package org.apache.hadoop.yarn.server.resourcemanager.webapp;

import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Singleton;
import com.google.inject.servlet.GuiceFilter;
import com.google.inject.servlet.GuiceServletContextListener;
import com.google.inject.servlet.ServletModule;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.filter.LoggingFilter;
import com.sun.jersey.guice.spi.container.servlet.GuiceContainer;
import com.sun.jersey.test.framework.WebAppDescriptor;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Properties;
import java.util.concurrent.Callable;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken;
import org.apache.hadoop.yarn.webapp.GenericExceptionHandler;
import org.apache.hadoop.yarn.webapp.JerseyTestBase;
import org.apache.hadoop.yarn.webapp.WebServicesTestUtils;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens.class */
public class TestRMWebServicesDelegationTokens extends JerseyTestBase {
    private static File testRootDir;
    private static File httpSpnegoKeytabFile = new File(KerberosTestUtils.getKeytabFile());
    private static String httpSpnegoPrincipal = KerberosTestUtils.getServerPrincipal();
    private static MiniKdc testMiniKDC;
    private static MockRM rm;
    private Injector injector;
    private boolean isKerberosAuth;
    final String yarnTokenHeader = "Hadoop-YARN-RM-Delegation-Token";

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$GuiceServletConfig.class */
    public class GuiceServletConfig extends GuiceServletContextListener {
        public GuiceServletConfig() {
        }

        protected Injector getInjector() {
            return TestRMWebServicesDelegationTokens.this.injector;
        }
    }

    @Singleton
    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$TestKerberosAuthFilter.class */
    public static class TestKerberosAuthFilter extends AuthenticationFilter {
        protected Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
            Properties configuration = super.getConfiguration(str, filterConfig);
            configuration.put("kerberos.principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
            configuration.put("kerberos.keytab", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
            configuration.put("type", "kerberos");
            return configuration;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$TestServletModule.class */
    private class TestServletModule extends ServletModule {
        public Configuration rmconf;

        private TestServletModule() {
            this.rmconf = new Configuration();
        }

        protected void configureServlets() {
            bind(JAXBContextResolver.class);
            bind(RMWebServices.class);
            bind(GenericExceptionHandler.class);
            Configuration configuration = new Configuration();
            configuration.setInt("yarn.resourcemanager.am.max-attempts", 2);
            configuration.setClass("yarn.resourcemanager.scheduler.class", FifoScheduler.class, ResourceScheduler.class);
            configuration.setBoolean("yarn.acl.enable", true);
            MockRM unused = TestRMWebServicesDelegationTokens.rm = new MockRM(configuration);
            bind(ResourceManager.class).toInstance(TestRMWebServicesDelegationTokens.rm);
            if (TestRMWebServicesDelegationTokens.this.isKerberosAuth) {
                filter("/*", new String[0]).through(TestKerberosAuthFilter.class);
            } else {
                filter("/*", new String[0]).through(TestSimpleAuthFilter.class);
            }
            serve("/*", new String[0]).with(GuiceContainer.class);
        }
    }

    @Singleton
    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$TestSimpleAuthFilter.class */
    public static class TestSimpleAuthFilter extends AuthenticationFilter {
        protected Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
            Properties configuration = super.getConfiguration(str, filterConfig);
            configuration.put("kerberos.principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
            configuration.put("kerberos.keytab", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
            configuration.put("type", "simple");
            configuration.put("simple.anonymous.allowed", "false");
            return configuration;
        }
    }

    private Injector getSimpleAuthInjector() {
        return Guice.createInjector(new Module[]{new TestServletModule() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.1
            @Override // org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.TestServletModule
            protected void configureServlets() {
                TestRMWebServicesDelegationTokens.this.isKerberosAuth = false;
                this.rmconf.set("hadoop.security.authentication", "simple");
                super.configureServlets();
            }
        }});
    }

    private Injector getKerberosAuthInjector() {
        return Guice.createInjector(new Module[]{new TestServletModule() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.2
            @Override // org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.TestServletModule
            protected void configureServlets() {
                TestRMWebServicesDelegationTokens.this.isKerberosAuth = true;
                this.rmconf.set("hadoop.security.authentication", "kerberos");
                this.rmconf.set("yarn.resourcemanager.webapp.spnego-principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
                this.rmconf.set("yarn.resourcemanager.webapp.spnego-keytab-file", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
                this.rmconf.set("yarn.nodemanager.webapp.spnego-principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
                this.rmconf.set("yarn.nodemanager.webapp.spnego-keytab-file", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
                super.configureServlets();
            }
        }});
    }

