package org.apache.hadoop.yarn.server.resourcemanager.webapp;

import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Properties;
import java.util.concurrent.Callable;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.util.XMLUtils;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.TestCapacitySchedulerAutoCreatedQueueBase;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesAppsModification;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken;
import org.apache.hadoop.yarn.webapp.GenericExceptionHandler;
import org.apache.hadoop.yarn.webapp.JerseyTestBase;
import org.apache.hadoop.yarn.webapp.WebServicesTestUtils;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.jettison.JettisonFeature;
import org.glassfish.jersey.logging.LoggingFeature;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Mockito;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens.class */
public class TestRMWebServicesDelegationTokens extends JerseyTestBase {
    private static File testRootDir;
    private static File httpSpnegoKeytabFile = new File(KerberosTestUtils.getKeytabFile());
    private static String httpSpnegoPrincipal = KerberosTestUtils.getServerPrincipal();
    private static MiniKdc testMiniKDC;
    private static MockRM rm;
    private ResourceConfig config;
    private boolean isKerberosAuth = false;
    private HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    final String yarnTokenHeader = "Hadoop-YARN-RM-Delegation-Token";

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$JerseyBinder.class */
    private class JerseyBinder extends AbstractBinder {
        private Configuration conf = new YarnConfiguration();

        private JerseyBinder() {
        }

        protected void configure() {
            this.conf.setInt("yarn.resourcemanager.am.max-attempts", 2);
            this.conf.setClass("yarn.resourcemanager.scheduler.class", FifoScheduler.class, ResourceScheduler.class);
            this.conf.setBoolean("yarn.acl.enable", true);
            TestRMWebServicesDelegationTokens.rm = TestWebServiceUtil.createRM(this.conf);
            configureScheduler();
            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getScheme()).thenReturn("http");
            HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
            bind(TestRMWebServicesDelegationTokens.rm).to(ResourceManager.class).named("rm");
            bind(this.conf).to(Configuration.class).named("conf");
            bind(TestRMWebServicesDelegationTokens.this.request).to(HttpServletRequest.class);
            bind(httpServletResponse).to(HttpServletResponse.class);
            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                return TestCapacitySchedulerAutoCreatedQueueBase.TEST_GROUPUSER;
            });
            if (TestRMWebServicesDelegationTokens.this.isKerberosAuth) {
                bind(TestKerberosAuthFilter.class);
            } else {
                bind(TestSimpleAuthFilter.class);
            }
        }

        public void configureScheduler() {
        }

        public Configuration getConf() {
            return this.conf;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$KerberosAuth.class */
    private class KerberosAuth extends JerseyBinder {
        private KerberosAuth() {
            super();
        }

        @Override // org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.JerseyBinder
        public void configureScheduler() {
            TestRMWebServicesDelegationTokens.this.isKerberosAuth = true;
            getConf().set("hadoop.security.authentication", "kerberos");
            getConf().set("yarn.resourcemanager.webapp.spnego-principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
            getConf().set("yarn.resourcemanager.webapp.spnego-keytab-file", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
            getConf().set("yarn.nodemanager.webapp.spnego-principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
            getConf().set("yarn.nodemanager.webapp.spnego-keytab-file", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$SimpleAuth.class */
    private class SimpleAuth extends JerseyBinder {
        private SimpleAuth() {
            super();
        }

        @Override // org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.JerseyBinder
        public void configureScheduler() {
            TestRMWebServicesDelegationTokens.this.isKerberosAuth = false;
            getConf().set("hadoop.security.authentication", "simple");
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$TestKerberosAuthFilter.class */
    public static class TestKerberosAuthFilter extends AuthenticationFilter {
        protected Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
            Properties configuration = super.getConfiguration(str, filterConfig);
            configuration.put("kerberos.principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
            configuration.put("kerberos.keytab", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
            configuration.put("type", "kerberos");
            return configuration;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens$TestSimpleAuthFilter.class */
    public static class TestSimpleAuthFilter extends AuthenticationFilter {
        protected Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
            Properties configuration = super.getConfiguration(str, filterConfig);
            configuration.put("kerberos.principal", TestRMWebServicesDelegationTokens.httpSpnegoPrincipal);
            configuration.put("kerberos.keytab", TestRMWebServicesDelegationTokens.httpSpnegoKeytabFile.getAbsolutePath());
            configuration.put("type", "simple");
            configuration.put("simple.anonymous.allowed", "false");
            return configuration;
        }
    }

