package org.apache.hadoop.security.token.delegation;

import com.google.common.base.Supplier;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.retry.ExponentialBackoffRetry;
import org.apache.curator.test.TestingServer;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenManager;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.server.auth.DigestAuthenticationProvider;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/token/delegation/TestZKDelegationTokenSecretManager.class */
public class TestZKDelegationTokenSecretManager {
    private static final Logger LOG = LoggerFactory.getLogger(TestZKDelegationTokenSecretManager.class);
    private static final int TEST_RETRIES = 2;
    private static final int RETRY_COUNT = 5;
    private static final int RETRY_WAIT = 1000;
    private static final long DAY_IN_SECS = 86400;
    private TestingServer zkServer;

    @Rule
    public Timeout globalTimeout = new Timeout(300000);

    @Before
    public void setup() throws Exception {
        this.zkServer = new TestingServer();
        this.zkServer.start();
    }

    @After
    public void tearDown() throws Exception {
        if (this.zkServer != null) {
            this.zkServer.close();
        }
    }

    protected Configuration getSecretConf(String str) {
        Configuration configuration = new Configuration();
        configuration.setBoolean("zk-dt-secret-manager.enable", true);
        configuration.set("zk-dt-secret-manager.zkConnectionString", str);
        configuration.set("zk-dt-secret-manager.znodeWorkingPath", "testPath");
        configuration.set("zk-dt-secret-manager.zkAuthType", "none");
        configuration.setLong("zk-dt-secret-manager.zkShutdownTimeout", 100L);
        configuration.setLong("delegation-token.update-interval.sec", DAY_IN_SECS);
        configuration.setLong("delegation-token.max-lifetime.sec", DAY_IN_SECS);
        configuration.setLong("delegation-token.renew-interval.sec", DAY_IN_SECS);
        configuration.setLong("delegation-token.removal-scan-interval.sec", DAY_IN_SECS);
        return configuration;
    }

    @Test
    public void testMultiNodeOperations() throws Exception {
        for (int i = 0; i < 2; i++) {
            Configuration secretConf = getSecretConf(this.zkServer.getConnectString());
            DelegationTokenManager delegationTokenManager = new DelegationTokenManager(secretConf, new Text("bla"));
            delegationTokenManager.init();
            DelegationTokenManager delegationTokenManager2 = new DelegationTokenManager(secretConf, new Text("bla"));
            delegationTokenManager2.init();
            Token<DelegationTokenIdentifier> createToken = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "foo");
            Assert.assertNotNull(createToken);
            delegationTokenManager2.verifyToken(createToken);
            delegationTokenManager2.renewToken(createToken, "foo");
            delegationTokenManager.verifyToken(createToken);
            delegationTokenManager.cancelToken(createToken, "foo");
            try {
                verifyTokenFail(delegationTokenManager2, createToken);
                Assert.fail("Expected InvalidToken");
            } catch (SecretManager.InvalidToken e) {
            }
            Token<DelegationTokenIdentifier> createToken2 = delegationTokenManager2.createToken(UserGroupInformation.getCurrentUser(), "bar");
            Assert.assertNotNull(createToken2);
            delegationTokenManager.verifyToken(createToken2);
            delegationTokenManager.renewToken(createToken2, "bar");
            delegationTokenManager2.verifyToken(createToken2);
            delegationTokenManager2.cancelToken(createToken2, "bar");
            try {
                verifyTokenFail(delegationTokenManager, createToken2);
                Assert.fail("Expected InvalidToken");
            } catch (SecretManager.InvalidToken e2) {
            }
            verifyDestroy(delegationTokenManager, secretConf);
            verifyDestroy(delegationTokenManager2, secretConf);
        }
    }

