package io.hops.security;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jwt.JWTClaimsSet;
import io.hops.security.ServiceJWTManager;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.channels.FileLock;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.HashSet;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.math3.util.Pair;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.util.DateUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-common-2.8.2.10-RC2/share/hadoop/common/hadoop-common-2.8.2.10-RC2-tests.jar:io/hops/security/TestServiceJWTManager.class
  input_file:test-classes/io/hops/security/TestServiceJWTManager.class
 */
/* loaded from: input_file:hadoop-common-2.8.2.10-RC2-tests.jar:io/hops/security/TestServiceJWTManager.class */
public class TestServiceJWTManager {
    private static final Log LOG = LogFactory.getLog(TestServiceJWTManager.class);
    private static MockJWTIssuer jwtIssuer;
    private static String sslConfFilename;
    private static Path sslServerPath;
    private static String classpath;
    private Configuration conf;
    private ServiceJWTManager jwtManager;

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-common-2.8.2.10-RC2/share/hadoop/common/hadoop-common-2.8.2.10-RC2-tests.jar:io/hops/security/TestServiceJWTManager$FailingTestingServiceJWTManager.class
      input_file:test-classes/io/hops/security/TestServiceJWTManager$FailingTestingServiceJWTManager.class
     */
    /* loaded from: input_file:hadoop-common-2.8.2.10-RC2-tests.jar:io/hops/security/TestServiceJWTManager$FailingTestingServiceJWTManager.class */
    private class FailingTestingServiceJWTManager extends TestingServiceJWTManager {
        private final int succeedAfterRetries;
        private int failures;
        private final Set<String> usedOneTimeTokens;

        public FailingTestingServiceJWTManager(String str, String str2, String[] strArr, LocalDateTime localDateTime, int i) {
            super(str, str2, strArr, localDateTime);
            this.failures = 0;
            this.usedOneTimeTokens = new HashSet(strArr.length);
            this.succeedAfterRetries = i;
        }

        @Override // io.hops.security.TestServiceJWTManager.TestingServiceJWTManager, io.hops.security.ServiceJWTManager
        protected ServiceJWTManager.ServiceTokenDTO renewServiceJWT(String str, String str2, LocalDateTime localDateTime, LocalDateTime localDateTime2) throws URISyntaxException, IOException {
            this.usedOneTimeTokens.add(str2);
            int i = this.failures;
            this.failures = i + 1;
            if (i < this.succeedAfterRetries) {
                throw new IOException("oops");
            }
            return super.renewServiceJWT(str, str2, localDateTime, localDateTime2);
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-common-2.8.2.10-RC2/share/hadoop/common/hadoop-common-2.8.2.10-RC2-tests.jar:io/hops/security/TestServiceJWTManager$TestingServiceJWTManager.class
      input_file:test-classes/io/hops/security/TestServiceJWTManager$TestingServiceJWTManager.class
     */
    /* loaded from: input_file:hadoop-common-2.8.2.10-RC2-tests.jar:io/hops/security/TestServiceJWTManager$TestingServiceJWTManager.class */
    private class TestingServiceJWTManager extends ServiceJWTManager {
        private final String newMasterToken;
        private final String[] newRenewalTokens;
        private final LocalDateTime expiresAt;
        private boolean renewed;
        private boolean tried2lock;

        public TestingServiceJWTManager(String str, String str2, String[] strArr, LocalDateTime localDateTime) {
            super(str);
            this.renewed = false;
            this.tried2lock = false;
            this.newMasterToken = str2;
            this.newRenewalTokens = strArr;
            this.expiresAt = localDateTime;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // io.hops.security.ServiceJWTManager
        public FileLock tryAndGetLock() {
            this.tried2lock = true;
            return super.tryAndGetLock();
        }

