package org.apache.hadoop.hdfs.security.token.block;

import com.google.protobuf.RpcController;
import com.google.protobuf.ServiceException;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.GregorianCalendar;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.StorageType;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.DFSUtilClient;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.Block;
import org.apache.hadoop.hdfs.protocol.ClientDatanodeProtocol;
import org.apache.hadoop.hdfs.protocol.DatanodeID;
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
import org.apache.hadoop.hdfs.protocol.ExtendedBlock;
import org.apache.hadoop.hdfs.protocol.LocatedBlock;
import org.apache.hadoop.hdfs.protocol.LocatedBlocks;
import org.apache.hadoop.hdfs.protocol.proto.ClientDatanodeProtocolProtos;
import org.apache.hadoop.hdfs.protocolPB.ClientDatanodeProtocolPB;
import org.apache.hadoop.hdfs.protocolPB.PBHelperClient;
import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
import org.apache.hadoop.io.DataInputBuffer;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.TestWritable;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SaslInputStream;
import org.apache.hadoop.security.SaslRpcClient;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.util.Time;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:org/apache/hadoop/hdfs/security/token/block/TestBlockToken.class */
public class TestBlockToken {
    public static final Log LOG = LogFactory.getLog(TestBlockToken.class);
    private static final String ADDRESS = "0.0.0.0";
    static final File FD_DIR;
    final long blockKeyUpdateInterval = 600000;
    final long blockTokenLifetime = 120000;
    final ExtendedBlock block1 = new ExtendedBlock("0", 0);
    final ExtendedBlock block2 = new ExtendedBlock("10", 10);
    final ExtendedBlock block3 = new ExtendedBlock("-10", -108);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/hdfs/security/token/block/TestBlockToken$GetLengthAnswer.class */
    public static class GetLengthAnswer implements Answer<ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto> {
        final BlockTokenSecretManager sm;
        final BlockTokenIdentifier ident;

        public GetLengthAnswer(BlockTokenSecretManager blockTokenSecretManager, BlockTokenIdentifier blockTokenIdentifier) {
            this.sm = blockTokenSecretManager;
            this.ident = blockTokenIdentifier;
        }

        /* renamed from: answer, reason: merged with bridge method [inline-methods] */
        public ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto m248answer(InvocationOnMock invocationOnMock) throws IOException {
            Object[] arguments = invocationOnMock.getArguments();
            Assert.assertEquals(2L, arguments.length);
            ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto getReplicaVisibleLengthRequestProto = (ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto) arguments[1];
            Set<BlockTokenIdentifier> tokenIdentifiers = UserGroupInformation.getCurrentUser().getTokenIdentifiers();
            Assert.assertEquals("Only one BlockTokenIdentifier expected", 1L, tokenIdentifiers.size());
            long j = 0;
            for (BlockTokenIdentifier blockTokenIdentifier : tokenIdentifiers) {
                TestBlockToken.LOG.info("Got: " + blockTokenIdentifier.toString());
                Assert.assertTrue("Received BlockTokenIdentifier is wrong", this.ident.equals(blockTokenIdentifier));
                this.sm.checkAccess(blockTokenIdentifier, (String) null, PBHelperClient.convert(getReplicaVisibleLengthRequestProto.getBlock()), BlockTokenIdentifier.AccessMode.WRITE, new StorageType[]{StorageType.DEFAULT}, (String[]) null);
                j = blockTokenIdentifier.getBlockId();
            }
            return ClientDatanodeProtocolProtos.GetReplicaVisibleLengthResponseProto.newBuilder().setLength(j).build();
        }
    }

