package org.apache.hadoop.yarn.server.resourcemanager.security;

import io.hops.security.HopsUtil;
import io.hops.util.DBUtility;
import io.hops.util.RMStorageFactory;
import io.hops.util.YarnAPIStorageFactory;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.yarn.MockApps;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
import org.apache.hadoop.yarn.api.records.Container;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.ResourceRequest;
import org.apache.hadoop.yarn.api.records.impl.pb.ApplicationSubmissionContextPBImpl;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.event.DrainDispatcher;
import org.apache.hadoop.yarn.event.EventHandler;
import org.apache.hadoop.yarn.server.resourcemanager.ApplicationMasterService;
import org.apache.hadoop.yarn.server.resourcemanager.MockAM;
import org.apache.hadoop.yarn.server.resourcemanager.MockNM;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.RMAppManager;
import org.apache.hadoop.yarn.server.resourcemanager.RMContext;
import org.apache.hadoop.yarn.server.resourcemanager.RMContextImpl;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.DBRMStateStore;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.ApplicationStateData;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppCertificateGeneratedEvent;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppEvent;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppEventType;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppImpl;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppState;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AMLivelinessMonitor;
import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer;
import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNodeImpl;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.security.RMAppCertificateManager;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager.class */
public class TestRMAppCertificateManager {
    private static final Log LOG = LogFactory.getLog(TestRMAppCertificateManager.class);
    private static final String BASE_DIR = Paths.get(System.getProperty("test.build.dir", Paths.get("target", "test-dir").toString()), TestRMAppCertificateManager.class.getSimpleName()).toString();
    private static final File BASE_DIR_FILE = new File(BASE_DIR);
    private static String classPath;
    private Configuration conf;
    private DrainDispatcher dispatcher;
    private RMContext rmContext;
    private File sslServerFile;

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MockFailingRMAppCertificateManager.class */
    private class MockFailingRMAppCertificateManager extends RMAppCertificateManager {
        private int numberOfRenewalFailures;
        private boolean renewalFailed;
        private final Integer succeedAfterRetries;

        /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MockFailingRMAppCertificateManager$MockFailingCertificateRenewer.class */
        public class MockFailingCertificateRenewer extends RMAppCertificateManager.CertificateRenewer {
            private final Integer succeedAfterRetries;

            public MockFailingCertificateRenewer(ApplicationId applicationId, String str, Integer num, Integer num2) {
                super(MockFailingRMAppCertificateManager.this, applicationId, str, num);
                this.succeedAfterRetries = num2;
            }

            /* JADX WARN: Multi-variable type inference failed */
            public void run() {
                try {
                    if (this.backOff.getNumberOfRetries() < this.succeedAfterRetries.intValue()) {
                        throw new Exception("Ooops something went wrong");
                    }
                    MockFailingRMAppCertificateManager.this.getRenewalTasks().remove(this.appId);
                    TestRMAppCertificateManager.LOG.info("Renewed certificate for application " + this.appId);
                } catch (Exception e) {
                    MockFailingRMAppCertificateManager.this.getRenewalTasks().remove(this.appId);
                    this.backOffTime = this.backOff.getBackOffInMillis();
                    if (this.backOffTime == -1) {
                        TestRMAppCertificateManager.LOG.error("Failed to renew certificate for application " + this.appId + " Failed more than 4 times, giving up");
                        MockFailingRMAppCertificateManager.this.renewalFailed = true;
                    } else {
                        MockFailingRMAppCertificateManager.access$908(MockFailingRMAppCertificateManager.this);
                        TestRMAppCertificateManager.LOG.warn("Failed to renew certificate for application " + this.appId + ". Retrying in " + this.backOffTime + " ms");
                        MockFailingRMAppCertificateManager.this.getRenewalTasks().put(this.appId, MockFailingRMAppCertificateManager.this.getScheduler().schedule((Runnable) this, this.backOffTime, TimeUnit.MILLISECONDS));
                    }
                }
            }
        }

        public MockFailingRMAppCertificateManager(Integer num) {
            super(TestRMAppCertificateManager.this.rmContext);
            this.numberOfRenewalFailures = 0;
            this.renewalFailed = false;
            this.succeedAfterRetries = num;
        }

        public int getNumberOfRenewalFailures() {
            return this.numberOfRenewalFailures;
        }

        public boolean hasRenewalFailed() {
            return this.renewalFailed;
        }

        public boolean isRPCTLSEnabled() {
            return true;
        }

        public void generateCertificate(ApplicationId applicationId, String str, Integer num) {
            getRmContext().getDispatcher().getEventHandler().handle(new RMAppEvent(applicationId, RMAppEventType.KILL));
        }

        public Runnable createCertificateRenewerTask(ApplicationId applicationId, String str, Integer num) {
            return new MockFailingCertificateRenewer(applicationId, str, num, this.succeedAfterRetries);
        }

        static /* synthetic */ int access$908(MockFailingRMAppCertificateManager mockFailingRMAppCertificateManager) {
            int i = mockFailingRMAppCertificateManager.numberOfRenewalFailures;
            mockFailingRMAppCertificateManager.numberOfRenewalFailures = i + 1;
            return i;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MockRMAppCertificateManager.class */
    private class MockRMAppCertificateManager extends RMAppCertificateManager {
        private final boolean loadTrustStore;
        private final String systemTMP;
        private long oldCertificateExpiration;
        private boolean renewalException;