    @Test
    public void testNodeUpAferAWhile() throws Exception {
        for (int i = 0; i < 2; i++) {
            Configuration secretConf = getSecretConf(this.zkServer.getConnectString());
            DelegationTokenManager delegationTokenManager = new DelegationTokenManager(secretConf, new Text("bla"));
            delegationTokenManager.init();
            Token<DelegationTokenIdentifier> createToken = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "foo");
            Assert.assertNotNull(createToken);
            Token createToken2 = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "bar");
            Assert.assertNotNull(createToken2);
            Token createToken3 = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "boo");
            Assert.assertNotNull(createToken3);
            delegationTokenManager.verifyToken(createToken);
            delegationTokenManager.verifyToken(createToken2);
            delegationTokenManager.verifyToken(createToken3);
            delegationTokenManager.cancelToken(createToken, "foo");
            Thread.sleep(1000L);
            DelegationTokenManager delegationTokenManager2 = new DelegationTokenManager(secretConf, new Text("bla"));
            delegationTokenManager2.init();
            delegationTokenManager2.verifyToken(createToken2);
            delegationTokenManager2.verifyToken(createToken3);
            try {
                verifyTokenFail(delegationTokenManager2, createToken);
                Assert.fail("Expected InvalidToken");
            } catch (SecretManager.InvalidToken e) {
            }
            Token createToken4 = delegationTokenManager2.createToken(UserGroupInformation.getCurrentUser(), "xyz");
            Assert.assertNotNull(createToken4);
            delegationTokenManager2.verifyToken(createToken4);
            delegationTokenManager.verifyToken(createToken4);
            verifyDestroy(delegationTokenManager2, secretConf);
            Thread.sleep(1000L);
            DelegationTokenManager delegationTokenManager3 = new DelegationTokenManager(secretConf, new Text("bla"));
            delegationTokenManager3.init();
            delegationTokenManager3.verifyToken(createToken2);
            delegationTokenManager3.verifyToken(createToken3);
            delegationTokenManager3.verifyToken(createToken4);
            try {
                verifyTokenFail(delegationTokenManager3, createToken);
                Assert.fail("Expected InvalidToken");
            } catch (SecretManager.InvalidToken e2) {
            }
            verifyDestroy(delegationTokenManager3, secretConf);
            verifyDestroy(delegationTokenManager, secretConf);
        }
    }

    @Test
    public void testRenewTokenSingleManager() throws Exception {
        for (int i = 0; i < 2; i++) {
            Configuration secretConf = getSecretConf(this.zkServer.getConnectString());
            DelegationTokenManager delegationTokenManager = new DelegationTokenManager(secretConf, new Text("foo"));
            delegationTokenManager.init();
            Token createToken = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "foo");
            Assert.assertNotNull(createToken);
            delegationTokenManager.renewToken(createToken, "foo");
            delegationTokenManager.verifyToken(createToken);
            verifyDestroy(delegationTokenManager, secretConf);
        }
    }

    @Test
    public void testCancelTokenSingleManager() throws Exception {
        for (int i = 0; i < 2; i++) {
            Configuration secretConf = getSecretConf(this.zkServer.getConnectString());
            DelegationTokenManager delegationTokenManager = new DelegationTokenManager(secretConf, new Text("foo"));
            delegationTokenManager.init();
            Token<DelegationTokenIdentifier> createToken = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "foo");
            Assert.assertNotNull(createToken);
            delegationTokenManager.cancelToken(createToken, "foo");
            try {
                verifyTokenFail(delegationTokenManager, createToken);
                Assert.fail("Expected InvalidToken");
            } catch (SecretManager.InvalidToken e) {
                e.printStackTrace();
            }
            verifyDestroy(delegationTokenManager, secretConf);
        }
    }

    protected void verifyDestroy(DelegationTokenManager delegationTokenManager, Configuration configuration) throws Exception {
        ExecutorService listenerThreadPool = delegationTokenManager.getDelegationTokenSecretManager().getListenerThreadPool();
        delegationTokenManager.destroy();
        Assert.assertTrue(listenerThreadPool.isShutdown());
        Thread.sleep(configuration.getLong("zk-dt-secret-manager.zkShutdownTimeout", 10000L) * 3);
        Assert.assertTrue(listenerThreadPool.isTerminated());
    }

    @Test
    public void testStopThreads() throws Exception {
        Configuration secretConf = getSecretConf(this.zkServer.getConnectString());
        secretConf.setLong("delegation-token.update-interval.sec", 1L);
        secretConf.setLong("delegation-token.removal-scan-interval.sec", 1L);
        secretConf.setLong("delegation-token.renew-interval.sec", 1L);
        secretConf.setLong("zk-dt-secret-manager.zkShutdownTimeout", 5000L);
        DelegationTokenManager delegationTokenManager = new DelegationTokenManager(secretConf, new Text("foo"));
        delegationTokenManager.init();
        Assert.assertNotNull(delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "foo"));
        delegationTokenManager.getDelegationTokenSecretManager().getListenerThreadPool().submit(new Callable<Void>() { // from class: org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Thread.sleep(10000L);
                return null;
            }
        });
        delegationTokenManager.destroy();
    }