    @Before
    public void disableKerberos() {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "simple");
        UserGroupInformation.setConfiguration(configuration);
    }

    private BlockTokenIdentifier generateTokenId(BlockTokenSecretManager blockTokenSecretManager, ExtendedBlock extendedBlock, EnumSet<BlockTokenIdentifier.AccessMode> enumSet, StorageType[] storageTypeArr, String[] strArr) throws IOException {
        Token generateToken = blockTokenSecretManager.generateToken(extendedBlock, enumSet, storageTypeArr, strArr);
        BlockTokenIdentifier createIdentifier = blockTokenSecretManager.createIdentifier();
        createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(generateToken.getIdentifier())));
        return createIdentifier;
    }

    private void testWritable(boolean z) throws Exception {
        TestWritable.testWritable(new BlockTokenIdentifier());
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, z);
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block3, EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DEFAULT}, null));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block3, EnumSet.of(BlockTokenIdentifier.AccessMode.WRITE), new StorageType[]{StorageType.DEFAULT}, null));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block3, EnumSet.allOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DEFAULT}, null));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block1, EnumSet.allOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DEFAULT}, null));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block2, EnumSet.of(BlockTokenIdentifier.AccessMode.WRITE), new StorageType[]{StorageType.DEFAULT}, null));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block3, EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DEFAULT}, null));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block3, EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class), null, null));
        TestWritable.testWritable(generateTokenId(blockTokenSecretManager, this.block3, EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class), StorageType.EMPTY_ARRAY, null));
    }

    @Test
    public void testWritableLegacy() throws Exception {
        testWritable(false);
    }

    @Test
    public void testWritableProtobuf() throws Exception {
        testWritable(true);
    }

    private static void checkAccess(BlockTokenSecretManager blockTokenSecretManager, Token<BlockTokenIdentifier> token, ExtendedBlock extendedBlock, BlockTokenIdentifier.AccessMode accessMode, StorageType[] storageTypeArr, String[] strArr) throws IOException {
        if (strArr == null) {
            blockTokenSecretManager.checkAccess(token.decodeIdentifier(), (String) null, extendedBlock, accessMode, storageTypeArr);
        }
        blockTokenSecretManager.checkAccess(token, (String) null, extendedBlock, accessMode, storageTypeArr, strArr);
    }

    private void tokenGenerationAndVerification(BlockTokenSecretManager blockTokenSecretManager, BlockTokenSecretManager blockTokenSecretManager2, StorageType[] storageTypeArr, String[] strArr) throws Exception {
        for (Enum r0 : BlockTokenIdentifier.AccessMode.values()) {
            Token generateToken = blockTokenSecretManager.generateToken(this.block1, EnumSet.of(r0), storageTypeArr, strArr);
            checkAccess(blockTokenSecretManager, generateToken, this.block1, r0, storageTypeArr, strArr);
            checkAccess(blockTokenSecretManager2, generateToken, this.block1, r0, storageTypeArr, strArr);
            Token generateToken2 = blockTokenSecretManager2.generateToken(this.block2, EnumSet.of(r0), storageTypeArr, strArr);
            checkAccess(blockTokenSecretManager, generateToken2, this.block2, r0, storageTypeArr, strArr);
            checkAccess(blockTokenSecretManager2, generateToken2, this.block2, r0, storageTypeArr, strArr);
        }
        Token generateToken3 = blockTokenSecretManager.generateToken(this.block3, EnumSet.allOf(BlockTokenIdentifier.AccessMode.class), storageTypeArr, strArr);
        for (BlockTokenIdentifier.AccessMode accessMode : BlockTokenIdentifier.AccessMode.values()) {
            checkAccess(blockTokenSecretManager, generateToken3, this.block3, accessMode, storageTypeArr, strArr);
            checkAccess(blockTokenSecretManager2, generateToken3, this.block3, accessMode, storageTypeArr, strArr);
        }
    }

    private void testBlockTokenSecretManager(boolean z) throws Exception {
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, z);
        BlockTokenSecretManager blockTokenSecretManager2 = new BlockTokenSecretManager(600000L, 120000L, "fake-pool", (String) null, z);
        blockTokenSecretManager2.addKeys(blockTokenSecretManager.exportKeys());
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2, new StorageType[]{StorageType.DEFAULT}, null);
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2, null, null);
        blockTokenSecretManager.updateKeys();
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2, new StorageType[]{StorageType.DEFAULT}, null);
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2, null, null);
        blockTokenSecretManager2.addKeys(blockTokenSecretManager.exportKeys());
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2, new StorageType[]{StorageType.DEFAULT}, null);
        tokenGenerationAndVerification(blockTokenSecretManager, blockTokenSecretManager2, null, null);
    }