    protected Application configure() {
        this.config = new ResourceConfig();
        this.config.register(RMWebServices.class);
        this.config.register(GenericExceptionHandler.class);
        this.config.register(TestRMWebServicesAppsModification.TestRMCustomAuthFilter.class);
        this.config.register(new JettisonFeature()).register(JAXBContextResolver.class);
        return this.config;
    }

    @Parameterized.Parameters
    public static Collection<Object[]> guiceConfigs() {
        return Arrays.asList(new Object[]{0}, new Object[]{1});
    }

    public TestRMWebServicesDelegationTokens(int i) throws Exception {
        switch (i) {
            case 0:
            default:
                this.config.register(new KerberosAuth());
                return;
            case 1:
                this.config.register(new SimpleAuth());
                return;
        }
    }

    @BeforeClass
    public static void setupKDC() throws Exception {
        testRootDir = new File("target", TestRMWebServicesDelegationTokens.class.getName() + "-root");
        testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
        testMiniKDC.start();
        testMiniKDC.createPrincipal(httpSpnegoKeytabFile, new String[]{"HTTP/localhost", "client", "client2", "client3"});
    }

    @Before
    public void setUp() throws Exception {
        super.setUp();
        httpSpnegoKeytabFile.deleteOnExit();
        testRootDir.deleteOnExit();
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration);
    }

    @AfterClass
    public static void shutdownKdc() {
        if (testMiniKDC != null) {
            testMiniKDC.stop();
        }
    }

    @After
    public void tearDown() throws Exception {
        if (rm != null) {
            rm.stop();
        }
        super.tearDown();
        UserGroupInformation.setConfiguration(new Configuration());
    }

    @Test
    public void testCreateDelegationToken() throws Exception {
        rm.start();
        DelegationToken delegationToken = new DelegationToken();
        delegationToken.setRenewer("test-renewer");
        String json = TestWebServiceUtil.toJson(delegationToken, DelegationToken.class);
        String[] strArr = {"application/json", "application/xml"};
        HashMap hashMap = new HashMap();
        hashMap.put("application/json", json);
        hashMap.put("application/xml", "<delegation-token><renewer>test-renewer</renewer></delegation-token>");
        for (String str : strArr) {
            String str2 = (String) hashMap.get(str);
            for (String str3 : strArr) {
                if (this.isKerberosAuth) {
                    Mockito.when(this.request.getAuthType()).thenReturn("Kerberos");
                    verifyKerberosAuthCreate(str, str3, str2, "test-renewer");
                } else {
                    verifySimpleAuthCreate(str, str3, str2);
                }
            }
        }
        rm.stop();
    }

    private void verifySimpleAuthCreate(String str, String str2, String str3) {
        WebServicesTestUtils.assertResponseStatusCode(Response.Status.FORBIDDEN, ((Response) target().path("ws").path("v1").path("cluster").path("delegation-token").queryParam("user.name", new Object[]{TestCapacitySchedulerAutoCreatedQueueBase.TEST_GROUPUSER}).request(new String[]{str2}).post(Entity.entity(str3, MediaType.valueOf(str)), Response.class)).getStatusInfo());
    }

