package org.apache.hadoop.yarn.server.resourcemanager.security;

import java.security.PrivilegedAction;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.yarn.api.AMRMProtocol;
import org.apache.hadoop.yarn.api.protocolrecords.AllocateRequest;
import org.apache.hadoop.yarn.api.protocolrecords.FinishApplicationMasterRequest;
import org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterRequest;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.FinalApplicationStatus;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.server.resourcemanager.MockNM;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.TestAMAuthorization;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
import org.apache.hadoop.yarn.util.BuilderUtils;
import org.apache.hadoop.yarn.util.Records;
import org.junit.Assert;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-yarn-server-resourcemanager-0.23.5-tests.jar:org/apache/hadoop/yarn/server/resourcemanager/security/TestApplicationTokens.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/resourcemanager/security/TestApplicationTokens.class */
public class TestApplicationTokens {
    private static final Log LOG = LogFactory.getLog(TestApplicationTokens.class);

    @Test
    public void testTokenExpiry() throws Exception {
        TestAMAuthorization.MyContainerManager myContainerManager = new TestAMAuthorization.MyContainerManager();
        TestAMAuthorization.MockRMWithAMS mockRMWithAMS = new TestAMAuthorization.MockRMWithAMS(new Configuration(), myContainerManager);
        mockRMWithAMS.start();
        Configuration config = mockRMWithAMS.getConfig();
        YarnRPC create = YarnRPC.create(config);
        AMRMProtocol aMRMProtocol = null;
        try {
            MockNM registerNode = mockRMWithAMS.registerNode("localhost:1234", 5120);
            RMApp submitApp = mockRMWithAMS.submitApp(1024);
            registerNode.nodeHeartbeat(true);
            int i = 0;
            while (myContainerManager.amContainerEnv == null) {
                int i2 = i;
                i++;
                if (i2 >= 20) {
                    break;
                }
                LOG.info("Waiting for AM Launch to happen..");
                Thread.sleep(1000L);
            }
            Assert.assertNotNull(myContainerManager.amContainerEnv);
            ApplicationAttemptId appAttemptId = submitApp.getCurrentAppAttempt().getAppAttemptId();
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(appAttemptId.toString());
            String str = myContainerManager.amContainerEnv.get("AppMasterTokenEnv");
            LOG.info("AppMasterToken is " + str);
            Token token = new Token();
            token.decodeFromUrlString(str);
            createRemoteUser.addToken(token);
            AMRMProtocol createRMClient = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            RegisterApplicationMasterRequest registerApplicationMasterRequest = (RegisterApplicationMasterRequest) Records.newRecord(RegisterApplicationMasterRequest.class);
            registerApplicationMasterRequest.setApplicationAttemptId(appAttemptId);
            createRMClient.registerApplicationMaster(registerApplicationMasterRequest);
            FinishApplicationMasterRequest finishApplicationMasterRequest = (FinishApplicationMasterRequest) Records.newRecord(FinishApplicationMasterRequest.class);
            finishApplicationMasterRequest.setAppAttemptId(appAttemptId);
            finishApplicationMasterRequest.setFinishApplicationStatus(FinalApplicationStatus.SUCCEEDED);
            finishApplicationMasterRequest.setDiagnostics("diagnostics");
            finishApplicationMasterRequest.setTrackingUrl("url");
            createRMClient.finishApplicationMaster(finishApplicationMasterRequest);
            create.stopProxy(createRMClient, config);
            aMRMProtocol = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            registerApplicationMasterRequest.setApplicationAttemptId(BuilderUtils.newApplicationAttemptId(BuilderUtils.newApplicationId(12345L, 78), 987));
            AllocateRequest allocateRequest = (AllocateRequest) Records.newRecord(AllocateRequest.class);
            allocateRequest.setApplicationAttemptId(appAttemptId);
            try {
                aMRMProtocol.allocate(allocateRequest);
                Assert.fail("You got to be kidding me! Using App tokens after app-finish should fail!");
            } catch (Throwable th) {
                LOG.info("Exception found is ", th);
                Assert.assertTrue(th.getCause().getMessage().contains("Password not found for ApplicationAttempt " + appAttemptId.toString()));
            }
            mockRMWithAMS.stop();
            if (aMRMProtocol != null) {
                create.stopProxy(aMRMProtocol, config);
            }
        } catch (Throwable th2) {
            mockRMWithAMS.stop();
            if (aMRMProtocol != null) {
                create.stopProxy(aMRMProtocol, config);
            }
            throw th2;
        }
    }