    @Test
    public void testBlockTokenSecretManagerLegacy() throws Exception {
        testBlockTokenSecretManager(false);
    }

    @Test
    public void testBlockTokenSecretManagerProtobuf() throws Exception {
        testBlockTokenSecretManager(true);
    }

    private static Server createMockDatanode(BlockTokenSecretManager blockTokenSecretManager, Token<BlockTokenIdentifier> token, Configuration configuration) throws IOException, ServiceException {
        ClientDatanodeProtocolPB clientDatanodeProtocolPB = (ClientDatanodeProtocolPB) Mockito.mock(ClientDatanodeProtocolPB.class);
        BlockTokenIdentifier createIdentifier = blockTokenSecretManager.createIdentifier();
        createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
        ((ClientDatanodeProtocolPB) Mockito.doAnswer(new GetLengthAnswer(blockTokenSecretManager, createIdentifier)).when(clientDatanodeProtocolPB)).getReplicaVisibleLength((RpcController) Matchers.any(RpcController.class), (ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto) Matchers.any(ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto.class));
        RPC.setProtocolEngine(configuration, ClientDatanodeProtocolPB.class, ProtobufRpcEngine.class);
        return new RPC.Builder(configuration).setProtocol(ClientDatanodeProtocolPB.class).setInstance(ClientDatanodeProtocolProtos.ClientDatanodeProtocolService.newReflectiveBlockingService(clientDatanodeProtocolPB)).setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(blockTokenSecretManager).build();
    }

    private void testBlockTokenRpc(boolean z) throws Exception {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration);
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, z);
        Token generateToken = blockTokenSecretManager.generateToken(this.block3, EnumSet.allOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DEFAULT}, new String[0]);
        Server createMockDatanode = createMockDatanode(blockTokenSecretManager, generateToken, configuration);
        createMockDatanode.start();
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(createMockDatanode);
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(this.block3.toString());
        createRemoteUser.addToken(generateToken);
        ClientDatanodeProtocol clientDatanodeProtocol = null;
        try {
            clientDatanodeProtocol = DFSUtilClient.createClientDatanodeProtocolProxy(connectAddress, createRemoteUser, configuration, NetUtils.getDefaultSocketFactory(configuration));
            Assert.assertEquals(this.block3.getBlockId(), clientDatanodeProtocol.getReplicaVisibleLength(this.block3));
            createMockDatanode.stop();
            if (clientDatanodeProtocol != null) {
                RPC.stopProxy(clientDatanodeProtocol);
            }
        } catch (Throwable th) {
            createMockDatanode.stop();
            if (clientDatanodeProtocol != null) {
                RPC.stopProxy(clientDatanodeProtocol);
            }
            throw th;
        }
    }

    @Test
    public void testBlockTokenRpcLegacy() throws Exception {
        testBlockTokenRpc(false);
    }

    @Test
    public void testBlockTokenRpcProtobuf() throws Exception {
        testBlockTokenRpc(true);
    }

    private void testBlockTokenRpcLeak(boolean z) throws Exception {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration);
        Assume.assumeTrue(FD_DIR.exists());
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, z);
        Token generateToken = blockTokenSecretManager.generateToken(this.block3, EnumSet.allOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DEFAULT}, new String[0]);
        Server createMockDatanode = createMockDatanode(blockTokenSecretManager, generateToken, configuration);
        createMockDatanode.start();
        DatanodeID localDatanodeID = DFSTestUtil.getLocalDatanodeID(NetUtils.getConnectAddress(createMockDatanode).getPort());
        LocatedBlock locatedBlock = new LocatedBlock(new ExtendedBlock("fake-pool", new Block(12345L)), new DatanodeInfo[0]);
        locatedBlock.setBlockToken(generateToken);
        ClientDatanodeProtocol clientDatanodeProtocol = (ClientDatanodeProtocol) RPC.getProxy(ClientDatanodeProtocol.class, 9L, new InetSocketAddress("1.1.1.1", 1), UserGroupInformation.createRemoteUser("junk"), configuration, NetUtils.getDefaultSocketFactory(configuration));
        int countOpenFileDescriptors = countOpenFileDescriptors();
        try {
            long now = Time.now() + 3000;
            while (Time.now() < now) {
                ClientDatanodeProtocol createClientDatanodeProtocolProxy = DFSUtilClient.createClientDatanodeProtocolProxy(localDatanodeID, configuration, 1000, false, locatedBlock);
                Assert.assertEquals(this.block3.getBlockId(), createClientDatanodeProtocolProxy.getReplicaVisibleLength(this.block3));
                if (createClientDatanodeProtocolProxy != null) {
                    RPC.stopProxy(createClientDatanodeProtocolProxy);
                }
                LOG.info("Num open fds:" + countOpenFileDescriptors());
            }
            int countOpenFileDescriptors2 = countOpenFileDescriptors();
            if (countOpenFileDescriptors2 - countOpenFileDescriptors > 50) {
                Assert.fail("Leaked " + (countOpenFileDescriptors2 - countOpenFileDescriptors) + " fds!");
            }
            RPC.stopProxy(clientDatanodeProtocol);
        } finally {
            createMockDatanode.stop();
        }
    }

