package org.apache.hadoop.yarn.server.resourcemanager;

import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.net.InetSocketAddress;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import junit.framework.Assert;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.ClientRMProtocol;
import org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest;
import org.apache.hadoop.yarn.api.protocolrecords.GetDelegationTokenRequest;
import org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationRequest;
import org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenRequest;
import org.apache.hadoop.yarn.api.records.DelegationToken;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnRemoteException;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.server.RMDelegationTokenSecretManager;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
import org.apache.hadoop.yarn.util.BuilderUtils;
import org.apache.hadoop.yarn.util.ProtoUtils;
import org.apache.hadoop.yarn.util.Records;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/TestClientRMTokens.class */
public class TestClientRMTokens {
    private static final Log LOG = LogFactory.getLog(TestClientRMTokens.class);

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/TestClientRMTokens$ClientRMServiceForTest.class */
    class ClientRMServiceForTest extends ClientRMService {
        public ClientRMServiceForTest(Configuration configuration, ResourceScheduler resourceScheduler, RMDelegationTokenSecretManager rMDelegationTokenSecretManager) {
            super((RMContext) Mockito.mock(RMContext.class), resourceScheduler, (RMAppManager) Mockito.mock(RMAppManager.class), new ApplicationACLsManager(configuration), rMDelegationTokenSecretManager);
        }

        InetSocketAddress getBindAddress(Configuration configuration) {
            return configuration.getSocketAddr("yarn.resourcemanager.address", "0.0.0.0:8032", 0);
        }

        public void stop() {
            if (this.rmDTSecretManager != null) {
                this.rmDTSecretManager.stopThreads();
            }
            super.stop();
        }
    }

    @Test
    public void testDelegationToken() throws IOException, InterruptedException {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.set("yarn.resourcemanager.principal", "testuser/localhost@apache.org");
        yarnConfiguration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(yarnConfiguration);
        ResourceScheduler createMockScheduler = createMockScheduler(yarnConfiguration);
        RMDelegationTokenSecretManager createRMDelegationTokenSecretManager = createRMDelegationTokenSecretManager(10000L, 20000L, 10000L);
        createRMDelegationTokenSecretManager.startThreads();
        LOG.info("Creating DelegationTokenSecretManager with initialInterval: 10000, maxLifetime: 20000, renewInterval: 10000");
        ClientRMServiceForTest clientRMServiceForTest = new ClientRMServiceForTest(yarnConfiguration, createMockScheduler, createRMDelegationTokenSecretManager);
        clientRMServiceForTest.init(yarnConfiguration);
        clientRMServiceForTest.start();
        ClientRMProtocol clientRMProtocol = null;
        try {
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("testrenewer@APACHE.ORG");
            Assert.assertEquals("testrenewer", createRemoteUser.getShortUserName());
            createRemoteUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
            DelegationToken delegationToken = getDelegationToken(createRemoteUser, clientRMServiceForTest, createRemoteUser.getShortUserName());
            long currentTimeMillis = System.currentTimeMillis();
            LOG.info("Got delegation token at: " + currentTimeMillis);
            clientRMProtocol = getClientRMProtocolWithDT(delegationToken, clientRMServiceForTest.getBindAddress(), "loginuser1", yarnConfiguration);
            GetNewApplicationRequest getNewApplicationRequest = (GetNewApplicationRequest) Records.newRecord(GetNewApplicationRequest.class);
            try {
                clientRMProtocol.getNewApplication(getNewApplicationRequest);
            } catch (UndeclaredThrowableException e) {
                org.junit.Assert.fail("Unexpected exception" + e);
            }
            while (System.currentTimeMillis() < currentTimeMillis + (10000 / 2)) {
                Thread.sleep(500L);
            }
            long renewDelegationToken = renewDelegationToken(createRemoteUser, clientRMServiceForTest, delegationToken);
            long currentTimeMillis2 = System.currentTimeMillis();
            LOG.info("Renewed token at: " + currentTimeMillis2 + ", NextExpiryTime: " + renewDelegationToken);
            while (System.currentTimeMillis() > currentTimeMillis + 10000 && System.currentTimeMillis() < renewDelegationToken) {
                Thread.sleep(500L);
            }
            Thread.sleep(50L);
            try {
                clientRMProtocol.getNewApplication(getNewApplicationRequest);
            } catch (UndeclaredThrowableException e2) {
                org.junit.Assert.fail("Unexpected exception" + e2);
            }
            while (System.currentTimeMillis() < currentTimeMillis2 + 10000) {
                Thread.sleep(500L);
            }
            Thread.sleep(50L);
            LOG.info("At time: " + System.currentTimeMillis() + ", token should be invalid");
            try {
                clientRMProtocol.getNewApplication(getNewApplicationRequest);
                org.junit.Assert.fail("Should not have succeeded with an expired token");
            } catch (UndeclaredThrowableException e3) {
                org.junit.Assert.assertTrue(e3.getCause().getMessage().contains("is expired"));
            }
            if (clientRMProtocol != null) {
                RPC.stopProxy(clientRMProtocol);
            }
            DelegationToken delegationToken2 = getDelegationToken(createRemoteUser, clientRMServiceForTest, createRemoteUser.getShortUserName());
            LOG.info("Got delegation token at: " + System.currentTimeMillis());
            clientRMProtocol = getClientRMProtocolWithDT(delegationToken2, clientRMServiceForTest.getBindAddress(), "loginuser2", yarnConfiguration);
            GetNewApplicationRequest getNewApplicationRequest2 = (GetNewApplicationRequest) Records.newRecord(GetNewApplicationRequest.class);
            try {
                clientRMProtocol.getNewApplication(getNewApplicationRequest2);
            } catch (UndeclaredThrowableException e4) {
                org.junit.Assert.fail("Unexpected exception" + e4);
            }
            cancelDelegationToken(createRemoteUser, clientRMServiceForTest, delegationToken2);
            if (clientRMProtocol != null) {
                RPC.stopProxy(clientRMProtocol);
            }
            clientRMProtocol = getClientRMProtocolWithDT(delegationToken2, clientRMServiceForTest.getBindAddress(), "loginuser2", yarnConfiguration);
            LOG.info("Cancelled delegation token at: " + System.currentTimeMillis());
            try {
                clientRMProtocol.getNewApplication(getNewApplicationRequest2);
                org.junit.Assert.fail("Should not have succeeded with a cancelled delegation token");
            } catch (UndeclaredThrowableException e5) {
            }
            createRMDelegationTokenSecretManager.stopThreads();
            if (clientRMProtocol != null) {
                RPC.stopProxy(clientRMProtocol);
            }
        } catch (Throwable th) {
            createRMDelegationTokenSecretManager.stopThreads();
            if (clientRMProtocol != null) {
                RPC.stopProxy(clientRMProtocol);
            }
            throw th;
        }
    }