    private void verifyKerberosAuthCreate(final String str, final String str2, final String str3, final String str4) throws Exception {
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                    return "client@EXAMPLE.COM";
                });
                Response response = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).post(Entity.entity(str3, MediaType.valueOf(str)), Response.class);
                WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response.getStatusInfo());
                DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response);
                Assert.assertFalse(delegationTokenFromResponse.getToken().isEmpty());
                Token token = new Token();
                token.decodeFromUrlString(delegationTokenFromResponse.getToken());
                Assert.assertEquals(str4, token.decodeIdentifier().getRenewer().toString());
                TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationTokenFromResponse.getToken());
                Response response2 = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).post(Entity.entity(TestWebServiceUtil.toEntity(new DelegationToken(), DelegationToken.class, str), str), Response.class);
                WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response2.getStatusInfo());
                DelegationToken delegationTokenFromResponse2 = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response2);
                Assert.assertFalse(delegationTokenFromResponse2.getToken().isEmpty());
                Token token2 = new Token();
                token2.decodeFromUrlString(delegationTokenFromResponse2.getToken());
                Assert.assertEquals("", token2.decodeIdentifier().getRenewer().toString());
                TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationTokenFromResponse2.getToken());
                return null;
            }
        });
    }

    @Test
    public void testRenewDelegationToken() throws Exception {
        client().register(new LoggingFeature());
        rm.start();
        final DelegationToken delegationToken = new DelegationToken();
        delegationToken.setRenewer("client2");
        String[] strArr = {"application/json", "application/xml"};
        for (final String str : strArr) {
            for (final String str2 : strArr) {
                if (this.isKerberosAuth) {
                    if (this.isKerberosAuth) {
                        Mockito.when(this.request.getAuthType()).thenReturn("Kerberos");
                    }
                    final DelegationToken delegationToken2 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.2
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public DelegationToken call() throws Exception {
                            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                                return "client@EXAMPLE.COM";
                            });
                            Response response = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).post(Entity.entity(TestWebServiceUtil.toEntity(delegationToken, DelegationToken.class, str), str), Response.class);
                            WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response.getStatusInfo());
                            DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response);
                            Assert.assertFalse(delegationTokenFromResponse.getToken().isEmpty());
                            String generateRenewTokenBody = TestRMWebServicesDelegationTokens.generateRenewTokenBody(str, delegationTokenFromResponse.getToken());
                            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn(delegationTokenFromResponse.getToken());
                            WebServicesTestUtils.assertResponseStatusCode(Response.Status.FORBIDDEN, ((Response) TestRMWebServicesDelegationTokens.this.target().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", delegationTokenFromResponse.getToken()).post(Entity.entity(generateRenewTokenBody, str), Response.class)).getStatusInfo());
                            return delegationTokenFromResponse;
                        }
                    });
                    KerberosTestUtils.doAs("client2", new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.3
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public DelegationToken call() throws Exception {
                            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                                return "client2@EXAMPLE.COM";
                            });
                            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn(delegationToken2.getToken());
                            long now = Time.now();
                            TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationToken2.getToken());
                            String generateRenewTokenBody = TestRMWebServicesDelegationTokens.generateRenewTokenBody(str, delegationToken2.getToken());
                            Response response = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).post(Entity.entity(generateRenewTokenBody, str), Response.class);
                            WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response.getStatusInfo());
                            DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response);
                            delegationTokenFromResponse.getNextExpirationTime();
                            Assert.assertTrue("Expiration time not as expected: old = " + now + "; new = " + now, delegationTokenFromResponse.getNextExpirationTime().longValue() > now);
                            long longValue = delegationTokenFromResponse.getNextExpirationTime().longValue();
                            Thread.sleep(1000L);
                            Response response2 = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).post(Entity.entity(generateRenewTokenBody, str), Response.class);
                            WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response2.getStatusInfo());
                            DelegationToken delegationTokenFromResponse2 = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response2);
                            delegationTokenFromResponse2.getNextExpirationTime();
                            Assert.assertTrue("Expiration time not as expected: old = " + longValue + "; new = " + longValue, delegationTokenFromResponse2.getNextExpirationTime().longValue() > longValue);
                            return delegationTokenFromResponse2;
                        }
                    });
                    KerberosTestUtils.doAs("client3", new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.4
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public DelegationToken call() throws Exception {
                            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                                return "client3@EXAMPLE.COM";
                            });
                            WebServicesTestUtils.assertResponseStatusCode(Response.Status.FORBIDDEN, ((Response) TestRMWebServicesDelegationTokens.this.target().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).post(Entity.entity(TestRMWebServicesDelegationTokens.generateRenewTokenBody(str, delegationToken2.getToken()), str), Response.class)).getStatusInfo());
                            return null;
                        }
                    });
                    KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.5
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public Void call() throws Exception {
                            String str3;
                            if (str.equals("application/json")) {
                                DelegationToken delegationToken3 = new DelegationToken();
                                delegationToken3.setToken("TEST_TOKEN_STRING");
                                str3 = TestWebServiceUtil.toJson(delegationToken3, DelegationToken.class);
                            } else {
                                str3 = "<delegation-token><token>" + "TEST_TOKEN_STRING" + "</token></delegation-token>";
                            }
                            Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn((Object) null);
                            WebServicesTestUtils.assertResponseStatusCode(Response.Status.BAD_REQUEST, ((Response) TestRMWebServicesDelegationTokens.this.target().path("ws").path("v1").path("cluster").path("delegation-token").path("expiration").request().post(Entity.entity(str3, MediaType.valueOf(str)), Response.class)).getStatusInfo());
                            return null;
                        }
                    });
                } else {
                    verifySimpleAuthRenew(str, str2);
                }
            }
        }
        rm.stop();
    }

