package org.apache.hadoop.hdfs.security.token.block;

import com.google.protobuf.RpcController;
import com.google.protobuf.ServiceException;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.impl.Log4JLogger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.DFSUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.Block;
import org.apache.hadoop.hdfs.protocol.ClientDatanodeProtocol;
import org.apache.hadoop.hdfs.protocol.DatanodeID;
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
import org.apache.hadoop.hdfs.protocol.ExtendedBlock;
import org.apache.hadoop.hdfs.protocol.LocatedBlock;
import org.apache.hadoop.hdfs.protocol.LocatedBlocks;
import org.apache.hadoop.hdfs.protocol.proto.ClientDatanodeProtocolProtos;
import org.apache.hadoop.hdfs.protocolPB.ClientDatanodeProtocolPB;
import org.apache.hadoop.hdfs.protocolPB.PBHelper;
import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager;
import org.apache.hadoop.io.TestWritable;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SaslInputStream;
import org.apache.hadoop.security.SaslRpcClient;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:org/apache/hadoop/hdfs/security/token/block/TestBlockToken.class */
public class TestBlockToken {
    public static final Log LOG = LogFactory.getLog(TestBlockToken.class);
    private static final String ADDRESS = "0.0.0.0";
    static final File FD_DIR;
    final long blockKeyUpdateInterval = 600000;
    final long blockTokenLifetime = YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS;
    final ExtendedBlock block1 = new ExtendedBlock("0", 0);
    final ExtendedBlock block2 = new ExtendedBlock("10", 10);
    final ExtendedBlock block3 = new ExtendedBlock("-10", -108);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/hdfs/security/token/block/TestBlockToken$GetLengthAnswer.class */
    public static class GetLengthAnswer implements Answer<ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto> {
        final BlockTokenSecretManager sm;
        final BlockTokenIdentifier ident;

        public GetLengthAnswer(BlockTokenSecretManager blockTokenSecretManager, BlockTokenIdentifier blockTokenIdentifier) {
            this.sm = blockTokenSecretManager;
            this.ident = blockTokenIdentifier;
        }

        /* renamed from: answer, reason: merged with bridge method [inline-methods] */
        public ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto m5229answer(InvocationOnMock invocationOnMock) throws IOException {
            Object[] arguments = invocationOnMock.getArguments();
            Assert.assertEquals(2L, arguments.length);
            ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto getReplicaVisibleLengthRequestProto = (ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto) arguments[1];
            Set<TokenIdentifier> tokenIdentifiers = UserGroupInformation.getCurrentUser().getTokenIdentifiers();
            Assert.assertEquals("Only one BlockTokenIdentifier expected", 1L, tokenIdentifiers.size());
            long j = 0;
            Iterator<TokenIdentifier> it = tokenIdentifiers.iterator();
            while (it.hasNext()) {
                BlockTokenIdentifier blockTokenIdentifier = (BlockTokenIdentifier) it.next();
                TestBlockToken.LOG.info("Got: " + blockTokenIdentifier.toString());
                Assert.assertTrue("Received BlockTokenIdentifier is wrong", this.ident.equals(blockTokenIdentifier));
                this.sm.checkAccess(blockTokenIdentifier, (String) null, PBHelper.convert(getReplicaVisibleLengthRequestProto.getBlock()), BlockTokenSecretManager.AccessMode.WRITE);
                j = blockTokenIdentifier.getBlockId();
            }
            return ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto.newBuilder().setLength(j).build();
        }
    }

    @Before
    public void disableKerberos() {
        Configuration configuration = new Configuration();
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, PseudoAuthenticationHandler.TYPE);
        UserGroupInformation.setConfiguration(configuration);
    }

    private BlockTokenIdentifier generateTokenId(BlockTokenSecretManager blockTokenSecretManager, ExtendedBlock extendedBlock, EnumSet<BlockTokenSecretManager.AccessMode> enumSet) throws IOException {
        Token<BlockTokenIdentifier> generateToken = blockTokenSecretManager.generateToken(extendedBlock, enumSet);
        BlockTokenIdentifier createIdentifier = blockTokenSecretManager.createIdentifier();
        createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(generateToken.getIdentifier())));
        return createIdentifier;
    }