        /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MockRMAppCertificateManager$MockCertificateRenewer.class */
        public class MockCertificateRenewer extends RMAppCertificateManager.CertificateRenewer {
            private final long oldCertificateExpiration;

            public MockCertificateRenewer(ApplicationId applicationId, String str, Integer num, long j) {
                super(MockRMAppCertificateManager.this, applicationId, str, num);
                this.oldCertificateExpiration = j;
            }

            public void run() {
                try {
                    TestRMAppCertificateManager.LOG.info("Renewing certificate for application " + this.appId);
                    KeyPair generateKeyPair = MockRMAppCertificateManager.this.generateKeyPair();
                    int intValue = this.currentCryptoVersion.intValue();
                    MockRMAppCertificateManager mockRMAppCertificateManager = MockRMAppCertificateManager.this;
                    ApplicationId applicationId = this.appId;
                    String str = this.appUser;
                    Integer valueOf = Integer.valueOf(this.currentCryptoVersion.intValue() + 1);
                    this.currentCryptoVersion = valueOf;
                    PKCS10CertificationRequest generateCSR = mockRMAppCertificateManager.generateCSR(applicationId, str, generateKeyPair, valueOf);
                    int parseInt = Integer.parseInt(HopsUtil.extractOUFromSubject(generateCSR.getSubject().toString()));
                    if (intValue + 1 != parseInt) {
                        TestRMAppCertificateManager.LOG.error("Crypto version of new certificate is wrong: " + parseInt);
                        MockRMAppCertificateManager.this.renewalException = true;
                    }
                    X509Certificate sendCSRAndGetSigned = MockRMAppCertificateManager.this.sendCSRAndGetSigned(generateCSR);
                    long time = sendCSRAndGetSigned.getNotAfter().getTime();
                    if (time <= this.oldCertificateExpiration) {
                        TestRMAppCertificateManager.LOG.error("New certificate expiration time is older than old certificate");
                        MockRMAppCertificateManager.this.renewalException = true;
                    }
                    RMAppCertificateManager.KeyStoresWrapper createApplicationStores = MockRMAppCertificateManager.this.createApplicationStores(sendCSRAndGetSigned, generateKeyPair.getPrivate(), this.appUser, this.appId);
                    byte[] rawKeyStore = createApplicationStores.getRawKeyStore(RMAppCertificateManager.TYPE.KEYSTORE);
                    byte[] rawKeyStore2 = createApplicationStores.getRawKeyStore(RMAppCertificateManager.TYPE.TRUSTSTORE);
                    MockRMAppCertificateManager.this.getRenewalTasks().remove(this.appId);
                    MockRMAppCertificateManager.this.getRmContext().getDispatcher().getEventHandler().handle(new RMAppCertificateGeneratedEvent(this.appId, rawKeyStore, createApplicationStores.getKeyStorePassword(), rawKeyStore2, createApplicationStores.getTrustStorePassword(), time, RMAppEventType.CERTS_RENEWED));
                    TestRMAppCertificateManager.LOG.info("Renewed certificate for application " + this.appId);
                } catch (Exception e) {
                    TestRMAppCertificateManager.LOG.error("Exception while renewing certificate. This should not have happened here", e);
                    MockRMAppCertificateManager.this.renewalException = true;
                }
            }
        }

        public MockRMAppCertificateManager(boolean z, RMContext rMContext) throws Exception {
            super(rMContext);
            this.renewalException = false;
            this.loadTrustStore = z;
            this.systemTMP = System.getProperty("java.io.tmpdir");
        }

        public KeyStore loadSystemTrustStore(Configuration configuration) throws GeneralSecurityException, IOException {
            if (this.loadTrustStore) {
                return super.loadSystemTrustStore(configuration);
            }
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            return keyStore;
        }

        public void generateCertificate(ApplicationId applicationId, String str, Integer num) {
            boolean z = false;
            ByteArrayInputStream byteArrayInputStream = null;
            try {
                try {
                    KeyPair generateKeyPair = generateKeyPair();
                    PKCS10CertificationRequest generateCSR = generateCSR(applicationId, str, generateKeyPair, num);
                    Assert.assertEquals(str, HopsUtil.extractCNFromSubject(generateCSR.getSubject().toString()));
                    Assert.assertEquals(applicationId.toString(), HopsUtil.extractOFromSubject(generateCSR.getSubject().toString()));
                    Assert.assertEquals(String.valueOf(num), HopsUtil.extractOUFromSubject(generateCSR.getSubject().toString()));
                    X509Certificate sendCSRAndGetSigned = sendCSRAndGetSigned(generateCSR);
                    sendCSRAndGetSigned.checkValidity();
                    long time = sendCSRAndGetSigned.getNotAfter().getTime();
                    Assert.assertTrue(time >= Instant.now().toEpochMilli());
                    TestingRMAppCertificateActions rmAppCertificateActions = getRmAppCertificateActions();
                    if (rmAppCertificateActions instanceof TestingRMAppCertificateActions) {
                        sendCSRAndGetSigned.verify(rmAppCertificateActions.getCaCert().getPublicKey(), "BC");
                    }
                    RMAppCertificateManager.KeyStoresWrapper createApplicationStores = createApplicationStores(sendCSRAndGetSigned, generateKeyPair.getPrivate(), str, applicationId);
                    X509Certificate x509Certificate = (X509Certificate) createApplicationStores.getKeystore().getCertificate(str);
                    byte[] rawKeyStore = createApplicationStores.getRawKeyStore(RMAppCertificateManager.TYPE.KEYSTORE);
                    Assert.assertNotNull(rawKeyStore);
                    Assert.assertNotEquals(0L, rawKeyStore.length);
                    Assert.assertFalse(Paths.get(this.systemTMP, str + "-" + applicationId.toString() + "_kstore.jks").toFile().exists());
                    char[] keyStorePassword = createApplicationStores.getKeyStorePassword();
                    Assert.assertNotNull(keyStorePassword);
                    Assert.assertNotEquals(0L, keyStorePassword.length);
                    byte[] rawKeyStore2 = createApplicationStores.getRawKeyStore(RMAppCertificateManager.TYPE.TRUSTSTORE);
                    Assert.assertFalse(Paths.get(this.systemTMP, str + "-" + applicationId.toString() + "_tstore.jks").toFile().exists());
                    char[] trustStorePassword = createApplicationStores.getTrustStorePassword();
                    Assert.assertNotNull(trustStorePassword);
                    Assert.assertNotEquals(0L, trustStorePassword.length);
                    verifyContentOfAppTrustStore(rawKeyStore2, trustStorePassword, str, applicationId);
                    if (rmAppCertificateActions instanceof TestingRMAppCertificateActions) {
                        x509Certificate.verify(rmAppCertificateActions.getCaCert().getPublicKey(), "BC");
                    }
                    Assert.assertEquals(str, HopsUtil.extractCNFromSubject(x509Certificate.getSubjectX500Principal().getName()));
                    Assert.assertEquals(applicationId.toString(), HopsUtil.extractOFromSubject(x509Certificate.getSubjectX500Principal().getName()));
                    Assert.assertEquals(String.valueOf(num), HopsUtil.extractOUFromSubject(x509Certificate.getSubjectX500Principal().getName()));
                    getRmContext().getDispatcher().getEventHandler().handle(new RMAppCertificateGeneratedEvent(applicationId, rawKeyStore, keyStorePassword, rawKeyStore2, trustStorePassword, time, RMAppEventType.CERTS_GENERATED));
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                TestRMAppCertificateManager.LOG.error(e3, e3);
                z = true;
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e4) {
                    }
                }
            }
            Assert.assertFalse(z);
        }