    private void verifySimpleAuthRenew(String str, String str2) throws Exception {
        String str3;
        if (str.equals("application/json")) {
            DelegationToken delegationToken = new DelegationToken();
            String str4 = "{\"token\": \"" + "TEST_TOKEN_STRING" + "\" }";
            delegationToken.setToken("test-123");
            str3 = TestWebServiceUtil.toJson(delegationToken, DelegationToken.class);
        } else {
            String str5 = "<delegation-token><token>" + "TEST_TOKEN_STRING" + "</token></delegation-token>";
            str3 = "<delegation-token><xml>abcd</xml></delegation-token>";
        }
        WebServicesTestUtils.assertResponseStatusCode(Response.Status.FORBIDDEN, ((Response) target().path("ws").path("v1").path("cluster").path("delegation-token").queryParam("user.name", new Object[]{TestCapacitySchedulerAutoCreatedQueueBase.TEST_GROUPUSER}).request(new String[]{str2}).post(Entity.entity(str3, str), Response.class)).getStatusInfo());
    }

    @Test
    public void testCancelDelegationToken() throws Exception {
        rm.start();
        if (!this.isKerberosAuth) {
            verifySimpleAuthCancel();
            return;
        }
        final DelegationToken delegationToken = new DelegationToken();
        delegationToken.setRenewer("client2");
        String[] strArr = {"application/json", "application/xml"};
        Mockito.when(this.request.getAuthType()).thenReturn("Kerberos");
        for (final String str : strArr) {
            for (final String str2 : strArr) {
                KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.6
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Void call() throws Exception {
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                            return "client@EXAMPLE.COM";
                        });
                        Response response = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).post(Entity.entity(TestWebServiceUtil.toEntity(delegationToken, DelegationToken.class, str), str), Response.class);
                        WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response.getStatusInfo());
                        DelegationToken delegationTokenFromResponse = TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response);
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn(delegationTokenFromResponse.getToken());
                        WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, ((Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", delegationTokenFromResponse.getToken()).delete(Response.class)).getStatusInfo());
                        TestRMWebServicesDelegationTokens.this.assertTokenCancelled(delegationTokenFromResponse.getToken());
                        return null;
                    }
                });
                final DelegationToken delegationToken2 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.7
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public DelegationToken call() throws Exception {
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                            return "client@EXAMPLE.COM";
                        });
                        Response response = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).post(Entity.entity(TestWebServiceUtil.toEntity(delegationToken, DelegationToken.class, str), str), Response.class);
                        WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response.getStatusInfo());
                        return TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response);
                    }
                });
                KerberosTestUtils.doAs("client2", new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.8
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Void call() throws Exception {
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                            return "client2@EXAMPLE.COM";
                        });
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn(delegationToken2.getToken());
                        WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, ((Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request().header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).accept(new String[]{str2}).delete(Response.class)).getStatusInfo());
                        TestRMWebServicesDelegationTokens.this.assertTokenCancelled(delegationToken2.getToken());
                        return null;
                    }
                });
                final DelegationToken delegationToken3 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.9
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public DelegationToken call() throws Exception {
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                            return "client@EXAMPLE.COM";
