package org.apache.flink.runtime.util;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.Assumptions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:org/apache/flink/runtime/util/HadoopUtilsTest.class */
class HadoopUtilsTest {
    HadoopUtilsTest() {
    }

    @BeforeAll
    static void setPropertiesToEnableKerberosConfigInit() throws KrbException {
        System.setProperty("java.security.krb5.realm", "EXAMPLE.COM");
        System.setProperty("java.security.krb5.kdc", "kdc");
        System.setProperty("java.security.krb5.conf", "/dev/null");
        Config.refresh();
    }

    @AfterAll
    static void cleanupHadoopConfigs() {
        UserGroupInformation.setConfiguration(new Configuration());
    }

    @Test
    void testShouldReturnFalseWhenNoKerberosCredentialsOrDelegationTokens() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        Assumptions.assumeThat(createTestUser.hasKerberosCredentials()).isFalse();
        boolean isKerberosSecurityEnabled = HadoopUtils.isKerberosSecurityEnabled(createTestUser);
        boolean areKerberosCredentialsValid = HadoopUtils.areKerberosCredentialsValid(createTestUser, true);
        Assertions.assertThat(isKerberosSecurityEnabled).isTrue();
        Assertions.assertThat(areKerberosCredentialsValid).isFalse();
    }

    @Test
    void testShouldReturnTrueWhenDelegationTokenIsPresent() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        createTestUser.addToken(getHDFSDelegationToken());
        Assumptions.assumeThat(createTestUser.hasKerberosCredentials()).isFalse();
        Assertions.assertThat(HadoopUtils.areKerberosCredentialsValid(createTestUser, true)).isTrue();
    }

    @Test
    void testShouldReturnTrueWhenKerberosCredentialsArePresent() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation userGroupInformation = (UserGroupInformation) Mockito.mock(UserGroupInformation.class);
        Mockito.when(userGroupInformation.getAuthenticationMethod()).thenReturn(UserGroupInformation.AuthenticationMethod.KERBEROS);
        Mockito.when(Boolean.valueOf(userGroupInformation.hasKerberosCredentials())).thenReturn(true);
        Assertions.assertThat(HadoopUtils.areKerberosCredentialsValid(userGroupInformation, true)).isTrue();
    }

    @Test
    void isKerberosSecurityEnabled_NoKerberos_ReturnsFalse() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.PROXY));
        Assertions.assertThat(HadoopUtils.isKerberosSecurityEnabled(createTestUser(UserGroupInformation.AuthenticationMethod.PROXY))).isFalse();
    }

    @Test
    void testShouldReturnTrueIfTicketCacheIsNotUsed() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        Assertions.assertThat(HadoopUtils.areKerberosCredentialsValid(createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS), false)).isTrue();
    }

    @Test
    void testShouldCheckIfTheUserHasHDFSDelegationToken() {
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        createTestUser.addToken(getHDFSDelegationToken());
        Assertions.assertThat(HadoopUtils.hasHDFSDelegationToken(createTestUser)).isTrue();
    }

    @Test
    void testShouldReturnFalseIfTheUserHasNoHDFSDelegationToken() {
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        Assumptions.assumeThat(createTestUser.getTokens().isEmpty()).isTrue();
        Assertions.assertThat(HadoopUtils.hasHDFSDelegationToken(createTestUser)).isFalse();
    }

    private static Configuration getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod authenticationMethod) {
        Configuration configuration = new Configuration(true);
        configuration.set("hadoop.security.authentication", authenticationMethod.name());
        return configuration;
    }

    private static UserGroupInformation createTestUser(UserGroupInformation.AuthenticationMethod authenticationMethod) {
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("test-user");
        createRemoteUser.setAuthenticationMethod(authenticationMethod);
        return createRemoteUser;
    }

    private static Token<DelegationTokenIdentifier> getHDFSDelegationToken() {
        Token<DelegationTokenIdentifier> token = new Token<>();
        token.setKind(HadoopUtils.HDFS_DELEGATION_TOKEN_KIND);
        return token;
    }
}