    @Test
    public void testBlockTokenRpcLeakLegacy() throws Exception {
        testBlockTokenRpcLeak(false);
    }

    @Test
    public void testBlockTokenRpcLeakProtobuf() throws Exception {
        testBlockTokenRpcLeak(true);
    }

    private static int countOpenFileDescriptors() {
        return FD_DIR.list().length;
    }

    private void testBlockPoolTokenSecretManager(boolean z) throws Exception {
        BlockPoolTokenSecretManager blockPoolTokenSecretManager = new BlockPoolTokenSecretManager();
        for (int i = 0; i < 10; i++) {
            String num = Integer.toString(i);
            BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, z);
            blockPoolTokenSecretManager.addBlockPool(num, new BlockTokenSecretManager(600000L, 120000L, "fake-pool", (String) null, z));
            blockPoolTokenSecretManager.addKeys(num, blockTokenSecretManager.exportKeys());
            String[] strArr = {"DS-9001"};
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num), new StorageType[]{StorageType.DEFAULT}, strArr);
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num), null, null);
            blockTokenSecretManager.updateKeys();
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num), new StorageType[]{StorageType.DEFAULT}, strArr);
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num), null, null);
            blockPoolTokenSecretManager.addKeys(num, blockTokenSecretManager.exportKeys());
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num), new StorageType[]{StorageType.DEFAULT}, new String[]{"DS-9001"});
            tokenGenerationAndVerification(blockTokenSecretManager, blockPoolTokenSecretManager.get(num), null, null);
        }
    }

    @Test
    public void testBlockPoolTokenSecretManagerLegacy() throws Exception {
        testBlockPoolTokenSecretManager(false);
    }

    @Test
    public void testBlockPoolTokenSecretManagerProtobuf() throws Exception {
        testBlockPoolTokenSecretManager(true);
    }

    private void testBlockTokenInLastLocatedBlock(boolean z) throws IOException, InterruptedException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.setBoolean("dfs.block.access.token.enable", true);
        hdfsConfiguration.setInt("dfs.blocksize", 512);
        hdfsConfiguration.setBoolean("dfs.block.access.token.protobuf.enable", z);
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).numDataNodes(1).build();
        build.waitActive();
        try {
            FSDataOutputStream create = build.getFileSystem().create(new Path("/testBlockTokenInLastLocatedBlock"), (short) 1);
            create.write(new byte[1000]);
            create.flush();
            LocatedBlocks blockLocations = build.getNameNodeRpc().getBlockLocations("/testBlockTokenInLastLocatedBlock", 0L, 1000L);
            while (blockLocations.getLastLocatedBlock() == null) {
                Thread.sleep(100L);
                blockLocations = build.getNameNodeRpc().getBlockLocations("/testBlockTokenInLastLocatedBlock", 0L, 1000L);
            }
            Assert.assertEquals(BlockTokenIdentifier.KIND_NAME, blockLocations.getLastLocatedBlock().getBlockToken().getKind());
            create.close();
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    @Test
    public void testBlockTokenInLastLocatedBlockLegacy() throws IOException, InterruptedException {
        testBlockTokenInLastLocatedBlock(false);
    }

