package org.apache.storm.security.auth.workertoken;

import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.storm.cluster.IStormClusterState;
import org.apache.storm.generated.PrivateWorkerKey;
import org.apache.storm.generated.WorkerToken;
import org.apache.storm.generated.WorkerTokenInfo;
import org.apache.storm.generated.WorkerTokenServiceType;
import org.apache.storm.security.auth.ClientAuthUtils;
import org.apache.storm.utils.Time;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/storm/security/auth/workertoken/WorkerTokenTest.class */
public class WorkerTokenTest {
    public static final long ONE_DAY_MILLIS = TimeUnit.HOURS.toMillis(24);

    @Test
    public void testBasicGenerateAndAuthorize() {
        AtomicReference atomicReference = new AtomicReference();
        WorkerTokenServiceType workerTokenServiceType = WorkerTokenServiceType.NIMBUS;
        Time.SimulatedTime simulatedTime = new Time.SimulatedTime();
        Throwable th = null;
        try {
            try {
                IStormClusterState iStormClusterState = (IStormClusterState) Mockito.mock(IStormClusterState.class);
                WorkerTokenManager workerTokenManager = new WorkerTokenManager(new HashMap(), iStormClusterState);
                Mockito.when(Long.valueOf(iStormClusterState.getNextPrivateWorkerKeyVersion(workerTokenServiceType, "topo-1"))).thenReturn(0L);
                ((IStormClusterState) Mockito.doAnswer(invocationOnMock -> {
                    atomicReference.set(invocationOnMock.getArgument(3));
                    return null;
                }).when(iStormClusterState)).addPrivateWorkerKey((WorkerTokenServiceType) Mockito.eq(workerTokenServiceType), (String) Mockito.eq("topo-1"), Mockito.eq(0L), (PrivateWorkerKey) Mockito.any(PrivateWorkerKey.class));
                Mockito.when(iStormClusterState.getPrivateWorkerKey(workerTokenServiceType, "topo-1", 0L)).thenAnswer(invocationOnMock2 -> {
                    return (PrivateWorkerKey) atomicReference.get();
                });
                WorkerToken createOrUpdateTokenFor = workerTokenManager.createOrUpdateTokenFor(workerTokenServiceType, "user", "topo-1");
                ((IStormClusterState) Mockito.verify(iStormClusterState)).addPrivateWorkerKey((WorkerTokenServiceType) Mockito.eq(workerTokenServiceType), (String) Mockito.eq("topo-1"), Mockito.eq(0L), (PrivateWorkerKey) Mockito.any(PrivateWorkerKey.class));
                Assert.assertTrue(createOrUpdateTokenFor.is_set_serviceType());
                Assert.assertEquals(workerTokenServiceType, createOrUpdateTokenFor.get_serviceType());
                Assert.assertTrue(createOrUpdateTokenFor.is_set_info());
                Assert.assertTrue(createOrUpdateTokenFor.is_set_signature());
                PrivateWorkerKey privateWorkerKey = (PrivateWorkerKey) atomicReference.get();
                Assert.assertNotNull(privateWorkerKey);
                Assert.assertTrue(privateWorkerKey.is_set_expirationTimeMillis());
                Assert.assertEquals(ONE_DAY_MILLIS, privateWorkerKey.get_expirationTimeMillis());
                WorkerTokenInfo workerTokenInfo = ClientAuthUtils.getWorkerTokenInfo(createOrUpdateTokenFor);
                Assert.assertTrue(workerTokenInfo.is_set_topologyId());
                Assert.assertTrue(workerTokenInfo.is_set_userName());
                Assert.assertTrue(workerTokenInfo.is_set_expirationTimeMillis());
                Assert.assertTrue(workerTokenInfo.is_set_secretVersion());
                Assert.assertEquals("topo-1", workerTokenInfo.get_topologyId());
                Assert.assertEquals("user", workerTokenInfo.get_userName());
                Assert.assertEquals(ONE_DAY_MILLIS, workerTokenInfo.get_expirationTimeMillis());
                Assert.assertEquals(0L, workerTokenInfo.get_secretVersion());
                Assert.assertArrayEquals(createOrUpdateTokenFor.get_signature(), new WorkerTokenAuthorizer(workerTokenServiceType, iStormClusterState).getSignedPasswordFor(createOrUpdateTokenFor.get_info(), workerTokenInfo));
                if (simulatedTime != null) {
                    if (0 == 0) {
                        simulatedTime.close();
                        return;
                    }
                    try {
                        simulatedTime.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (simulatedTime != null) {
                if (th != null) {
                    try {
