package org.apache.hadoop.security.authentication.util;

import java.nio.charset.Charset;
import java.util.Properties;
import java.util.Random;
import javax.servlet.ServletContext;
import org.apache.curator.test.TestingServer;
import org.apache.log4j.Level;
import org.apache.log4j.LogManager;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* JADX WARN: Classes with same name are omitted:
  input_file:test-classes/org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider.class
 */
/* loaded from: input_file:hadoop-auth-2.10.0-tests.jar:org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider.class */
public class TestZKSignerSecretProvider {
    private TestingServer zkServer;
    private final int timeout = 100;
    private final long rolloverFrequency = 50;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:test-classes/org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider$MockZKSignerSecretProvider.class
     */
    /* loaded from: input_file:hadoop-auth-2.10.0-tests.jar:org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider$MockZKSignerSecretProvider.class */
    public class MockZKSignerSecretProvider extends ZKSignerSecretProvider {
        MockZKSignerSecretProvider(long j) {
            super(j);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.hadoop.security.authentication.util.ZKSignerSecretProvider, org.apache.hadoop.security.authentication.util.RolloverSignerSecretProvider
        public synchronized void rollSecret() {
        }

        public void realRollSecret() {
            super.rollSecret();
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:test-classes/org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider$OldMockZKSignerSecretProvider.class
     */
    /* loaded from: input_file:hadoop-auth-2.10.0-tests.jar:org/apache/hadoop/security/authentication/util/TestZKSignerSecretProvider$OldMockZKSignerSecretProvider.class */
    private class OldMockZKSignerSecretProvider extends MockZKSignerSecretProvider {
        private Random rand;

        OldMockZKSignerSecretProvider(long j) {
            super(j);
            this.rand = new Random(j);
        }

        @Override // org.apache.hadoop.security.authentication.util.ZKSignerSecretProvider
        protected byte[] generateRandomSecret() {
            return Long.toString(this.rand.nextLong()).getBytes(Charset.forName("UTF-8"));
        }
    }

    public TestZKSignerSecretProvider() {
        LogManager.getLogger(RolloverSignerSecretProvider.LOG.getName()).setLevel(Level.DEBUG);
    }

    @Before
    public void setup() throws Exception {
        this.zkServer = new TestingServer();
    }

    @After
    public void teardown() throws Exception {
        if (this.zkServer != null) {
            this.zkServer.stop();
            this.zkServer.close();
        }
    }

    @Test
    public void testOne() throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        Random random = new Random(currentTimeMillis);
        byte[] generateNewSecret = generateNewSecret(random);
        byte[] generateNewSecret2 = generateNewSecret(random);
        byte[] generateNewSecret3 = generateNewSecret(random);
        MockZKSignerSecretProvider mockZKSignerSecretProvider = (MockZKSignerSecretProvider) Mockito.spy(new MockZKSignerSecretProvider(currentTimeMillis));
        Properties properties = new Properties();
        properties.setProperty(ZKSignerSecretProvider.ZOOKEEPER_CONNECTION_STRING, this.zkServer.getConnectString());
        properties.setProperty(ZKSignerSecretProvider.ZOOKEEPER_PATH, "/secret");
        try {
            mockZKSignerSecretProvider.init(properties, getDummyServletContext(), 50L);
            byte[] currentSecret = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets = mockZKSignerSecretProvider.getAllSecrets();
            Assert.assertArrayEquals(generateNewSecret2, currentSecret);
            Assert.assertEquals(2L, allSecrets.length);
            Assert.assertArrayEquals(generateNewSecret2, allSecrets[0]);
            Assert.assertNull(allSecrets[1]);
            ((MockZKSignerSecretProvider) Mockito.verify(mockZKSignerSecretProvider, Mockito.timeout(100).atLeastOnce())).rollSecret();
            mockZKSignerSecretProvider.realRollSecret();
            byte[] currentSecret2 = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets2 = mockZKSignerSecretProvider.getAllSecrets();
            Assert.assertArrayEquals(generateNewSecret, currentSecret2);
            Assert.assertEquals(2L, allSecrets2.length);
            Assert.assertArrayEquals(generateNewSecret, allSecrets2[0]);
            Assert.assertArrayEquals(generateNewSecret2, allSecrets2[1]);
            ((MockZKSignerSecretProvider) Mockito.verify(mockZKSignerSecretProvider, Mockito.timeout(100).atLeast(2))).rollSecret();
            mockZKSignerSecretProvider.realRollSecret();
            byte[] currentSecret3 = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets3 = mockZKSignerSecretProvider.getAllSecrets();
            Assert.assertArrayEquals(generateNewSecret3, currentSecret3);
            Assert.assertEquals(2L, allSecrets3.length);
            Assert.assertArrayEquals(generateNewSecret3, allSecrets3[0]);
            Assert.assertArrayEquals(generateNewSecret, allSecrets3[1]);
            ((MockZKSignerSecretProvider) Mockito.verify(mockZKSignerSecretProvider, Mockito.timeout(100).atLeast(3))).rollSecret();
            mockZKSignerSecretProvider.realRollSecret();
            mockZKSignerSecretProvider.destroy();
        } catch (Throwable th) {
            mockZKSignerSecretProvider.destroy();
            throw th;
        }
    }

