package org.apache.accumulo.test.functional;

import java.time.Duration;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.accumulo.cluster.ClusterUser;
import org.apache.accumulo.core.client.AccumuloClient;
import org.apache.accumulo.core.client.BatchWriter;
import org.apache.accumulo.core.client.Scanner;
import org.apache.accumulo.core.client.admin.CompactionConfig;
import org.apache.accumulo.core.client.security.tokens.KerberosToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.conf.ClientProperty;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.data.Key;
import org.apache.accumulo.core.data.Mutation;
import org.apache.accumulo.core.data.PartialKey;
import org.apache.accumulo.core.data.Value;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.harness.AccumuloITBase;
import org.apache.accumulo.harness.MiniClusterHarness;
import org.apache.accumulo.harness.TestingKdc;
import org.apache.accumulo.miniclusterImpl.MiniAccumuloClusterImpl;
import org.apache.accumulo.test.util.Wait;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Tag(AccumuloITBase.MINI_CLUSTER_ONLY)
/* loaded from: input_file:org/apache/accumulo/test/functional/KerberosRenewalIT.class */
public class KerberosRenewalIT extends AccumuloITBase {
    private static TestingKdc kdc;
    private static ClusterUser rootUser;
    public static final int TEST_DURATION_MINUTES = 9;
    private MiniAccumuloClusterImpl mac;
    private static final Logger log = LoggerFactory.getLogger(KerberosRenewalIT.class);
    private static String krbEnabledForITs = null;
    private static final long TICKET_LIFETIME = TimeUnit.MINUTES.toMillis(6);
    private static final long TICKET_TEST_LIFETIME = TimeUnit.MINUTES.toMillis(8);

    @Override // org.apache.accumulo.harness.AccumuloITBase
    protected Duration defaultTimeout() {
        return Duration.ofMinutes(9L);
    }

    @BeforeAll
    public static void startKdc() throws Exception {
        kdc = new TestingKdc(TestingKdc.computeKdcDir(), TestingKdc.computeKeytabDir(), TICKET_LIFETIME);
        kdc.start();
        krbEnabledForITs = System.getProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION);
        if (!Boolean.parseBoolean(krbEnabledForITs)) {
            System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, "true");
        }
        rootUser = kdc.getRootUser();
    }

    @AfterAll
    public static void stopKdc() {
        if (kdc != null) {
            kdc.stop();
        }
        if (krbEnabledForITs != null) {
            System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, krbEnabledForITs);
        }
    }

    @BeforeEach
    public void startMac() throws Exception {
        this.mac = new MiniClusterHarness().create(this, new PasswordToken("unused"), kdc, (miniAccumuloConfigImpl, configuration) -> {
            Map siteConfig = miniAccumuloConfigImpl.getSiteConfig();
            siteConfig.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "15s");
            siteConfig.put(Property.GENERAL_KERBEROS_RENEWAL_PERIOD.getKey(), "5s");
            miniAccumuloConfigImpl.setSiteConfig(siteConfig);
            miniAccumuloConfigImpl.setClientProperty(ClientProperty.INSTANCE_ZOOKEEPERS_TIMEOUT, "15s");
        });
        this.mac.getConfig().setNumTservers(1);
        this.mac.start();
        Configuration configuration2 = new Configuration(false);
        configuration2.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration2);
    }

    @AfterEach
    public void stopMac() throws Exception {
        if (this.mac != null) {
            this.mac.stop();
        }
    }

    @Timeout(value = 9, unit = TimeUnit.MINUTES)
    @Test
    public void testReadAndWriteThroughTicketLifetime() throws Exception {
        UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        log.info("Logged in as {}", rootUser.getPrincipal());
        AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
        try {
            log.info("Created client as {}", rootUser.getPrincipal());
            Assertions.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
            String str = getUniqueNames(1)[0] + "_table";
            long currentTimeMillis = System.currentTimeMillis() + TICKET_TEST_LIFETIME;
            while (System.currentTimeMillis() < currentTimeMillis) {
                createReadWriteDrop(createAccumuloClient, str);
                Thread.sleep(5000L);
            }
            if (createAccumuloClient != null) {
                createAccumuloClient.close();
            }
        } catch (Throwable th) {
            if (createAccumuloClient != null) {
                try {
                    createAccumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void createReadWriteDrop(AccumuloClient accumuloClient, String str) throws Exception {
        accumuloClient.tableOperations().create(str);
        BatchWriter createBatchWriter = accumuloClient.createBatchWriter(str);
        try {
            Mutation mutation = new Mutation("a");
            mutation.put("b", "c", "d");
            createBatchWriter.addMutation(mutation);
            if (createBatchWriter != null) {
                createBatchWriter.close();
            }
            accumuloClient.tableOperations().compact(str, new CompactionConfig().setFlush(true).setWait(true));
            Scanner createScanner = accumuloClient.createScanner(str, Authorizations.EMPTY);
            try {
                Map.Entry<Key, Value> onlyElement = getOnlyElement(createScanner);
                Assertions.assertEquals(0, new Key("a", "b", "c").compareTo(onlyElement.getKey(), PartialKey.ROW_COLFAM_COLQUAL), "Did not find the expected key");
                Assertions.assertEquals("d", onlyElement.getValue().toString());
                if (createScanner != null) {
                    createScanner.close();
                }
                accumuloClient.tableOperations().delete(str);
                Assertions.assertTrue(Wait.waitFor(() -> {
                    return !accumuloClient.tableOperations().exists(str);
                }, 20000L, 200L));
            } catch (Throwable th) {
                if (createScanner != null) {
                    try {
                        createScanner.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (createBatchWriter != null) {
                try {
                    createBatchWriter.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }
}