        public void revokeCertificate(ApplicationId applicationId, String str, Integer num) {
            try {
                putToQueue(applicationId, str, num);
                waitForQueueToDrain();
            } catch (InterruptedException e) {
                TestRMAppCertificateManager.LOG.error(e, e);
                Assert.fail("Exception should not be thrown here");
            }
        }

        public boolean isRPCTLSEnabled() {
            return true;
        }

        private void verifyContentOfAppTrustStore(byte[] bArr, char[] cArr, String str, ApplicationId applicationId) throws GeneralSecurityException, IOException {
            File file = Paths.get(this.systemTMP, str + "-" + applicationId.toString() + "_tstore.jks").toFile();
            boolean z = false;
            try {
                KeyStore loadSystemTrustStore = loadSystemTrustStore(TestRMAppCertificateManager.this.conf);
                FileUtils.writeByteArrayToFile(file, bArr, false);
                KeyStore keyStore = KeyStore.getInstance("JKS");
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th = null;
                try {
                    try {
                        keyStore.load(fileInputStream, cArr);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        Enumeration<String> aliases = loadSystemTrustStore.aliases();
                        while (true) {
                            if (!aliases.hasMoreElements()) {
                                break;
                            }
                            String nextElement = aliases.nextElement();
                            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                            if (x509Certificate == null) {
                                z = true;
                                break;
                            } else if (!Arrays.equals(((X509Certificate) loadSystemTrustStore.getCertificate(nextElement)).getSignature(), x509Certificate.getSignature())) {
                                z = true;
                                break;
                            }
                        }
                        FileUtils.deleteQuietly(file);
                        Assert.assertFalse(z);
                    } finally {
                    }
                } finally {
                }
            } catch (Throwable th3) {
                FileUtils.deleteQuietly(file);
                Assert.assertFalse(false);
                throw th3;
            }
        }

        public void setOldCertificateExpiration(long j) {
            this.oldCertificateExpiration = j;
        }

        public Runnable createCertificateRenewerTask(ApplicationId applicationId, String str, Integer num) {
            return new MockCertificateRenewer(applicationId, str, num, 1L);
        }

        public boolean getRenewalException() {
            return this.renewalException;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MockRMAppEventHandler.class */
    private class MockRMAppEventHandler implements EventHandler<RMAppEvent> {
        private final RMAppEventType expectedEventType;
        private boolean assertionFailure;

        private MockRMAppEventHandler(RMAppEventType rMAppEventType) {
            this.expectedEventType = rMAppEventType;
            this.assertionFailure = false;
        }

        public void handle(RMAppEvent rMAppEvent) {
            if (rMAppEvent == null) {
                this.assertionFailure = true;
                return;
            }
            if (!this.expectedEventType.equals(rMAppEvent.getType())) {
                this.assertionFailure = true;
            } else {
                if (!rMAppEvent.getType().equals(RMAppEventType.CERTS_GENERATED) || (rMAppEvent instanceof RMAppCertificateGeneratedEvent)) {
                    return;
                }
                this.assertionFailure = true;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void verifyEvent() {
            Assert.assertFalse(this.assertionFailure);
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MyMockRM.class */
    private class MyMockRM extends MockRM {
        public MyMockRM(Configuration configuration) {
            super(configuration);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.hadoop.yarn.server.resourcemanager.MockRM
        public RMAppCertificateManager createRMAppCertificateManager() throws Exception {
            return (MockRMAppCertificateManager) Mockito.spy(new MockRMAppCertificateManager(false, this.rmContext));
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MyMockRM2.class */
    private class MyMockRM2 extends MockRM {

        /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MyMockRM2$MyRMApp.class */
        private class MyRMApp extends RMAppImpl {
            public MyRMApp(ApplicationId applicationId, RMContext rMContext, Configuration configuration, String str, String str2, String str3, ApplicationSubmissionContext applicationSubmissionContext, YarnScheduler yarnScheduler, ApplicationMasterService applicationMasterService, long j, String str4, Set<String> set, ResourceRequest resourceRequest) throws IOException {
                super(applicationId, rMContext, configuration, str, str2, str3, applicationSubmissionContext, yarnScheduler, applicationMasterService, j, str4, set, resourceRequest);
            }

            public void rmNodeHasUpdatedCryptoMaterial(NodeId nodeId) {
            }
        }

