package org.apache.hadoop.hdfs.server.namenode.ha;

import com.google.common.base.Joiner;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.AbstractFileSystem;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.HAUtil;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.MiniDFSNNTopology;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSelector;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.SecurityUtilTestHelper;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-hdfs-2.2.0-tests.jar:org/apache/hadoop/hdfs/server/namenode/ha/TestDelegationTokensWithHA.class */
public class TestDelegationTokensWithHA {
    private static Configuration conf = new Configuration();
    private static final Log LOG = LogFactory.getLog(TestDelegationTokensWithHA.class);
    private static MiniDFSCluster cluster;
    private static NameNode nn0;
    private static NameNode nn1;
    private static FileSystem fs;
    private static DelegationTokenSecretManager dtSecretManager;
    private static DistributedFileSystem dfs;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.hadoop.hdfs.server.namenode.ha.TestDelegationTokensWithHA$5, reason: invalid class name */
    /* loaded from: input_file:lib/hadoop-hdfs-2.2.0-tests.jar:org/apache/hadoop/hdfs/server/namenode/ha/TestDelegationTokensWithHA$5.class */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hdfs$server$namenode$ha$TestDelegationTokensWithHA$TokenTestAction = new int[TokenTestAction.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hdfs$server$namenode$ha$TestDelegationTokensWithHA$TokenTestAction[TokenTestAction.RENEW.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdfs$server$namenode$ha$TestDelegationTokensWithHA$TokenTestAction[TokenTestAction.CANCEL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/hadoop-hdfs-2.2.0-tests.jar:org/apache/hadoop/hdfs/server/namenode/ha/TestDelegationTokensWithHA$TokenTestAction.class */
    public enum TokenTestAction {
        RENEW,
        CANCEL
    }

    @BeforeClass
    public static void setupCluster() throws Exception {
        conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
        conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL, "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//DEFAULT");
        cluster = new MiniDFSCluster.Builder(conf).nnTopology(MiniDFSNNTopology.simpleHATopology()).numDataNodes(0).build();
        cluster.waitActive();
        nn0 = cluster.getNameNode(0);
        nn1 = cluster.getNameNode(1);
        fs = HATestUtil.configureFailoverFs(cluster, conf);
        dfs = (DistributedFileSystem) fs;
        cluster.transitionToActive(0);
        dtSecretManager = NameNodeAdapter.getDtSecretManager(nn0.getNamesystem());
    }

    @AfterClass
    public static void shutdownCluster() throws IOException {
        if (cluster != null) {
            cluster.shutdown();
        }
    }

    @Before
    public void prepTest() {
        SecurityUtilTestHelper.setTokenServiceUseIp(true);
    }

    @Test
    public void testDelegationTokenDFSApi() throws Exception {
        Token<DelegationTokenIdentifier> delegationToken = getDelegationToken(fs, "JobTracker");
        DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
        delegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(delegationToken.getIdentifier())));
        LOG.info("A valid token should have non-null password, and should be renewed successfully");
        Assert.assertTrue(null != dtSecretManager.retrievePassword(delegationTokenIdentifier));
        dtSecretManager.renewToken(delegationToken, "JobTracker");
        Configuration conf2 = dfs.getConf();
        doRenewOrCancel(delegationToken, conf2, TokenTestAction.RENEW);
        try {
            doRenewOrCancel(delegationToken, new Configuration(), TokenTestAction.RENEW);
            Assert.fail("Did not throw trying to renew with an empty conf!");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Unable to map logical nameservice URI", e);
        }
        cluster.transitionToStandby(0);
        cluster.transitionToActive(1);
        doRenewOrCancel(delegationToken, conf2, TokenTestAction.RENEW);
        doRenewOrCancel(delegationToken, conf2, TokenTestAction.CANCEL);
    }

    @Test
    public void testDelegationTokenWithDoAs() throws Exception {
        final Token<DelegationTokenIdentifier> delegationToken = getDelegationToken(fs, "JobTracker");
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("JobTracker/foo.com@FOO.COM");
        UserGroupInformation createRemoteUser2 = UserGroupInformation.createRemoteUser("JobTracker");
        createRemoteUser.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.ha.TestDelegationTokensWithHA.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                ((DistributedFileSystem) HATestUtil.configureFailoverFs(TestDelegationTokensWithHA.cluster, TestDelegationTokensWithHA.conf)).renewDelegationToken(delegationToken);
                return null;
            }
        });
        createRemoteUser2.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.ha.TestDelegationTokensWithHA.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                ((DistributedFileSystem) HATestUtil.configureFailoverFs(TestDelegationTokensWithHA.cluster, TestDelegationTokensWithHA.conf)).renewDelegationToken(delegationToken);
                return null;
            }
        });
        createRemoteUser.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.ha.TestDelegationTokensWithHA.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                ((DistributedFileSystem) HATestUtil.configureFailoverFs(TestDelegationTokensWithHA.cluster, TestDelegationTokensWithHA.conf)).cancelDelegationToken(delegationToken);
                return null;
            }
        });
    }