    @Test
    public void testBlockTokenInLastLocatedBlockProtobuf() throws IOException, InterruptedException {
        testBlockTokenInLastLocatedBlock(true);
    }

    @Test
    public void testLegacyBlockTokenBytesIsLegacy() throws IOException {
        byte[] identifier = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, false).generateToken(this.block1, EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DEFAULT}, new String[0]).getIdentifier();
        BlockTokenIdentifier blockTokenIdentifier = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier2 = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier3 = new BlockTokenIdentifier();
        DataInputBuffer dataInputBuffer = new DataInputBuffer();
        dataInputBuffer.reset(identifier, identifier.length);
        blockTokenIdentifier.readFieldsLegacy(dataInputBuffer);
        boolean z = false;
        try {
            dataInputBuffer.reset(identifier, identifier.length);
            blockTokenIdentifier2.readFieldsProtobuf(dataInputBuffer);
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z);
        dataInputBuffer.reset(identifier, identifier.length);
        blockTokenIdentifier3.readFields(dataInputBuffer);
        Assert.assertEquals(blockTokenIdentifier, blockTokenIdentifier3);
        Assert.assertNotEquals(blockTokenIdentifier2, blockTokenIdentifier3);
    }

    @Test
    public void testEmptyLegacyBlockTokenBytesIsLegacy() throws IOException {
        BlockTokenIdentifier blockTokenIdentifier = new BlockTokenIdentifier();
        DataOutputBuffer dataOutputBuffer = new DataOutputBuffer(4096);
        DataInputBuffer dataInputBuffer = new DataInputBuffer();
        blockTokenIdentifier.writeLegacy(dataOutputBuffer);
        byte[] copyOf = Arrays.copyOf(dataOutputBuffer.getData(), dataOutputBuffer.getLength());
        BlockTokenIdentifier blockTokenIdentifier2 = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier3 = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier4 = new BlockTokenIdentifier();
        dataInputBuffer.reset(copyOf, copyOf.length);
        blockTokenIdentifier2.readFieldsLegacy(dataInputBuffer);
        boolean z = false;
        try {
            dataInputBuffer.reset(copyOf, copyOf.length);
            blockTokenIdentifier3.readFieldsProtobuf(dataInputBuffer);
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z);
        dataInputBuffer.reset(copyOf, copyOf.length);
        blockTokenIdentifier4.readFields(dataInputBuffer);
    }

    @Test
    public void testProtobufBlockTokenBytesIsProtobuf() throws IOException {
        byte[] identifier = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, true).generateToken(this.block1, EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class), StorageType.EMPTY_ARRAY, new String[0]).getIdentifier();
        BlockTokenIdentifier blockTokenIdentifier = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier2 = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier3 = new BlockTokenIdentifier();
        DataInputBuffer dataInputBuffer = new DataInputBuffer();
        boolean z = false;
        try {
            dataInputBuffer.reset(identifier, identifier.length);
            blockTokenIdentifier.readFieldsLegacy(dataInputBuffer);
        } catch (IOException | NegativeArraySizeException e) {
            z = true;
        }
        Assert.assertTrue(z);
        dataInputBuffer.reset(identifier, identifier.length);
        blockTokenIdentifier2.readFieldsProtobuf(dataInputBuffer);
        dataInputBuffer.reset(identifier, identifier.length);
        blockTokenIdentifier3.readFields(dataInputBuffer);
        Assert.assertNotEquals(blockTokenIdentifier, blockTokenIdentifier3);
        Assert.assertEquals(blockTokenIdentifier2, blockTokenIdentifier3);
    }

