package org.apache.zookeeper.server.auth;

import java.io.IOException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/zookeeper/server/auth/SASLAuthenticationProviderTest.class */
public class SASLAuthenticationProviderTest {
    static String rules;

    @BeforeClass
    public static void init() {
        rules = "RULE:[1:$1]\nRULE:[2:$1]";
    }

    @AfterClass
    public static void destroy() {
        System.clearProperty("zookeeper.security.auth_to_local");
    }

    @Test
    public void testEnsureOldBehaviour() throws IOException {
        test(false, false, false, "zk/hadoop@realm", "zk/hadoop@realm", true);
        test(false, false, false, "zk/hadoop@realm", "zk", false);
        test(false, false, false, "zk/hadoop@realm", "zk/hadoop", false);
        test(false, false, false, "zk/hadoop@realm", "zk@realm", false);
        test(true, false, false, "zk/hadoop@realm", "zk@realm", true);
        test(true, false, false, "zk/hadoop@realm", "zk/hadoop@realm", false);
        test(true, false, false, "zk/hadoop@realm", "zk", false);
        test(false, true, false, "zk/hadoop@realm", "zk/hadoop", true);
        test(false, true, false, "zk/hadoop@realm", "zk/hadoop@realm", false);
        test(false, true, false, "zk/hadoop@realm", "zk", false);
        test(true, true, false, "zk/hadoop@realm", "zk", true);
        test(true, true, false, "zk/hadoop@realm", "zk/hadoop@realm", false);
        test(true, true, false, "zk/hadoop@realm", "zk/hadoop", false);
        test(true, false, false, "zk@realm", "zk@realm", true);
        test(true, false, false, "zk@realm", "zk", false);
        test(false, true, false, "zk@realm", "zk", true);
        test(false, true, false, "zk@realm", "zk@realm", false);
        test(true, true, false, "zk@realm", "zk", true);
        test(true, true, false, "zk@realm", "zk@realm", false);
    }

    @Test
    public void testSameRealmACLs() throws IOException {
        test(false, false, true, "zk/hadoop@realm", "zk/hadoop@realm", true);
        test(false, false, true, "zk/hadoop@realm", "zk/hadoop", false);
        test(false, false, true, "zk/hadoop@realm", "zk@realm", true);
        test(false, false, true, "zk/hadoop@realm", "zk", true);
        test(true, false, true, "zk/hadoop@realm", "zk/hadoop@realm", true);
        test(true, false, true, "zk/hadoop@realm", "zk/hadoop", false);
        test(true, false, true, "zk/hadoop@realm", "zk@realm", true);
        test(true, false, true, "zk/hadoop@realm", "zk", true);
        test(false, true, true, "zk/hadoop@realm", "zk/hadoop@realm", true);
        test(false, true, true, "zk/hadoop@realm", "zk/hadoop", true);
        test(false, true, true, "zk/hadoop@realm", "zk@realm", true);
        test(false, true, true, "zk/hadoop@realm", "zk", true);
        test(true, true, true, "zk/hadoop@realm", "zk/hadoop@realm", true);
        test(true, true, true, "zk/hadoop@realm", "zk/hadoop", false);
        test(true, true, true, "zk/hadoop@realm", "zk@realm", true);
        test(true, true, true, "zk/hadoop@realm", "zk", true);
        test(false, false, true, "zk@realm", "zk@realm", true);
        test(false, false, true, "zk@realm", "zk", true);
        test(true, false, true, "zk@realm", "zk@realm", true);
        test(true, false, true, "zk@realm", "zk", true);
        test(false, true, true, "zk@realm", "zk@realm", true);
        test(false, true, true, "zk@realm", "zk", true);
        test(true, true, true, "zk@realm", "zk@realm", true);
        test(true, true, true, "zk@realm", "zk", true);
    }

