package org.apache.hadoop.yarn.server.resourcemanager.security;

import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collection;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.ApplicationMasterProtocol;
import org.apache.hadoop.yarn.api.protocolrecords.AllocateRequest;
import org.apache.hadoop.yarn.api.protocolrecords.FinishApplicationMasterRequest;
import org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterRequest;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.ContainerState;
import org.apache.hadoop.yarn.api.records.FinalApplicationStatus;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.server.resourcemanager.MockNM;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.TestAMAuthorization;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.event.RMAppAttemptContainerFinishedEvent;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairSchedulerConfiguration;
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
import org.apache.hadoop.yarn.util.Records;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-yarn-server-resourcemanager-2.4.0-tests.jar:org/apache/hadoop/yarn/server/resourcemanager/security/TestAMRMTokens.class
 */
@RunWith(Parameterized.class)
/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/resourcemanager/security/TestAMRMTokens.class */
public class TestAMRMTokens {
    private static final Log LOG = LogFactory.getLog(TestAMRMTokens.class);
    private final Configuration conf;

    @Parameterized.Parameters
    public static Collection<Object[]> configs() {
        Configuration configuration = new Configuration();
        Configuration configuration2 = new Configuration();
        configuration2.set("hadoop.security.authentication", "kerberos");
        return Arrays.asList(new Object[]{configuration}, new Object[]{configuration2});
    }

    public TestAMRMTokens(Configuration configuration) {
        this.conf = configuration;
        UserGroupInformation.setConfiguration(configuration);
    }

    @Test
    public void testTokenExpiry() throws Exception {
        TestAMAuthorization.MyContainerManager myContainerManager = new TestAMAuthorization.MyContainerManager();
        TestAMAuthorization.MockRMWithAMS mockRMWithAMS = new TestAMAuthorization.MockRMWithAMS(this.conf, myContainerManager);
        mockRMWithAMS.start();
        Configuration config = mockRMWithAMS.getConfig();
        YarnRPC create = YarnRPC.create(config);
        ApplicationMasterProtocol applicationMasterProtocol = null;
        try {
            MockNM registerNode = mockRMWithAMS.registerNode("localhost:1234", 5120);
            RMApp submitApp = mockRMWithAMS.submitApp(FairSchedulerConfiguration.DEFAULT_RM_SCHEDULER_INCREMENT_ALLOCATION_MB);
            registerNode.nodeHeartbeat(true);
            int i = 0;
            while (myContainerManager.containerTokens == null) {
                int i2 = i;
                i++;
                if (i2 >= 20) {
                    break;
                }
                LOG.info("Waiting for AM Launch to happen..");
                Thread.sleep(1000L);
            }
            Assert.assertNotNull(myContainerManager.containerTokens);
            RMAppAttempt currentAppAttempt = submitApp.getCurrentAppAttempt();
            ApplicationAttemptId appAttemptId = currentAppAttempt.getAppAttemptId();
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(appAttemptId.toString());
            createRemoteUser.addToken(TestAMAuthorization.MockRMWithAMS.setupAndReturnAMRMToken(mockRMWithAMS.getApplicationMasterService().getBindAddress(), myContainerManager.getContainerCredentials().getAllTokens()));
            ApplicationMasterProtocol createRMClient = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            createRMClient.registerApplicationMaster((RegisterApplicationMasterRequest) Records.newRecord(RegisterApplicationMasterRequest.class));
            FinishApplicationMasterRequest finishApplicationMasterRequest = (FinishApplicationMasterRequest) Records.newRecord(FinishApplicationMasterRequest.class);
            finishApplicationMasterRequest.setFinalApplicationStatus(FinalApplicationStatus.SUCCEEDED);
            finishApplicationMasterRequest.setDiagnostics("diagnostics");
            finishApplicationMasterRequest.setTrackingUrl("url");
            createRMClient.finishApplicationMaster(finishApplicationMasterRequest);
            mockRMWithAMS.getRMContext().getDispatcher().getEventHandler().handle(new RMAppAttemptContainerFinishedEvent(appAttemptId, BuilderUtils.newContainerStatus(currentAppAttempt.getMasterContainer().getId(), ContainerState.COMPLETE, "AM Container Finished", 0)));
            create.stopProxy(createRMClient, config);
            applicationMasterProtocol = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            try {
                applicationMasterProtocol.allocate((AllocateRequest) Records.newRecord(AllocateRequest.class));
                Assert.fail("You got to be kidding me! Using App tokens after app-finish should fail!");
            } catch (Throwable th) {
                LOG.info("Exception found is ", th);
                Assert.assertTrue(th.getCause().getMessage().contains("Password not found for ApplicationAttempt " + appAttemptId.toString()));
            }
            mockRMWithAMS.stop();
            if (applicationMasterProtocol != null) {
                create.stopProxy(applicationMasterProtocol, config);
            }
        } catch (Throwable th2) {
            mockRMWithAMS.stop();
            if (applicationMasterProtocol != null) {
                create.stopProxy(applicationMasterProtocol, config);
            }
            throw th2;
        }
    }