        /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMAppCertificateManager$MyMockRM2$MyRMAppManager.class */
        private class MyRMAppManager extends RMAppManager {
            public MyRMAppManager(RMContext rMContext, YarnScheduler yarnScheduler, ApplicationMasterService applicationMasterService, ApplicationACLsManager applicationACLsManager, Configuration configuration) {
                super(rMContext, yarnScheduler, applicationMasterService, applicationACLsManager, configuration);
            }

            protected RMApp createRMApp(ApplicationId applicationId, String str, ApplicationSubmissionContext applicationSubmissionContext, long j, ResourceRequest resourceRequest) throws IOException {
                return new MyRMApp(applicationId, MyMockRM2.this.rmContext, MyMockRM2.this.getConfig(), applicationSubmissionContext.getApplicationName(), str, applicationSubmissionContext.getQueue(), applicationSubmissionContext, MyMockRM2.this.scheduler, MyMockRM2.this.masterService, j, applicationSubmissionContext.getApplicationType(), applicationSubmissionContext.getApplicationTags(), resourceRequest);
            }
        }

        public MyMockRM2(Configuration configuration) {
            super(configuration);
        }

        protected RMAppManager createRMAppManager() {
            return new MyRMAppManager(this.rmContext, this.scheduler, this.masterService, this.applicationACLsManager, getConfig());
        }
    }

    @BeforeClass
    public static void beforeClass() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        BASE_DIR_FILE.mkdirs();
        classPath = KeyStoreTestUtil.getClasspathDir(TestRMAppCertificateManager.class);
    }

    @Before
    public void beforeTest() throws Exception {
        this.conf = new Configuration();
        this.conf.set(YarnConfiguration.HOPS_HOPSWORKS_HOST_KEY, "https://bbc3.sics.se:33473");
        this.conf.set("yarn.resourcemanager.certificate.expiration-safety-period", "5s");
        RMAppCertificateActionsFactory.getInstance().clear();
        RMStorageFactory.setConfiguration(this.conf);
        YarnAPIStorageFactory.setConfiguration(this.conf);
        DBUtility.InitializeDB();
        this.dispatcher = new DrainDispatcher();
        this.rmContext = new RMContextImpl(this.dispatcher, (ContainerAllocationExpirer) null, (AMLivelinessMonitor) null, (AMLivelinessMonitor) null, (DelegationTokenRenewer) null, (AMRMTokenSecretManager) null, (RMContainerTokenSecretManager) null, (NMTokenSecretManagerInRM) null, (ClientToAMTokenSecretManagerInRM) null);
        this.dispatcher.init(this.conf);
        this.dispatcher.start();
        String str = TestRMAppCertificateManager.class.getSimpleName() + ".ssl-server.xml";
        this.sslServerFile = Paths.get(classPath, str).toFile();
        Configuration configuration = new Configuration(false);
        configuration.set("hops.hopsworks.user", "agent-user");
        configuration.set("hops.hopsworks.password", "agent-password");
        KeyStoreTestUtil.saveConfig(this.sslServerFile, configuration);
        this.conf.set("hadoop.ssl.server.conf", str);
    }

    @After
    public void afterTest() throws Exception {
        if (this.dispatcher != null) {
            this.dispatcher.stop();
        }
        if (this.sslServerFile != null) {
            this.sslServerFile.delete();
        }
    }

    @AfterClass
    public static void afterClass() throws Exception {
        if (BASE_DIR_FILE.exists()) {
            FileUtils.deleteDirectory(BASE_DIR_FILE);
        }
        RMAppCertificateActionsFactory.getInstance().clear();
    }

    @Test
    public void testSuccessfulCertificateCreationTesting() throws Exception {
        File file = null;
        try {
            this.conf.set("hops.rm.certificate.actor.class", "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppCertificateActions");
            TestingRMAppCertificateActions actor = RMAppCertificateActionsFactory.getInstance().getActor(this.conf);
            String path = Paths.get(BASE_DIR, "trustStore.jks").toString();
            X509Certificate caCert = actor.getCaCert();
            String str = caCert.getIssuerX500Principal().getName().split("=")[1];
            String str2 = TestRMAppCertificateManager.class.getSimpleName() + "-testSuccessfulCertificateCreationTesting.ssl-server.xml";
            file = Paths.get(classPath, str2).toFile();
            this.conf.set("hadoop.ssl.server.conf", str2);
            createTrustStore(path, "password", str, caCert);
            saveConfig(file.getAbsoluteFile(), createSSLConfig("", "", "", path, "password", ""));
            MockRMAppEventHandler mockRMAppEventHandler = new MockRMAppEventHandler(RMAppEventType.CERTS_GENERATED);
            this.rmContext.getDispatcher().register(RMAppEventType.class, mockRMAppEventHandler);
            MockRMAppCertificateManager mockRMAppCertificateManager = new MockRMAppCertificateManager(true, this.rmContext);
            mockRMAppCertificateManager.init(this.conf);
            mockRMAppCertificateManager.start();
            mockRMAppCertificateManager.handle(new RMAppCertificateManagerEvent(ApplicationId.newInstance(System.currentTimeMillis(), 1), "userA", 1, RMAppCertificateManagerEventType.GENERATE_CERTIFICATE));
            this.dispatcher.await();
            mockRMAppEventHandler.verifyEvent();
            mockRMAppCertificateManager.stop();
            if (file != null) {
                file.delete();
            }
        } catch (Throwable th) {
            if (file != null) {
                file.delete();
            }
            throw th;
        }
    }