    @Test
    public void testUpgradeChangeSecretLength() throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        Random random = new Random(currentTimeMillis);
        byte[] bytes = Long.toString(random.nextLong()).getBytes(Charset.forName("UTF-8"));
        byte[] bytes2 = Long.toString(random.nextLong()).getBytes(Charset.forName("UTF-8"));
        byte[] bytes3 = Long.toString(random.nextLong()).getBytes(Charset.forName("UTF-8"));
        Random random2 = new Random(currentTimeMillis);
        generateNewSecret(random2);
        generateNewSecret(random2);
        byte[] generateNewSecret = generateNewSecret(random2);
        byte[] generateNewSecret2 = generateNewSecret(random2);
        MockZKSignerSecretProvider mockZKSignerSecretProvider = (MockZKSignerSecretProvider) Mockito.spy(new OldMockZKSignerSecretProvider(currentTimeMillis));
        Properties properties = new Properties();
        properties.setProperty(ZKSignerSecretProvider.ZOOKEEPER_CONNECTION_STRING, this.zkServer.getConnectString());
        properties.setProperty(ZKSignerSecretProvider.ZOOKEEPER_PATH, "/secret");
        try {
            mockZKSignerSecretProvider.init(properties, getDummyServletContext(), 50L);
            byte[] currentSecret = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets = mockZKSignerSecretProvider.getAllSecrets();
            Assert.assertArrayEquals(bytes2, currentSecret);
            Assert.assertEquals(2L, allSecrets.length);
            Assert.assertArrayEquals(bytes2, allSecrets[0]);
            Assert.assertNull(allSecrets[1]);
            mockZKSignerSecretProvider.realRollSecret();
            byte[] currentSecret2 = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets2 = mockZKSignerSecretProvider.getAllSecrets();
            Assert.assertArrayEquals(bytes, currentSecret2);
            Assert.assertEquals(2L, allSecrets2.length);
            Assert.assertArrayEquals(bytes, allSecrets2[0]);
            Assert.assertArrayEquals(bytes2, allSecrets2[1]);
            mockZKSignerSecretProvider.destroy();
            mockZKSignerSecretProvider = (MockZKSignerSecretProvider) Mockito.spy(new MockZKSignerSecretProvider(currentTimeMillis));
            try {
                mockZKSignerSecretProvider.init(properties, getDummyServletContext(), 50L);
                byte[] currentSecret3 = mockZKSignerSecretProvider.getCurrentSecret();
                byte[][] allSecrets3 = mockZKSignerSecretProvider.getAllSecrets();
                Assert.assertArrayEquals(bytes, currentSecret3);
                Assert.assertEquals(2L, allSecrets3.length);
                Assert.assertArrayEquals(bytes, allSecrets3[0]);
                Assert.assertArrayEquals(bytes2, allSecrets3[1]);
                mockZKSignerSecretProvider.realRollSecret();
                byte[] currentSecret4 = mockZKSignerSecretProvider.getCurrentSecret();
                byte[][] allSecrets4 = mockZKSignerSecretProvider.getAllSecrets();
                Assert.assertArrayEquals(bytes3, currentSecret4);
                Assert.assertEquals(2L, allSecrets4.length);
                Assert.assertArrayEquals(bytes3, allSecrets4[0]);
                Assert.assertArrayEquals(bytes, allSecrets4[1]);
                mockZKSignerSecretProvider.realRollSecret();
                byte[] currentSecret5 = mockZKSignerSecretProvider.getCurrentSecret();
                byte[][] allSecrets5 = mockZKSignerSecretProvider.getAllSecrets();
                Assert.assertArrayEquals(generateNewSecret, currentSecret5);
                Assert.assertEquals(2L, allSecrets5.length);
                Assert.assertArrayEquals(generateNewSecret, allSecrets5[0]);
                Assert.assertArrayEquals(bytes3, allSecrets5[1]);
                mockZKSignerSecretProvider.realRollSecret();
                byte[] currentSecret6 = mockZKSignerSecretProvider.getCurrentSecret();
                byte[][] allSecrets6 = mockZKSignerSecretProvider.getAllSecrets();
                Assert.assertArrayEquals(generateNewSecret2, currentSecret6);
                Assert.assertEquals(2L, allSecrets6.length);
                Assert.assertArrayEquals(generateNewSecret2, allSecrets6[0]);
                Assert.assertArrayEquals(generateNewSecret, allSecrets6[1]);
                mockZKSignerSecretProvider.destroy();
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testMultiple1() throws Exception {
        testMultiple(1);
    }

