package org.apache.hadoop.yarn.server;

import java.io.File;
import java.io.IOException;
import java.util.UUID;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.hbase.shaded.org.apache.kerby.util.IOUtil;
import org.apache.hadoop.hbase.shaded.org.joni.constants.internal.StackType;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.event.Dispatcher;
import org.apache.hadoop.yarn.event.DrainDispatcher;
import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerResponse;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.apache.hadoop.yarn.server.resourcemanager.MockNM;
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;

/* loaded from: input_file:org/apache/hadoop/yarn/server/TestRMNMSecretKeys.class */
public class TestRMNMSecretKeys {
    private static final String KRB5_CONF = "java.security.krb5.conf";
    private static final File KRB5_CONF_ROOT_DIR = new File(System.getProperty("test.build.dir", "target/test-dir"), UUID.randomUUID().toString());

    @BeforeAll
    public static void setup() throws IOException {
        KRB5_CONF_ROOT_DIR.mkdir();
        File file = new File(KRB5_CONF_ROOT_DIR, "krb5.conf");
        file.createNewFile();
        IOUtil.writeFile("[libdefaults]\n    default_realm = APACHE.ORG\n    udp_preference_limit = 1\n    extra_addresses = 127.0.0.1\n[realms]\n    APACHE.ORG = {\n        admin_server = localhost:88\n        kdc = localhost:88\n}\n[domain_realm]\n    localhost = APACHE.ORG", file);
        System.setProperty("java.security.krb5.conf", file.getAbsolutePath());
    }

    @AfterAll
    public static void tearDown() throws IOException {
        KRB5_CONF_ROOT_DIR.delete();
    }

    @Timeout(1000000)
    @Test
    void testNMUpdation() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        validateRMNMKeyExchange(yarnConfiguration);
        yarnConfiguration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(yarnConfiguration);
        validateRMNMKeyExchange(yarnConfiguration);
    }

    private void validateRMNMKeyExchange(YarnConfiguration yarnConfiguration) throws Exception {
        final DrainDispatcher drainDispatcher = new DrainDispatcher();
        ResourceManager resourceManager = new ResourceManager() { // from class: org.apache.hadoop.yarn.server.TestRMNMSecretKeys.1
            @Override // org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected void doSecureLogin() throws IOException {
            }

            @Override // org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected Dispatcher createDispatcher() {
                return drainDispatcher;
            }

            @Override // org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected void startWepApp() {
            }
        };
        resourceManager.init(yarnConfiguration);
        resourceManager.start();
        MockNM mockNM = new MockNM("host:1234", StackType.ABSENT, resourceManager.getResourceTrackerService());
        RegisterNodeManagerResponse registerNode = mockNM.registerNode();
        MasterKey containerTokenMasterKey = registerNode.getContainerTokenMasterKey();
        Assertions.assertNotNull(containerTokenMasterKey, "Container Token : Registration should cause a key-update!");
        MasterKey nMTokenMasterKey = registerNode.getNMTokenMasterKey();
        Assertions.assertNotNull(nMTokenMasterKey, "NM Token : Registration should cause a key-update!");
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat = mockNM.nodeHeartbeat(true);
        Assertions.assertNull(nodeHeartbeat.getContainerTokenMasterKey(), "Container Token : First heartbeat after registration shouldn't get any key updates!");
        Assertions.assertNull(nodeHeartbeat.getNMTokenMasterKey(), "NM Token : First heartbeat after registration shouldn't get any key updates!");
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat2 = mockNM.nodeHeartbeat(true);
        Assertions.assertNull(nodeHeartbeat2.getContainerTokenMasterKey(), "Container Token : Even second heartbeat after registration shouldn't get any key updates!");
        Assertions.assertNull(nodeHeartbeat2.getContainerTokenMasterKey(), "NM Token : Even second heartbeat after registration shouldn't get any key updates!");
        drainDispatcher.await();
        resourceManager.getRMContext().getContainerTokenSecretManager().rollMasterKey();
        resourceManager.getRMContext().getNMTokenSecretManager().rollMasterKey();
        NodeHeartbeatResponse nodeHeartbeat3 = mockNM.nodeHeartbeat(true);
        Assertions.assertNotNull(nodeHeartbeat3.getContainerTokenMasterKey(), "Container Token : Heartbeats after roll-over and before activation should not err out.");
        Assertions.assertNotNull(nodeHeartbeat3.getNMTokenMasterKey(), "NM Token : Heartbeats after roll-over and before activation should not err out.");
        Assertions.assertEquals(containerTokenMasterKey.getKeyId() + 1, nodeHeartbeat3.getContainerTokenMasterKey().getKeyId(), "Container Token : Roll-over should have incremented the key-id only by one!");
        Assertions.assertEquals(nMTokenMasterKey.getKeyId() + 1, nodeHeartbeat3.getNMTokenMasterKey().getKeyId(), "NM Token : Roll-over should have incremented the key-id only by one!");
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat4 = mockNM.nodeHeartbeat(true);
        Assertions.assertNull(nodeHeartbeat4.getContainerTokenMasterKey(), "Container Token : Second heartbeat after roll-over shouldn't get any key updates!");
        Assertions.assertNull(nodeHeartbeat4.getNMTokenMasterKey(), "NM Token : Second heartbeat after roll-over shouldn't get any key updates!");
        drainDispatcher.await();
        resourceManager.getRMContext().getContainerTokenSecretManager().activateNextMasterKey();
        resourceManager.getRMContext().getNMTokenSecretManager().activateNextMasterKey();
        NodeHeartbeatResponse nodeHeartbeat5 = mockNM.nodeHeartbeat(true);
        Assertions.assertNull(nodeHeartbeat5.getContainerTokenMasterKey(), "Container Token : Activation shouldn't cause any key updates!");
        Assertions.assertNull(nodeHeartbeat5.getNMTokenMasterKey(), "NM Token : Activation shouldn't cause any key updates!");
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat6 = mockNM.nodeHeartbeat(true);
        Assertions.assertNull(nodeHeartbeat6.getContainerTokenMasterKey(), "Container Token : Even second heartbeat after activation shouldn't get any key updates!");
        Assertions.assertNull(nodeHeartbeat6.getNMTokenMasterKey(), "NM Token : Even second heartbeat after activation shouldn't get any key updates!");
        drainDispatcher.await();
        resourceManager.stop();
    }
}
