationProvider());
        Assert.assertEquals(SecurityUtil.getAuthorizationProvider().getClass(), DefaultAuthorizationProvider.class);
    }

    @Test
    public void testTryProxy() throws IOException, FalconException {
        Process process = (Process) Mockito.mock(Process.class);
        StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
        String property = System.getProperty("user.name");
        CurrentUser.authenticate(property);
        SecurityUtil.tryProxy(process, "");
        Assert.assertEquals(CurrentUser.getUser(), property);
        ACL acl = new ACL();
        acl.setOwner(FalconTestUtil.TEST_USER_2);
        acl.setGroup("users");
        Mockito.when(process.getACL()).thenReturn(acl);
        SecurityUtil.tryProxy(process, "");
        Assert.assertEquals(CurrentUser.getUser(), FalconTestUtil.TEST_USER_2);
    }

    @Test(expectedExceptions = {FalconException.class}, expectedExceptionsMessageRegExp = "doAs user and ACL owner mismatch.*")
    public void testTryProxyWithDoAsUser() throws IOException, FalconException {
        Process process = (Process) Mockito.mock(Process.class);
        StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
        ACL acl = new ACL();
        acl.setOwner(FalconTestUtil.TEST_USER_2);
        acl.setGroup("users");
        Mockito.when(process.getACL()).thenReturn(acl);
        CurrentUser.authenticate("foo");
        CurrentUser.proxyDoAsUser("doAsUser", "localhost");
        Assert.assertEquals(CurrentUser.getUser(), "doAsUser");
        SecurityUtil.tryProxy(process, "doAsUser");
    }
}
