public _PrivilegedAction_480(TestAMRMClientOnRMRestart.MyResourceManager2 rm2)
 {
     this.rm2 = rm2;
 }
        // Test verify for AM issued with rolled-over AMRMToken
        // is still able to communicate with restarted RM.
        /// <exception cref="System.Exception"/>
        public virtual void TestAMRMClientOnAMRMTokenRollOverOnRMRestart()
        {
            conf.SetLong(YarnConfiguration.RmAmrmTokenMasterKeyRollingIntervalSecs, rolling_interval_sec
                         );
            conf.SetLong(YarnConfiguration.RmAmExpiryIntervalMs, am_expire_ms);
            MemoryRMStateStore memStore = new MemoryRMStateStore();

            memStore.Init(conf);
            // start first RM
            TestAMRMClientOnRMRestart.MyResourceManager2 rm1 = new TestAMRMClientOnRMRestart.MyResourceManager2
                                                                   (conf, memStore);
            rm1.Start();
            DrainDispatcher dispatcher = (DrainDispatcher)rm1.GetRMContext().GetDispatcher();
            long            startTime  = Runtime.CurrentTimeMillis();
            // Submit the application
            RMApp app = rm1.SubmitApp(1024);

            dispatcher.Await();
            MockNM nm1 = new MockNM("h1:1234", 15120, rm1.GetResourceTrackerService());

            nm1.RegisterNode();
            nm1.NodeHeartbeat(true);
            // Node heartbeat
            dispatcher.Await();
            ApplicationAttemptId appAttemptId = app.GetCurrentAppAttempt().GetAppAttemptId();

            rm1.SendAMLaunched(appAttemptId);
            dispatcher.Await();
            AMRMTokenSecretManager amrmTokenSecretManagerForRM1 = rm1.GetRMContext().GetAMRMTokenSecretManager
                                                                      ();

            Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> token = amrmTokenSecretManagerForRM1
                                                                                 .CreateAndGetAMRMToken(appAttemptId);
            UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

            ugi.AddTokenIdentifier(token.DecodeIdentifier());
            AMRMClient <AMRMClient.ContainerRequest> amClient = new TestAMRMClientOnRMRestart.MyAMRMClientImpl
                                                                    (rm1);

            amClient.Init(conf);
            amClient.Start();
            amClient.RegisterApplicationMaster("h1", 10000, string.Empty);
            amClient.Allocate(0.1f);
            // Wait for enough time and make sure the roll_over happens
            // At mean time, the old AMRMToken should continue to work
            while (Runtime.CurrentTimeMillis() - startTime < rolling_interval_sec * 1000)
            {
                amClient.Allocate(0.1f);
                try
                {
                    Sharpen.Thread.Sleep(1000);
                }
                catch (Exception)
                {
                }
            }
            // DO NOTHING
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetMasterKey().GetMasterKey
                                              ().GetKeyId() != token.DecodeIdentifier().GetKeyId());
            amClient.Allocate(0.1f);
            // active the nextMasterKey, and replace the currentMasterKey
            Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> newToken = amrmTokenSecretManagerForRM1
                                                                                    .CreateAndGetAMRMToken(appAttemptId);
            int waitCount = 0;

            while (waitCount++ <= 50)
            {
                if (amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData().GetMasterKey().GetKeyId
                        () != token.DecodeIdentifier().GetKeyId())
                {
                    break;
                }
                try
                {
                    amClient.Allocate(0.1f);
                }
                catch (Exception)
                {
                    break;
                }
                Sharpen.Thread.Sleep(500);
            }
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetNextMasterKeyData()
                                          == null);
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData
                                              ().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId());
            // start 2nd RM
            conf.Set(YarnConfiguration.RmSchedulerAddress, "0.0.0.0:9030");
            TestAMRMClientOnRMRestart.MyResourceManager2 rm2 = new TestAMRMClientOnRMRestart.MyResourceManager2
                                                                   (conf, memStore);
            rm2.Start();
            nm1.SetResourceTrackerService(rm2.GetResourceTrackerService());
            ((TestAMRMClientOnRMRestart.MyAMRMClientImpl)amClient).UpdateRMProxy(rm2);
            dispatcher = (DrainDispatcher)rm2.GetRMContext().GetDispatcher();
            AMRMTokenSecretManager amrmTokenSecretManagerForRM2 = rm2.GetRMContext().GetAMRMTokenSecretManager
                                                                      ();

            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetCurrnetMasterKeyData
                                              ().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId());
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetNextMasterKeyData()
                                          == null);
            try
            {
                UserGroupInformation testUser = UserGroupInformation.CreateRemoteUser("testUser");
                SecurityUtil.SetTokenService(token, rm2.GetApplicationMasterService().GetBindAddress
                                                 ());
                testUser.AddToken(token);
                testUser.DoAs(new _PrivilegedAction_480(rm2)).Allocate(Org.Apache.Hadoop.Yarn.Util.Records
                                                                       .NewRecord <AllocateRequest>());
                NUnit.Framework.Assert.Fail("The old Token should not work");
            }
            catch (Exception ex)
            {
                NUnit.Framework.Assert.IsTrue(ex is SecretManager.InvalidToken);
                NUnit.Framework.Assert.IsTrue(ex.Message.Contains("Invalid AMRMToken from " + token
                                                                  .DecodeIdentifier().GetApplicationAttemptId()));
            }
            // make sure the recovered AMRMToken works for new RM
            amClient.Allocate(0.1f);
            amClient.UnregisterApplicationMaster(FinalApplicationStatus.Succeeded, null, null
                                                 );
            amClient.Stop();
            rm1.Stop();
            rm2.Stop();
        }