package org.apache.hadoop.mapreduce.security;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import junit.framework.Assert;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapreduce.v2.api.HSClientProtocol;
import org.apache.hadoop.mapreduce.v2.api.MRClientProtocol;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.CancelDelegationTokenRequest;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetDelegationTokenRequest;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.GetJobReportRequest;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.RenewDelegationTokenRequest;
import org.apache.hadoop.mapreduce.v2.hs.HistoryClientService;
import org.apache.hadoop.mapreduce.v2.hs.HistoryServerStateStoreService;
import org.apache.hadoop.mapreduce.v2.hs.JHSDelegationTokenSecretManager;
import org.apache.hadoop.mapreduce.v2.hs.JobHistoryServer;
import org.apache.hadoop.mapreduce.v2.util.MRBuilderUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.records.Token;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.apache.hadoop.yarn.util.Records;
import org.apache.log4j.Level;
import org.apache.log4j.LogManager;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:test-classes/org/apache/hadoop/mapreduce/security/TestJHSSecurity.class
 */
/* loaded from: input_file:hadoop-mapreduce-client-jobclient-2.4.1-mapr-1408-tests.jar:org/apache/hadoop/mapreduce/security/TestJHSSecurity.class */
public class TestJHSSecurity {
    private static final Log LOG = LogFactory.getLog(TestJHSSecurity.class);

    @Test
    public void testDelegationToken() throws IOException, InterruptedException {
        LogManager.getRootLogger().setLevel(Level.DEBUG);
        YarnConfiguration yarnConfiguration = new YarnConfiguration(new JobConf());
        yarnConfiguration.set("mapreduce.jobhistory.principal", "RandomOrc/localhost@apache.org");
        yarnConfiguration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(yarnConfiguration);
        JobHistoryServer jobHistoryServer = null;
        try {
            jobHistoryServer = new JobHistoryServer() { // from class: org.apache.hadoop.mapreduce.security.TestJHSSecurity.1
                protected void doSecureLogin(Configuration configuration) throws IOException {
                }

                protected JHSDelegationTokenSecretManager createJHSSecretManager(Configuration configuration, HistoryServerStateStoreService historyServerStateStoreService) {
                    return new JHSDelegationTokenSecretManager(10000L, 20000L, 10000L, 3600000L, historyServerStateStoreService);
                }

                protected HistoryClientService createHistoryClientService() {
                    return new HistoryClientService(this.historyContext, this.jhsDTSecretManager) { // from class: org.apache.hadoop.mapreduce.security.TestJHSSecurity.1.1
                        protected void initializeWebApp(Configuration configuration) {
                        }
                    };
                }
            };
            jobHistoryServer.init(yarnConfiguration);
            jobHistoryServer.start();
            MRClientProtocol clientHandler = jobHistoryServer.getClientService().getClientHandler();
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("testrenewer@APACHE.ORG");
            Assert.assertEquals("testrenewer", createRemoteUser.getShortUserName());
            createRemoteUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
            Token delegationToken = getDelegationToken(createRemoteUser, clientHandler, createRemoteUser.getShortUserName());
            long currentTimeMillis = System.currentTimeMillis();
            LOG.info("Got delegation token at: " + currentTimeMillis);
            MRClientProtocol mRClientProtocol = getMRClientProtocol(delegationToken, jobHistoryServer.getClientService().getBindAddress(), "TheDarkLord", yarnConfiguration);
            GetJobReportRequest getJobReportRequest = (GetJobReportRequest) Records.newRecord(GetJobReportRequest.class);
            getJobReportRequest.setJobId(MRBuilderUtils.newJobId(123456L, 1, 1));
            try {
                mRClientProtocol.getJobReport(getJobReportRequest);
            } catch (IOException e) {
                Assert.assertEquals("Unknown job job_123456_0001", e.getMessage());
            }
            while (System.currentTimeMillis() < currentTimeMillis + 5000) {
                Thread.sleep(500L);
            }
            long renewDelegationToken = renewDelegationToken(createRemoteUser, clientHandler, delegationToken);
            long currentTimeMillis2 = System.currentTimeMillis();
            LOG.info("Renewed token at: " + currentTimeMillis2 + ", NextExpiryTime: " + renewDelegationToken);
            while (System.currentTimeMillis() > currentTimeMillis + 10000 && System.currentTimeMillis() < renewDelegationToken) {
                Thread.sleep(500L);
            }
            Thread.sleep(50L);
            try {
                mRClientProtocol.getJobReport(getJobReportRequest);
            } catch (IOException e2) {
                Assert.assertEquals("Unknown job job_123456_0001", e2.getMessage());
            }
            while (System.currentTimeMillis() < currentTimeMillis2 + 10000) {
                Thread.sleep(500L);
            }
            Thread.sleep(50L);
            LOG.info("At time: " + System.currentTimeMillis() + ", token should be invalid");
            try {
                mRClientProtocol.getJobReport(getJobReportRequest);
                org.junit.Assert.fail("Should not have succeeded with an expired token");
            } catch (IOException e3) {
                org.junit.Assert.assertTrue(e3.getCause().getMessage().contains("is expired"));
            }
            if (mRClientProtocol != null) {
            }
            Token delegationToken2 = getDelegationToken(createRemoteUser, clientHandler, createRemoteUser.getShortUserName());
            LOG.info("Got delegation token at: " + System.currentTimeMillis());
            MRClientProtocol mRClientProtocol2 = getMRClientProtocol(delegationToken2, jobHistoryServer.getClientService().getBindAddress(), "loginuser2", yarnConfiguration);
            try {
                mRClientProtocol2.getJobReport(getJobReportRequest);
            } catch (IOException e4) {
                org.junit.Assert.fail("Unexpected exception" + e4);
            }
            cancelDelegationToken(createRemoteUser, clientHandler, delegationToken2);
            if (mRClientProtocol2 != null) {
            }
            MRClientProtocol mRClientProtocol3 = getMRClientProtocol(delegationToken2, jobHistoryServer.getClientService().getBindAddress(), "loginuser2", yarnConfiguration);
            LOG.info("Cancelled delegation token at: " + System.currentTimeMillis());
            try {
                mRClientProtocol3.getJobReport(getJobReportRequest);
                org.junit.Assert.fail("Should not have succeeded with a cancelled delegation token");
            } catch (IOException e5) {
            }
            jobHistoryServer.stop();
        } catch (Throwable th) {
            jobHistoryServer.stop();
            throw th;
        }
    }