    @Test
    public void testWritable() throws Exception {
        TestWritable.testWritable(new BlockTokenIdentifier());
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS, 0, "fake-pool", (String) null);
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block1, EnumSet.allOf(BlockTokenSecretManager.AccessMode.class)));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block2, EnumSet.of(BlockTokenSecretManager.AccessMode.WRITE)));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block3, EnumSet.noneOf(BlockTokenSecretManager.AccessMode.class)));
    }

    private void tokenGenerationAndVerification(BlockTokenSecretManager blockTokenSecretManager, BlockTokenSecretManager blockTokenSecretManager2) throws Exception {
        for (BlockTokenSecretManager.AccessMode accessMode : BlockTokenSecretManager.AccessMode.values()) {
            Token<BlockTokenIdentifier> generateToken = blockTokenSecretManager.generateToken(this.block1, EnumSet.of(accessMode));
            blockTokenSecretManager.checkAccess(generateToken, (String) null, this.block1, accessMode);
            blockTokenSecretManager2.checkAccess(generateToken, (String) null, this.block1, accessMode);
            Token<BlockTokenIdentifier> generateToken2 = blockTokenSecretManager2.generateToken(this.block2, EnumSet.of(accessMode));
            blockTokenSecretManager.checkAccess(generateToken2, (String) null, this.block2, accessMode);
            blockTokenSecretManager2.checkAccess(generateToken2, (String) null, this.block2, accessMode);
        }
        Token<BlockTokenIdentifier> generateToken3 = blockTokenSecretManager.generateToken(this.block3, EnumSet.allOf(BlockTokenSecretManager.AccessMode.class));
        for (BlockTokenSecretManager.AccessMode accessMode2 : BlockTokenSecretManager.AccessMode.values()) {
            blockTokenSecretManager.checkAccess(generateToken3, (String) null, this.block3, accessMode2);
            blockTokenSecretManager2.checkAccess(generateToken3, (String) null, this.block3, accessMode2);
        }
    }

    @Test
    public void testBlockTokenSecretManager() throws Exception {
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS, 0, "fake-pool", (String) null);
        BlockTokenSecretManager blockTokenSecretManager2 = new BlockTokenSecretManager(600000L, YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS, "fake-pool", null);
        blockTokenSecretManager2.addKeys(blockTokenSecretManager.exportKeys());
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2);
        blockTokenSecretManager.updateKeys();
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2);
        blockTokenSecretManager2.addKeys(blockTokenSecretManager.exportKeys());
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2);
    }

    private static Server createMockDatanode(BlockTokenSecretManager blockTokenSecretManager, Token<BlockTokenIdentifier> token, Configuration configuration) throws IOException, ServiceException {
        ClientDatanodeProtocolPB clientDatanodeProtocolPB = (ClientDatanodeProtocolPB) Mockito.mock(ClientDatanodeProtocolPB.class);
        BlockTokenIdentifier createIdentifier = blockTokenSecretManager.createIdentifier();
        createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
        ((ClientDatanodeProtocolPB) Mockito.doAnswer(new GetLengthAnswer(blockTokenSecretManager, createIdentifier)).when(clientDatanodeProtocolPB)).getReplicaVisibleLength((RpcController) Matchers.any(RpcController.class), (ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto) Matchers.any(ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto.class));
        RPC.setProtocolEngine(configuration, ClientDatanodeProtocolPB.class, ProtobufRpcEngine.class);
        return new RPC.Builder(configuration).setProtocol(ClientDatanodeProtocolPB.class).setInstance(ClientDatanodeProtocolProtos.ClientDatanodeProtocolService.newReflectiveBlockingService(clientDatanodeProtocolPB)).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(blockTokenSecretManager).build();
    }

    @Test
    public void testBlockTokenRpc() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(configuration);
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS, 0, "fake-pool", (String) null);
        Token<BlockTokenIdentifier> generateToken = blockTokenSecretManager.generateToken(this.block3, EnumSet.allOf(BlockTokenSecretManager.AccessMode.class));
        Server createMockDatanode = createMockDatanode(blockTokenSecretManager, generateToken, configuration);
        createMockDatanode.start();
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(createMockDatanode);
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(this.block3.toString());
        createRemoteUser.addToken(generateToken);
        ClientDatanodeProtocol clientDatanodeProtocol = null;
        try {
            clientDatanodeProtocol = DFSUtil.createClientDatanodeProtocolProxy(connectAddress, createRemoteUser, configuration, NetUtils.getDefaultSocketFactory(configuration));
            Assert.assertEquals(this.block3.getBlockId(), clientDatanodeProtocol.getReplicaVisibleLength(this.block3));
            createMockDatanode.stop();
            if (clientDatanodeProtocol != null) {
                RPC.stopProxy(clientDatanodeProtocol);
            }
        } catch (Throwable th) {
            createMockDatanode.stop();
            if (clientDatanodeProtocol != null) {
                RPC.stopProxy(clientDatanodeProtocol);
            }
            throw th;
        }
    }

