package org.apache.hadoop.yarn.server.nodemanager.security;

import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.Token;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.NMTokenIdentifier;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.apache.hadoop.yarn.server.nodemanager.recovery.NMMemoryStateStoreService;
import org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/nodemanager/security/TestNMTokenSecretManagerInNM.class */
public class TestNMTokenSecretManagerInNM {

    /* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/nodemanager/security/TestNMTokenSecretManagerInNM$NMTokenKeyGeneratorForTest.class */
    private static class NMTokenKeyGeneratorForTest extends BaseNMTokenSecretManager {
        private NMTokenKeyGeneratorForTest() {
        }

        public MasterKey generateKey() {
            return createNewMasterKey().getMasterKey();
        }
    }

    @Test
    public void testRecovery() throws IOException {
        Configuration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.nodemanager.recovery.enabled", true);
        NodeId newInstance = NodeId.newInstance("somehost", 1234);
        ApplicationAttemptId newInstance2 = ApplicationAttemptId.newInstance(ApplicationId.newInstance(1L, 1), 1);
        ApplicationAttemptId newInstance3 = ApplicationAttemptId.newInstance(ApplicationId.newInstance(2L, 2), 2);
        NMTokenKeyGeneratorForTest nMTokenKeyGeneratorForTest = new NMTokenKeyGeneratorForTest();
        NMMemoryStateStoreService nMMemoryStateStoreService = new NMMemoryStateStoreService();
        nMMemoryStateStoreService.init(yarnConfiguration);
        nMMemoryStateStoreService.start();
        NMTokenSecretManagerInNM nMTokenSecretManagerInNM = new NMTokenSecretManagerInNM(nMMemoryStateStoreService);
        nMTokenSecretManagerInNM.setNodeId(newInstance);
        MasterKey generateKey = nMTokenKeyGeneratorForTest.generateKey();
        nMTokenSecretManagerInNM.setMasterKey(generateKey);
        NMTokenIdentifier nMTokenId = getNMTokenId(nMTokenSecretManagerInNM.createNMToken(newInstance2, newInstance, "user1"));
        NMTokenIdentifier nMTokenId2 = getNMTokenId(nMTokenSecretManagerInNM.createNMToken(newInstance3, newInstance, "user2"));
        nMTokenSecretManagerInNM.appAttemptStartContainer(nMTokenId);
        nMTokenSecretManagerInNM.appAttemptStartContainer(nMTokenId2);
        Assert.assertTrue(nMTokenSecretManagerInNM.isAppAttemptNMTokenKeyPresent(newInstance2));
        Assert.assertTrue(nMTokenSecretManagerInNM.isAppAttemptNMTokenKeyPresent(newInstance3));
        Assert.assertNotNull(nMTokenSecretManagerInNM.retrievePassword(nMTokenId));
        Assert.assertNotNull(nMTokenSecretManagerInNM.retrievePassword(nMTokenId2));
        NMTokenSecretManagerInNM nMTokenSecretManagerInNM2 = new NMTokenSecretManagerInNM(nMMemoryStateStoreService);
        nMTokenSecretManagerInNM2.recover();
        nMTokenSecretManagerInNM2.setNodeId(newInstance);
        Assert.assertEquals(generateKey, nMTokenSecretManagerInNM2.getCurrentKey());
        Assert.assertTrue(nMTokenSecretManagerInNM2.isAppAttemptNMTokenKeyPresent(newInstance2));
        Assert.assertTrue(nMTokenSecretManagerInNM2.isAppAttemptNMTokenKeyPresent(newInstance3));
        Assert.assertNotNull(nMTokenSecretManagerInNM2.retrievePassword(nMTokenId));
        Assert.assertNotNull(nMTokenSecretManagerInNM2.retrievePassword(nMTokenId2));
        MasterKey generateKey2 = nMTokenKeyGeneratorForTest.generateKey();
        nMTokenSecretManagerInNM2.setMasterKey(generateKey2);
        nMTokenSecretManagerInNM2.appFinished(newInstance2.getApplicationId());
        NMTokenSecretManagerInNM nMTokenSecretManagerInNM3 = new NMTokenSecretManagerInNM(nMMemoryStateStoreService);
        nMTokenSecretManagerInNM3.recover();
        nMTokenSecretManagerInNM3.setNodeId(newInstance);
        Assert.assertEquals(generateKey2, nMTokenSecretManagerInNM3.getCurrentKey());
        Assert.assertFalse(nMTokenSecretManagerInNM3.isAppAttemptNMTokenKeyPresent(newInstance2));
        Assert.assertTrue(nMTokenSecretManagerInNM3.isAppAttemptNMTokenKeyPresent(newInstance3));
        Assert.assertNotNull(nMTokenSecretManagerInNM3.retrievePassword(nMTokenId));
        Assert.assertNotNull(nMTokenSecretManagerInNM3.retrievePassword(nMTokenId2));
        MasterKey generateKey3 = nMTokenKeyGeneratorForTest.generateKey();
        nMTokenSecretManagerInNM3.setMasterKey(generateKey3);
        NMTokenSecretManagerInNM nMTokenSecretManagerInNM4 = new NMTokenSecretManagerInNM(nMMemoryStateStoreService);
        nMTokenSecretManagerInNM4.recover();
        nMTokenSecretManagerInNM4.setNodeId(newInstance);
        Assert.assertEquals(generateKey3, nMTokenSecretManagerInNM4.getCurrentKey());
        Assert.assertFalse(nMTokenSecretManagerInNM4.isAppAttemptNMTokenKeyPresent(newInstance2));
        Assert.assertTrue(nMTokenSecretManagerInNM4.isAppAttemptNMTokenKeyPresent(newInstance3));
        try {
            nMTokenSecretManagerInNM4.retrievePassword(nMTokenId);
            Assert.fail("attempt token should not still be valid");
        } catch (SecretManager.InvalidToken e) {
        }
        Assert.assertNotNull(nMTokenSecretManagerInNM4.retrievePassword(nMTokenId2));
        nMTokenSecretManagerInNM4.appFinished(newInstance3.getApplicationId());
        NMTokenSecretManagerInNM nMTokenSecretManagerInNM5 = new NMTokenSecretManagerInNM(nMMemoryStateStoreService);
        nMTokenSecretManagerInNM5.recover();
        nMTokenSecretManagerInNM5.setNodeId(newInstance);
        Assert.assertEquals(generateKey3, nMTokenSecretManagerInNM5.getCurrentKey());
        Assert.assertFalse(nMTokenSecretManagerInNM5.isAppAttemptNMTokenKeyPresent(newInstance2));
        Assert.assertFalse(nMTokenSecretManagerInNM5.isAppAttemptNMTokenKeyPresent(newInstance3));
        try {
            nMTokenSecretManagerInNM5.retrievePassword(nMTokenId);
            Assert.fail("attempt token should not still be valid");
        } catch (SecretManager.InvalidToken e2) {
        }
        try {
            nMTokenSecretManagerInNM5.retrievePassword(nMTokenId2);
            Assert.fail("attempt token should not still be valid");
        } catch (SecretManager.InvalidToken e3) {
        }
        nMMemoryStateStoreService.close();
    }

    private NMTokenIdentifier getNMTokenId(Token token) throws IOException {
        return ConverterUtils.convertFromYarn(token, (Text) null).decodeIdentifier();
    }
}