        @Override // io.hops.security.ServiceJWTManager
        protected ServiceJWTManager.ServiceTokenDTO renewServiceJWT(String str, String str2, LocalDateTime localDateTime, LocalDateTime localDateTime2) throws URISyntaxException, IOException {
            ServiceJWTManager.JWTDTO jwtdto = new ServiceJWTManager.JWTDTO();
            jwtdto.setToken(this.newMasterToken);
            jwtdto.setNbf(DateUtils.localDateTime2Date(localDateTime2));
            jwtdto.setExpiresAt(DateUtils.localDateTime2Date(this.expiresAt));
            ServiceJWTManager.ServiceTokenDTO serviceTokenDTO = new ServiceJWTManager.ServiceTokenDTO();
            serviceTokenDTO.setJwt(jwtdto);
            serviceTokenDTO.setRenewTokens(this.newRenewalTokens);
            this.renewed = true;
            return serviceTokenDTO;
        }

        @Override // io.hops.security.ServiceJWTManager
        protected void invalidateServiceJWT(String str) throws URISyntaxException, IOException {
        }

        @Override // io.hops.security.ServiceJWTManager
        protected boolean isTime2Renew(LocalDateTime localDateTime, LocalDateTime localDateTime2) {
            return !this.renewed;
        }
    }

    @BeforeClass
    public static void beforeClass() throws Exception {
        byte[] bArr = new byte[32];
        new Random().nextBytes(bArr);
        jwtIssuer = new MockJWTIssuer(bArr);
        classpath = KeyStoreTestUtil.getClasspathDir(TestServiceJWTManager.class);
        sslConfFilename = TestServiceJWTManager.class.getSimpleName() + ".ssl-server.xml";
        sslServerPath = Paths.get(classpath, sslConfFilename);
    }

    @Before
    public void beforeTest() throws Exception {
        this.conf = new Configuration();
        Configuration configuration = new Configuration(false);
        Pair<String, String[]> generateMasterAndRenewTokens = generateMasterAndRenewTokens(5);
        configuration.set(ServiceJWTManager.JWT_MANAGER_MASTER_TOKEN_KEY, generateMasterAndRenewTokens.getFirst());
        for (int i = 0; i < generateMasterAndRenewTokens.getSecond().length; i++) {
            configuration.set(String.format(ServiceJWTManager.JWT_MANAGER_RENEW_TOKEN_PATTERN, Integer.valueOf(i)), generateMasterAndRenewTokens.getSecond()[i]);
        }
        KeyStoreTestUtil.saveConfig(sslServerPath.toFile(), configuration);
        this.conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslConfFilename);
        this.conf.setBoolean(CommonConfigurationKeysPublic.IPC_SERVER_SSL_ENABLED, true);
    }

    @After
    public void after() throws Exception {
        if (this.jwtManager != null) {
            this.jwtManager.stop();
        }
        if (sslServerPath != null) {
            sslServerPath.toFile().delete();
        }
    }

    @Test
    public void testUpdatingJWTConf() throws Exception {
        LocalDateTime now = DateUtils.getNow();
        LocalDateTime plus = now.plus(10L, (TemporalUnit) ChronoUnit.MINUTES);
        Pair<String, String[]> generateMasterAndRenewTokens = generateMasterAndRenewTokens(5, now, plus);
        this.jwtManager = new TestingServiceJWTManager("TestingJWTManager", generateMasterAndRenewTokens.getFirst(), generateMasterAndRenewTokens.getSecond(), plus);
        this.jwtManager.init(this.conf);
        this.jwtManager.start();
        TimeUnit.MILLISECONDS.sleep(500L);
        Assert.assertTrue(((TestingServiceJWTManager) this.jwtManager).renewed);
        Configuration configuration = new Configuration(false);
        configuration.addResource(this.conf.get(SSLFactory.SSL_SERVER_CONF_KEY));
        Assert.assertEquals(generateMasterAndRenewTokens.getFirst(), configuration.get(ServiceJWTManager.JWT_MANAGER_MASTER_TOKEN_KEY, ""));
        for (int i = 0; i < generateMasterAndRenewTokens.getSecond().length; i++) {
            Assert.assertEquals(generateMasterAndRenewTokens.getSecond()[i], configuration.get(String.format(ServiceJWTManager.JWT_MANAGER_RENEW_TOKEN_PATTERN, Integer.valueOf(i)), ""));
        }
        Assert.assertTrue(isUpdaterThreadStillRunning(this.jwtManager.getExecutorService()));
    }

