package org.apache.hadoop.hdfs.security;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import junit.framework.Assert;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hdfs/security/TestDelegationToken.class */
public class TestDelegationToken {
    private MiniDFSCluster cluster;
    Configuration config;
    private static final Log LOG = LogFactory.getLog(TestDelegationToken.class);

    @Before
    public void setUp() throws Exception {
        this.config = new HdfsConfiguration();
        this.config.setLong("dfs.namenode.delegation.token.max-lifetime", 10000L);
        this.config.setLong("dfs.namenode.delegation.token.renew-interval", 5000L);
        this.config.set("hadoop.security.auth_to_local", "RULE:[2:$1@$0](JobTracker@.*FOO.COM)s/@.*//DEFAULT");
        FileSystem.setDefaultUri(this.config, "hdfs://localhost:0");
        this.cluster = new MiniDFSCluster.Builder(this.config).build();
        this.cluster.waitActive();
        this.cluster.getNamesystem().getDelegationTokenSecretManager().startThreads();
    }

    @After
    public void tearDown() throws Exception {
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
    }

    private Token<DelegationTokenIdentifier> generateDelegationToken(String str, String str2) {
        return new Token<>(new DelegationTokenIdentifier(new Text(str), new Text(str2), (Text) null), this.cluster.getNamesystem().getDelegationTokenSecretManager());
    }

    @Test
    public void testDelegationTokenSecretManager() throws Exception {
        DelegationTokenSecretManager delegationTokenSecretManager = this.cluster.getNamesystem().getDelegationTokenSecretManager();
        Token<DelegationTokenIdentifier> generateDelegationToken = generateDelegationToken("SomeUser", "JobTracker");
        try {
            delegationTokenSecretManager.renewToken(generateDelegationToken, "FakeRenewer");
            Assert.fail("should have failed");
        } catch (AccessControlException e) {
        }
        delegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
        DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
        delegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(generateDelegationToken.getIdentifier())));
        Assert.assertTrue(null != delegationTokenSecretManager.retrievePassword(delegationTokenIdentifier));
        LOG.info("Sleep to expire the token");
        Thread.sleep(6000L);
        try {
            delegationTokenSecretManager.retrievePassword(delegationTokenIdentifier);
            Assert.fail("Token should have expired");
        } catch (SecretManager.InvalidToken e2) {
        }
        delegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
        LOG.info("Sleep beyond the max lifetime");
        Thread.sleep(5000L);
        try {
            delegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
            Assert.fail("should have been expired");
        } catch (SecretManager.InvalidToken e3) {
        }
    }

    @Test
    public void testCancelDelegationToken() throws Exception {
        DelegationTokenSecretManager delegationTokenSecretManager = this.cluster.getNamesystem().getDelegationTokenSecretManager();
        Token<DelegationTokenIdentifier> generateDelegationToken = generateDelegationToken("SomeUser", "JobTracker");
        try {
            delegationTokenSecretManager.cancelToken(generateDelegationToken, "FakeCanceller");
            Assert.fail("should have failed");
        } catch (AccessControlException e) {
        }
        delegationTokenSecretManager.cancelToken(generateDelegationToken, "JobTracker");
        try {
            delegationTokenSecretManager.renewToken(generateDelegationToken, "JobTracker");
            Assert.fail("should have failed");
        } catch (SecretManager.InvalidToken e2) {
        }
    }

    @Test
    public void testDelegationTokenDFSApi() throws Exception {
        DelegationTokenSecretManager delegationTokenSecretManager = this.cluster.getNamesystem().getDelegationTokenSecretManager();
        Token delegationToken = this.cluster.getFileSystem().getDelegationToken("JobTracker");
        DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
        delegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(delegationToken.getIdentifier())));
        LOG.info("A valid token should have non-null password, and should be renewed successfully");
        Assert.assertTrue(null != delegationTokenSecretManager.retrievePassword(delegationTokenIdentifier));
        delegationTokenSecretManager.renewToken(delegationToken, "JobTracker");
    }

    @Test
    public void testDelegationTokenWithDoAs() throws Exception {
        final Token delegationToken = this.cluster.getFileSystem().getDelegationToken("JobTracker");
        final UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("JobTracker/foo.com@FOO.COM");
        UserGroupInformation createRemoteUser2 = UserGroupInformation.createRemoteUser("JobTracker");
        createRemoteUser.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationToken.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                try {
                    TestDelegationToken.this.cluster.getFileSystem().renewDelegationToken(delegationToken);
                    return null;
                } catch (IOException e) {
                    Assert.fail("Could not renew delegation token for user " + createRemoteUser);
                    return null;
                }
            }
        });
        createRemoteUser2.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationToken.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                TestDelegationToken.this.cluster.getFileSystem().renewDelegationToken(delegationToken);
                return null;
            }
        });
        createRemoteUser.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationToken.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                try {
                    TestDelegationToken.this.cluster.getFileSystem().cancelDelegationToken(delegationToken);
                    return null;
                } catch (IOException e) {
                    Assert.fail("Could not cancel delegation token for user " + createRemoteUser);
                    return null;
                }
            }
        });
    }
}