    private DelegationToken getDelegationToken(UserGroupInformation userGroupInformation, final ClientRMProtocol clientRMProtocol, final String str) throws IOException, InterruptedException {
        return (DelegationToken) userGroupInformation.doAs(new PrivilegedExceptionAction<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.TestClientRMTokens.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public DelegationToken run() throws YarnRemoteException {
                GetDelegationTokenRequest getDelegationTokenRequest = (GetDelegationTokenRequest) Records.newRecord(GetDelegationTokenRequest.class);
                getDelegationTokenRequest.setRenewer(str);
                return clientRMProtocol.getDelegationToken(getDelegationTokenRequest).getRMDelegationToken();
            }
        });
    }

    private long renewDelegationToken(UserGroupInformation userGroupInformation, final ClientRMProtocol clientRMProtocol, final DelegationToken delegationToken) throws IOException, InterruptedException {
        return ((Long) userGroupInformation.doAs(new PrivilegedExceptionAction<Long>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.TestClientRMTokens.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Long run() throws YarnRemoteException {
                RenewDelegationTokenRequest renewDelegationTokenRequest = (RenewDelegationTokenRequest) Records.newRecord(RenewDelegationTokenRequest.class);
                renewDelegationTokenRequest.setDelegationToken(delegationToken);
                return Long.valueOf(clientRMProtocol.renewDelegationToken(renewDelegationTokenRequest).getNextExpirationTime());
            }
        })).longValue();
    }

    private void cancelDelegationToken(UserGroupInformation userGroupInformation, final ClientRMProtocol clientRMProtocol, final DelegationToken delegationToken) throws IOException, InterruptedException {
        userGroupInformation.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.TestClientRMTokens.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws YarnRemoteException {
                CancelDelegationTokenRequest cancelDelegationTokenRequest = (CancelDelegationTokenRequest) Records.newRecord(CancelDelegationTokenRequest.class);
                cancelDelegationTokenRequest.setDelegationToken(delegationToken);
                clientRMProtocol.cancelDelegationToken(cancelDelegationTokenRequest);
                return null;
            }
        });
    }

    private ClientRMProtocol getClientRMProtocolWithDT(DelegationToken delegationToken, final InetSocketAddress inetSocketAddress, String str, final Configuration configuration) {
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(str);
        createRemoteUser.addToken(ProtoUtils.convertFromProtoFormat(delegationToken, inetSocketAddress));
        final YarnRPC create = YarnRPC.create(configuration);
        return (ClientRMProtocol) createRemoteUser.doAs(new PrivilegedAction<ClientRMProtocol>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.TestClientRMTokens.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ClientRMProtocol run() {
                return (ClientRMProtocol) create.getProxy(ClientRMProtocol.class, inetSocketAddress, configuration);
            }
        });
    }

    private static ResourceScheduler createMockScheduler(Configuration configuration) {
        ResourceScheduler resourceScheduler = (ResourceScheduler) Mockito.mock(ResourceScheduler.class);
        ((ResourceScheduler) Mockito.doReturn(BuilderUtils.newResource(512)).when(resourceScheduler)).getMinimumResourceCapability();
        ((ResourceScheduler) Mockito.doReturn(BuilderUtils.newResource(5120)).when(resourceScheduler)).getMaximumResourceCapability();
        return resourceScheduler;
    }

    private static RMDelegationTokenSecretManager createRMDelegationTokenSecretManager(long j, long j2, long j3) {
        return new RMDelegationTokenSecretManager(j, j2, j3, 3600000L);
    }
}
