package org.apache.hadoop.ozone.container.server;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.RandomUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.DatanodeDetails;
import org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.scm.TestUtils;
import org.apache.hadoop.hdds.scm.XceiverClientGrpc;
import org.apache.hadoop.hdds.scm.XceiverClientRatis;
import org.apache.hadoop.hdds.scm.XceiverClientSpi;
import org.apache.hadoop.hdds.scm.container.common.helpers.StorageContainerException;
import org.apache.hadoop.hdds.scm.pipeline.Pipeline;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.ozone.RatisTestHelper;
import org.apache.hadoop.ozone.client.CertificateClientTestImpl;
import org.apache.hadoop.ozone.container.ContainerTestHelper;
import org.apache.hadoop.ozone.container.common.impl.ContainerSet;
import org.apache.hadoop.ozone.container.common.interfaces.ContainerDispatcher;
import org.apache.hadoop.ozone.container.common.interfaces.Handler;
import org.apache.hadoop.ozone.container.common.statemachine.StateContext;
import org.apache.hadoop.ozone.container.common.transport.server.XceiverServerGrpc;
import org.apache.hadoop.ozone.container.common.transport.server.XceiverServerSpi;
import org.apache.hadoop.ozone.container.common.transport.server.ratis.DispatcherContext;
import org.apache.hadoop.ozone.container.common.transport.server.ratis.XceiverServerRatis;
import org.apache.hadoop.ozone.container.ozoneimpl.ContainerController;
import org.apache.hadoop.ozone.container.replication.GrpcReplicationService;
import org.apache.hadoop.ozone.container.replication.OnDemandContainerReplicationSource;
import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager;
import org.apache.hadoop.ozone.web.utils.OzoneUtils;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.hadoop.util.Time;
import org.apache.ratis.rpc.RpcType;
import org.apache.ratis.rpc.SupportedRpcType;
import org.apache.ratis.thirdparty.io.grpc.BindableService;
import org.apache.ratis.util.function.CheckedBiConsumer;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/ozone/container/server/TestSecureContainerServer.class */
public class TestSecureContainerServer {
    static final String TEST_DIR = GenericTestUtils.getTestDir("dfs").getAbsolutePath() + File.separator;
    private static final OzoneConfiguration CONF = new OzoneConfiguration();
    private static CertificateClientTestImpl caClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:org/apache/hadoop/ozone/container/server/TestSecureContainerServer$CheckedBiFunction.class */
    public interface CheckedBiFunction<LEFT, RIGHT, OUT, THROWABLE extends Throwable> {
        OUT apply(LEFT left, RIGHT right) throws Throwable;
    }

    /* loaded from: input_file:org/apache/hadoop/ozone/container/server/TestSecureContainerServer$TestContainerDispatcher.class */
    private static class TestContainerDispatcher implements ContainerDispatcher {
        private TestContainerDispatcher() {
        }

        public ContainerProtos.ContainerCommandResponseProto dispatch(ContainerProtos.ContainerCommandRequestProto containerCommandRequestProto, DispatcherContext dispatcherContext) {
            return ContainerTestHelper.getCreateContainerResponse(containerCommandRequestProto);
        }

        public void init() {
        }

        public void validateContainerCommand(ContainerProtos.ContainerCommandRequestProto containerCommandRequestProto) throws StorageContainerException {
        }

        public void shutdown() {
        }

        public Handler getHandler(ContainerProtos.ContainerType containerType) {
            return null;
        }

        public void setScmId(String str) {
        }

        public void buildMissingContainerSet(Set<Long> set) {
        }
    }

    private GrpcReplicationService createReplicationService(ContainerController containerController) {
        return new GrpcReplicationService(new OnDemandContainerReplicationSource(containerController));
    }

    @BeforeClass
    public static void setup() throws Exception {
        DefaultMetricsSystem.setMiniClusterMode(true);
        CONF.set("hdds.metadata.dir", TEST_DIR);
        CONF.setBoolean("ozone.security.enabled", true);
        CONF.setBoolean("hdds.block.token.enabled", true);
        caClient = new CertificateClientTestImpl(CONF);
    }

    @Test
    public void testClientServer() throws Exception {
        DatanodeDetails randomDatanodeDetails = TestUtils.randomDatanodeDetails();
        ContainerController containerController = new ContainerController(new ContainerSet(), (Map) null);
        runTestClientServer(1, (pipeline, ozoneConfiguration) -> {
            ozoneConfiguration.setInt("dfs.container.ipc", pipeline.getFirstNode().getPort(DatanodeDetails.Port.Name.STANDALONE).getValue().intValue());
        }, (v1, v2) -> {
            return new XceiverClientGrpc(v1, v2);
        }, (datanodeDetails, ozoneConfiguration2) -> {
            return new XceiverServerGrpc(randomDatanodeDetails, ozoneConfiguration2, new TestContainerDispatcher(), caClient, new BindableService[]{createReplicationService(containerController)});
        }, (datanodeDetails2, pipeline2) -> {
        });
    }

