package co.cask.cdap.security.auth;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.guice.ConfigModule;
import co.cask.cdap.common.guice.DiscoveryRuntimeModule;
import co.cask.cdap.common.guice.IOModule;
import co.cask.cdap.common.guice.ZKClientModule;
import co.cask.cdap.common.io.Codec;
import co.cask.cdap.common.utils.ImmutablePair;
import co.cask.cdap.security.guice.SecurityModules;
import com.google.common.base.Stopwatch;
import com.google.common.collect.Lists;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Key;
import com.google.inject.Module;
import com.google.inject.TypeLiteral;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.zookeeper.MiniZooKeeperCluster;
import org.apache.twill.zookeeper.ZKClientService;
import org.apache.zookeeper.ZooDefs;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/auth/DistributedKeyManagerTest.class */
public class DistributedKeyManagerTest extends TestTokenManager {
    private static final Logger LOG = LoggerFactory.getLogger(DistributedKeyManagerTest.class);
    private static MiniZooKeeperCluster zkCluster;
    private static Injector injector1;
    private static Injector injector2;

    /* loaded from: input_file:co/cask/cdap/security/auth/DistributedKeyManagerTest$TestingTokenManager.class */
    private static class TestingTokenManager extends TokenManager {
        private TestingTokenManager(KeyManager keyManager, Codec<AccessTokenIdentifier> codec) {
            super(keyManager, codec);
        }

        public KeyIdentifier getCurrentKey() {
            if (this.keyManager instanceof WaitableDistributedKeyManager) {
                return this.keyManager.getCurrentKey();
            }
            return null;
        }

        public void waitForKey(int i, long j, TimeUnit timeUnit) throws InterruptedException, TimeoutException {
            boolean hasKey;
            if (this.keyManager instanceof WaitableDistributedKeyManager) {
                WaitableDistributedKeyManager waitableDistributedKeyManager = this.keyManager;
                Stopwatch start = new Stopwatch().start();
                do {
                    hasKey = waitableDistributedKeyManager.hasKey(i);
                    if (!hasKey) {
                        timeUnit.sleep(j / 10);
                    }
                    if (hasKey) {
                        break;
                    }
                } while (start.elapsedTime(timeUnit) < j);
                if (!hasKey) {
                    throw new TimeoutException("Timed out waiting for key " + i);
                }
            }
        }

        public void waitForCurrentKey(long j, TimeUnit timeUnit) throws InterruptedException, TimeoutException {
            boolean z;
            if (this.keyManager instanceof WaitableDistributedKeyManager) {
                WaitableDistributedKeyManager waitableDistributedKeyManager = this.keyManager;
                Stopwatch start = new Stopwatch().start();
                do {
                    z = waitableDistributedKeyManager.getCurrentKey() != null;
                    if (!z) {
                        timeUnit.sleep(j / 10);
                    }
                    if (z) {
                        break;
                    }
                } while (start.elapsedTime(timeUnit) < j);
                if (!z) {
                    throw new TimeoutException("Timed out waiting for current key to be set");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:co/cask/cdap/security/auth/DistributedKeyManagerTest$WaitableDistributedKeyManager.class */
    public static class WaitableDistributedKeyManager extends DistributedKeyManager {
        public WaitableDistributedKeyManager(CConfiguration cConfiguration, Codec<KeyIdentifier> codec, ZKClientService zKClientService) {
            super(cConfiguration, codec, zKClientService, Lists.newArrayList(ZooDefs.Ids.OPEN_ACL_UNSAFE));
        }

        public void waitForLeader(long j, TimeUnit timeUnit) throws InterruptedException, TimeoutException {
            Stopwatch start = new Stopwatch().start();
            do {
                if (!this.leader.get()) {
                    timeUnit.sleep(j / 10);
                }
                if (this.leader.get()) {
                    break;
                }
            } while (start.elapsedTime(timeUnit) < j);
            if (!this.leader.get()) {
                throw new TimeoutException("Timed out waiting to become leader");
            }
        }

        public KeyIdentifier getCurrentKey() {
            return this.currentKey;
        }

        public boolean hasKey(int i) {
            return super.hasKey(i);
        }
    }

