package org.apache.hadoop.ozone.container.ozoneimpl;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.UUID;
import org.apache.commons.lang3.RandomUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.DatanodeDetails;
import org.apache.hadoop.hdds.protocol.MockDatanodeDetails;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.scm.XceiverClientGrpc;
import org.apache.hadoop.hdds.scm.XceiverClientSpi;
import org.apache.hadoop.hdds.scm.pipeline.MockPipeline;
import org.apache.hadoop.hdds.scm.pipeline.Pipeline;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.ozone.client.CertificateClientTestImpl;
import org.apache.hadoop.ozone.container.ContainerTestHelper;
import org.apache.hadoop.ozone.container.common.statemachine.DatanodeStateMachine;
import org.apache.hadoop.ozone.container.common.statemachine.StateContext;
import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.util.Time;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.rules.Timeout;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/ozone/container/ozoneimpl/TestSecureOzoneContainer.class */
public class TestSecureOzoneContainer {
    private static final Logger LOG = LoggerFactory.getLogger(TestSecureOzoneContainer.class);

    @Rule
    public Timeout testTimeout = Timeout.seconds(300);

    @Rule
    public TemporaryFolder tempFolder = new TemporaryFolder();
    private OzoneConfiguration conf;
    private SecurityConfig secConfig;
    private Boolean requireBlockToken;
    private Boolean hasBlockToken;
    private Boolean blockTokeExpired;
    private CertificateClientTestImpl caClient;
    private OzoneBlockTokenSecretManager secretManager;

    public TestSecureOzoneContainer(Boolean bool, Boolean bool2, Boolean bool3) {
        this.requireBlockToken = bool;
        this.hasBlockToken = bool2;
        this.blockTokeExpired = bool3;
    }

    @Parameterized.Parameters
    public static Collection<Object[]> blockTokenOptions() {
        return Arrays.asList(new Object[]{true, true, false}, new Object[]{true, true, true}, new Object[]{true, false, false}, new Object[]{false, true, false}, new Object[]{false, false, false});
    }

    @Before
    public void setup() throws Exception {
        DefaultMetricsSystem.setMiniClusterMode(true);
        this.conf = new OzoneConfiguration();
        this.conf.set("ozone.metadata.dirs", GenericTestUtils.getTempPath("ozoneMeta"));
        this.secConfig = new SecurityConfig(this.conf);
        this.caClient = new CertificateClientTestImpl(this.conf);
        this.secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(this.conf), 86400L, this.caClient.getCertificate().getSerialNumber().toString());
    }

    @Test
    public void testCreateOzoneContainer() throws Exception {
        LOG.info("Test case: requireBlockToken: {} hasBlockToken: {} blockTokenExpired: {}.", new Object[]{this.requireBlockToken, this.hasBlockToken, this.blockTokeExpired});
        this.conf.setBoolean("hdds.block.token.enabled", this.requireBlockToken.booleanValue());
        long testContainerID = ContainerTestHelper.getTestContainerID();
        OzoneContainer ozoneContainer = null;
        System.out.println(System.getProperties().getProperty("java.library.path"));
        try {
            Pipeline createSingleNodePipeline = MockPipeline.createSingleNodePipeline();
            this.conf.set("hdds.datanode.dir", this.tempFolder.getRoot().getPath());
            this.conf.setInt("dfs.container.ipc", createSingleNodePipeline.getFirstNode().getPort(DatanodeDetails.Port.Name.STANDALONE).getValue().intValue());
            this.conf.setBoolean("dfs.container.ipc.random.port", false);
            DatanodeDetails randomDatanodeDetails = MockDatanodeDetails.randomDatanodeDetails();
            ozoneContainer = new OzoneContainer(randomDatanodeDetails, this.conf, getContext(randomDatanodeDetails), this.caClient);
            ozoneContainer.start(UUID.randomUUID().toString());
            UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user1", new String[]{"usergroup"});
            new OzoneBlockTokenIdentifier("testUser", "cid:lud:bcsid", EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class), this.blockTokeExpired.booleanValue() ? Time.now() - 7200 : Time.now() + 86400, "1234", 128L);
            if (randomDatanodeDetails.getPort(DatanodeDetails.Port.Name.STANDALONE).getValue().intValue() == 0) {
                this.secConfig.getConfiguration().getInt("dfs.container.ipc", 9859);
            }
            this.secretManager.start(this.caClient);
            Token generateToken = this.secretManager.generateToken("123", EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class), RandomUtils.nextLong());
            if (this.hasBlockToken.booleanValue()) {
                createUserForTesting.addToken(generateToken);
            }
            createUserForTesting.doAs(() -> {
                try {
                    XceiverClientGrpc xceiverClientGrpc = new XceiverClientGrpc(createSingleNodePipeline, this.conf);
                    xceiverClientGrpc.connect(generateToken.encodeToUrlString());
                    if (this.hasBlockToken.booleanValue()) {
                        createContainerForTesting(xceiverClientGrpc, testContainerID, generateToken);
                    } else {
                        createContainerForTesting(xceiverClientGrpc, testContainerID, null);
                    }
                    return null;
                } catch (Exception e) {
                    if (this.requireBlockToken.booleanValue() && this.hasBlockToken.booleanValue() && !this.blockTokeExpired.booleanValue()) {
                        LOG.error("Unexpected error. ", e);
                        Assert.fail("Client with BlockToken should succeed when block token is required.");
                    }
                    if (this.requireBlockToken.booleanValue() && this.hasBlockToken.booleanValue() && this.blockTokeExpired.booleanValue()) {
                        Assert.assertTrue("Receive expected exception", e instanceof SCMSecurityException);
                    }
                    if (!this.requireBlockToken.booleanValue() || this.hasBlockToken.booleanValue()) {
                        return null;
                    }
                    Assert.assertTrue("Receive expected exception", e instanceof IOException);
                    return null;
                }
            });
            if (ozoneContainer != null) {
                ozoneContainer.stop();
            }
        } catch (Throwable th) {
            if (ozoneContainer != null) {
                ozoneContainer.stop();
            }
            throw th;
        }
    }

    public static void createContainerForTesting(XceiverClientSpi xceiverClientSpi, long j, Token token) throws Exception {
        Assert.assertNotNull(xceiverClientSpi.sendCommand(ContainerTestHelper.getCreateContainerSecureRequest(j, xceiverClientSpi.getPipeline(), token)));
    }

    private StateContext getContext(DatanodeDetails datanodeDetails) {
        DatanodeStateMachine datanodeStateMachine = (DatanodeStateMachine) Mockito.mock(DatanodeStateMachine.class);
        StateContext stateContext = (StateContext) Mockito.mock(StateContext.class);
        Mockito.when(datanodeStateMachine.getDatanodeDetails()).thenReturn(datanodeDetails);
        Mockito.when(stateContext.getParent()).thenReturn(datanodeStateMachine);
        return stateContext;
    }
}