    @Test
    public void testCertificateRenewal() throws Exception {
        this.conf.set("hops.rm.certificate.actor.class", "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppCertificateActions");
        MockRMAppCertificateManager mockRMAppCertificateManager = new MockRMAppCertificateManager(false, this.rmContext);
        mockRMAppCertificateManager.init(this.conf);
        mockRMAppCertificateManager.start();
        Instant now = Instant.now();
        Instant plus = now.plus(10L, (TemporalUnit) ChronoUnit.SECONDS);
        ApplicationId newInstance = ApplicationId.newInstance(now.toEpochMilli(), 1);
        mockRMAppCertificateManager.setOldCertificateExpiration(plus.toEpochMilli());
        mockRMAppCertificateManager.registerWithCertificateRenewer(newInstance, "Dolores", 1, Long.valueOf(plus.toEpochMilli()));
        Map renewalTasks = mockRMAppCertificateManager.getRenewalTasks();
        ScheduledFuture scheduledFuture = (ScheduledFuture) renewalTasks.get(newInstance);
        Assert.assertFalse(scheduledFuture.isCancelled());
        Assert.assertFalse(scheduledFuture.isDone());
        TimeUnit.SECONDS.sleep(10L);
        Assert.assertTrue(scheduledFuture.isDone());
        Assert.assertFalse(mockRMAppCertificateManager.getRenewalException());
        Assert.assertTrue(renewalTasks.isEmpty());
        mockRMAppCertificateManager.stop();
    }

    @Test(timeout = 12000)
    public void testFailedCertificateRenewal() throws Exception {
        this.conf.set("hops.rm.certificate.actor.class", "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppCertificateActions");
        MockFailingRMAppCertificateManager mockFailingRMAppCertificateManager = new MockFailingRMAppCertificateManager(Integer.MAX_VALUE);
        mockFailingRMAppCertificateManager.init(this.conf);
        mockFailingRMAppCertificateManager.start();
        Instant now = Instant.now();
        Instant plus = now.plus(10L, (TemporalUnit) ChronoUnit.SECONDS);
        ApplicationId newInstance = ApplicationId.newInstance(now.toEpochMilli(), 1);
        mockFailingRMAppCertificateManager.registerWithCertificateRenewer(newInstance, "Dolores", 1, Long.valueOf(plus.toEpochMilli()));
        Map renewalTasks = mockFailingRMAppCertificateManager.getRenewalTasks();
        ScheduledFuture scheduledFuture = (ScheduledFuture) renewalTasks.get(newInstance);
        Assert.assertFalse(scheduledFuture.isCancelled());
        Assert.assertFalse(scheduledFuture.isDone());
        Assert.assertFalse(mockFailingRMAppCertificateManager.hasRenewalFailed());
        Assert.assertEquals(0L, mockFailingRMAppCertificateManager.getNumberOfRenewalFailures());
        TimeUnit.SECONDS.sleep(10L);
        Assert.assertTrue(renewalTasks.isEmpty());
        Assert.assertEquals(4L, mockFailingRMAppCertificateManager.getNumberOfRenewalFailures());
        Assert.assertTrue(mockFailingRMAppCertificateManager.hasRenewalFailed());
        mockFailingRMAppCertificateManager.stop();
    }

    @Test(timeout = 12000)
    public void testRetryCertificateRenewal() throws Exception {
        this.conf.set("hops.rm.certificate.actor.class", "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppCertificateActions");
        MockFailingRMAppCertificateManager mockFailingRMAppCertificateManager = new MockFailingRMAppCertificateManager(2);
        mockFailingRMAppCertificateManager.init(this.conf);
        mockFailingRMAppCertificateManager.start();
        Instant now = Instant.now();
        mockFailingRMAppCertificateManager.registerWithCertificateRenewer(ApplicationId.newInstance(now.toEpochMilli(), 1), "Dolores", 1, Long.valueOf(now.plus(10L, (TemporalUnit) ChronoUnit.SECONDS).toEpochMilli()));
        TimeUnit.SECONDS.sleep(10L);
        Assert.assertEquals(2L, mockFailingRMAppCertificateManager.getNumberOfRenewalFailures());
        Assert.assertFalse(mockFailingRMAppCertificateManager.hasRenewalFailed());
        Assert.assertTrue(mockFailingRMAppCertificateManager.getRenewalTasks().isEmpty());
        mockFailingRMAppCertificateManager.stop();
    }

    @Test
    @Ignore
    public void testSuccessfulCertificateCreationRemote() throws Exception {
        DevHopsworksRMAppCertificateActions devHopsworksRMAppCertificateActions = (DevHopsworksRMAppCertificateActions) Mockito.spy(new DevHopsworksRMAppCertificateActions());
        devHopsworksRMAppCertificateActions.setConf(this.conf);
        devHopsworksRMAppCertificateActions.init();
        RMAppCertificateActionsFactory.getInstance().register(devHopsworksRMAppCertificateActions);
        MockRMAppCertificateManager mockRMAppCertificateManager = new MockRMAppCertificateManager(false, this.rmContext);
        mockRMAppCertificateManager.init(this.conf);
        mockRMAppCertificateManager.start();
        mockRMAppCertificateManager.handle(new RMAppCertificateManagerEvent(ApplicationId.newInstance(System.currentTimeMillis(), 1), "userA", 1, RMAppCertificateManagerEventType.GENERATE_CERTIFICATE));
        this.dispatcher.await();
        mockRMAppCertificateManager.stop();
    }