    @Test
    public void testBlockTokenRpcLeak() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(configuration);
        Assume.assumeTrue(FD_DIR.exists());
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS, 0, "fake-pool", (String) null);
        Token<BlockTokenIdentifier> generateToken = blockTokenSecretManager.generateToken(this.block3, EnumSet.allOf(BlockTokenSecretManager.AccessMode.class));
        Server createMockDatanode = createMockDatanode(blockTokenSecretManager, generateToken, configuration);
        createMockDatanode.start();
        DatanodeID localDatanodeID = DFSTestUtil.getLocalDatanodeID(NetUtils.getConnectAddress(createMockDatanode).getPort());
        LocatedBlock locatedBlock = new LocatedBlock(new ExtendedBlock("fake-pool", new Block(12345L)), new DatanodeInfo[0]);
        locatedBlock.setBlockToken(generateToken);
        ClientDatanodeProtocol clientDatanodeProtocol = (ClientDatanodeProtocol) RPC.getProxy(ClientDatanodeProtocol.class, 9L, new InetSocketAddress("1.1.1.1", 1), UserGroupInformation.createRemoteUser("junk"), configuration, NetUtils.getDefaultSocketFactory(configuration));
        int countOpenFileDescriptors = countOpenFileDescriptors();
        try {
            long now = Time.now() + 3000;
            while (Time.now() < now) {
                ClientDatanodeProtocol createClientDatanodeProtocolProxy = DFSUtil.createClientDatanodeProtocolProxy(localDatanodeID, configuration, 1000, false, locatedBlock);
                Assert.assertEquals(this.block3.getBlockId(), createClientDatanodeProtocolProxy.getReplicaVisibleLength(this.block3));
                if (createClientDatanodeProtocolProxy != null) {
                    RPC.stopProxy(createClientDatanodeProtocolProxy);
                }
                LOG.info("Num open fds:" + countOpenFileDescriptors());
            }
            int countOpenFileDescriptors2 = countOpenFileDescriptors();
            if (countOpenFileDescriptors2 - countOpenFileDescriptors > 50) {
                Assert.fail("Leaked " + (countOpenFileDescriptors2 - countOpenFileDescriptors) + " fds!");
            }
            RPC.stopProxy(clientDatanodeProtocol);
        } finally {
            createMockDatanode.stop();
        }
    }

    private static int countOpenFileDescriptors() {
        return FD_DIR.list().length;
    }

    @Test
    public void testBlockPoolTokenSecretManager() throws Exception {
        BlockPoolTokenSecretManager blockPoolTokenSecretManager = new BlockPoolTokenSecretManager();
        for (int i = 0; i < 10; i++) {
            String num = Integer.toString(i);
            BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS, 0, "fake-pool", (String) null);
            blockPoolTokenSecretManager.addBlockPool(num, new BlockTokenSecretManager(600000L, YarnConfiguration.DEFAULT_NM_DISK_HEALTH_CHECK_INTERVAL_MS, "fake-pool", null));
            blockPoolTokenSecretManager.addKeys(num, blockTokenSecretManager.exportKeys());
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num));
            blockTokenSecretManager.updateKeys();
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num));
            blockPoolTokenSecretManager.addKeys(num, blockTokenSecretManager.exportKeys());
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num));
        }
    }

    @Test
    public void testBlockTokenInLastLocatedBlock() throws IOException, InterruptedException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
        hdfsConfiguration.setInt(DFSConfigKeys.DFS_BLOCK_SIZE_KEY, 512);
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).numDataNodes(1).build();
        build.waitActive();
        try {
            FSDataOutputStream create = build.getFileSystem().create(new Path("/testBlockTokenInLastLocatedBlock"), (short) 1);
            create.write(new byte[1000]);
            create.flush();
            LocatedBlocks blockLocations = build.getNameNodeRpc().getBlockLocations("/testBlockTokenInLastLocatedBlock", 0L, 1000L);
            while (blockLocations.getLastLocatedBlock() == null) {
                Thread.sleep(100L);
                blockLocations = build.getNameNodeRpc().getBlockLocations("/testBlockTokenInLastLocatedBlock", 0L, 1000L);
            }
            Assert.assertEquals(BlockTokenIdentifier.KIND_NAME, blockLocations.getLastLocatedBlock().getBlockToken().getKind());
            create.close();
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    static {
        ((Log4JLogger) Client.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) Server.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) SaslRpcClient.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) SaslRpcServer.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) SaslInputStream.LOG).getLogger().setLevel(Level.ALL);
        FD_DIR = new File("/proc/self/fd/");
    }
}
