package org.apache.hadoop.yarn.server.resourcemanager.security;

import io.hops.util.DBUtility;
import io.hops.util.RMStorageFactory;
import io.hops.util.YarnAPIStorageFactory;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.apache.hadoop.util.ExitUtil;
import org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenRequest;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
import org.apache.hadoop.yarn.server.resourcemanager.RMContext;
import org.apache.hadoop.yarn.server.resourcemanager.RMSecretManagerService;
import org.apache.hadoop.yarn.server.resourcemanager.TestRMRestart;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.FileSystemRMStateStore;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.RMStateStore;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.apache.log4j.Level;
import org.apache.log4j.LogManager;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMDelegationTokens.class */
public class TestRMDelegationTokens {
    private YarnConfiguration conf;
    private FileSystem fs;
    private Path tmpDir;

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMDelegationTokens$MyMockRM.class */
    class MyMockRM extends TestRMRestart.TestSecurityMockRM {
        public MyMockRM(Configuration configuration) {
            super(configuration);
        }

        protected RMSecretManagerService createRMSecretManagerService() {
            return new RMSecretManagerService(TestRMDelegationTokens.this.conf, this.rmContext) { // from class: org.apache.hadoop.yarn.server.resourcemanager.security.TestRMDelegationTokens.MyMockRM.1
                protected RMDelegationTokenSecretManager createRMDelegationTokenSecretManager(Configuration configuration, RMContext rMContext) {
                    return new TestRMDelegationTokenSecretManager(1000L, 1000L, 2000L, 1000L, rMContext);
                }
            };
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestRMDelegationTokens$TestRMDelegationTokenSecretManager.class */
    public class TestRMDelegationTokenSecretManager extends RMDelegationTokenSecretManager {
        public AtomicInteger numUpdatedKeys;

        public TestRMDelegationTokenSecretManager(long j, long j2, long j3, long j4, RMContext rMContext) {
            super(j, j2, j3, j4, rMContext);
            this.numUpdatedKeys = new AtomicInteger(0);
        }

        protected void storeNewMasterKey(DelegationKey delegationKey) {
            super.storeNewMasterKey(delegationKey);
            this.numUpdatedKeys.incrementAndGet();
        }

        public synchronized DelegationKey checkCurrentKeyInStateStore(Set<DelegationKey> set) {
            Iterator it = this.allKeys.keySet().iterator();
            while (it.hasNext()) {
                int intValue = ((Integer) it.next()).intValue();
                if (intValue == this.currentId) {
                    DelegationKey delegationKey = (DelegationKey) this.allKeys.get(Integer.valueOf(intValue));
                    boolean z = false;
                    Iterator<DelegationKey> it2 = set.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        if (it2.next().getKeyId() == intValue) {
                            z = true;
                            break;
                        }
                    }
                    Assert.assertTrue(z);
                    return delegationKey;
                }
            }
            return null;
        }
    }

    @Before
    public void setup() throws IOException {
        LogManager.getRootLogger().setLevel(Level.DEBUG);
        ExitUtil.disableSystemExit();
        this.conf = new YarnConfiguration();
        YarnAPIStorageFactory.setConfiguration(this.conf);
        RMStorageFactory.setConfiguration(this.conf);
        DBUtility.InitializeDB();
        UserGroupInformation.setLoginUser((UserGroupInformation) null);
        UserGroupInformation.setConfiguration(this.conf);
        this.fs = FileSystem.get(this.conf);
        this.tmpDir = new Path(new File("target", getClass().getSimpleName() + "-tmpDir").getAbsolutePath());
        this.fs.delete(this.tmpDir, true);
        this.fs.mkdirs(this.tmpDir);
        this.conf.setBoolean("yarn.resourcemanager.recovery.enabled", true);
        this.conf.set("yarn.resourcemanager.fs.state-store.uri", this.tmpDir.toString());
        this.conf.set("yarn.resourcemanager.store.class", FileSystemRMStateStore.class.getName());
    }