    @Parameterized.Parameters
    public static Collection<Object[]> guiceConfigs() {
        return Arrays.asList(new Object[]{0}, new Object[]{1});
    }

    public TestRMWebServicesDelegationTokens(int i) throws Exception {
        super(new WebAppDescriptor.Builder(new String[]{"org.apache.hadoop.yarn.server.resourcemanager.webapp"}).contextListenerClass(GuiceServletConfig.class).filterClass(GuiceFilter.class).contextPath("jersey-guice-filter").servletPath("/").build());
        this.isKerberosAuth = false;
        this.yarnTokenHeader = "Hadoop-YARN-RM-Delegation-Token";
        switch (i) {
            case 0:
            default:
                this.injector = getKerberosAuthInjector();
                return;
            case 1:
                this.injector = getSimpleAuthInjector();
                return;
        }
    }

    @BeforeClass
    public static void setupKDC() throws Exception {
        testRootDir = new File("target", TestRMWebServicesDelegationTokens.class.getName() + "-root");
        testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
        testMiniKDC.start();
        testMiniKDC.createPrincipal(httpSpnegoKeytabFile, new String[]{"HTTP/localhost", "client", "client2", "client3"});
    }

    @Before
    public void setUp() throws Exception {
        super.setUp();
        httpSpnegoKeytabFile.deleteOnExit();
        testRootDir.deleteOnExit();
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration);
    }

    @AfterClass
    public static void shutdownKdc() {
        if (testMiniKDC != null) {
            testMiniKDC.stop();
        }
    }

    @After
    public void tearDown() throws Exception {
        rm.stop();
        super.tearDown();
        UserGroupInformation.setConfiguration(new Configuration());
    }

    @Test
    public void testCreateDelegationToken() throws Exception {
        rm.start();
        client().addFilter(new LoggingFilter(System.out));
        String[] strArr = {"application/json", "application/xml"};
        HashMap hashMap = new HashMap();
        hashMap.put("application/json", "{ \"renewer\" : \"test-renewer\" }");
        hashMap.put("application/xml", "<delegation-token><renewer>test-renewer</renewer></delegation-token>");
        for (String str : strArr) {
            String str2 = (String) hashMap.get(str);
            for (String str3 : strArr) {
                if (this.isKerberosAuth) {
                    verifyKerberosAuthCreate(str, str3, str2, "test-renewer");
                } else {
                    verifySimpleAuthCreate(str, str3, str2);
                }
            }
        }
        rm.stop();
    }

    private void verifySimpleAuthCreate(String str, String str2, String str3) {
        Assert.assertEquals(ClientResponse.Status.FORBIDDEN, ((ClientResponse) resource().path("ws").path("v1").path("cluster").path("delegation-token").queryParam("user.name", "testuser").accept(new String[]{str2}).entity(str3, str).post(ClientResponse.class)).getClientResponseStatus());
    }

    private void verifyKerberosAuthCreate(final String str, final String str2, final String str3, final String str4) throws Exception {
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                ClientResponse clientResponse = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).entity(str3, str).post(ClientResponse.class);
                Assert.assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
                DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse);
                Assert.assertFalse(delegationTokenFromResponse.getToken().isEmpty());
                Token token = new Token();
                token.decodeFromUrlString(delegationTokenFromResponse.getToken());
                Assert.assertEquals(str4, token.decodeIdentifier().getRenewer().toString());
                TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationTokenFromResponse.getToken());
                ClientResponse clientResponse2 = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).entity(new DelegationToken(), str).post(ClientResponse.class);
                Assert.assertEquals(ClientResponse.Status.OK, clientResponse2.getClientResponseStatus());
                DelegationToken delegationTokenFromResponse2 = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse2);
                Assert.assertFalse(delegationTokenFromResponse2.getToken().isEmpty());
                Token token2 = new Token();
                token2.decodeFromUrlString(delegationTokenFromResponse2.getToken());
                Assert.assertEquals("", token2.decodeIdentifier().getRenewer().toString());
                TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationTokenFromResponse2.getToken());
                return null;
            }
        });
    }

