package org.apache.hadoop.mapreduce.security;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.examples.SleepJob;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter;
import org.apache.hadoop.io.IntWritable;
import org.apache.hadoop.io.NullWritable;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapred.JobConfigurable;
import org.apache.hadoop.mapred.MiniMRCluster;
import org.apache.hadoop.mapred.OutputCollector;
import org.apache.hadoop.mapred.Reporter;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.ToolRunner;
import org.codehaus.jackson.map.ObjectMapper;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/mapreduce/security/TestTokenCache.class */
public class TestTokenCache {
    private static final int NUM_OF_KEYS = 10;
    private static MiniMRCluster mrCluster;
    private static MiniDFSCluster dfsCluster;
    private static JobConf jConf;
    private static Path p1;
    private static Path p2;
    private static final Path TEST_DIR = new Path(System.getProperty("test.build.data", "/tmp"), "sleepTest");
    private static final Path jsonTokenFile = new Path(TEST_DIR, "tokenFile.json");
    private static final Path binaryTokenFile = new Path(TEST_DIR, "tokenFile.bin");
    private static int numSlaves = 1;
    private static ObjectMapper mapper = new ObjectMapper();

    /* loaded from: input_file:org/apache/hadoop/mapreduce/security/TestTokenCache$MySleepJob.class */
    static class MySleepJob extends SleepJob implements JobConfigurable {
        Credentials ts;

        MySleepJob() {
        }

        public void configure(JobConf jobConf) {
            try {
                this.ts = jobConf.getCredentials();
                Path path = new Path("file1");
                Path makeQualified = path.getFileSystem(jobConf).makeQualified(path);
                Credentials credentials = new Credentials();
                TokenCache.obtainTokensForNamenodesInternal(credentials, new Path[]{makeQualified}, jobConf);
                Iterator it = credentials.getAllTokens().iterator();
                while (it.hasNext()) {
                    this.ts.addToken(new Text("Hdfs"), (Token) it.next());
                }
            } catch (IOException e) {
                Assert.fail("Exception " + e);
            }
        }

        public void map(IntWritable intWritable, IntWritable intWritable2, OutputCollector<IntWritable, NullWritable> outputCollector, Reporter reporter) throws IOException {
            byte[] secretKey = this.ts.getSecretKey(new Text("alias1"));
            Collection allTokens = this.ts.getAllTokens();
            if (allTokens != null) {
                allTokens.size();
            }
            if (allTokens.size() != 2) {
                throw new RuntimeException("tokens are not available");
            }
            if (secretKey == null || this.ts == null || this.ts.numberOfSecretKeys() != TestTokenCache.NUM_OF_KEYS) {
                throw new RuntimeException("secret keys are not available");
            }
            super.map(intWritable, intWritable2, outputCollector, reporter);
        }

        public JobConf setupJobConf(int i, int i2, long j, int i3, long j2, int i4) {
            JobConf jobConf = super.setupJobConf(i, i2, j, i3, j2, i4);
            jobConf.setMapperClass(MySleepJob.class);
            return jobConf;
        }

        public /* bridge */ /* synthetic */ void map(Object obj, Object obj2, OutputCollector outputCollector, Reporter reporter) throws IOException {
            map((IntWritable) obj, (IntWritable) obj2, (OutputCollector<IntWritable, NullWritable>) outputCollector, reporter);
        }
    }

    @BeforeClass
    public static void setUp() throws Exception {
        Configuration configuration = new Configuration();
        dfsCluster = new MiniDFSCluster(configuration, numSlaves, true, (String[]) null);
        jConf = new JobConf(configuration);
        mrCluster = new MiniMRCluster(0, 0, numSlaves, dfsCluster.getFileSystem().getUri().toString(), 1, null, null, null, jConf);
        createTokenFileJson();
        verifySecretKeysInJSONFile();
        createTokenFileBinary();
        verifySecretKeysInBinaryFile();
        NameNodeAdapter.getDtSecretManager(dfsCluster.getNamesystem()).startThreads();
        DistributedFileSystem fileSystem = dfsCluster.getFileSystem();
        p1 = new Path("file1");
        p2 = new Path("file2");
        p1 = fileSystem.makeQualified(p1);
    }

    @AfterClass
    public static void tearDown() throws Exception {
        if (mrCluster != null) {
            mrCluster.shutdown();
        }
        mrCluster = null;
        if (dfsCluster != null) {
            dfsCluster.shutdown();
        }
        dfsCluster = null;
    }

    private static void createTokenFileJson() throws IOException {
        HashMap hashMap = new HashMap();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacSHA1");
            for (int i = 0; i < NUM_OF_KEYS; i++) {
                hashMap.put("alias" + i, new String(Base64.encodeBase64(((SecretKeySpec) keyGenerator.generateKey()).getEncoded())));
            }
            try {
                new File(jsonTokenFile.getParent().toString()).mkdirs();
                mapper.writeValue(new File(jsonTokenFile.toString()), hashMap);
            } catch (Exception e) {
                System.out.println("failed with :" + e.getLocalizedMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException(e2);
        }
    }