    private void testCraftedProtobufBlockTokenIdentifier(BlockTokenIdentifier blockTokenIdentifier, boolean z, boolean z2) throws IOException {
        DataOutputBuffer dataOutputBuffer = new DataOutputBuffer(4096);
        DataInputBuffer dataInputBuffer = new DataInputBuffer();
        blockTokenIdentifier.writeProtobuf(dataOutputBuffer);
        byte[] copyOf = Arrays.copyOf(dataOutputBuffer.getData(), dataOutputBuffer.getLength());
        BlockTokenIdentifier blockTokenIdentifier2 = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier3 = new BlockTokenIdentifier();
        BlockTokenIdentifier blockTokenIdentifier4 = new BlockTokenIdentifier();
        boolean z3 = false;
        try {
            dataInputBuffer.reset(copyOf, copyOf.length);
            blockTokenIdentifier2.readFieldsLegacy(dataInputBuffer);
        } catch (IOException e) {
            if (!z) {
                Assert.fail("Received IOException but it was not expected.");
            }
            z3 = true;
        } catch (RuntimeException e2) {
            if (!z2) {
                Assert.fail("Received RuntimeException but it was not expected.");
            }
            z3 = true;
        }
        Assert.assertTrue(z3);
        dataInputBuffer.reset(copyOf, copyOf.length);
        blockTokenIdentifier3.readFieldsProtobuf(dataInputBuffer);
        dataInputBuffer.reset(copyOf, copyOf.length);
        blockTokenIdentifier4.readFieldsProtobuf(dataInputBuffer);
        Assert.assertEquals(blockTokenIdentifier3, blockTokenIdentifier4);
        Assert.assertEquals(blockTokenIdentifier, blockTokenIdentifier4);
    }

    @Test
    public void testEmptyProtobufBlockTokenBytesIsProtobuf() throws IOException {
        testCraftedProtobufBlockTokenIdentifier(new BlockTokenIdentifier(), true, false);
    }

    @Test
    public void testCraftedProtobufBlockTokenBytesIsProtobuf() throws IOException {
        BlockTokenIdentifier blockTokenIdentifier = new BlockTokenIdentifier("user", "blockpool", 123L, EnumSet.allOf(BlockTokenIdentifier.AccessMode.class), new StorageType[]{StorageType.DISK, StorageType.ARCHIVE}, new String[]{"fake-storage-id"}, true);
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.set(2017, 1, 9, 0, 12, 35);
        long timeInMillis = ((gregorianCalendar.getTimeInMillis() / 1000) * 1000) + 71;
        blockTokenIdentifier.setExpiryDate(timeInMillis);
        testCraftedProtobufBlockTokenIdentifier(blockTokenIdentifier, false, true);
        blockTokenIdentifier.setExpiryDate(timeInMillis + 1);
        testCraftedProtobufBlockTokenIdentifier(blockTokenIdentifier, true, false);
    }

    private BlockTokenIdentifier writeAndReadBlockToken(BlockTokenIdentifier blockTokenIdentifier) throws IOException {
        DataOutputBuffer dataOutputBuffer = new DataOutputBuffer(4096);
        DataInputBuffer dataInputBuffer = new DataInputBuffer();
        blockTokenIdentifier.write(dataOutputBuffer);
        byte[] copyOf = Arrays.copyOf(dataOutputBuffer.getData(), dataOutputBuffer.getLength());
        BlockTokenIdentifier blockTokenIdentifier2 = new BlockTokenIdentifier();
        dataInputBuffer.reset(copyOf, copyOf.length);
        blockTokenIdentifier2.readFields(dataInputBuffer);
        Assert.assertEquals(blockTokenIdentifier, blockTokenIdentifier2);
        return blockTokenIdentifier2;
    }

    @Test
    public void testEmptyBlockTokenSerialization() throws IOException {
        BlockTokenIdentifier writeAndReadBlockToken = writeAndReadBlockToken(new BlockTokenIdentifier());
        Assert.assertEquals(writeAndReadBlockToken.getExpiryDate(), 0L);
        Assert.assertEquals(writeAndReadBlockToken.getKeyId(), 0L);
        Assert.assertEquals(writeAndReadBlockToken.getUserId(), (Object) null);
        Assert.assertEquals(writeAndReadBlockToken.getBlockPoolId(), (Object) null);
        Assert.assertEquals(writeAndReadBlockToken.getBlockId(), 0L);
        Assert.assertEquals(writeAndReadBlockToken.getAccessModes(), EnumSet.noneOf(BlockTokenIdentifier.AccessMode.class));
        Assert.assertArrayEquals(writeAndReadBlockToken.getStorageTypes(), StorageType.EMPTY_ARRAY);
    }