    @Test
    public void testMultiple2() throws Exception {
        testMultiple(2);
    }

    public void testMultiple(int i) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        Random random = new Random(currentTimeMillis);
        byte[] generateNewSecret = generateNewSecret(random);
        byte[] generateNewSecret2 = generateNewSecret(random);
        generateNewSecret(random);
        byte[] generateNewSecret3 = generateNewSecret(random);
        long currentTimeMillis2 = System.currentTimeMillis() + random.nextLong();
        Random random2 = new Random(currentTimeMillis2);
        generateNewSecret(random2);
        generateNewSecret(random2);
        generateNewSecret(random2);
        byte[] generateNewSecret4 = generateNewSecret(random2);
        MockZKSignerSecretProvider mockZKSignerSecretProvider = (MockZKSignerSecretProvider) Mockito.spy(new MockZKSignerSecretProvider(currentTimeMillis));
        MockZKSignerSecretProvider mockZKSignerSecretProvider2 = (MockZKSignerSecretProvider) Mockito.spy(new MockZKSignerSecretProvider(currentTimeMillis2));
        Properties properties = new Properties();
        properties.setProperty(ZKSignerSecretProvider.ZOOKEEPER_CONNECTION_STRING, this.zkServer.getConnectString());
        properties.setProperty(ZKSignerSecretProvider.ZOOKEEPER_PATH, "/secret");
        try {
            mockZKSignerSecretProvider.init(properties, getDummyServletContext(), 50L);
            mockZKSignerSecretProvider2.init(properties, getDummyServletContext(), 50L);
            byte[] currentSecret = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets = mockZKSignerSecretProvider.getAllSecrets();
            byte[] currentSecret2 = mockZKSignerSecretProvider2.getCurrentSecret();
            byte[][] allSecrets2 = mockZKSignerSecretProvider2.getAllSecrets();
            Assert.assertArrayEquals(generateNewSecret2, currentSecret);
            Assert.assertArrayEquals(generateNewSecret2, currentSecret2);
            Assert.assertEquals(2L, allSecrets.length);
            Assert.assertEquals(2L, allSecrets2.length);
            Assert.assertArrayEquals(generateNewSecret2, allSecrets[0]);
            Assert.assertArrayEquals(generateNewSecret2, allSecrets2[0]);
            Assert.assertNull(allSecrets[1]);
            Assert.assertNull(allSecrets2[1]);
            ((MockZKSignerSecretProvider) Mockito.verify(mockZKSignerSecretProvider, Mockito.timeout(100).atLeastOnce())).rollSecret();
            ((MockZKSignerSecretProvider) Mockito.verify(mockZKSignerSecretProvider2, Mockito.timeout(100).atLeastOnce())).rollSecret();
            mockZKSignerSecretProvider.realRollSecret();
            mockZKSignerSecretProvider2.realRollSecret();
            byte[] currentSecret3 = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets3 = mockZKSignerSecretProvider.getAllSecrets();
            Assert.assertArrayEquals(generateNewSecret, currentSecret3);
            Assert.assertEquals(2L, allSecrets3.length);
            Assert.assertArrayEquals(generateNewSecret, allSecrets3[0]);
