package org.apache.hadoop.yarn.server;

import java.io.File;
import java.io.FileWriter;
import java.math.BigInteger;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.CRLFetcherFactory;
import org.apache.hadoop.security.ssl.CRLValidatorFactory;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.util.io.pem.PemWriter;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/yarn/server/TestYarnStartupWithCRL.class */
public class TestYarnStartupWithCRL {
    private final String keyAlgorithm = "RSA";
    private final String signatureAlgorithm = "SHA256withRSA";
    private final String password = "password";
    private Configuration conf;
    private MiniYARNCluster cluster;
    private static final String BASE_DIR = Paths.get(System.getProperty("test.build.dir", Paths.get("target", "test-dir").toString()), TestYarnStartupWithCRL.class.getSimpleName()).toString();
    private static final File BASE_DIR_FILE = new File(BASE_DIR);
    private static String confDir = null;

    @BeforeClass
    public static void beforeClass() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        BASE_DIR_FILE.mkdirs();
        confDir = KeyStoreTestUtil.getClasspathDir(TestYarnStartupWithCRL.class);
    }

    @Before
    public void setup() throws Exception {
        this.conf = new YarnConfiguration();
        this.conf.setBoolean("yarn.minicluster.fixed.ports", true);
        this.conf.setBoolean("yarn.minicluster.use-rpc", true);
        CRLValidatorFactory.getInstance().clearCache();
        CRLFetcherFactory.getInstance().clearFetcherCache();
    }

    @After
    public void tearDown() throws Exception {
        if (this.cluster != null) {
            this.cluster.stop();
        }
    }

    @AfterClass
    public static void afterClass() throws Exception {
        if (BASE_DIR_FILE.exists()) {
            FileUtils.deleteDirectory(BASE_DIR_FILE);
        }
        File file = Paths.get(confDir, TestYarnStartupWithCRL.class.getSimpleName() + ".ssl-server.xml").toFile();
        if (file.exists()) {
            file.delete();
        }
    }

    @Test(timeout = 20000)
    public void testYarnStartup() throws Exception {
        String localHostname = NetUtils.getLocalHostname();
        Path path = Paths.get(BASE_DIR, localHostname + "__kstore.jks");
        Path path2 = Paths.get(BASE_DIR, localHostname + "__tstore.jks");
        Path path3 = Paths.get(confDir, TestYarnStartupWithCRL.class.getSimpleName() + ".ssl-server.xml");
        Path path4 = Paths.get(BASE_DIR, "input.crl.pem");
        Path path5 = Paths.get(BASE_DIR, "fetched.crl.pem");
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=" + localHostname, generateKeyPair, 10, "SHA256withRSA");
        KeyStoreTestUtil.createKeyStore(path.toString(), "password", "server", generateKeyPair.getPrivate(), generateCertificate);
        KeyStoreTestUtil.createTrustStore(path2.toString(), "password", "server", generateCertificate);
        X509CRL generateCRL = KeyStoreTestUtil.generateCRL(generateCertificate, generateKeyPair.getPrivate(), "SHA256withRSA", (X509CRL) null, (BigInteger) null);
        FileWriter fileWriter = new FileWriter(path4.toFile(), false);
        PemWriter pemWriter = new PemWriter(fileWriter);
        pemWriter.writeObject(new JcaMiscPEMGenerator(generateCRL));
        pemWriter.flush();
        fileWriter.flush();
        pemWriter.close();
        fileWriter.close();
        this.conf.set("hadoop.rpc.socket.factory.class.default", "org.apache.hadoop.net.HopsSSLSocketFactory");
        this.conf.setBoolean("ipc.server.ssl.enabled", true);
        this.conf.set("hadoop.ssl.hostname.verifier", "ALLOW_ALL");
        this.conf.set("hadoop.proxyuser." + UserGroupInformation.getCurrentUser().getUserName(), "*");
        KeyStoreTestUtil.saveConfig(path3.toFile(), KeyStoreTestUtil.createServerSSLConfig(path.toString(), "password", "password", path2.toString(), "password", ""));
        this.conf.set("hadoop.ssl.server.conf", TestYarnStartupWithCRL.class.getSimpleName() + ".ssl-server.xml");
        this.conf.setBoolean("hops.crl.validation.enabled", true);
        this.conf.set("hops.crl.fetcher.class", "org.apache.hadoop.security.ssl.RemoteCRLFetcher");
        this.conf.set("hops.crl.fetcher.interval", "1s");
        this.conf.set("hops.crl.input.uri", "file://" + path4.toString());
        this.conf.set("hops.crl.output.file", path5.toString());
        this.cluster = new MiniYARNCluster(TestYarnStartupWithCRL.class.getSimpleName(), 1, 1, 1);
        this.cluster.init(this.conf);
        this.cluster.start();
        this.cluster.waitForNodeManagersToConnect(2000L);
        Assert.assertTrue(this.cluster.getResourceManager().areSchedulerServicesRunning());
        Assert.assertEquals(1L, this.cluster.getResourceManager().getResourceScheduler().getNumClusterNodes());
    }
}
