package org.apache.hadoop.security;

import java.io.IOException;
import java.security.PrivilegedAction;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/security/TestUGIWithSecurityOn.class */
public class TestUGIWithSecurityOn {
    public static boolean isKdcRunning() {
        String property = System.getProperty("startKdc");
        return property != null && property.equals("true");
    }

    @Before
    public void testKdcRunning() {
        Assume.assumeTrue(isKdcRunning());
    }

    @Test
    public void testLogin() throws IOException {
        String str = System.getProperty("kdc.resource.dir") + "/keytabs/nn1.keytab";
        String str2 = System.getProperty("kdc.resource.dir") + "/keytabs/user1.keytab";
        Configuration configuration = new Configuration();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI("nn1/localhost@EXAMPLE.COM", str);
        UserGroupInformation loginUserFromKeytabAndReturnUGI2 = UserGroupInformation.loginUserFromKeytabAndReturnUGI("user1@EXAMPLE.COM", str2);
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, loginUserFromKeytabAndReturnUGI.getAuthenticationMethod());
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, loginUserFromKeytabAndReturnUGI2.getAuthenticationMethod());
        try {
            UserGroupInformation.loginUserFromKeytabAndReturnUGI("bogus@EXAMPLE.COM", str);
            Assert.fail("Login should have failed");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Test
    public void testGetUGIFromKerberosSubject() throws IOException {
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI("user1@EXAMPLE.COM", System.getProperty("kdc.resource.dir") + "/keytabs/user1.keytab");
        if (loginUserFromKeytabAndReturnUGI.getSubject().getPrincipals(KerberosPrincipal.class).isEmpty()) {
            Assert.fail("There should be a kerberos principal in the subject.");
            return;
        }
        UserGroupInformation uGIFromSubject = UserGroupInformation.getUGIFromSubject(loginUserFromKeytabAndReturnUGI.getSubject());
        if (uGIFromSubject != null) {
            uGIFromSubject.doAs(new PrivilegedAction<Object>() { // from class: org.apache.hadoop.security.TestUGIWithSecurityOn.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        String userName = UserGroupInformation.getCurrentUser().getUserName();
                        Assert.assertEquals(userName, "user1@EXAMPLE.COM");
                        System.out.println("DO AS USERNAME: " + userName);
                        return null;
                    } catch (IOException e) {
                        e.printStackTrace();
                        return null;
                    }
                }
            });
        }
    }
}