    @Test
    public void testCrossRealmACLs() throws IOException {
        test(false, false, true, "zk/hadoop@realm1", "zk/hadoop@realm2", true);
        test(false, false, true, "zk/hadoop@realm1", "zk/hadoop2", false);
        test(false, false, true, "zk/hadoop@realm1", "zk@realm2", true);
        test(false, false, true, "zk/hadoop@realm1", "zk2", false);
        test(true, false, true, "zk/hadoop@realm1", "zk/hadoop@realm2", true);
        test(true, false, true, "zk/hadoop@realm1", "zk/hadoop2", false);
        test(true, false, true, "zk/hadoop@realm1", "zk@realm2", true);
        test(true, false, true, "zk/hadoop@realm1", "zk2", false);
        test(false, true, true, "zk/hadoop@realm1", "zk/hadoop@realm2", true);
        test(false, true, true, "zk/hadoop@realm1", "zk/hadoop2", false);
        test(false, true, true, "zk/hadoop@realm1", "zk@realm2", true);
        test(false, true, true, "zk/hadoop@realm1", "zk2", false);
        test(true, true, true, "zk/hadoop@realm1", "zk/hadoop@realm2", true);
        test(true, true, true, "zk/hadoop@realm1", "zk/hadoop2", false);
        test(true, true, true, "zk/hadoop@realm1", "zk@realm2", true);
        test(true, true, true, "zk/hadoop@realm1", "zk2", false);
        test(false, false, true, "zk@realm1", "zk@realm2", true);
        test(false, false, true, "zk@realm1", "zk2", false);
        test(true, false, true, "zk@realm1", "zk@realm2", true);
        test(true, false, true, "zk@realm1", "zk2", false);
        test(false, true, true, "zk@realm1", "zk@realm2", true);
        test(false, true, true, "zk@realm1", "zk2", false);
        test(true, true, true, "zk@realm1", "zk@realm2", true);
        test(true, true, true, "zk@realm1", "zk2", false);
        test(false, false, true, "zk/hadoop@realm1", "zk/hadoop@realm2", true);
        test(false, false, true, "zk/hadoop@realm1", "zk1/hadoop@realm2", false);
        test(true, false, true, "zk/hadoop@realm1", "zk/hadoop@realm2", true);
        test(true, false, true, "zk@realm1", "zk/hadoop@realm2", true);
        test(false, true, true, "zk/hadoop@realm1", "zk/hadoop@realm1", true);
        test(true, true, true, "zk/hadoop@realm1", "zk/hadoop@realm2", true);
        test(false, false, true, "zk/hadoop@realm1", "zk@realm2", true);
        test(false, false, true, "zk/hadoop@realm1", "zk@realm2", true);
        test(false, false, true, "zk/hadoop@realm1", "zk", true);
        test(false, false, true, "zk/hadoop@realm1", "zk1", false);
        test(false, false, true, "zk/hadoop@realm1", "zk@realm2", true);
        test(false, false, true, "zk/hadoop@realm1", "zk/hadoop", false);
    }

    private void test(boolean z, boolean z2, boolean z3, String str, String str2, boolean z4) throws IOException {
        try {
            System.setProperty("zookeeper.kerberos.removeHostFromPrincipal", Boolean.toString(z));
            System.setProperty("zookeeper.kerberos.removeRealmFromPrincipal", Boolean.toString(z2));
            System.setProperty("zookeeper.acl.compare.shortName", Boolean.toString(z3));
            Assert.assertEquals(Boolean.valueOf(z4), Boolean.valueOf(new SASLAuthenticationProvider().matches(getAuthorisedId(str), str2)));
            tearDown();
        } catch (Throwable th) {
            tearDown();
            throw th;
        }
    }

    @After
    public void tearDown() {
        System.clearProperty("zookeeper.acl.compare.shortName");
        System.clearProperty("zookeeper.kerberos.removeHostFromPrincipal");
        System.clearProperty("zookeeper.kerberos.removeRealmFromPrincipal");
    }

    private String getAuthorisedId(String str) throws IOException {
        System.setProperty("zookeeper.security.auth_to_local", rules);
        KerberosName.setConfiguration();
        KerberosName kerberosName = new KerberosName(str);
        StringBuilder sb = new StringBuilder(kerberosName.getShortName());
        if (shouldAppendHost(kerberosName)) {
            sb.append("/").append(kerberosName.getHostName());
        }
        if (shouldAppendRealm(kerberosName)) {
            sb.append("@").append(kerberosName.getRealm());
        }
        System.clearProperty("zookeeper.security.auth_to_local");
        KerberosName.setConfiguration();
        return sb.toString();
    }

    private boolean shouldAppendRealm(KerberosName kerberosName) {
        return (isSystemPropertyTrue("zookeeper.kerberos.removeRealmFromPrincipal") || kerberosName.getRealm() == null) ? false : true;
    }

    private boolean shouldAppendHost(KerberosName kerberosName) {
        return (isSystemPropertyTrue("zookeeper.kerberos.removeHostFromPrincipal") || kerberosName.getHostName() == null) ? false : true;
    }

    private boolean isSystemPropertyTrue(String str) {
        return "true".equals(System.getProperty(str));
    }
}
