package org.apache.hadoop.yarn.server.resourcemanager.security;

import io.hops.security.AbstractSecurityActions;
import io.hops.security.HopsSecurityActionsFactory;
import java.time.temporal.TemporalUnit;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.event.DrainDispatcher;
import org.apache.hadoop.yarn.server.resourcemanager.RMContext;
import org.apache.hadoop.yarn.server.resourcemanager.RMContextImpl;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppEventType;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AMLivelinessMonitor;
import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer;
import org.apache.hadoop.yarn.server.resourcemanager.security.JWTSecurityHandler;
import org.apache.hadoop.yarn.server.resourcemanager.security.MockJWTSecurityHandler;
import org.apache.hadoop.yarn.server.resourcemanager.security.RMSecurityHandlersBaseTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestJWTSecurityHandler.class */
public class TestJWTSecurityHandler extends RMSecurityHandlersBaseTest {
    private static final Log LOG = LogFactory.getLog(TestJWTSecurityHandler.class);
    private Configuration config;
    private DrainDispatcher dispatcher;
    private RMContext rmContext;

    @Before
    public void beforeTest() {
        this.config = new Configuration();
        this.config.setBoolean(YarnConfiguration.RM_JWT_ENABLED, true);
        HopsSecurityActionsFactory.getInstance().clear(this.config.get(YarnConfiguration.HOPS_RM_SECURITY_ACTOR_KEY, "org.apache.hadoop.yarn.server.resourcemanager.security.HopsworksRMAppSecurityActions"));
        this.dispatcher = new DrainDispatcher();
        this.rmContext = new RMContextImpl(this.dispatcher, (ContainerAllocationExpirer) null, (AMLivelinessMonitor) null, (AMLivelinessMonitor) null, (DelegationTokenRenewer) null, (AMRMTokenSecretManager) null, (RMContainerTokenSecretManager) null, (NMTokenSecretManagerInRM) null, (ClientToAMTokenSecretManagerInRM) null);
        this.dispatcher.init(this.config);
        this.dispatcher.start();
    }

    @After
    public void afterTest() {
        if (this.dispatcher != null) {
            this.dispatcher.stop();
        }
    }

    @Test
    public void testJWTGenerationEvent() throws Exception {
        this.config.set(YarnConfiguration.HOPS_RM_SECURITY_ACTOR_KEY, "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppSecurityActions");
        RMSecurityHandlersBaseTest.MockRMAppEventHandler mockRMAppEventHandler = new RMSecurityHandlersBaseTest.MockRMAppEventHandler(RMAppEventType.SECURITY_MATERIAL_GENERATED);
        this.rmContext.getDispatcher().register(RMAppEventType.class, mockRMAppEventHandler);
        RMAppSecurityManager rMAppSecurityManager = new RMAppSecurityManager(this.rmContext);
        JWTSecurityHandler jWTSecurityHandler = (JWTSecurityHandler) Mockito.spy(new MockJWTSecurityHandler(this.rmContext, rMAppSecurityManager));
        rMAppSecurityManager.registerRMAppSecurityHandlerWithType(jWTSecurityHandler, JWTSecurityHandler.class);
        rMAppSecurityManager.init(this.config);
        rMAppSecurityManager.start();
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter = new JWTSecurityHandler.JWTMaterialParameter(newInstance, "Alice");
        RMAppSecurityMaterial rMAppSecurityMaterial = new RMAppSecurityMaterial();
        rMAppSecurityMaterial.addMaterial(jWTMaterialParameter);
        rMAppSecurityManager.handle(new RMAppSecurityManagerEvent(newInstance, rMAppSecurityMaterial, RMAppSecurityManagerEventType.GENERATE_SECURITY_MATERIAL));
        this.dispatcher.await();
        mockRMAppEventHandler.verifyEvent();
        rMAppSecurityManager.stop();
        ((JWTSecurityHandler) Mockito.verify(jWTSecurityHandler)).generateMaterial((JWTSecurityHandler.JWTMaterialParameter) Mockito.eq(jWTMaterialParameter));
    }

