package org.apache.spark.network.crypto;

import com.google.common.collect.ImmutableMap;
import io.netty.channel.Channel;
import java.nio.ByteBuffer;
import java.util.Arrays;
import org.apache.spark.network.TestUtils;
import org.apache.spark.network.TransportContext;
import org.apache.spark.network.client.RpcResponseCallback;
import org.apache.spark.network.client.TransportClient;
import org.apache.spark.network.sasl.SaslRpcHandler;
import org.apache.spark.network.sasl.SaslServerBootstrap;
import org.apache.spark.network.sasl.SecretKeyHolder;
import org.apache.spark.network.server.RpcHandler;
import org.apache.spark.network.server.StreamManager;
import org.apache.spark.network.server.TransportServer;
import org.apache.spark.network.server.TransportServerBootstrap;
import org.apache.spark.network.util.JavaUtils;
import org.apache.spark.network.util.MapConfigProvider;
import org.apache.spark.network.util.TransportConf;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/spark/network/crypto/AuthIntegrationSuite.class */
public class AuthIntegrationSuite {
    private AuthTestCtx ctx;

    /* loaded from: input_file:org/apache/spark/network/crypto/AuthIntegrationSuite$AuthTestCtx.class */
    private class AuthTestCtx {
        private final String appId = "testAppId";
        private final TransportConf conf;
        private final TransportContext ctx;
        TransportClient client;
        TransportServer server;
        volatile Channel serverChannel;
        volatile AuthRpcHandler authRpcHandler;

        AuthTestCtx(final AuthIntegrationSuite authIntegrationSuite) throws Exception {
            this(new RpcHandler() { // from class: org.apache.spark.network.crypto.AuthIntegrationSuite.AuthTestCtx.1
                public void receive(TransportClient transportClient, ByteBuffer byteBuffer, RpcResponseCallback rpcResponseCallback) {
                    Assert.assertEquals("Ping", JavaUtils.bytesToString(byteBuffer));
                    rpcResponseCallback.onSuccess(JavaUtils.stringToBytes("Pong"));
                }

                public StreamManager getStreamManager() {
                    return null;
                }
            });
        }

        AuthTestCtx(RpcHandler rpcHandler) throws Exception {
            this.appId = "testAppId";
            this.conf = new TransportConf("rpc", new MapConfigProvider(ImmutableMap.of("spark.network.crypto.enabled", "true")));
            this.ctx = new TransportContext(this.conf, rpcHandler);
        }

        void createServer(String str) throws Exception {
            createServer(str, true);
        }

        void createServer(String str, boolean z) throws Exception {
            TransportServerBootstrap transportServerBootstrap = (channel, rpcHandler) -> {
                this.serverChannel = channel;
                if (rpcHandler instanceof AuthRpcHandler) {
                    this.authRpcHandler = (AuthRpcHandler) rpcHandler;
                }
                return rpcHandler;
            };
            SecretKeyHolder createKeyHolder = createKeyHolder(str);
            this.server = this.ctx.createServer(Arrays.asList(z ? new AuthServerBootstrap(this.conf, createKeyHolder) : new SaslServerBootstrap(this.conf, createKeyHolder), transportServerBootstrap));
        }

        void createClient(String str) throws Exception {
            createClient(str, true);
        }

        void createClient(String str, boolean z) throws Exception {
            this.client = this.ctx.createClientFactory(Arrays.asList(new AuthClientBootstrap(z ? this.conf : new TransportConf("rpc", MapConfigProvider.EMPTY), "testAppId", createKeyHolder(str)))).createClient(TestUtils.getLocalHost(), this.server.getPort());
        }

        void close() {
            if (this.client != null) {
                this.client.close();
            }
            if (this.server != null) {
                this.server.close();
            }
        }

        private SecretKeyHolder createKeyHolder(String str) {
            SecretKeyHolder secretKeyHolder = (SecretKeyHolder) Mockito.mock(SecretKeyHolder.class);
            Mockito.when(secretKeyHolder.getSaslUser(Mockito.anyString())).thenReturn("testAppId");
            Mockito.when(secretKeyHolder.getSecretKey(Mockito.anyString())).thenReturn(str);
            return secretKeyHolder;
        }
    }

    @After
    public void cleanUp() throws Exception {
        if (this.ctx != null) {
            this.ctx.close();
        }
        this.ctx = null;
    }

    @Test
    public void testNewAuth() throws Exception {
        this.ctx = new AuthTestCtx(this);
        this.ctx.createServer("secret");
        this.ctx.createClient("secret");
        Assert.assertEquals("Pong", JavaUtils.bytesToString(this.ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000L)));
        Assert.assertTrue(this.ctx.authRpcHandler.doDelegate);
        Assert.assertFalse(this.ctx.authRpcHandler.delegate instanceof SaslRpcHandler);
    }

    @Test
    public void testAuthFailure() throws Exception {
        this.ctx = new AuthTestCtx(this);
        this.ctx.createServer("server");
        try {
            this.ctx.createClient("client");
            Assert.fail("Should have failed to create client.");
        } catch (Exception e) {
            Assert.assertFalse(this.ctx.authRpcHandler.doDelegate);
            Assert.assertFalse(this.ctx.serverChannel.isActive());
        }
    }

    @Test
    public void testSaslServerFallback() throws Exception {
        this.ctx = new AuthTestCtx(this);
        this.ctx.createServer("secret", true);
        this.ctx.createClient("secret", false);
        Assert.assertEquals("Pong", JavaUtils.bytesToString(this.ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000L)));
    }

    @Test
    public void testSaslClientFallback() throws Exception {
        this.ctx = new AuthTestCtx(this);
        this.ctx.createServer("secret", false);
        this.ctx.createClient("secret", true);
        Assert.assertEquals("Pong", JavaUtils.bytesToString(this.ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000L)));
    }

    @Test
    public void testAuthReplay() throws Exception {
        this.ctx = new AuthTestCtx(this);
        this.ctx.createServer("secret");
        this.ctx.createClient("secret");
        Assert.assertNotNull(this.ctx.client.getChannel().pipeline().remove("TransportEncryption"));
        try {
            this.ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000L);
            Assert.fail("Should have failed unencrypted RPC.");
        } catch (Exception e) {
            Assert.assertTrue(this.ctx.authRpcHandler.doDelegate);
        }
    }

    @Test
    public void testLargeMessageEncryption() throws Exception {
        this.ctx = new AuthTestCtx(new RpcHandler() { // from class: org.apache.spark.network.crypto.AuthIntegrationSuite.1
            public void receive(TransportClient transportClient, ByteBuffer byteBuffer, RpcResponseCallback rpcResponseCallback) {
                char[] cArr = new char[32768];
                Arrays.fill(cArr, 'D');
                rpcResponseCallback.onFailure(new RuntimeException(new String(cArr)));
            }

            public StreamManager getStreamManager() {
                return null;
            }
        });
        this.ctx.createServer("secret");
        this.ctx.createClient("secret");
        try {
            this.ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000L);
            Assert.fail("Should have failed unencrypted RPC.");
        } catch (Exception e) {
            Assert.assertTrue(this.ctx.authRpcHandler.doDelegate);
            Assert.assertTrue(e.getMessage() + " is not an expected error", e.getMessage().contains("DDDDD"));
            Assert.assertEquals(32768L, (e.getMessage().lastIndexOf("DDDDD") + 5) - e.getMessage().indexOf("DDDDD"));
        }
    }
}