                        });
                        Response response = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).post(Entity.entity(TestWebServiceUtil.toEntity(delegationToken, DelegationToken.class, str), str), Response.class);
                        WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response.getStatusInfo());
                        return TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response);
                    }
                });
                KerberosTestUtils.doAs("client3", new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.10
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Void call() throws Exception {
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                            return "client3@EXAMPLE.COM";
                        });
                        Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn(delegationToken3.getToken());
                        WebServicesTestUtils.assertResponseStatusCode(Response.Status.FORBIDDEN, ((Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request().header("Hadoop-YARN-RM-Delegation-Token", delegationToken3.getToken()).accept(new String[]{str2}).delete(Response.class)).getStatusInfo());
                        TestRMWebServicesDelegationTokens.this.assertValidRMToken(delegationToken3.getToken());
                        return null;
                    }
                });
                testCancelTokenBadRequests(str, str2);
            }
        }
        rm.stop();
    }

    private void testCancelTokenBadRequests(final String str, final String str2) throws Exception {
        final DelegationToken delegationToken = new DelegationToken();
        delegationToken.setRenewer("client2");
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.11
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                    return "client@EXAMPLE.COM";
                });
                Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn("random-string");
                WebServicesTestUtils.assertResponseStatusCode(Response.Status.BAD_REQUEST, ((Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", "random-string").delete(Response.class)).getStatusInfo());
                return null;
            }
        });
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.12
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                    return "client@EXAMPLE.COM";
                });
                WebServicesTestUtils.assertResponseStatusCode(Response.Status.BAD_REQUEST, ((Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).delete(Response.class)).getStatusInfo());
                return null;
            }
        });
        final DelegationToken delegationToken2 = (DelegationToken) KerberosTestUtils.doAsClient(new Callable<DelegationToken>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.13
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public DelegationToken call() throws Exception {
                Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(() -> {
                    return "client@EXAMPLE.COM";
                });
                Response response = (Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).post(Entity.entity(TestWebServiceUtil.toEntity(delegationToken, DelegationToken.class, str), str), Response.class);
                WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, response.getStatusInfo());
                return TestRMWebServicesDelegationTokens.this.getDelegationTokenFromResponse(response);
            }
        });
        KerberosTestUtils.doAs("client2", new Callable<Void>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesDelegationTokens.14
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Principal principal = () -> {
                    return "client2@EXAMPLE.COM";
                };
                Mockito.when(TestRMWebServicesDelegationTokens.this.request.getHeader("Hadoop-YARN-RM-Delegation-Token")).thenReturn(delegationToken2.getToken());
                Mockito.when(TestRMWebServicesDelegationTokens.this.request.getUserPrincipal()).thenReturn(principal);
                WebServicesTestUtils.assertResponseStatusCode(Response.Status.OK, ((Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).delete(Response.class)).getStatusInfo());
                WebServicesTestUtils.assertResponseStatusCode(Response.Status.BAD_REQUEST, ((Response) TestRMWebServicesDelegationTokens.this.targetWithJsonObject().path("ws").path("v1").path("cluster").path("delegation-token").request(new String[]{str2}).header("Hadoop-YARN-RM-Delegation-Token", delegationToken2.getToken()).delete(Response.class)).getStatusInfo());
                return null;
            }
        });
    }

