package org.apache.hadoop.yarn.server;

import java.io.File;
import java.io.IOException;
import java.util.UUID;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.hbase.shaded.org.apache.kerby.util.IOUtil;
import org.apache.hadoop.hbase.shaded.org.joni.constants.internal.StackType;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.event.Dispatcher;
import org.apache.hadoop.yarn.event.DrainDispatcher;
import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerResponse;
import org.apache.hadoop.yarn.server.resourcemanager.MockNM;
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/yarn/server/TestRMNMSecretKeys.class */
public class TestRMNMSecretKeys {
    private static final String KRB5_CONF = "java.security.krb5.conf";
    private static final File KRB5_CONF_ROOT_DIR = new File(System.getProperty("test.build.dir", "target/test-dir"), UUID.randomUUID().toString());

    @BeforeClass
    public static void setup() throws IOException {
        KRB5_CONF_ROOT_DIR.mkdir();
        File file = new File(KRB5_CONF_ROOT_DIR, "krb5.conf");
        file.createNewFile();
        IOUtil.writeFile("[libdefaults]\n    default_realm = APACHE.ORG\n    udp_preference_limit = 1\n    extra_addresses = 127.0.0.1\n[realms]\n    APACHE.ORG = {\n        admin_server = localhost:88\n        kdc = localhost:88\n}\n[domain_realm]\n    localhost = APACHE.ORG", file);
        System.setProperty("java.security.krb5.conf", file.getAbsolutePath());
    }

    @AfterClass
    public static void tearDown() throws IOException {
        KRB5_CONF_ROOT_DIR.delete();
    }

    @Test(timeout = 1000000)
    public void testNMUpdation() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        validateRMNMKeyExchange(yarnConfiguration);
        yarnConfiguration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(yarnConfiguration);
        validateRMNMKeyExchange(yarnConfiguration);
    }

    private void validateRMNMKeyExchange(YarnConfiguration yarnConfiguration) throws Exception {
        final DrainDispatcher drainDispatcher = new DrainDispatcher();
        ResourceManager resourceManager = new ResourceManager() { // from class: org.apache.hadoop.yarn.server.TestRMNMSecretKeys.1
            @Override // org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected void doSecureLogin() throws IOException {
            }

            @Override // org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected Dispatcher createDispatcher() {
                return drainDispatcher;
            }

            @Override // org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected void startWepApp() {
            }
        };
        resourceManager.init(yarnConfiguration);
        resourceManager.start();
        MockNM mockNM = new MockNM("host:1234", StackType.ABSENT, resourceManager.getResourceTrackerService());
        RegisterNodeManagerResponse registerNode = mockNM.registerNode();
        Assert.assertNotNull("Container Token : Registration should cause a key-update!", registerNode.getContainerTokenMasterKey());
        Assert.assertNotNull("NM Token : Registration should cause a key-update!", registerNode.getNMTokenMasterKey());
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat = mockNM.nodeHeartbeat(true);
        Assert.assertNull("Container Token : First heartbeat after registration shouldn't get any key updates!", nodeHeartbeat.getContainerTokenMasterKey());
        Assert.assertNull("NM Token : First heartbeat after registration shouldn't get any key updates!", nodeHeartbeat.getNMTokenMasterKey());
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat2 = mockNM.nodeHeartbeat(true);
        Assert.assertNull("Container Token : Even second heartbeat after registration shouldn't get any key updates!", nodeHeartbeat2.getContainerTokenMasterKey());
        Assert.assertNull("NM Token : Even second heartbeat after registration shouldn't get any key updates!", nodeHeartbeat2.getContainerTokenMasterKey());
        drainDispatcher.await();
        resourceManager.getRMContext().getContainerTokenSecretManager().rollMasterKey();
        resourceManager.getRMContext().getNMTokenSecretManager().rollMasterKey();
        NodeHeartbeatResponse nodeHeartbeat3 = mockNM.nodeHeartbeat(true);
        Assert.assertNotNull("Container Token : Heartbeats after roll-over and before activation should not err out.", nodeHeartbeat3.getContainerTokenMasterKey());
        Assert.assertNotNull("NM Token : Heartbeats after roll-over and before activation should not err out.", nodeHeartbeat3.getNMTokenMasterKey());
        Assert.assertEquals("Container Token : Roll-over should have incremented the key-id only by one!", r0.getKeyId() + 1, nodeHeartbeat3.getContainerTokenMasterKey().getKeyId());
        Assert.assertEquals("NM Token : Roll-over should have incremented the key-id only by one!", r0.getKeyId() + 1, nodeHeartbeat3.getNMTokenMasterKey().getKeyId());
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat4 = mockNM.nodeHeartbeat(true);
        Assert.assertNull("Container Token : Second heartbeat after roll-over shouldn't get any key updates!", nodeHeartbeat4.getContainerTokenMasterKey());
        Assert.assertNull("NM Token : Second heartbeat after roll-over shouldn't get any key updates!", nodeHeartbeat4.getNMTokenMasterKey());
        drainDispatcher.await();
        resourceManager.getRMContext().getContainerTokenSecretManager().activateNextMasterKey();
        resourceManager.getRMContext().getNMTokenSecretManager().activateNextMasterKey();
        NodeHeartbeatResponse nodeHeartbeat5 = mockNM.nodeHeartbeat(true);
        Assert.assertNull("Container Token : Activation shouldn't cause any key updates!", nodeHeartbeat5.getContainerTokenMasterKey());
        Assert.assertNull("NM Token : Activation shouldn't cause any key updates!", nodeHeartbeat5.getNMTokenMasterKey());
        drainDispatcher.await();
        NodeHeartbeatResponse nodeHeartbeat6 = mockNM.nodeHeartbeat(true);
        Assert.assertNull("Container Token : Even second heartbeat after activation shouldn't get any key updates!", nodeHeartbeat6.getContainerTokenMasterKey());
        Assert.assertNull("NM Token : Even second heartbeat after activation shouldn't get any key updates!", nodeHeartbeat6.getNMTokenMasterKey());
        drainDispatcher.await();
        resourceManager.stop();
    }
}
