package org.apache.hadoop.security;

import java.io.File;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ThreadLocalRandom;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.service.ServiceMaster;
import org.apache.kerby.kerberos.kerb.KrbConstant;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.200-eep-921-v202312190455-tests.jar:org/apache/hadoop/security/TestRaceWhenRelogin.class */
public class TestRaceWhenRelogin extends KerberosSecurityTestcase {
    private String[] serverProtocols;
    private String[] serverPrincipals;
    private File keytabFile;
    private Map<String, String> props;
    private UserGroupInformation ugi;
    private int numThreads = 10;
    private String clientPrincipal = "client";
    private String serverProtocol = "server";
    private String host = "localhost";
    private String serverPrincipal = this.serverProtocol + "/" + this.host;
    private Configuration conf = new Configuration();

    @Before
    public void setUp() throws Exception {
        this.keytabFile = new File(getWorkDir(), ServiceMaster.KEYTAB_OPTION);
        this.serverProtocols = new String[this.numThreads];
        this.serverPrincipals = new String[this.numThreads];
        for (int i = 0; i < this.numThreads; i++) {
            this.serverProtocols[i] = this.serverProtocol + i;
            this.serverPrincipals[i] = this.serverProtocols[i] + "/" + this.host;
        }
        String[] strArr = (String[]) Arrays.copyOf(this.serverPrincipals, this.serverPrincipals.length + 2);
        strArr[this.numThreads] = this.serverPrincipal;
        strArr[this.numThreads + 1] = this.clientPrincipal;
        getKdc().createPrincipal(this.keytabFile, strArr);
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, this.conf);
        UserGroupInformation.setConfiguration(this.conf);
        UserGroupInformation.setShouldRenewImmediatelyForTests(true);
        this.props = new HashMap();
        this.props.put("javax.security.sasl.qop", SaslRpcServer.QualityOfProtection.AUTHENTICATION.saslQop);
        this.ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(this.clientPrincipal, this.keytabFile.getAbsolutePath());
    }

    private void relogin(AtomicBoolean atomicBoolean) {
        for (int i = 0; i < 100; i++) {
            try {
                this.ugi.reloginFromKeytab();
            } catch (IOException e) {
            }
            if (!((KerberosTicket) this.ugi.getSubject().getPrivateCredentials().stream().filter(obj -> {
                return obj instanceof KerberosTicket;
            }).map(obj2 -> {
                return (KerberosTicket) obj2;
            }).findFirst().get()).getServer().getName().startsWith(KrbConstant.TGS_PRINCIPAL)) {
                atomicBoolean.set(false);
                return;
            }
            try {
                Thread.sleep(50L);
            } catch (InterruptedException e2) {
            }
        }
    }

    private void getServiceTicket(AtomicBoolean atomicBoolean, final String str) {
        while (atomicBoolean.get()) {
            try {
                this.ugi.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.security.TestRaceWhenRelogin.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Void run() throws Exception {
                        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{SaslRpcServer.AuthMethod.KERBEROS.getMechanismName()}, TestRaceWhenRelogin.this.clientPrincipal, str, TestRaceWhenRelogin.this.host, TestRaceWhenRelogin.this.props, (CallbackHandler) null);
                        createSaslClient.evaluateChallenge(new byte[0]);
                        createSaslClient.dispose();
                        return null;
                    }
                });
            } catch (Exception e) {
            }
            try {
                Thread.sleep(ThreadLocalRandom.current().nextInt(100));
            } catch (InterruptedException e2) {
            }
        }
    }

    @Test
    public void test() throws InterruptedException, IOException {
        AtomicBoolean atomicBoolean = new AtomicBoolean(true);
        Thread thread = new Thread(() -> {
            relogin(atomicBoolean);
        }, "Relogin");
        AtomicBoolean atomicBoolean2 = new AtomicBoolean(true);
        Thread[] threadArr = new Thread[this.numThreads];
        for (int i = 0; i < this.numThreads; i++) {
            String str = this.serverProtocols[i];
            threadArr[i] = new Thread(() -> {
                getServiceTicket(atomicBoolean2, str);
            }, "GetServiceTicket-" + i);
        }
        for (Thread thread2 : threadArr) {
            thread2.start();
        }
        thread.start();
        thread.join();
        atomicBoolean2.set(false);
        for (Thread thread3 : threadArr) {
            thread3.join();
        }
        Assert.assertTrue("tgt is not the first ticket after relogin", atomicBoolean.get());
    }
}