    @Test
    public void testJWTRevocation() throws Exception {
        this.config.set(YarnConfiguration.HOPS_RM_SECURITY_ACTOR_KEY, "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppSecurityActions");
        AbstractSecurityActions abstractSecurityActions = (RMAppSecurityActions) Mockito.spy(new TestingRMAppSecurityActions());
        HopsSecurityActionsFactory.getInstance().register(this.config.get(YarnConfiguration.HOPS_RM_SECURITY_ACTOR_KEY), abstractSecurityActions);
        RMAppSecurityManager rMAppSecurityManager = new RMAppSecurityManager(this.rmContext);
        JWTSecurityHandler jWTSecurityHandler = (JWTSecurityHandler) Mockito.spy(new MockJWTSecurityHandler.BlockingInvalidator(this.rmContext, rMAppSecurityManager));
        ((MockJWTSecurityHandler.BlockingInvalidator) jWTSecurityHandler).getSemaphore().acquire();
        rMAppSecurityManager.registerRMAppSecurityHandlerWithType(jWTSecurityHandler, JWTSecurityHandler.class);
        rMAppSecurityManager.init(this.config);
        rMAppSecurityManager.start();
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter = new JWTSecurityHandler.JWTMaterialParameter(newInstance, "Alice");
        RMAppSecurityMaterial rMAppSecurityMaterial = new RMAppSecurityMaterial();
        rMAppSecurityMaterial.addMaterial(jWTMaterialParameter);
        rMAppSecurityManager.handle(new RMAppSecurityManagerEvent(newInstance, rMAppSecurityMaterial, RMAppSecurityManagerEventType.REVOKE_SECURITY_MATERIAL));
        Assert.assertTrue(jWTSecurityHandler.getInvalidationEvents().contains(new JWTSecurityHandler.JWTInvalidationEvent(newInstance.toString())));
        ((MockJWTSecurityHandler.BlockingInvalidator) jWTSecurityHandler).getSemaphore().release();
        TimeUnit.MILLISECONDS.sleep(10L);
        ((MockJWTSecurityHandler.BlockingInvalidator) jWTSecurityHandler).getSemaphore().acquire();
        ((RMAppSecurityActions) Mockito.verify(abstractSecurityActions)).invalidateJWT((String) Mockito.eq(newInstance.toString()));
        rMAppSecurityManager.stop();
    }

    @Test
    public void testJWTRenewal() throws Exception {
        this.config.set(YarnConfiguration.HOPS_RM_SECURITY_ACTOR_KEY, "org.apache.hadoop.yarn.server.resourcemanager.security.TestingRMAppSecurityActions");
        this.config.set(YarnConfiguration.RM_JWT_VALIDITY_PERIOD, "5s");
        this.config.set(YarnConfiguration.RM_JWT_EXPIRATION_LEEWAY, "2s");
        AbstractSecurityActions abstractSecurityActions = (RMAppSecurityActions) Mockito.spy(new TestingRMAppSecurityActions());
        HopsSecurityActionsFactory.getInstance().register(this.config.get(YarnConfiguration.HOPS_RM_SECURITY_ACTOR_KEY), abstractSecurityActions);
        RMAppSecurityManager rMAppSecurityManager = new RMAppSecurityManager(this.rmContext);
        JWTSecurityHandler jWTSecurityHandler = (JWTSecurityHandler) Mockito.spy(new MockJWTSecurityHandler(this.rmContext, rMAppSecurityManager));
        rMAppSecurityManager.registerRMAppSecurityHandlerWithType(jWTSecurityHandler, JWTSecurityHandler.class);
        rMAppSecurityManager.init(this.config);
        rMAppSecurityManager.start();
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        JWTSecurityHandler.JWTSecurityManagerMaterial generateMaterial = jWTSecurityHandler.generateMaterial(new JWTSecurityHandler.JWTMaterialParameter(newInstance, "Dorothy"));
        JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter = new JWTSecurityHandler.JWTMaterialParameter(newInstance, "Dorothy");
        jWTMaterialParameter.setExpirationDate(generateMaterial.getExpirationDate());
        jWTMaterialParameter.setToken(generateMaterial.getToken());
        rMAppSecurityManager.registerWithMaterialRenewers(jWTMaterialParameter);
        ((JWTSecurityHandler) Mockito.verify(jWTSecurityHandler)).registerRenewer((JWTSecurityHandler.JWTMaterialParameter) Mockito.eq(jWTMaterialParameter));
        int i = 15;
        while (!((MockJWTSecurityHandler) jWTSecurityHandler).getRenewer().hasRun() && i > 0) {
            TimeUnit.SECONDS.sleep(1L);
            i--;
        }
        Assert.assertNotEquals("Waited too long for JWT renewal to happen", 0L, i);
        JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter2 = new JWTSecurityHandler.JWTMaterialParameter(newInstance, "Dorothy");
        jWTMaterialParameter2.setToken(generateMaterial.getToken());
        jWTMaterialParameter2.setExpirationDate(jWTSecurityHandler.getNow().plus(((Long) jWTSecurityHandler.getValidityPeriod().getFirst()).longValue(), (TemporalUnit) jWTSecurityHandler.getValidityPeriod().getSecond()));
        ((RMAppSecurityActions) Mockito.verify(abstractSecurityActions)).renewJWT((JWTSecurityHandler.JWTMaterialParameter) Mockito.eq(jWTMaterialParameter2));
        rMAppSecurityManager.stop();
    }
}