    @BeforeClass
    public static void setup() throws Exception {
        HBaseTestingUtility hBaseTestingUtility = new HBaseTestingUtility();
        zkCluster = hBaseTestingUtility.startMiniZKCluster();
        String str = hBaseTestingUtility.getConfiguration().get("hbase.zookeeper.quorum") + ":" + zkCluster.getClientPort();
        LOG.info("Running ZK cluster at " + str);
        CConfiguration create = CConfiguration.create();
        create.set("zookeeper.quorum", str);
        CConfiguration create2 = CConfiguration.create();
        create2.set("zookeeper.quorum", str);
        injector1 = Guice.createInjector(new Module[]{new ConfigModule(create, hBaseTestingUtility.getConfiguration()), new IOModule(), new SecurityModules().getDistributedModules(), new ZKClientModule(), new DiscoveryRuntimeModule().getDistributedModules()});
        injector2 = Guice.createInjector(new Module[]{new ConfigModule(create2, hBaseTestingUtility.getConfiguration()), new IOModule(), new SecurityModules().getDistributedModules(), new ZKClientModule(), new DiscoveryRuntimeModule().getDistributedModules()});
    }

    @AfterClass
    public static void tearDown() throws Exception {
        zkCluster.shutdown();
    }

    @Test
    public void testKeyDistribution() throws Exception {
        DistributedKeyManager keyManager = getKeyManager(injector1, true);
        DistributedKeyManager keyManager2 = getKeyManager(injector2, false);
        TimeUnit.MILLISECONDS.sleep(1000L);
        TestingTokenManager testingTokenManager = new TestingTokenManager(keyManager, (Codec) injector1.getInstance(AccessTokenIdentifierCodec.class));
        TestingTokenManager testingTokenManager2 = new TestingTokenManager(keyManager2, (Codec) injector2.getInstance(AccessTokenIdentifierCodec.class));
        testingTokenManager.startAndWait();
        testingTokenManager2.startAndWait();
        long currentTimeMillis = System.currentTimeMillis();
        AccessTokenIdentifier accessTokenIdentifier = new AccessTokenIdentifier("testuser", Lists.newArrayList(new String[]{"users", "admins"}), currentTimeMillis, currentTimeMillis + 3600000);
        AccessToken signIdentifier = testingTokenManager.signIdentifier(accessTokenIdentifier);
        testingTokenManager2.waitForKey(testingTokenManager.getCurrentKey().getKeyId(), 2000L, TimeUnit.MILLISECONDS);
        testingTokenManager2.validateSecret(signIdentifier);
        testingTokenManager2.waitForCurrentKey(2000L, TimeUnit.MILLISECONDS);
        AccessToken signIdentifier2 = testingTokenManager2.signIdentifier(accessTokenIdentifier);
        testingTokenManager.validateSecret(signIdentifier2);
        Assert.assertEquals(signIdentifier.getIdentifier().getUsername(), signIdentifier2.getIdentifier().getUsername());
        Assert.assertEquals(signIdentifier.getIdentifier().getGroups(), signIdentifier2.getIdentifier().getGroups());
        Assert.assertEquals(signIdentifier, signIdentifier2);
        testingTokenManager.stopAndWait();
        testingTokenManager2.stopAndWait();
    }

    @Test
    public void testGetACLs() throws Exception {
        CConfiguration create = CConfiguration.create();
        create.set("kerberos.auth.enabled", "true");
        create.set("cdap.master.kerberos.principal", "prinicpal@REALM.NET");
        create.set("cdap.master.kerberos.keytab", "/path/to/keytab");
        Assert.assertEquals(ZooDefs.Ids.CREATOR_ALL_ACL, DistributedKeyManager.getACLs(create));
        CConfiguration create2 = CConfiguration.create();
        create2.unset("cdap.master.kerberos.principal");
        Assert.assertEquals(ZooDefs.Ids.OPEN_ACL_UNSAFE, DistributedKeyManager.getACLs(create2));
    }

    @Override // co.cask.cdap.security.auth.TestTokenManager
    protected ImmutablePair<TokenManager, Codec<AccessToken>> getTokenManagerAndCodec() throws Exception {
        TokenManager tokenManager = new TokenManager(getKeyManager(injector1, true), (Codec) injector1.getInstance(AccessTokenIdentifierCodec.class));
        tokenManager.startAndWait();
        return new ImmutablePair<>(tokenManager, injector1.getInstance(AccessTokenCodec.class));
    }

    private DistributedKeyManager getKeyManager(Injector injector, boolean z) throws Exception {
        ZKClientService zKClientService = (ZKClientService) injector.getInstance(ZKClientService.class);
        zKClientService.startAndWait();
        WaitableDistributedKeyManager waitableDistributedKeyManager = new WaitableDistributedKeyManager((CConfiguration) injector.getInstance(CConfiguration.class), (Codec) injector.getInstance(Key.get(new TypeLiteral<Codec<KeyIdentifier>>() { // from class: co.cask.cdap.security.auth.DistributedKeyManagerTest.1
        })), zKClientService);
        waitableDistributedKeyManager.startAndWait();
        if (z) {
            waitableDistributedKeyManager.waitForLeader(5000L, TimeUnit.MILLISECONDS);
        }
        return waitableDistributedKeyManager;
    }
}