    @Test
    public void testHAUtilClonesDelegationTokens() throws Exception {
        Token<DelegationTokenIdentifier> delegationToken = getDelegationToken(fs, "JobTracker");
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(org.apache.hadoop.fs.shell.Test.NAME);
        URI uri = new URI("hdfs://my-ha-uri/");
        delegationToken.setService(HAUtil.buildTokenServiceForLogicalUri(uri));
        createRemoteUser.addToken(delegationToken);
        HashSet hashSet = new HashSet();
        hashSet.add(new InetSocketAddress(HConstants.LOCALHOST, nn0.getNameNodeAddress().getPort()));
        hashSet.add(new InetSocketAddress(HConstants.LOCALHOST, nn1.getNameNodeAddress().getPort()));
        HAUtil.cloneDelegationTokenForLogicalUri(createRemoteUser, uri, hashSet);
        Collection<Token<? extends TokenIdentifier>> tokens = createRemoteUser.getTokens();
        Assert.assertEquals(3L, tokens.size());
        LOG.info("Tokens:\n" + Joiner.on("\n").join((Iterable<?>) tokens));
        DelegationTokenSelector delegationTokenSelector = new DelegationTokenSelector();
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            Token<DelegationTokenIdentifier> selectToken = delegationTokenSelector.selectToken(SecurityUtil.buildTokenService((InetSocketAddress) it.next()), createRemoteUser.getTokens());
            Assert.assertNotNull(selectToken);
            Assert.assertArrayEquals(delegationToken.getIdentifier(), selectToken.getIdentifier());
            Assert.assertArrayEquals(delegationToken.getPassword(), selectToken.getPassword());
        }
        SecurityUtilTestHelper.setTokenServiceUseIp(false);
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            Assert.assertNull(delegationTokenSelector.selectToken(SecurityUtil.buildTokenService((InetSocketAddress) it2.next()), createRemoteUser.getTokens()));
        }
        HAUtil.cloneDelegationTokenForLogicalUri(createRemoteUser, uri, hashSet);
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            Token<DelegationTokenIdentifier> selectToken2 = delegationTokenSelector.selectToken(SecurityUtil.buildTokenService((InetSocketAddress) it3.next()), createRemoteUser.getTokens());
            Assert.assertNotNull(selectToken2);
            Assert.assertArrayEquals(delegationToken.getIdentifier(), selectToken2.getIdentifier());
            Assert.assertArrayEquals(delegationToken.getPassword(), selectToken2.getPassword());
        }
    }

    @Test
    public void testDFSGetCanonicalServiceName() throws Exception {
        String text = HAUtil.buildTokenServiceForLogicalUri(HATestUtil.getLogicalUri(cluster)).toString();
        Assert.assertEquals(text, dfs.getCanonicalServiceName());
        Token<DelegationTokenIdentifier> delegationToken = getDelegationToken(dfs, UserGroupInformation.getCurrentUser().getShortUserName());
        Assert.assertEquals(text, delegationToken.getService().toString());
        delegationToken.renew(dfs.getConf());
        delegationToken.cancel(dfs.getConf());
    }

    @Test
    public void testHdfsGetCanonicalServiceName() throws Exception {
        Configuration conf2 = dfs.getConf();
        URI logicalUri = HATestUtil.getLogicalUri(cluster);
        AbstractFileSystem createFileSystem = AbstractFileSystem.createFileSystem(logicalUri, conf2);
        String text = HAUtil.buildTokenServiceForLogicalUri(logicalUri).toString();
        Assert.assertEquals(text, createFileSystem.getCanonicalServiceName());
        Token<?> token = createFileSystem.getDelegationTokens(UserGroupInformation.getCurrentUser().getShortUserName()).get(0);
        Assert.assertEquals(text, token.getService().toString());
        token.renew(conf2);
        token.cancel(conf2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Token<DelegationTokenIdentifier> getDelegationToken(FileSystem fileSystem, String str) throws IOException {
        Token<?>[] addDelegationTokens = fileSystem.addDelegationTokens(str, null);
        Assert.assertEquals(1L, addDelegationTokens.length);
        return addDelegationTokens[0];
    }

    private static void doRenewOrCancel(final Token<DelegationTokenIdentifier> token, final Configuration configuration, final TokenTestAction tokenTestAction) throws IOException, InterruptedException {
        UserGroupInformation.createRemoteUser("JobTracker").doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.ha.TestDelegationTokensWithHA.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                switch (AnonymousClass5.$SwitchMap$org$apache$hadoop$hdfs$server$namenode$ha$TestDelegationTokensWithHA$TokenTestAction[TokenTestAction.this.ordinal()]) {
                    case 1:
                        token.renew(configuration);
                        return null;
                    case 2:
                        token.cancel(configuration);
                        return null;
                    default:
                        Assert.fail("bad action:" + TokenTestAction.this);
                        return null;
                }
            }
        });
    }
}