    @Test
    @Ignore
    public void testCertificateRevocationRemote() throws Exception {
        this.conf.setBoolean("ipc.server.ssl.enabled", true);
        DevHopsworksRMAppCertificateActions devHopsworksRMAppCertificateActions = (DevHopsworksRMAppCertificateActions) Mockito.spy(new DevHopsworksRMAppCertificateActions());
        devHopsworksRMAppCertificateActions.setConf(this.conf);
        devHopsworksRMAppCertificateActions.init();
        RMAppCertificateActionsFactory.getInstance().register(devHopsworksRMAppCertificateActions);
        MockRMAppCertificateManager mockRMAppCertificateManager = (MockRMAppCertificateManager) Mockito.spy(new MockRMAppCertificateManager(false, this.rmContext));
        mockRMAppCertificateManager.init(this.conf);
        mockRMAppCertificateManager.start();
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        mockRMAppCertificateManager.handle(new RMAppCertificateManagerEvent(newInstance, "Alice", 1, RMAppCertificateManagerEventType.GENERATE_CERTIFICATE));
        this.dispatcher.await();
        ((DevHopsworksRMAppCertificateActions) Mockito.verify(devHopsworksRMAppCertificateActions)).sign((PKCS10CertificationRequest) Mockito.any(PKCS10CertificationRequest.class));
        mockRMAppCertificateManager.handle(new RMAppCertificateManagerEvent(newInstance, "Alice", 1, RMAppCertificateManagerEventType.REVOKE_CERTIFICATE));
        this.dispatcher.await();
        ((MockRMAppCertificateManager) Mockito.verify(mockRMAppCertificateManager)).revokeCertificate(newInstance, "Alice", 1);
        ((MockRMAppCertificateManager) Mockito.verify(mockRMAppCertificateManager)).deregisterFromCertificateRenewer(newInstance);
        TimeUnit.SECONDS.sleep(3L);
        ((DevHopsworksRMAppCertificateActions) Mockito.verify(devHopsworksRMAppCertificateActions)).revoke((String) Mockito.eq("Alice__" + newInstance.toString() + "__" + ((Object) 1)));
        mockRMAppCertificateManager.stop();
    }

    @Test
    public void testFailingCertificateCreationLocal() throws Exception {
        this.conf.set("hops.rm.certificate.actor.class", "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppCertificateActions");
        MockRMAppEventHandler mockRMAppEventHandler = new MockRMAppEventHandler(RMAppEventType.KILL);
        this.rmContext.getDispatcher().register(RMAppEventType.class, mockRMAppEventHandler);
        MockFailingRMAppCertificateManager mockFailingRMAppCertificateManager = new MockFailingRMAppCertificateManager(Integer.MAX_VALUE);
        mockFailingRMAppCertificateManager.init(this.conf);
        mockFailingRMAppCertificateManager.start();
        mockFailingRMAppCertificateManager.handle(new RMAppCertificateManagerEvent(ApplicationId.newInstance(System.currentTimeMillis(), 1), "userA", 1, RMAppCertificateManagerEventType.GENERATE_CERTIFICATE));
        this.dispatcher.await();
        mockRMAppEventHandler.verifyEvent();
        mockFailingRMAppCertificateManager.stop();
    }

    @Test(timeout = 20000)
    public void testCertificateRevocationMonitor() throws Exception {
        RMAppCertificateActions rMAppCertificateActions = (RMAppCertificateActions) Mockito.spy(new TestingRMAppCertificateActions());
        rMAppCertificateActions.init();
        RMAppCertificateActionsFactory.getInstance().register(rMAppCertificateActions);
        this.conf.set("yarn.resourcemanager.certificate.expiration-safety-period", "40s");
        this.conf.set("yarn.resourcemanager.certificate.revocation-monitor-interval", "3s");
        this.conf.setBoolean("ipc.server.ssl.enabled", true);
        MyMockRM myMockRM = new MyMockRM(this.conf);
        myMockRM.start();
        MockNM mockNM = new MockNM("127.0.0.1:8032", 15360, myMockRM.getResourceTrackerService());
        mockNM.registerNode();
        RMApp submitApp = myMockRM.submitApp(1024, "application1", "Phil", new HashMap(), false, "default", 2, null, "MAPREDUCE", true, false);
        mockNM.nodeHeartbeat(true);
        while (!submitApp.isAppRotatingCryptoMaterial()) {
            TimeUnit.MILLISECONDS.sleep(500L);
        }
        Assert.assertTrue(submitApp.isAppRotatingCryptoMaterial());
        Assert.assertNotEquals(-1L, submitApp.getMaterialRotationStartTime());
        TimeUnit.SECONDS.sleep(6L);
        Assert.assertFalse(submitApp.isAppRotatingCryptoMaterial());
        Assert.assertEquals(-1L, submitApp.getMaterialRotationStartTime());
        ((RMAppCertificateActions) Mockito.verify(rMAppCertificateActions)).revoke((String) Mockito.eq(RMAppCertificateManager.getCertificateIdentifier(submitApp.getApplicationId(), submitApp.getUser(), Integer.valueOf(submitApp.getCryptoMaterialVersion().intValue() - 1))));
        ((RMAppCertificateManager) Mockito.verify(myMockRM.getRMContext().getRMAppCertificateManager(), Mockito.never())).revokeCertificate((ApplicationId) Mockito.any(ApplicationId.class), Mockito.anyString(), Integer.valueOf(Mockito.anyInt()), Mockito.anyBoolean());
        myMockRM.stop();
    }