    private Token getDelegationToken(UserGroupInformation userGroupInformation, final MRClientProtocol mRClientProtocol, final String str) throws IOException, InterruptedException {
        return (Token) userGroupInformation.doAs(new PrivilegedExceptionAction<Token>() { // from class: org.apache.hadoop.mapreduce.security.TestJHSSecurity.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Token run() throws IOException {
                GetDelegationTokenRequest getDelegationTokenRequest = (GetDelegationTokenRequest) Records.newRecord(GetDelegationTokenRequest.class);
                getDelegationTokenRequest.setRenewer(str);
                return mRClientProtocol.getDelegationToken(getDelegationTokenRequest).getDelegationToken();
            }
        });
    }

    private long renewDelegationToken(UserGroupInformation userGroupInformation, final MRClientProtocol mRClientProtocol, final Token token) throws IOException, InterruptedException {
        return ((Long) userGroupInformation.doAs(new PrivilegedExceptionAction<Long>() { // from class: org.apache.hadoop.mapreduce.security.TestJHSSecurity.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Long run() throws IOException {
                RenewDelegationTokenRequest renewDelegationTokenRequest = (RenewDelegationTokenRequest) Records.newRecord(RenewDelegationTokenRequest.class);
                renewDelegationTokenRequest.setDelegationToken(token);
                return Long.valueOf(mRClientProtocol.renewDelegationToken(renewDelegationTokenRequest).getNextExpirationTime());
            }
        })).longValue();
    }

    private void cancelDelegationToken(UserGroupInformation userGroupInformation, final MRClientProtocol mRClientProtocol, final Token token) throws IOException, InterruptedException {
        userGroupInformation.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.mapreduce.security.TestJHSSecurity.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws IOException {
                CancelDelegationTokenRequest cancelDelegationTokenRequest = (CancelDelegationTokenRequest) Records.newRecord(CancelDelegationTokenRequest.class);
                cancelDelegationTokenRequest.setDelegationToken(token);
                mRClientProtocol.cancelDelegationToken(cancelDelegationTokenRequest);
                return null;
            }
        });
    }

    private MRClientProtocol getMRClientProtocol(Token token, final InetSocketAddress inetSocketAddress, String str, final Configuration configuration) {
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(str);
        createRemoteUser.addToken(ConverterUtils.convertFromYarn(token, inetSocketAddress));
        final YarnRPC create = YarnRPC.create(configuration);
        return (MRClientProtocol) createRemoteUser.doAs(new PrivilegedAction<MRClientProtocol>() { // from class: org.apache.hadoop.mapreduce.security.TestJHSSecurity.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public MRClientProtocol run() {
                return (MRClientProtocol) create.getProxy(HSClientProtocol.class, inetSocketAddress, configuration);
            }
        });
    }
}