    private void testBlockTokenSerialization(boolean z) throws IOException {
        EnumSet allOf = EnumSet.allOf(BlockTokenIdentifier.AccessMode.class);
        StorageType[] storageTypeArr = {StorageType.RAM_DISK, StorageType.SSD, StorageType.DISK, StorageType.ARCHIVE};
        BlockTokenIdentifier blockTokenIdentifier = new BlockTokenIdentifier("user", "bpool", 123L, allOf, storageTypeArr, new String[]{"fake-storage-id"}, z);
        blockTokenIdentifier.setExpiryDate(1487080345L);
        BlockTokenIdentifier writeAndReadBlockToken = writeAndReadBlockToken(blockTokenIdentifier);
        Assert.assertEquals(writeAndReadBlockToken.getExpiryDate(), 1487080345L);
        Assert.assertEquals(writeAndReadBlockToken.getKeyId(), 0L);
        Assert.assertEquals(writeAndReadBlockToken.getUserId(), "user");
        Assert.assertEquals(writeAndReadBlockToken.getBlockPoolId(), "bpool");
        Assert.assertEquals(writeAndReadBlockToken.getBlockId(), 123L);
        Assert.assertEquals(writeAndReadBlockToken.getAccessModes(), EnumSet.allOf(BlockTokenIdentifier.AccessMode.class));
        Assert.assertArrayEquals(writeAndReadBlockToken.getStorageTypes(), storageTypeArr);
        Assert.assertArrayEquals(writeAndReadBlockToken.getStorageIds(), new String[]{"fake-storage-id"});
    }

    @Test
    public void testBlockTokenSerialization() throws IOException {
        testBlockTokenSerialization(false);
        testBlockTokenSerialization(true);
    }

    private void testBadStorageIDCheckAccess(boolean z) throws IOException {
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(600000L, 120000L, 0, 1, "fake-pool", (String) null, z);
        StorageType[] storageTypeArr = {StorageType.DISK};
        String[] strArr = {"fake-storage-id"};
        String[] strArr2 = {"BAD-STORAGE-ID"};
        String[] strArr3 = new String[0];
        BlockTokenIdentifier.AccessMode accessMode = BlockTokenIdentifier.AccessMode.READ;
        BlockTokenIdentifier generateTokenId = generateTokenId(blockTokenSecretManager, this.block3, EnumSet.of(accessMode), storageTypeArr, strArr);
        blockTokenSecretManager.checkAccess(generateTokenId, (String) null, this.block3, accessMode, storageTypeArr, strArr);
        try {
            blockTokenSecretManager.checkAccess(generateTokenId, (String) null, this.block3, accessMode, storageTypeArr, strArr2);
            Assert.fail("Expected strict BlockTokenSecretManager to fail");
        } catch (SecretManager.InvalidToken e) {
        }
        blockTokenSecretManager.checkAccess(generateTokenId, (String) null, this.block3, accessMode, storageTypeArr, strArr3);
        blockTokenSecretManager.checkAccess(generateTokenId, (String) null, this.block3, accessMode, storageTypeArr, (String[]) null);
        blockTokenSecretManager.checkAccess(generateTokenId, (String) null, this.block3, accessMode, storageTypeArr);
    }

    @Test
    public void testBadStorageIDCheckAccess() throws IOException {
        testBadStorageIDCheckAccess(false);
        testBadStorageIDCheckAccess(true);
    }

    static {
        GenericTestUtils.setLogLevel(Client.LOG, Level.ALL);
        GenericTestUtils.setLogLevel(Server.LOG, Level.ALL);
        GenericTestUtils.setLogLevel(SaslRpcClient.LOG, Level.ALL);
        GenericTestUtils.setLogLevel(SaslRpcServer.LOG, Level.ALL);
        GenericTestUtils.setLogLevel(SaslInputStream.LOG, Level.ALL);
        FD_DIR = new File("/proc/self/fd/");
    }
}