    @Test
    public void testRenewDelegationToken() throws Exception {
        client().addFilter(new LoggingFilter(System.out));
        rm.start();
        client().addFilter(new LoggingFilter(System.out));
        final DelegationToken delegationToken = new DelegationToken();
        delegationToken.setRenewer("client2");
        String[] strArr = {"application/json", "application/xml"};
        for (final String str : strArr) {
            for (final String str2 : strArr) {
                if (this.isKerberosAuth) {
                    final DelegationToken delegationToken2 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.4
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public DelegationToken call() throws Exception {
                            ClientResponse clientResponse = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).entity(delegationToken, str).post(ClientResponse.class);
                            Assert.assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
                            DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse);
                            Assert.assertFalse(delegationTokenFromResponse.getToken().isEmpty());
                            Assert.assertEquals(ClientResponse.Status.FORBIDDEN, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").header("Hadoop-YARN-RM-Delegation-Token", delegationTokenFromResponse.getToken()).accept(new String[]{str2}).entity(TestRMWebServicesDelegationTokens.generateRenewTokenBody(str, delegationTokenFromResponse.getToken()), str).post(ClientResponse.class)).getClientResponseStatus());
                            return delegationTokenFromResponse;
                        }
                    });
                    KerberosTestUtils.doAs("client2", new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.5
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public DelegationToken call() throws Exception {
                            long now = Time.now();
                            TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationToken2.getToken());
                            String generateRenewTokenBody = TestRMWebServicesDelegationTokens.generateRenewTokenBody(str, delegationToken2.getToken());
                            ClientResponse clientResponse = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).accept(new String[]{str2}).entity(generateRenewTokenBody, str).post(ClientResponse.class);
                            Assert.assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
                            DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse);
                            Assert.assertTrue("Expiration time not as expected: old = " + now + "; new = " + delegationTokenFromResponse.getNextExpirationTime(), delegationTokenFromResponse.getNextExpirationTime().longValue() > now);
                            long longValue = delegationTokenFromResponse.getNextExpirationTime().longValue();
                            Thread.sleep(1000L);
                            ClientResponse clientResponse2 = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).accept(new String[]{str2}).entity(generateRenewTokenBody, str).post(ClientResponse.class);
                            Assert.assertEquals(ClientResponse.Status.OK, clientResponse2.getClientResponseStatus());
                            DelegationToken delegationTokenFromResponse2 = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse2);
                            Assert.assertTrue("Expiration time not as expected: old = " + longValue + "; new = " + delegationTokenFromResponse2.getNextExpirationTime(), delegationTokenFromResponse2.getNextExpirationTime().longValue() > longValue);
                            return delegationTokenFromResponse2;
                        }
                    });
                    KerberosTestUtils.doAs("client3", new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.6
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public DelegationToken call() throws Exception {
                            Assert.assertEquals(ClientResponse.Status.FORBIDDEN, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).accept(new String[]{str2}).entity(TestRMWebServicesDelegationTokens.generateRenewTokenBody(str, delegationToken2.getToken()), str).post(ClientResponse.class)).getClientResponseStatus());
                            return null;
                        }
                    });
                    KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.7
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public Void call() throws Exception {
                            Assert.assertEquals(ClientResponse.Status.BAD_REQUEST, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").accept(new String[]{str2}).entity(str.equals("application/json") ? "{\"token\": \"TEST_TOKEN_STRING\" }" : "<delegation-token><token>TEST_TOKEN_STRING</token></delegation-token>", str).post(ClientResponse.class)).getClientResponseStatus());
                            return null;
                        }
                    });
                } else {
                    verifySimpleAuthRenew(str, str2);
                }
            }
        }
        rm.stop();
    }