    @Test
    public void testUpdateRetryOnFailure() throws Exception {
        LocalDateTime now = DateUtils.getNow();
        LocalDateTime plus = now.plus(10L, (TemporalUnit) ChronoUnit.MINUTES);
        Pair<String, String[]> generateMasterAndRenewTokens = generateMasterAndRenewTokens(5, now, plus);
        this.jwtManager = new FailingTestingServiceJWTManager("FailingTestingJWTManager", generateMasterAndRenewTokens.getFirst(), generateMasterAndRenewTokens.getSecond(), plus, 3);
        this.jwtManager.init(this.conf);
        this.jwtManager.start();
        int i = 0;
        while (!((TestingServiceJWTManager) this.jwtManager).renewed) {
            int i2 = i;
            i++;
            if (i2 >= 10) {
                break;
            } else {
                TimeUnit.SECONDS.sleep(1L);
            }
        }
        Assert.assertTrue(((TestingServiceJWTManager) this.jwtManager).renewed);
        Assert.assertTrue(((FailingTestingServiceJWTManager) this.jwtManager).usedOneTimeTokens.size() > 1);
        Assert.assertTrue(isUpdaterThreadStillRunning(this.jwtManager.getExecutorService()));
    }

    private boolean isUpdaterThreadStillRunning(ExecutorService executorService) {
        try {
            executorService.submit(new Runnable() { // from class: io.hops.security.TestServiceJWTManager.1
                @Override // java.lang.Runnable
                public void run() {
                }
            }).get(500L, TimeUnit.MILLISECONDS);
            return false;
        } catch (Exception e) {
            return true;
        }
    }

    @Test
    public void testGiveUpAfterRetries() throws Exception {
        LocalDateTime now = DateUtils.getNow();
        LocalDateTime plus = now.plus(10L, (TemporalUnit) ChronoUnit.MINUTES);
        Pair<String, String[]> generateMasterAndRenewTokens = generateMasterAndRenewTokens(5, now, plus);
        this.jwtManager = new FailingTestingServiceJWTManager("FailingTestingJWTManager", generateMasterAndRenewTokens.getFirst(), generateMasterAndRenewTokens.getSecond(), plus, Integer.MAX_VALUE);
        this.jwtManager.init(this.conf);
        this.jwtManager.start();
        int i = 0;
        while (((FailingTestingServiceJWTManager) this.jwtManager).usedOneTimeTokens.size() < 5) {
            int i2 = i;
            i++;
            if (i2 >= 30) {
                break;
            } else {
                TimeUnit.SECONDS.sleep(1L);
            }
        }
        Assert.assertFalse(((TestingServiceJWTManager) this.jwtManager).renewed);
        Assert.assertEquals(5, ((FailingTestingServiceJWTManager) this.jwtManager).usedOneTimeTokens.size());
        Assert.assertFalse(isUpdaterThreadStillRunning(this.jwtManager.getExecutorService()));
    }