    @Test
    public void testMasterKeyRollOver() throws Exception {
        Configuration configuration = new Configuration();
        TestAMAuthorization.MyContainerManager myContainerManager = new TestAMAuthorization.MyContainerManager();
        TestAMAuthorization.MockRMWithAMS mockRMWithAMS = new TestAMAuthorization.MockRMWithAMS(configuration, myContainerManager);
        mockRMWithAMS.start();
        Configuration config = mockRMWithAMS.getConfig();
        YarnRPC create = YarnRPC.create(config);
        AMRMProtocol aMRMProtocol = null;
        try {
            MockNM registerNode = mockRMWithAMS.registerNode("localhost:1234", 5120);
            RMApp submitApp = mockRMWithAMS.submitApp(1024);
            registerNode.nodeHeartbeat(true);
            int i = 0;
            while (myContainerManager.amContainerEnv == null) {
                int i2 = i;
                i++;
                if (i2 >= 20) {
                    break;
                }
                LOG.info("Waiting for AM Launch to happen..");
                Thread.sleep(1000L);
            }
            Assert.assertNotNull(myContainerManager.amContainerEnv);
            ApplicationAttemptId appAttemptId = submitApp.getCurrentAppAttempt().getAppAttemptId();
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(appAttemptId.toString());
            String str = myContainerManager.amContainerEnv.get("AppMasterTokenEnv");
            LOG.info("AppMasterToken is " + str);
            Token token = new Token();
            token.decodeFromUrlString(str);
            createRemoteUser.addToken(token);
            AMRMProtocol createRMClient = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            RegisterApplicationMasterRequest registerApplicationMasterRequest = (RegisterApplicationMasterRequest) Records.newRecord(RegisterApplicationMasterRequest.class);
            registerApplicationMasterRequest.setApplicationAttemptId(appAttemptId);
            createRMClient.registerApplicationMaster(registerApplicationMasterRequest);
            AllocateRequest allocateRequest = (AllocateRequest) Records.newRecord(AllocateRequest.class);
            allocateRequest.setApplicationAttemptId(appAttemptId);
            Assert.assertFalse(createRMClient.allocate(allocateRequest).getAMResponse().getReboot());
            ApplicationTokenSecretManager applicationTokenSecretManager = mockRMWithAMS.getRMContext().getApplicationTokenSecretManager();
            SecretKey masterKey = applicationTokenSecretManager.getMasterKey();
            applicationTokenSecretManager.rollMasterKey();
            Assert.assertFalse("Master key should have changed!", masterKey.equals(applicationTokenSecretManager.getMasterKey()));
            create.stopProxy(createRMClient, config);
            aMRMProtocol = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            AllocateRequest allocateRequest2 = (AllocateRequest) Records.newRecord(AllocateRequest.class);
            allocateRequest2.setApplicationAttemptId(appAttemptId);
            Assert.assertFalse(aMRMProtocol.allocate(allocateRequest2).getAMResponse().getReboot());
            mockRMWithAMS.stop();
            if (aMRMProtocol != null) {
                create.stopProxy(aMRMProtocol, config);
            }
        } catch (Throwable th) {
            mockRMWithAMS.stop();
            if (aMRMProtocol != null) {
                create.stopProxy(aMRMProtocol, config);
            }
            throw th;
        }
    }

    private AMRMProtocol createRMClient(final MockRM mockRM, final Configuration configuration, final YarnRPC yarnRPC, UserGroupInformation userGroupInformation) {
        return (AMRMProtocol) userGroupInformation.doAs(new PrivilegedAction<AMRMProtocol>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.security.TestApplicationTokens.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public AMRMProtocol run() {
                return (AMRMProtocol) yarnRPC.getProxy(AMRMProtocol.class, mockRM.getApplicationMasterService().getBindAddress(), configuration);
            }
        });
    }
}