    private void verifySimpleAuthCancel() {
        WebServicesTestUtils.assertResponseStatusCode(Response.Status.FORBIDDEN, ((Response) target().path("ws").path("v1").path("cluster").path("delegation-token").queryParam("user.name", new Object[]{TestCapacitySchedulerAutoCreatedQueueBase.TEST_GROUPUSER}).request().header("Hadoop-YARN-RM-Delegation-Token", "random").delete(Response.class)).getStatusInfo());
    }

    private DelegationToken getDelegationTokenFromResponse(Response response) throws IOException, ParserConfigurationException, SAXException, JSONException {
        return response.getMediaType().toString().contains("application/json") ? getDelegationTokenFromJson(((JSONObject) response.readEntity(JSONObject.class)).getJSONObject("delegation-token")) : getDelegationTokenFromXML((String) response.readEntity(String.class));
    }

    public static DelegationToken getDelegationTokenFromXML(String str) throws IOException, ParserConfigurationException, SAXException {
        DocumentBuilder newDocumentBuilder = XMLUtils.newSecureDocumentBuilderFactory().newDocumentBuilder();
        InputSource inputSource = new InputSource();
        inputSource.setCharacterStream(new StringReader(str));
        NodeList elementsByTagName = newDocumentBuilder.parse(inputSource).getElementsByTagName("delegation-token");
        Assert.assertEquals("incorrect number of elements", 1L, elementsByTagName.getLength());
        Element element = (Element) elementsByTagName.item(0);
        DelegationToken delegationToken = new DelegationToken();
        String xmlString = WebServicesTestUtils.getXmlString(element, "token");
        if (xmlString != null) {
            delegationToken.setToken(xmlString);
        } else {
            delegationToken.setNextExpirationTime(WebServicesTestUtils.getXmlLong(element, "expiration-time"));
        }
        return delegationToken;
    }

    public static DelegationToken getDelegationTokenFromJson(JSONObject jSONObject) throws JSONException {
        DelegationToken delegationToken = new DelegationToken();
        if (jSONObject.has("token")) {
            delegationToken.setToken(jSONObject.getString("token"));
        } else if (jSONObject.has("expiration-time")) {
            delegationToken.setNextExpirationTime(jSONObject.getLong("expiration-time"));
        }
        return delegationToken;
    }

    private void assertValidRMToken(String str) throws IOException {
        Token token = new Token();
        token.decodeFromUrlString(str);
        RMDelegationTokenIdentifier decodeTokenIdentifier = rm.getRMContext().getRMDelegationTokenSecretManager().decodeTokenIdentifier(token);
        rm.getRMContext().getRMDelegationTokenSecretManager().verifyToken(decodeTokenIdentifier, token.getPassword());
        Assert.assertTrue(rm.getRMContext().getRMDelegationTokenSecretManager().getAllTokens().containsKey(decodeTokenIdentifier));
    }

    private void assertTokenCancelled(String str) throws Exception {
        Token token = new Token();
        token.decodeFromUrlString(str);
        RMDelegationTokenIdentifier decodeTokenIdentifier = rm.getRMContext().getRMDelegationTokenSecretManager().decodeTokenIdentifier(token);
        boolean z = false;
        try {
            rm.getRMContext().getRMDelegationTokenSecretManager().verifyToken(decodeTokenIdentifier, token.getPassword());
        } catch (SecretManager.InvalidToken e) {
            z = true;
        }
        Assert.assertTrue("InvalidToken exception not thrown", z);
        Assert.assertFalse(rm.getRMContext().getRMDelegationTokenSecretManager().getAllTokens().containsKey(decodeTokenIdentifier));
    }

    private static String generateRenewTokenBody(String str, String str2) throws Exception {
        String str3;
        if (str.contains("application/json")) {
            DelegationToken delegationToken = new DelegationToken();
            delegationToken.setToken(str2);
            str3 = TestWebServiceUtil.toJson(delegationToken, DelegationToken.class);
        } else {
            str3 = "<delegation-token><token>" + str2 + "</token></delegation-token>";
        }
        return str3;
    }
}