    private void verifySimpleAuthRenew(String str, String str2) {
        Object obj;
        if (str.equals("application/json")) {
            String str3 = "{\"token\": \"TEST_TOKEN_STRING\" }";
            obj = "{\"abcd\": \"test-123\" }";
        } else {
            String str4 = "<delegation-token><token>TEST_TOKEN_STRING</token></delegation-token>";
            obj = "<delegation-token><xml>abcd</xml></delegation-token>";
        }
        Assert.assertEquals(ClientResponse.Status.FORBIDDEN, ((ClientResponse) resource().path("ws").path("v1").path("cluster").path("delegation-token").queryParam("user.name", "testuser").accept(new String[]{str2}).entity(obj, str).post(ClientResponse.class)).getClientResponseStatus());
    }

    @Test
    public void testCancelDelegationToken() throws Exception {
        rm.start();
        client().addFilter(new LoggingFilter(System.out));
        if (!this.isKerberosAuth) {
            verifySimpleAuthCancel();
            return;
        }
        final DelegationToken delegationToken = new DelegationToken();
        delegationToken.setRenewer("client2");
        String[] strArr = {"application/json", "application/xml"};
        for (final String str : strArr) {
            for (final String str2 : strArr) {
                KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.8
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Void call() throws Exception {
                        ClientResponse clientResponse = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).entity(delegationToken, str).post(ClientResponse.class);
                        Assert.assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
                        DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse);
                        Assert.assertEquals(ClientResponse.Status.OK, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").header("Hadoop-YARN-RM-Delegation-Token", delegationTokenFromResponse.getToken()).accept(new String[]{str2}).delete(ClientResponse.class)).getClientResponseStatus());
                        TestRMWebServicesDelegationTokens.this.assertTokenCancelled(delegationTokenFromResponse.getToken());
                        return null;
                    }
                });
                final DelegationToken delegationToken2 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.9
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public DelegationToken call() throws Exception {
                        ClientResponse clientResponse = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).entity(delegationToken, str).post(ClientResponse.class);
                        Assert.assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
                        return TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse);
                    }
                });
                KerberosTestUtils.doAs("client2", new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.10
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Void call() throws Exception {
                        Assert.assertEquals(ClientResponse.Status.OK, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).accept(new String[]{str2}).delete(ClientResponse.class)).getClientResponseStatus());
                        TestRMWebServicesDelegationTokens.this.assertTokenCancelled(delegationToken2.getToken());
                        return null;
                    }
                });
                final DelegationToken delegationToken3 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.11
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public DelegationToken call() throws Exception {
                        ClientResponse clientResponse = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).entity(delegationToken, str).post(ClientResponse.class);
                        Assert.assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
                        return TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse);
                    }
                });
                KerberosTestUtils.doAs("client3", new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.12
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Void call() throws Exception {
                        Assert.assertEquals(ClientResponse.Status.FORBIDDEN, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").header("Hadoop-YARN-RM-Delegation-Token", delegationToken3.getToken()).accept(new String[]{str2}).delete(ClientResponse.class)).getClientResponseStatus());
                        TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationToken3.getToken());
                        return null;
                    }
                });
                testCancelTokenBadRequests(str, str2);
            }
        }
        rm.stop();
    }

    private void testCancelTokenBadRequests(final String str, final String str2) throws Exception {
        final DelegationToken delegationToken = new DelegationToken();
        delegationToken.setRenewer("client2");
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.13
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Assert.assertEquals(ClientResponse.Status.BAD_REQUEST, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").header("Hadoop-YARN-RM-Delegation-Token", "random-string").accept(new String[]{str2}).delete(ClientResponse.class)).getClientResponseStatus());
                return null;
            }
        });
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.14
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Assert.assertEquals(ClientResponse.Status.BAD_REQUEST, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).delete(ClientResponse.class)).getClientResponseStatus());
                return null;
            }
        });
        final DelegationToken delegationToken2 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.15
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public DelegationToken call() throws Exception {
                ClientResponse clientResponse = (ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(new String[]{str2}).entity(delegationToken, str).post(ClientResponse.class);
                Assert.assertEquals(ClientResponse.Status.OK, clientResponse.getClientResponseStatus());
                return TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(clientResponse);
            }
        });
        KerberosTestUtils.doAs("client2", new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.16
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Assert.assertEquals(ClientResponse.Status.OK, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).accept(new String[]{str2}).delete(ClientResponse.class)).getClientResponseStatus());
                Assert.assertEquals(ClientResponse.Status.BAD_REQUEST, ((ClientResponse) TestRMWebServicesDelegationTokens.this.resource().path("ws").path("v1").path("cluster").path("delegation-token").header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).accept(new String[]{str2}).delete(ClientResponse.class)).getClientResponseStatus());
                return null;
            }
        });
    }