    private static void createTokenFileBinary() throws IOException {
        Credentials credentials = new Credentials();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacSHA1");
            for (int i = 0; i < NUM_OF_KEYS; i++) {
                credentials.addSecretKey(new Text("alias" + i), Base64.encodeBase64(((SecretKeySpec) keyGenerator.generateKey()).getEncoded()));
            }
            try {
                credentials.writeTokenStorageFile(new Path(binaryTokenFile.toUri()), new Configuration());
            } catch (Exception e) {
                System.out.println("failed with :" + e.getLocalizedMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException(e2);
        }
    }

    private static void verifySecretKeysInJSONFile() throws IOException {
        Assert.assertEquals("didn't read JSON correctly", ((Map) mapper.readValue(new File(jsonTokenFile.toString()), Map.class)).size(), 10L);
    }

    private static void verifySecretKeysInBinaryFile() throws IOException {
        Assert.assertEquals("didn't read JSON correctly", Credentials.readTokenStorageFile(new File(binaryTokenFile.toString()), new Configuration()).numberOfSecretKeys(), 10L);
    }

    @Test
    public void testTokenCache() throws IOException {
        jConf = mrCluster.createJobConf();
        URI uri = NameNode.getUri(dfsCluster.getNameNode().getNameNodeAddress());
        jConf.set("mapreduce.job.hdfs-servers", uri + "," + uri.toString());
        jConf.set("mapreduce.jobtracker.kerberos.principal", "jt_id");
        int i = -1;
        try {
            i = ToolRunner.run(jConf, new MySleepJob(), new String[]{"-tokenCacheFile", binaryTokenFile.toString(), "-m", "1", "-r", "1", "-mt", "1", "-rt", "1"});
        } catch (Exception e) {
            System.out.println("Job failed with" + e.getLocalizedMessage());
            e.printStackTrace(System.out);
            Assert.fail("Job failed");
        }
        Assert.assertEquals("dist job res is not 0", i, 0L);
    }

    @Test
    public void testLocalJobTokenCache() throws NoSuchAlgorithmException, IOException {
        jConf = mrCluster.createJobConf();
        String[] strArr = {"-m", "1", "-r", "1", "-mt", "1", "-rt", "1"};
        jConf.set("mapreduce.job.credentials.json", jsonTokenFile.toString());
        int i = -1;
        try {
            i = ToolRunner.run(jConf, new MySleepJob(), strArr);
        } catch (Exception e) {
            System.out.println("Job failed with" + e.getLocalizedMessage());
            e.printStackTrace(System.out);
            Assert.fail("local Job failed");
        }
        Assert.assertEquals("local job res is not 0", i, 0L);
    }

    @Test
    public void testGetTokensForNamenodes() throws IOException {
        dfsCluster.getFileSystem();
        Credentials credentials = new Credentials();
        TokenCache.obtainTokensForNamenodesInternal(credentials, new Path[]{p1, p2}, jConf);
        String buildDTServiceName = SecurityUtil.buildDTServiceName(p1.toUri(), 8020);
        Collection<Token> allTokens = credentials.getAllTokens();
        Assert.assertEquals("number of tokens is not 1", 1L, allTokens.size());
        boolean z = false;
        for (Token token : allTokens) {
            if (token.getKind().equals(DelegationTokenIdentifier.HDFS_DELEGATION_KIND) && token.getService().equals(new Text(buildDTServiceName))) {
                z = true;
            }
            Assert.assertTrue("didn't find token for " + p1, z);
        }
    }

    @Test
    public void testCleanUpTokenReferral() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set("mapreduce.job.credentials.binary", "foo");
        TokenCache.cleanUpTokenReferral(configuration);
        Assert.assertNull(configuration.get("mapreduce.job.credentials.binary"));
    }

    @Test
    public void testGetTokensForViewFS() throws IOException, URISyntaxException {
        Configuration configuration = new Configuration(jConf);
        DistributedFileSystem fileSystem = dfsCluster.getFileSystem();
        String canonicalServiceName = fileSystem.getCanonicalServiceName();
        Path path = new Path("/mount1");
        Path path2 = new Path("/mount2");
        Path makeQualified = fileSystem.makeQualified(path);
        Path makeQualified2 = fileSystem.makeQualified(path2);
        configuration.set("fs.viewfs.mounttable.default.link./dir1", makeQualified.toString());
        configuration.set("fs.viewfs.mounttable.default.link./dir2", makeQualified2.toString());
        Credentials credentials = new Credentials();
        Path path3 = new Path("viewfs:///dir1");
        Path path4 = new Path("viewfs:///dir2");
        TokenCache.obtainTokensForNamenodesInternal(credentials, new Path[]{path3, path4}, configuration);
        Collection<Token> allTokens = credentials.getAllTokens();
        Assert.assertEquals("number of tokens is not 1", 1L, allTokens.size());
        boolean z = false;
        for (Token token : allTokens) {
            System.out.println("token=" + token);
            if (token.getKind().equals(DelegationTokenIdentifier.HDFS_DELEGATION_KIND) && token.getService().equals(new Text(canonicalServiceName))) {
                z = true;
            }
            Assert.assertTrue("didn't find token for [" + path3 + ", " + path4 + "]", z);
        }
    }
}