    @Test
    public void testACLs() throws Exception {
        String connectString = this.zkServer.getConnectString();
        Configuration secretConf = getSecretConf(connectString);
        ExponentialBackoffRetry exponentialBackoffRetry = new ExponentialBackoffRetry(RETRY_WAIT, 3);
        final ACL acl = new ACL(31, new Id("digest", DigestAuthenticationProvider.generateDigest("myuser:mypass")));
        CuratorFramework build = CuratorFrameworkFactory.builder().connectString(connectString).retryPolicy(exponentialBackoffRetry).aclProvider(new ACLProvider() { // from class: org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.2
            public List<ACL> getAclForPath(String str) {
                return getDefaultAcl();
            }

            public List<ACL> getDefaultAcl() {
                ArrayList arrayList = new ArrayList();
                arrayList.add(acl);
                return arrayList;
            }
        }).authorization("digest", "myuser:mypass".getBytes("UTF-8")).build();
        build.start();
        ZKDelegationTokenSecretManager.setCurator(build);
        DelegationTokenManager delegationTokenManager = new DelegationTokenManager(secretConf, new Text("bla"));
        delegationTokenManager.init();
        verifyACL(build, "/" + secretConf.get("zk-dt-secret-manager.znodeWorkingPath"), acl);
        delegationTokenManager.destroy();
        ZKDelegationTokenSecretManager.setCurator((CuratorFramework) null);
        build.close();
    }

    private void verifyACL(CuratorFramework curatorFramework, String str, ACL acl) throws Exception {
        List list = (List) curatorFramework.getACL().forPath(str);
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals(acl, list.get(0));
    }

    private void verifyTokenFail(DelegationTokenManager delegationTokenManager, Token<DelegationTokenIdentifier> token) throws IOException, InterruptedException {
        verifyTokenFailWithRetry(delegationTokenManager, token, RETRY_COUNT);
    }

    private void verifyTokenFailWithRetry(DelegationTokenManager delegationTokenManager, Token<DelegationTokenIdentifier> token, int i) throws IOException, InterruptedException {
        try {
            delegationTokenManager.verifyToken(token);
            if (i > 0) {
                Thread.sleep(1000L);
                verifyTokenFailWithRetry(delegationTokenManager, token, i - 1);
            }
        } catch (SecretManager.InvalidToken e) {
            throw e;
        }
    }

    @Test
    public void testNodesLoadedAfterRestart() throws Exception {
        Configuration secretConf = getSecretConf(this.zkServer.getConnectString());
        secretConf.setLong("delegation-token.removal-scan-interval.sec", 1L);
        secretConf.setLong("delegation-token.update-interval.sec", 5L);
        secretConf.setLong("delegation-token.renew-interval.sec", 5L);
        DelegationTokenManager delegationTokenManager = new DelegationTokenManager(secretConf, new Text("bla"));
        delegationTokenManager.init();
        Token createToken = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "good");
        Assert.assertNotNull(createToken);
        Token createToken2 = delegationTokenManager.createToken(UserGroupInformation.getCurrentUser(), "cancelled");
        Assert.assertNotNull(createToken2);
        delegationTokenManager.verifyToken(createToken);
        delegationTokenManager.verifyToken(createToken2);
        delegationTokenManager.cancelToken(createToken2, "cancelled");
        ZKDelegationTokenSecretManager delegationTokenSecretManager = delegationTokenManager.getDelegationTokenSecretManager();
        final ZKDelegationTokenSecretManager zKDelegationTokenSecretManager = delegationTokenSecretManager;
        final AbstractDelegationTokenIdentifier decodeTokenIdentifier = delegationTokenSecretManager.decodeTokenIdentifier(createToken2);
        LOG.info("Waiting for the cancelled token to be removed");
        GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.3
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Boolean m899get() {
                return Boolean.valueOf(zKDelegationTokenSecretManager.getTokenInfo(decodeTokenIdentifier) == null);
            }
        }, 100, 5000);
        delegationTokenManager.destroy();
        DelegationTokenManager delegationTokenManager2 = new DelegationTokenManager(secretConf, new Text("bla"));
        delegationTokenManager2.init();
        ZKDelegationTokenSecretManager delegationTokenSecretManager2 = delegationTokenManager2.getDelegationTokenSecretManager();
        final ZKDelegationTokenSecretManager zKDelegationTokenSecretManager2 = delegationTokenSecretManager2;
        Assert.assertNull("canceled dt should be gone!", zKDelegationTokenSecretManager2.getTokenInfo(delegationTokenSecretManager2.decodeTokenIdentifier(createToken2)));
        final AbstractDelegationTokenIdentifier decodeTokenIdentifier2 = delegationTokenSecretManager2.decodeTokenIdentifier(createToken);
        Assert.assertNotNull("good dt should be in memory!", zKDelegationTokenSecretManager2.getTokenInfoFromMemory(decodeTokenIdentifier2));
        Thread.sleep(5000L);
        GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.security.token.delegation.TestZKDelegationTokenSecretManager.4
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Boolean m900get() {
                TestZKDelegationTokenSecretManager.LOG.info("Waiting for the expired token to be removed...");
                return Boolean.valueOf(zKDelegationTokenSecretManager2.getTokenInfo(decodeTokenIdentifier2) == null);
            }
        }, RETRY_WAIT, 5000);
    }
}