    @Test
    public void testApplicationSubmission() throws Exception {
        this.conf.set("hops.rm.certificate.actor.class", "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppCertificateActions");
        this.conf.setBoolean("yarn.resourcemanager.recovery.enabled", true);
        this.conf.set("yarn.resourcemanager.store.class", DBRMStateStore.class.getName());
        this.conf.set("yarn.resourcemanager.certificate.expiration-safety-period", "45s");
        this.conf.setBoolean("ipc.server.ssl.enabled", true);
        MyMockRM myMockRM = new MyMockRM(this.conf);
        myMockRM.start();
        MockNM mockNM = new MockNM("127.0.0.1:8032", 15360, myMockRM.getResourceTrackerService());
        mockNM.registerNode();
        RMAppImpl submitApp = myMockRM.submitApp(1024, "application1", "Phil", new HashMap(), false, "default", 2, null, "MAPREDUCE", true, false);
        mockNM.nodeHeartbeat(true);
        Assert.assertNotNull(submitApp);
        byte[] keyStore = submitApp.getKeyStore();
        Assert.assertNotNull(keyStore);
        Assert.assertNotEquals(0L, keyStore.length);
        char[] keyStorePassword = submitApp.getKeyStorePassword();
        Assert.assertNotNull(keyStorePassword);
        Assert.assertNotEquals(0L, keyStorePassword.length);
        byte[] trustStore = submitApp.getTrustStore();
        Assert.assertNotNull(trustStore);
        Assert.assertNotEquals(0L, trustStore.length);
        char[] trustStorePassword = submitApp.getTrustStorePassword();
        Integer cryptoMaterialVersion = submitApp.getCryptoMaterialVersion();
        Assert.assertNotNull(trustStorePassword);
        Assert.assertNotEquals(0L, trustStorePassword.length);
        TimeUnit.SECONDS.sleep(5L);
        byte[] keyStore2 = submitApp.getKeyStore();
        Assert.assertFalse(Arrays.equals(keyStore, keyStore2));
        Assert.assertNotEquals(0L, keyStore2.length);
        byte[] trustStore2 = submitApp.getTrustStore();
        Assert.assertFalse(Arrays.equals(trustStore, trustStore2));
        Assert.assertNotEquals(0L, trustStore2.length);
        char[] keyStorePassword2 = submitApp.getKeyStorePassword();
        Assert.assertFalse(Arrays.equals(keyStorePassword, keyStorePassword2));
        Assert.assertNotEquals(0L, keyStorePassword2.length);
        char[] trustStorePassword2 = submitApp.getTrustStorePassword();
        Assert.assertFalse(Arrays.equals(trustStorePassword, trustStorePassword2));
        Assert.assertNotEquals(0L, trustStorePassword2.length);
        Integer cryptoMaterialVersion2 = submitApp.getCryptoMaterialVersion();
        Assert.assertEquals(Integer.valueOf(cryptoMaterialVersion.intValue() + 1), cryptoMaterialVersion2);
        ApplicationStateData applicationStateData = (ApplicationStateData) myMockRM.getRMContext().getStateStore().loadState().getApplicationState().get(submitApp.getApplicationId());
        Assert.assertTrue(Arrays.equals(keyStore2, applicationStateData.getKeyStore()));
        Assert.assertTrue(Arrays.equals(trustStore2, applicationStateData.getTrustStore()));
        Assert.assertTrue(Arrays.equals(keyStorePassword2, applicationStateData.getKeyStorePassword()));
        Assert.assertTrue(Arrays.equals(trustStorePassword2, applicationStateData.getTrustStorePassword()));
        Assert.assertEquals(cryptoMaterialVersion2, applicationStateData.getCryptoMaterialVersion());
        Assert.assertTrue(applicationStateData.isDuringMaterialRotation());
        Assert.assertNotEquals(-1L, applicationStateData.getMaterialRotationStartTime());
        HashSet hashSet = new HashSet(1);
        hashSet.add(submitApp.getApplicationId());
        mockNM.nodeHeartbeat(Collections.emptyList(), Collections.emptyList(), true, mockNM.getNextResponseId(), hashSet);
        TimeUnit.MILLISECONDS.sleep(100L);
        Assert.assertNull(submitApp.getRMNodesUpdatedCryptoMaterial());
        Assert.assertFalse(submitApp.isAppRotatingCryptoMaterial());
        ApplicationStateData applicationStateData2 = (ApplicationStateData) myMockRM.getRMContext().getStateStore().loadState().getApplicationState().get(submitApp.getApplicationId());
        Assert.assertFalse(applicationStateData2.isDuringMaterialRotation());
        Assert.assertEquals(-1L, applicationStateData2.getMaterialRotationStartTime());
        Assert.assertTrue(myMockRM.getRMContext().getRMAppCertificateManager().getRenewalTasks().containsKey(submitApp.getApplicationId()));
        TimeUnit.MILLISECONDS.sleep(100L);
        ((RMAppCertificateManager) Mockito.verify(myMockRM.getRMContext().getRMAppCertificateManager())).revokeCertificate((ApplicationId) Mockito.eq(submitApp.getApplicationId()), (String) Mockito.eq(submitApp.getUser()), Integer.valueOf(Mockito.eq(submitApp.getCryptoMaterialVersion().intValue() - 1)), Mockito.eq(true));
        myMockRM.stop();
        this.conf.set("yarn.resourcemanager.certificate.expiration-safety-period", "2d");
        MyMockRM myMockRM2 = new MyMockRM(this.conf);
        myMockRM2.start();
        mockNM.setResourceTrackerService(myMockRM2.getResourceTrackerService());
        mockNM.nodeHeartbeat(true);
        RMApp rMApp = (RMApp) myMockRM2.getRMContext().getRMApps().get(submitApp.getApplicationId());
        Assert.assertNotNull(rMApp);
        Assert.assertTrue(Arrays.equals(keyStore2, rMApp.getKeyStore()));
        ApplicationStateData applicationStateData3 = (ApplicationStateData) myMockRM2.getRMContext().getStateStore().loadState().getApplicationState().get(submitApp.getApplicationId());
        Assert.assertFalse(applicationStateData3.isDuringMaterialRotation());
        Assert.assertEquals(-1L, applicationStateData3.getMaterialRotationStartTime());
        Assert.assertTrue(myMockRM2.getRMContext().getRMAppCertificateManager().getRenewalTasks().containsKey(submitApp.getApplicationId()));
        myMockRM2.killApp(submitApp.getApplicationId());
        myMockRM2.waitForState(submitApp.getApplicationId(), RMAppState.KILLED);
        Assert.assertTrue(myMockRM2.getRMContext().getRMAppCertificateManager().getRenewalTasks().isEmpty());
        myMockRM2.stop();
    }