    @Test
    public void onlyOneRenewerShouldRun() throws Exception {
        LocalDateTime now = DateUtils.getNow();
        LocalDateTime plus = now.plus(10L, (TemporalUnit) ChronoUnit.MINUTES);
        Pair<String, String[]> generateMasterAndRenewTokens = generateMasterAndRenewTokens(5, now, plus);
        this.conf.set(CommonConfigurationKeysPublic.JWT_MANAGER_MASTER_TOKEN_VALIDITY_PERIOD, "2s");
        TestingServiceJWTManager testingServiceJWTManager = new TestingServiceJWTManager("TestingServiceJWTMgm0", generateMasterAndRenewTokens.getFirst(), generateMasterAndRenewTokens.getSecond(), plus);
        testingServiceJWTManager.init(this.conf);
        this.jwtManager = new TestingServiceJWTManager("TestingServiceJWTMgm1", generateMasterAndRenewTokens.getFirst(), generateMasterAndRenewTokens.getSecond(), plus);
        this.jwtManager.init(this.conf);
        String masterToken = this.jwtManager.getMasterToken();
        Assert.assertNotEquals("", masterToken);
        testingServiceJWTManager.start();
        int i = 0;
        while (!testingServiceJWTManager.renewed) {
            int i2 = i;
            i++;
            if (i2 >= 5) {
                break;
            } else {
                TimeUnit.SECONDS.sleep(1L);
            }
        }
        Assert.assertTrue(testingServiceJWTManager.renewed);
        this.jwtManager.start();
        int i3 = 0;
        while (!((TestingServiceJWTManager) this.jwtManager).tried2lock) {
            int i4 = i3;
            i3++;
            if (i4 >= 5) {
                break;
            } else {
                TimeUnit.SECONDS.sleep(1L);
            }
        }
        Assert.assertTrue(((TestingServiceJWTManager) this.jwtManager).tried2lock);
        Assert.assertFalse(((TestingServiceJWTManager) this.jwtManager).renewed);
        TimeUnit.SECONDS.sleep(this.conf.getTimeDuration(CommonConfigurationKeysPublic.JWT_MANAGER_MASTER_TOKEN_VALIDITY_PERIOD, 2L, TimeUnit.SECONDS));
        Assert.assertNotEquals(masterToken, this.jwtManager.getMasterToken());
        Assert.assertEquals(generateMasterAndRenewTokens.getFirst(), this.jwtManager.getMasterToken());
        testingServiceJWTManager.stop();
        int i5 = 0;
        while (!((TestingServiceJWTManager) this.jwtManager).renewed) {
            int i6 = i5;
            i5++;
            if (i6 >= 5) {
                break;
            } else {
                TimeUnit.SECONDS.sleep(1L);
            }
        }
        Assert.assertTrue(((TestingServiceJWTManager) this.jwtManager).renewed);
    }

    private JWTClaimsSet generateJWTClaims(LocalDateTime localDateTime, LocalDateTime localDateTime2, String str) {
        JWTClaimsSet jWTClaimsSet = new JWTClaimsSet();
        jWTClaimsSet.setSubject(str);
        jWTClaimsSet.setNotBeforeTime(DateUtils.localDateTime2Date(localDateTime));
        jWTClaimsSet.setExpirationTime(DateUtils.localDateTime2Date(localDateTime2));
        return jWTClaimsSet;
    }

    private Pair<String, String[]> generateMasterAndRenewTokens(int i) throws JOSEException {
        LocalDateTime now = DateUtils.getNow();
        return generateMasterAndRenewTokens(i, now, now.plus(10L, (TemporalUnit) ChronoUnit.MINUTES));
    }

    private Pair<String, String[]> generateMasterAndRenewTokens(int i, LocalDateTime localDateTime, LocalDateTime localDateTime2) throws JOSEException {
        String generate = jwtIssuer.generate(generateJWTClaims(localDateTime, localDateTime2, "master_token"));
        Assert.assertNotNull(generate);
        String[] strArr = new String[i];
        for (int i2 = 0; i2 < strArr.length; i2++) {
            String generate2 = jwtIssuer.generate(generateJWTClaims(localDateTime, localDateTime2, "renew_token_" + i2));
            Assert.assertNotNull(generate2);
            strArr[i2] = generate2;
        }
        return new Pair<>(generate, strArr);
    }
}