    @Test
    public void testClientServerRatisGrpc() throws Exception {
        runTestClientServerRatis(SupportedRpcType.GRPC, 1);
        runTestClientServerRatis(SupportedRpcType.GRPC, 3);
    }

    @Test
    @Ignore
    public void testClientServerRatisNetty() throws Exception {
        runTestClientServerRatis(SupportedRpcType.NETTY, 1);
        runTestClientServerRatis(SupportedRpcType.NETTY, 3);
    }

    static XceiverServerRatis newXceiverServerRatis(DatanodeDetails datanodeDetails, OzoneConfiguration ozoneConfiguration) throws IOException {
        ozoneConfiguration.setInt("dfs.container.ratis.ipc", datanodeDetails.getPort(DatanodeDetails.Port.Name.RATIS).getValue().intValue());
        ozoneConfiguration.set("dfs.container.ratis.datanode.storage.dir", TEST_DIR + datanodeDetails.getUuid());
        return XceiverServerRatis.newXceiverServerRatis(datanodeDetails, ozoneConfiguration, new TestContainerDispatcher(), (StateContext) null, caClient);
    }

    static void runTestClientServerRatis(RpcType rpcType, int i) throws Exception {
        runTestClientServer(i, (pipeline, ozoneConfiguration) -> {
            RatisTestHelper.initRatisConf(rpcType, ozoneConfiguration);
        }, (v0, v1) -> {
            return XceiverClientRatis.newXceiverClientRatis(v0, v1);
        }, TestSecureContainerServer::newXceiverServerRatis, (datanodeDetails, pipeline2) -> {
            RatisTestHelper.initXceiverServerRatis(rpcType, datanodeDetails, pipeline2);
        });
    }

    static void runTestClientServer(int i, CheckedBiConsumer<Pipeline, OzoneConfiguration, IOException> checkedBiConsumer, CheckedBiFunction<Pipeline, OzoneConfiguration, XceiverClientSpi, IOException> checkedBiFunction, CheckedBiFunction<DatanodeDetails, OzoneConfiguration, XceiverServerSpi, IOException> checkedBiFunction2, CheckedBiConsumer<DatanodeDetails, Pipeline, IOException> checkedBiConsumer2) throws Exception {
        ArrayList arrayList = new ArrayList();
        XceiverClientSpi xceiverClientSpi = null;
        OzoneUtils.getRequestID();
        try {
            Pipeline createPipeline = ContainerTestHelper.createPipeline(i);
            checkedBiConsumer.accept(createPipeline, CONF);
            for (DatanodeDetails datanodeDetails : createPipeline.getNodes()) {
                XceiverServerSpi apply = checkedBiFunction2.apply(datanodeDetails, CONF);
                arrayList.add(apply);
                apply.start();
                checkedBiConsumer2.accept(datanodeDetails, createPipeline);
            }
            xceiverClientSpi = checkedBiFunction.apply(createPipeline, CONF);
            xceiverClientSpi.connect();
            ContainerProtos.ContainerCommandRequestProto createContainerRequest = ContainerTestHelper.getCreateContainerRequest(ContainerTestHelper.getTestContainerID(), createPipeline);
            Assert.assertNotNull(createContainerRequest.getTraceID());
            if (xceiverClientSpi instanceof XceiverClientGrpc) {
                LambdaTestUtils.intercept(SCMSecurityException.class, "Failed to authenticate with GRPC XceiverServer with Ozone block token", () -> {
                    return xceiverClientSpi.sendCommand(createContainerRequest);
                });
            } else {
                Assert.assertEquals(ContainerProtos.Result.BLOCK_TOKEN_VERIFICATION_FAILED, xceiverClientSpi.sendCommand(createContainerRequest).getResult());
            }
            OzoneBlockTokenSecretManager ozoneBlockTokenSecretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(CONF), Time.monotonicNow() + 86400, caClient.getCertificate().getSerialNumber().toString());
            ozoneBlockTokenSecretManager.start(caClient);
            Token generateToken = ozoneBlockTokenSecretManager.generateToken("1", EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class), RandomUtils.nextLong());
            Assert.assertNotNull(ContainerTestHelper.getCreateContainerSecureRequest(ContainerTestHelper.getTestContainerID(), createPipeline, generateToken).getTraceID());
            XceiverClientSpi apply2 = checkedBiFunction.apply(createPipeline, CONF);
            if (apply2 instanceof XceiverClientGrpc) {
                apply2.connect(generateToken.encodeToUrlString());
            } else {
                apply2.connect();
            }
            Assert.assertEquals(ContainerProtos.Result.SUCCESS, apply2.sendCommand(ContainerTestHelper.getCreateContainerRequest(ContainerTestHelper.getTestContainerID(), createPipeline, generateToken)).getResult());
            if (xceiverClientSpi != null) {
                xceiverClientSpi.close();
            }
            arrayList.stream().forEach((v0) -> {
                v0.stop();
            });
        } catch (Throwable th) {
            if (xceiverClientSpi != null) {
                xceiverClientSpi.close();
            }
            arrayList.stream().forEach((v0) -> {
                v0.stop();
            });
            throw th;
        }
    }
}
