package org.apache.hadoop.hdfs.server.balancer;

import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager;
import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
import org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol;
import org.apache.hadoop.util.FakeTimer;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;
import org.mockito.Mockito;
import org.mockito.internal.util.reflection.Whitebox;

/* loaded from: input_file:lib/hadoop-hdfs-2.7.4.0-tests.jar:org/apache/hadoop/hdfs/server/balancer/TestKeyManager.class */
public class TestKeyManager {

    @Rule
    public Timeout globalTimeout = new Timeout(120000);

    @Test
    public void testNewDataEncryptionKey() throws Exception {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.setBoolean(DFSConfigKeys.DFS_ENCRYPT_DATA_TRANSFER_KEY, true);
        hdfsConfiguration.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
        FakeTimer fakeTimer = new FakeTimer();
        BlockTokenSecretManager blockTokenSecretManager = new BlockTokenSecretManager(2000L, 2000L, 0, "bp-foo", (String) null);
        Whitebox.setInternalState(blockTokenSecretManager, "timer", fakeTimer);
        NamenodeProtocol namenodeProtocol = (NamenodeProtocol) Mockito.mock(NamenodeProtocol.class);
        Mockito.when(namenodeProtocol.getBlockKeys()).thenReturn(blockTokenSecretManager.exportKeys());
        KeyManager keyManager = new KeyManager("bp-foo", namenodeProtocol, true, hdfsConfiguration);
        Whitebox.setInternalState(keyManager, "timer", fakeTimer);
        Whitebox.setInternalState(Whitebox.getInternalState(keyManager, "blockTokenSecretManager"), "timer", fakeTimer);
        DataEncryptionKey newDataEncryptionKey = keyManager.newDataEncryptionKey();
        Assert.assertEquals("KeyManager dataEncryptionKey should expire in 2 seconds", 2000L, newDataEncryptionKey.expiryDate - fakeTimer.now());
        fakeTimer.advance(2001L);
        DataEncryptionKey newDataEncryptionKey2 = keyManager.newDataEncryptionKey();
        Assert.assertNotEquals("KeyManager should generate a new data encryption key", newDataEncryptionKey, newDataEncryptionKey2);
        Assert.assertTrue("KeyManager has an expired DataEncryptionKey!", newDataEncryptionKey2.expiryDate > fakeTimer.now());
    }
}