                        simulatedTime.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    simulatedTime.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testExpiration() {
        AtomicReference atomicReference = new AtomicReference();
        WorkerTokenServiceType workerTokenServiceType = WorkerTokenServiceType.NIMBUS;
        Time.SimulatedTime simulatedTime = new Time.SimulatedTime();
        Throwable th = null;
        try {
            try {
                IStormClusterState iStormClusterState = (IStormClusterState) Mockito.mock(IStormClusterState.class);
                WorkerTokenManager workerTokenManager = new WorkerTokenManager(new HashMap(), iStormClusterState);
                Mockito.when(Long.valueOf(iStormClusterState.getNextPrivateWorkerKeyVersion(workerTokenServiceType, "topo-1"))).thenReturn(5L);
                ((IStormClusterState) Mockito.doAnswer(invocationOnMock -> {
                    atomicReference.set(invocationOnMock.getArgument(3));
                    return null;
                }).when(iStormClusterState)).addPrivateWorkerKey((WorkerTokenServiceType) Mockito.eq(workerTokenServiceType), (String) Mockito.eq("topo-1"), Mockito.eq(5L), (PrivateWorkerKey) Mockito.any(PrivateWorkerKey.class));
                Mockito.when(iStormClusterState.getPrivateWorkerKey(workerTokenServiceType, "topo-1", 5L)).thenAnswer(invocationOnMock2 -> {
                    return (PrivateWorkerKey) atomicReference.get();
                });
                WorkerToken createOrUpdateTokenFor = workerTokenManager.createOrUpdateTokenFor(workerTokenServiceType, "user", "topo-1");
                ((IStormClusterState) Mockito.verify(iStormClusterState)).addPrivateWorkerKey((WorkerTokenServiceType) Mockito.eq(workerTokenServiceType), (String) Mockito.eq("topo-1"), Mockito.eq(5L), (PrivateWorkerKey) Mockito.any(PrivateWorkerKey.class));
                Assert.assertTrue(createOrUpdateTokenFor.is_set_serviceType());
                Assert.assertEquals(workerTokenServiceType, createOrUpdateTokenFor.get_serviceType());
                Assert.assertTrue(createOrUpdateTokenFor.is_set_info());
                Assert.assertTrue(createOrUpdateTokenFor.is_set_signature());
                PrivateWorkerKey privateWorkerKey = (PrivateWorkerKey) atomicReference.get();
                Assert.assertNotNull(privateWorkerKey);
                Assert.assertTrue(privateWorkerKey.is_set_expirationTimeMillis());
                Assert.assertEquals(ONE_DAY_MILLIS, privateWorkerKey.get_expirationTimeMillis());
                WorkerTokenInfo workerTokenInfo = ClientAuthUtils.getWorkerTokenInfo(createOrUpdateTokenFor);
                Assert.assertTrue(workerTokenInfo.is_set_topologyId());
                Assert.assertTrue(workerTokenInfo.is_set_userName());
                Assert.assertTrue(workerTokenInfo.is_set_expirationTimeMillis());
                Assert.assertTrue(workerTokenInfo.is_set_secretVersion());
                Assert.assertEquals("topo-1", workerTokenInfo.get_topologyId());
                Assert.assertEquals("user", workerTokenInfo.get_userName());
                Assert.assertEquals(ONE_DAY_MILLIS, workerTokenInfo.get_expirationTimeMillis());
                Assert.assertEquals(5L, workerTokenInfo.get_secretVersion());
                Time.advanceTime(ONE_DAY_MILLIS + 1);
                try {
                    new WorkerTokenAuthorizer(workerTokenServiceType, iStormClusterState).getSignedPasswordFor(createOrUpdateTokenFor.get_info(), workerTokenInfo);
                    Assert.fail("Expected an expired token to not be signed!!!");
                } catch (IllegalArgumentException e) {
                }
                HashMap hashMap = new HashMap();
                ClientAuthUtils.setWorkerToken(hashMap, createOrUpdateTokenFor);
                Assert.assertTrue("Expired WorkerToken should be eligible for renewal", workerTokenManager.shouldRenewWorkerToken(hashMap, workerTokenServiceType));
                if (simulatedTime != null) {
                    if (0 == 0) {
                        simulatedTime.close();
                        return;
                    }
                    try {
                        simulatedTime.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (simulatedTime != null) {
                if (th != null) {
                    try {
                        simulatedTime.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    simulatedTime.close();
                }
            }
            throw th4;
        }
    }
}