    @Test
    public void testContainerAllocationDuringMaterialRotation() throws Exception {
        List list;
        this.conf.set("hops.rm.certificate.actor.class", "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppCertificateActions");
        this.conf.setBoolean("yarn.resourcemanager.recovery.enabled", true);
        this.conf.set("yarn.resourcemanager.store.class", DBRMStateStore.class.getName());
        this.conf.set("yarn.resourcemanager.certificate.expiration-safety-period", "40s");
        this.conf.setBoolean("ipc.server.ssl.enabled", true);
        MyMockRM2 myMockRM2 = new MyMockRM2(this.conf);
        myMockRM2.start();
        MockNM mockNM = new MockNM("127.0.0.1:1234", 2048, myMockRM2.getResourceTrackerService());
        mockNM.registerNode();
        RMApp submitApp = myMockRM2.submitApp(1024);
        mockNM.nodeHeartbeat(true);
        MockAM sendAMLaunched = myMockRM2.sendAMLaunched(submitApp.getCurrentAppAttempt().getAppAttemptId());
        sendAMLaunched.registerAppAttempt(true);
        sendAMLaunched.allocate("127.0.0.1", 512, 1, Collections.emptyList());
        mockNM.nodeHeartbeat(true);
        for (List allocatedContainers = sendAMLaunched.allocate(Collections.emptyList(), Collections.emptyList()).getAllocatedContainers(); allocatedContainers.size() < 1; allocatedContainers = sendAMLaunched.allocate(Collections.emptyList(), Collections.emptyList()).getAllocatedContainers()) {
            mockNM.nodeHeartbeat(true);
            TimeUnit.MILLISECONDS.sleep(200L);
        }
        while (!submitApp.isAppRotatingCryptoMaterial()) {
            TimeUnit.MILLISECONDS.sleep(500L);
        }
        MockNM mockNM2 = new MockNM("127.0.0.2:1234", 2048, myMockRM2.getResourceTrackerService());
        mockNM2.registerNode();
        Assert.assertTrue(submitApp.isAppRotatingCryptoMaterial());
        sendAMLaunched.allocate("127.0.0.2", 512, 1, Collections.emptyList());
        Assert.assertTrue(mockNM2.nodeHeartbeat(true).getUpdatedCryptoForApps().isEmpty());
        List allocatedContainers2 = sendAMLaunched.allocate(Collections.emptyList(), Collections.emptyList()).getAllocatedContainers();
        while (true) {
            list = allocatedContainers2;
            if (list.size() >= 1) {
                break;
            }
            Assert.assertTrue(mockNM2.nodeHeartbeat(true).getUpdatedCryptoForApps().isEmpty());
            TimeUnit.MILLISECONDS.sleep(200L);
            allocatedContainers2 = sendAMLaunched.allocate(Collections.emptyList(), Collections.emptyList()).getAllocatedContainers();
        }
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals(mockNM2.getNodeId(), ((Container) list.get(0)).getNodeId());
        TimeUnit.MILLISECONDS.sleep(500L);
        RMNodeImpl rMNodeImpl = (RMNodeImpl) myMockRM2.getRMContext().getRMNodes().get(mockNM2.getNodeId());
        Assert.assertNotNull(rMNodeImpl);
        for (int i = 0; rMNodeImpl.getAppCryptoMaterialToUpdate().isEmpty() && i < 10; i++) {
            TimeUnit.MILLISECONDS.sleep(300L);
        }
        Assert.assertFalse(rMNodeImpl.getAppCryptoMaterialToUpdate().isEmpty());
        Assert.assertTrue(mockNM2.nodeHeartbeat(true).getUpdatedCryptoForApps().containsKey(submitApp.getApplicationId()));
        myMockRM2.stop();
    }

    private RMApp createNewTestApplication(int i) throws IOException {
        ApplicationId newAppID = MockApps.newAppID(i);
        String newUserName = MockApps.newUserName();
        String newAppName = MockApps.newAppName();
        String newQueue = MockApps.newQueue();
        YarnScheduler yarnScheduler = (YarnScheduler) Mockito.mock(YarnScheduler.class);
        ApplicationMasterService applicationMasterService = new ApplicationMasterService(this.rmContext, yarnScheduler);
        ApplicationSubmissionContextPBImpl applicationSubmissionContextPBImpl = new ApplicationSubmissionContextPBImpl();
        applicationSubmissionContextPBImpl.setApplicationId(newAppID);
        RMAppImpl rMAppImpl = new RMAppImpl(newAppID, this.rmContext, this.conf, newAppName, newUserName, newQueue, applicationSubmissionContextPBImpl, yarnScheduler, applicationMasterService, System.currentTimeMillis(), "YARN", (Set) null, (ResourceRequest) Mockito.mock(ResourceRequest.class));
        this.rmContext.getRMApps().put(newAppID, rMAppImpl);
        return rMAppImpl;
    }

    private String getClasspathDir(Class cls) throws Exception {
        String str = cls.getName().replace('.', '/') + ".class";
        String path = Thread.currentThread().getContextClassLoader().getResource(str).toURI().getPath();
        return path.substring(0, (path.length() - str.length()) - 1);
    }

    private void createTrustStore(String str, String str2, String str3, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setCertificateEntry(str3, certificate);
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        try {
            keyStore.store(fileOutputStream, str2.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    private Configuration createSSLConfig(String str, String str2, String str3, String str4, String str5, String str6) {
        SSLFactory.Mode mode = SSLFactory.Mode.SERVER;
        Configuration configuration = new Configuration(false);
        if (str != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.location"), str);
        }
        if (str2 != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.password"), str2);
        }
        if (str3 != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.keypassword"), str3);
        }
        configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.reload.interval"), "1000");
        configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.reload.timeunit"), "MILLISECONDS");
        if (str4 != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.truststore.location"), str4);
        }
        if (str5 != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.truststore.password"), str5);
        }
        if (null != str6 && !str6.isEmpty()) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.exclude.cipher.list"), str6);
        }
        configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.truststore.reload.interval"), "1000");
        return configuration;
    }

    private void saveConfig(File file, Configuration configuration) throws IOException {
        FileWriter fileWriter = new FileWriter(file);
        try {
            configuration.writeXml(fileWriter);
            fileWriter.close();
        } catch (Throwable th) {
            fileWriter.close();
            throw th;
        }
    }
}