    @Test(timeout = 1500000)
    public void testRMDTMasterKeyStateOnRollingMasterKey() throws Exception {
        Set<DelegationKey> masterKeyState;
        Configuration configuration = new Configuration(this.conf);
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setLoginUser((UserGroupInformation) null);
        UserGroupInformation.setConfiguration(configuration);
        MyMockRM myMockRM = new MyMockRM(configuration);
        myMockRM.start();
        RMDelegationTokenSecretManager rMDelegationTokenSecretManager = myMockRM.getRMContext().getRMDelegationTokenSecretManager();
        Set masterKeyState2 = myMockRM.getRMContext().getStateStore().loadState().getRMDTSecretManagerState().getMasterKeyState();
        for (DelegationKey delegationKey : rMDelegationTokenSecretManager.getAllMasterKeys()) {
            boolean z = false;
            Iterator it = masterKeyState2.iterator();
            while (true) {
                if (it.hasNext()) {
                    DelegationKey delegationKey2 = (DelegationKey) it.next();
                    if (delegationKey.getKeyId() == delegationKey2.getKeyId() && Arrays.equals(delegationKey.getEncodedKey(), delegationKey2.getEncodedKey())) {
                        z = true;
                        break;
                    }
                }
            }
            Assert.assertTrue(z);
        }
        GetDelegationTokenRequest getDelegationTokenRequest = (GetDelegationTokenRequest) Mockito.mock(GetDelegationTokenRequest.class);
        Mockito.when(getDelegationTokenRequest.getRenewer()).thenReturn("renewer1");
        RMDelegationTokenIdentifier decodeIdentifier = ConverterUtils.convertFromYarn(myMockRM.getClientRMService().getDelegationToken(getDelegationTokenRequest).getRMDelegationToken(), (Text) null).decodeIdentifier();
        while (((TestRMDelegationTokenSecretManager) rMDelegationTokenSecretManager).numUpdatedKeys.get() < 3) {
            do {
                masterKeyState = myMockRM.getRMContext().getStateStore().loadState().getRMDTSecretManagerState().getMasterKeyState();
            } while (masterKeyState == null);
            ((TestRMDelegationTokenSecretManager) rMDelegationTokenSecretManager).checkCurrentKeyInStateStore(masterKeyState);
            Thread.sleep(100L);
        }
        Map tokenState = myMockRM.getRMContext().getStateStore().loadState().getRMDTSecretManagerState().getTokenState();
        for (int i = 0; tokenState.containsKey(decodeIdentifier) && i < 100; i++) {
            Thread.sleep(100L);
        }
        myMockRM.stop();
    }

    @Test(timeout = 15000)
    public void testRemoveExpiredMasterKeyInRMStateStore() throws Exception {
        MyMockRM myMockRM = new MyMockRM(this.conf);
        myMockRM.start();
        RMDelegationTokenSecretManager rMDelegationTokenSecretManager = myMockRM.getRMContext().getRMDelegationTokenSecretManager();
        RMStateStore.RMState loadState = myMockRM.getRMContext().getStateStore().loadState();
        Set masterKeyState = loadState.getRMDTSecretManagerState().getMasterKeyState();
        for (DelegationKey delegationKey : rMDelegationTokenSecretManager.getAllMasterKeys()) {
            boolean z = false;
            Iterator it = masterKeyState.iterator();
            while (true) {
                if (it.hasNext()) {
                    DelegationKey delegationKey2 = (DelegationKey) it.next();
                    if (delegationKey.getKeyId() == delegationKey2.getKeyId() && Arrays.equals(delegationKey.getEncodedKey(), delegationKey2.getEncodedKey())) {
                        z = true;
                        break;
                    }
                }
            }
            Assert.assertTrue(z);
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(rMDelegationTokenSecretManager.getAllMasterKeys());
        while (true) {
            myMockRM.getRMContext().getStateStore().loadState();
            Set masterKeyState2 = loadState.getRMDTSecretManagerState().getMasterKeyState();
            boolean z2 = true;
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                if (masterKeyState2.contains((DelegationKey) it2.next())) {
                    z2 = false;
                }
            }
            if (z2) {
                myMockRM.stop();
                return;
            }
            Thread.sleep(500L);
        }
    }
}