    @Test
    public void testMasterKeyRollOver() throws Exception {
        TestAMAuthorization.MyContainerManager myContainerManager = new TestAMAuthorization.MyContainerManager();
        TestAMAuthorization.MockRMWithAMS mockRMWithAMS = new TestAMAuthorization.MockRMWithAMS(this.conf, myContainerManager);
        mockRMWithAMS.start();
        Configuration config = mockRMWithAMS.getConfig();
        YarnRPC create = YarnRPC.create(config);
        ApplicationMasterProtocol applicationMasterProtocol = null;
        try {
            MockNM registerNode = mockRMWithAMS.registerNode("localhost:1234", 5120);
            RMApp submitApp = mockRMWithAMS.submitApp(FairSchedulerConfiguration.DEFAULT_RM_SCHEDULER_INCREMENT_ALLOCATION_MB);
            registerNode.nodeHeartbeat(true);
            int i = 0;
            while (myContainerManager.containerTokens == null) {
                int i2 = i;
                i++;
                if (i2 >= 20) {
                    break;
                }
                LOG.info("Waiting for AM Launch to happen..");
                Thread.sleep(1000L);
            }
            Assert.assertNotNull(myContainerManager.containerTokens);
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(submitApp.getCurrentAppAttempt().getAppAttemptId().toString());
            createRemoteUser.addToken(TestAMAuthorization.MockRMWithAMS.setupAndReturnAMRMToken(mockRMWithAMS.getApplicationMasterService().getBindAddress(), myContainerManager.getContainerCredentials().getAllTokens()));
            ApplicationMasterProtocol createRMClient = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            createRMClient.registerApplicationMaster((RegisterApplicationMasterRequest) Records.newRecord(RegisterApplicationMasterRequest.class));
            Assert.assertTrue(createRMClient.allocate((AllocateRequest) Records.newRecord(AllocateRequest.class)).getAMCommand() == null);
            AMRMTokenSecretManager aMRMTokenSecretManager = mockRMWithAMS.getRMContext().getAMRMTokenSecretManager();
            SecretKey masterKey = aMRMTokenSecretManager.getMasterKey();
            aMRMTokenSecretManager.rollMasterKey();
            Assert.assertFalse("Master key should have changed!", masterKey.equals(aMRMTokenSecretManager.getMasterKey()));
            create.stopProxy(createRMClient, config);
            applicationMasterProtocol = createRMClient(mockRMWithAMS, config, create, createRemoteUser);
            Assert.assertTrue(applicationMasterProtocol.allocate((AllocateRequest) Records.newRecord(AllocateRequest.class)).getAMCommand() == null);
            mockRMWithAMS.stop();
            if (applicationMasterProtocol != null) {
                create.stopProxy(applicationMasterProtocol, config);
            }
        } catch (Throwable th) {
            mockRMWithAMS.stop();
            if (applicationMasterProtocol != null) {
                create.stopProxy(applicationMasterProtocol, config);
            }
            throw th;
        }
    }

    private ApplicationMasterProtocol createRMClient(final MockRM mockRM, final Configuration configuration, final YarnRPC yarnRPC, UserGroupInformation userGroupInformation) {
        return (ApplicationMasterProtocol) userGroupInformation.doAs(new PrivilegedAction<ApplicationMasterProtocol>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.security.TestAMRMTokens.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ApplicationMasterProtocol run() {
                return (ApplicationMasterProtocol) yarnRPC.getProxy(ApplicationMasterProtocol.class, mockRM.getApplicationMasterService().getBindAddress(), configuration);
            }
        });
    }
}