    private void verifySimpleAuthCancel() {
        Assert.assertEquals(ClientResponse.Status.FORBIDDEN, ((ClientResponse) resource().path("ws").path("v1").path("cluster").path("delegation-token").queryParam("user.name", "testuser").header("Hadoop-YARN-RM-Delegation-Token", "random").delete(ClientResponse.class)).getClientResponseStatus());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DelegationToken getDelegationTokenFromResponse(ClientResponse clientResponse) throws IOException, ParserConfigurationException, SAXException, JSONException {
        return clientResponse.getType().toString().equals("application/json") ? getDelegationTokenFromJson((JSONObject) clientResponse.getEntity(JSONObject.class)) : getDelegationTokenFromXML((String) clientResponse.getEntity(String.class));
    }

    public static DelegationToken getDelegationTokenFromXML(String str) throws IOException, ParserConfigurationException, SAXException {
        DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
        InputSource inputSource = new InputSource();
        inputSource.setCharacterStream(new StringReader(str));
        NodeList elementsByTagName = newDocumentBuilder.parse(inputSource).getElementsByTagName("delegation-token");
        Assert.assertEquals("incorrect number of elements", 1L, elementsByTagName.getLength());
        Element element = (Element) elementsByTagName.item(0);
        DelegationToken delegationToken = new DelegationToken();
        String xmlString = WebServicesTestUtils.getXmlString(element, "token");
        if (xmlString != null) {
            delegationToken.setToken(xmlString);
        } else {
            delegationToken.setNextExpirationTime(WebServicesTestUtils.getXmlLong(element, "expiration-time"));
        }
        return delegationToken;
    }

    public static DelegationToken getDelegationTokenFromJson(JSONObject jSONObject) throws JSONException {
        DelegationToken delegationToken = new DelegationToken();
        if (jSONObject.has("token")) {
            delegationToken.setToken(jSONObject.getString("token"));
        } else if (jSONObject.has("expiration-time")) {
            delegationToken.setNextExpirationTime(jSONObject.getLong("expiration-time"));
        }
        return delegationToken;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void assertValidRMToken(String str) throws IOException {
        Token token = new Token();
        token.decodeFromUrlString(str);
        RMDelegationTokenIdentifier decodeTokenIdentifier = rm.getRMContext().getRMDelegationTokenSecretManager().decodeTokenIdentifier(token);
        rm.getRMContext().getRMDelegationTokenSecretManager().verifyToken(decodeTokenIdentifier, token.getPassword());
        Assert.assertTrue(rm.getRMContext().getRMDelegationTokenSecretManager().getAllTokens().containsKey(decodeTokenIdentifier));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void assertTokenCancelled(String str) throws Exception {
        Token token = new Token();
        token.decodeFromUrlString(str);
        RMDelegationTokenIdentifier decodeTokenIdentifier = rm.getRMContext().getRMDelegationTokenSecretManager().decodeTokenIdentifier(token);
        boolean z = false;
        try {
            rm.getRMContext().getRMDelegationTokenSecretManager().verifyToken(decodeTokenIdentifier, token.getPassword());
        } catch (SecretManager.InvalidToken e) {
            z = true;
        }
        Assert.assertTrue("InvalidToken exception not thrown", z);
        Assert.assertFalse(rm.getRMContext().getRMDelegationTokenSecretManager().getAllTokens().containsKey(decodeTokenIdentifier));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String generateRenewTokenBody(String str, String str2) {
        return str.equals("application/json") ? "{\"token\": \"" + str2 + "\" }" : "<delegation-token><token>" + str2 + "</token></delegation-token>";
    }
}
