package org.apache.hadoop.yarn.server.nodemanager.security;

import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.Priority;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.apache.hadoop.yarn.server.nodemanager.recovery.NMMemoryStateStoreService;
import org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager;
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/nodemanager/security/TestNMContainerTokenSecretManager.class */
public class TestNMContainerTokenSecretManager {

    /* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/nodemanager/security/TestNMContainerTokenSecretManager$ContainerTokenKeyGeneratorForTest.class */
    private static class ContainerTokenKeyGeneratorForTest extends BaseContainerTokenSecretManager {
        public ContainerTokenKeyGeneratorForTest(Configuration configuration) {
            super(configuration);
        }

        public MasterKey generateKey() {
            return createNewMasterKey().getMasterKey();
        }
    }

    @Test
    public void testRecovery() throws IOException {
        Configuration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.nodemanager.recovery.enabled", true);
        NodeId newInstance = NodeId.newInstance("somehost", 1234);
        ContainerId newContainerId = BuilderUtils.newContainerId(1, 1, 1L, 1L);
        ContainerId newContainerId2 = BuilderUtils.newContainerId(2, 2, 2L, 2L);
        ContainerTokenKeyGeneratorForTest containerTokenKeyGeneratorForTest = new ContainerTokenKeyGeneratorForTest(yarnConfiguration);
        NMMemoryStateStoreService nMMemoryStateStoreService = new NMMemoryStateStoreService();
        nMMemoryStateStoreService.init(yarnConfiguration);
        nMMemoryStateStoreService.start();
        NMContainerTokenSecretManager nMContainerTokenSecretManager = new NMContainerTokenSecretManager(yarnConfiguration, nMMemoryStateStoreService);
        nMContainerTokenSecretManager.setNodeId(newInstance);
        MasterKey generateKey = containerTokenKeyGeneratorForTest.generateKey();
        nMContainerTokenSecretManager.setMasterKey(generateKey);
        ContainerTokenIdentifier createContainerTokenId = createContainerTokenId(newContainerId, newInstance, "user1", nMContainerTokenSecretManager);
        ContainerTokenIdentifier createContainerTokenId2 = createContainerTokenId(newContainerId2, newInstance, "user2", nMContainerTokenSecretManager);
        Assert.assertNotNull(nMContainerTokenSecretManager.retrievePassword(createContainerTokenId));
        Assert.assertNotNull(nMContainerTokenSecretManager.retrievePassword(createContainerTokenId2));
        NMContainerTokenSecretManager nMContainerTokenSecretManager2 = new NMContainerTokenSecretManager(yarnConfiguration, nMMemoryStateStoreService);
        nMContainerTokenSecretManager2.setNodeId(newInstance);
        nMContainerTokenSecretManager2.recover();
        Assert.assertEquals(generateKey, nMContainerTokenSecretManager2.getCurrentKey());
        Assert.assertTrue(nMContainerTokenSecretManager2.isValidStartContainerRequest(createContainerTokenId));
        Assert.assertTrue(nMContainerTokenSecretManager2.isValidStartContainerRequest(createContainerTokenId2));
        Assert.assertNotNull(nMContainerTokenSecretManager2.retrievePassword(createContainerTokenId));
        Assert.assertNotNull(nMContainerTokenSecretManager2.retrievePassword(createContainerTokenId2));
        nMContainerTokenSecretManager2.startContainerSuccessful(createContainerTokenId2);
        MasterKey generateKey2 = containerTokenKeyGeneratorForTest.generateKey();
        nMContainerTokenSecretManager2.setMasterKey(generateKey2);
        NMContainerTokenSecretManager nMContainerTokenSecretManager3 = new NMContainerTokenSecretManager(yarnConfiguration, nMMemoryStateStoreService);
        nMContainerTokenSecretManager3.setNodeId(newInstance);
        nMContainerTokenSecretManager3.recover();
        Assert.assertEquals(generateKey2, nMContainerTokenSecretManager3.getCurrentKey());
        Assert.assertTrue(nMContainerTokenSecretManager3.isValidStartContainerRequest(createContainerTokenId));
        Assert.assertFalse(nMContainerTokenSecretManager3.isValidStartContainerRequest(createContainerTokenId2));
        Assert.assertNotNull(nMContainerTokenSecretManager3.retrievePassword(createContainerTokenId));
        Assert.assertNotNull(nMContainerTokenSecretManager3.retrievePassword(createContainerTokenId2));
        MasterKey generateKey3 = containerTokenKeyGeneratorForTest.generateKey();
        nMContainerTokenSecretManager3.setMasterKey(generateKey3);
        NMContainerTokenSecretManager nMContainerTokenSecretManager4 = new NMContainerTokenSecretManager(yarnConfiguration, nMMemoryStateStoreService);
        nMContainerTokenSecretManager4.setNodeId(newInstance);
        nMContainerTokenSecretManager4.recover();
        Assert.assertEquals(generateKey3, nMContainerTokenSecretManager4.getCurrentKey());
        Assert.assertTrue(nMContainerTokenSecretManager4.isValidStartContainerRequest(createContainerTokenId));
        Assert.assertFalse(nMContainerTokenSecretManager4.isValidStartContainerRequest(createContainerTokenId2));
        try {
            nMContainerTokenSecretManager4.retrievePassword(createContainerTokenId);
            Assert.fail("token should not be valid");
        } catch (SecretManager.InvalidToken e) {
        }
        try {
            nMContainerTokenSecretManager4.retrievePassword(createContainerTokenId2);
            Assert.fail("token should not be valid");
        } catch (SecretManager.InvalidToken e2) {
        }
        nMMemoryStateStoreService.close();
    }

    private static ContainerTokenIdentifier createContainerTokenId(ContainerId containerId, NodeId nodeId, String str, NMContainerTokenSecretManager nMContainerTokenSecretManager) throws IOException {
        ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier(containerId, nodeId.toString(), str, BuilderUtils.newResource(1024, 1), System.currentTimeMillis() + 100000, nMContainerTokenSecretManager.getCurrentKey().getKeyId(), containerId.getApplicationAttemptId().getApplicationId().getClusterTimestamp(), Priority.newInstance(0), 0L);
        return BuilderUtils.newContainerTokenIdentifier(BuilderUtils.newContainerToken(nodeId, nMContainerTokenSecretManager.createPassword(containerTokenIdentifier), containerTokenIdentifier));
    }
}