            Assert.assertArrayEquals(generateNewSecret2, allSecrets3[1]);
            byte[] currentSecret4 = mockZKSignerSecretProvider2.getCurrentSecret();
            byte[][] allSecrets4 = mockZKSignerSecretProvider2.getAllSecrets();
            Assert.assertArrayEquals(generateNewSecret, currentSecret4);
            Assert.assertEquals(2L, allSecrets3.length);
            Assert.assertArrayEquals(generateNewSecret, allSecrets4[0]);
            Assert.assertArrayEquals(generateNewSecret2, allSecrets4[1]);
            ((MockZKSignerSecretProvider) Mockito.verify(mockZKSignerSecretProvider, Mockito.timeout(100).atLeast(2))).rollSecret();
            ((MockZKSignerSecretProvider) Mockito.verify(mockZKSignerSecretProvider2, Mockito.timeout(100).atLeastOnce())).rollSecret();
            switch (i) {
                case 1:
                    mockZKSignerSecretProvider.realRollSecret();
                    mockZKSignerSecretProvider2.realRollSecret();
                    mockZKSignerSecretProvider.realRollSecret();
                    mockZKSignerSecretProvider2.realRollSecret();
                    break;
                case 2:
                    mockZKSignerSecretProvider2.realRollSecret();
                    mockZKSignerSecretProvider.realRollSecret();
                    mockZKSignerSecretProvider2.realRollSecret();
                    mockZKSignerSecretProvider.realRollSecret();
                    break;
                default:
                    throw new Exception("Invalid order selected");
            }
            byte[] currentSecret5 = mockZKSignerSecretProvider.getCurrentSecret();
            byte[][] allSecrets5 = mockZKSignerSecretProvider.getAllSecrets();
            byte[] currentSecret6 = mockZKSignerSecretProvider2.getCurrentSecret();
            byte[][] allSecrets6 = mockZKSignerSecretProvider2.getAllSecrets();
            Assert.assertArrayEquals(currentSecret5, currentSecret6);
            Assert.assertEquals(2L, allSecrets5.length);
            Assert.assertEquals(2L, allSecrets6.length);
            Assert.assertArrayEquals(allSecrets5[0], allSecrets6[0]);
            Assert.assertArrayEquals(allSecrets5[1], allSecrets6[1]);
            switch (i) {
                case 1:
                    Assert.assertArrayEquals(generateNewSecret3, allSecrets5[0]);
                    break;
                case 2:
                    Assert.assertArrayEquals(generateNewSecret4, allSecrets5[0]);
                    break;
            }
        } finally {
            mockZKSignerSecretProvider2.destroy();
            mockZKSignerSecretProvider.destroy();
        }
    }

    private ServletContext getDummyServletContext() {
        ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
        Mockito.when(servletContext.getAttribute(ZKSignerSecretProvider.ZOOKEEPER_SIGNER_SECRET_PROVIDER_CURATOR_CLIENT_ATTRIBUTE)).thenReturn((Object) null);
        return servletContext;
    }

    private byte[] generateNewSecret(Random random) {
        byte[] bArr = new byte[32];
        random.nextBytes(bArr);
        return bArr;
    }
}
