package org.apache.hadoop.hdfs.server.namenode;

import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.BatchedRemoteIterator;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.CachePoolEntry;
import org.apache.hadoop.hdfs.server.protocol.NamenodeProtocols;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.class
  input_file:test-classes/org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.class
 */
/* loaded from: input_file:hadoop-hdfs-2.10.1/share/hadoop/hdfs/hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestAuditLoggerWithCommands.class */
public class TestAuditLoggerWithCommands {
    static final int NUM_DATA_NODES = 2;
    static final long seed = 3735928559L;
    static final int blockSize = 8192;
    private static MiniDFSCluster cluster = null;
    private static FileSystem fileSys = null;
    private static FileSystem fs2 = null;
    private static FileSystem fs = null;
    private static GenericTestUtils.LogCapturer auditlog;
    static Configuration conf;
    static UserGroupInformation user1;
    static UserGroupInformation user2;
    private static NamenodeProtocols proto;

    @BeforeClass
    public static void initialize() throws Exception {
        conf = new HdfsConfiguration();
        conf.setBoolean("dfs.permissions.enabled", true);
        conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
        conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
        cluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
        cluster.waitActive();
        user1 = UserGroupInformation.createUserForTesting("theDoctor", new String[]{"tardis"});
        user2 = UserGroupInformation.createUserForTesting("theEngineer", new String[]{"hadoop"});
        auditlog = GenericTestUtils.LogCapturer.captureLogs(FSNamesystem.auditLog);
        proto = cluster.getNameNodeRpc();
        fileSys = DFSTestUtil.getFileSystemAs(user1, conf);
        fs2 = DFSTestUtil.getFileSystemAs(user2, conf);
        fs = cluster.getFileSystem();
    }

    @AfterClass
    public static void tearDown() throws Exception {
        fs.close();
        fs2.close();
        fileSys.close();
        cluster.shutdown();
    }

    @Test
    public void testDelegationTokens() throws Exception {
        final Token delegationToken = fs.getDelegationToken("foo");
        verifyAuditLogs(true, ".*cmd=getDelegationToken.*src=HDFS_DELEGATION_TOKEN token 1.*with renewer foo.*");
        UserGroupInformation.createUserForTesting("foo", new String[0]).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestAuditLoggerWithCommands.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                delegationToken.renew(TestAuditLoggerWithCommands.conf);
                return null;
            }
        });
        verifyAuditLogs(true, ".*cmd=renewDelegationToken.*src=HDFS_DELEGATION_TOKEN token 1.*with renewer foo.*");
        try {
            delegationToken.renew(conf);
            Assert.fail("Renewing a token with non-renewer should fail");
        } catch (AccessControlException e) {
        }
        verifyAuditLogs(false, ".*cmd=renewDelegationToken.*src=HDFS_DELEGATION_TOKEN token 1.*with renewer foo.*");
        try {
            UserGroupInformation.createUserForTesting("bar", new String[0]).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestAuditLoggerWithCommands.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    delegationToken.cancel(TestAuditLoggerWithCommands.conf);
                    return null;
                }
            });
            Assert.fail("Canceling a token with non-renewer should fail");
        } catch (AccessControlException e2) {
        }
        verifyAuditLogs(false, ".*cmd=cancelDelegationToken.*src=HDFS_DELEGATION_TOKEN token 1.*with renewer foo.*");
        delegationToken.cancel(conf);
        verifyAuditLogs(true, ".*cmd=cancelDelegationToken.*src=HDFS_DELEGATION_TOKEN token 1.*with renewer foo.*");
    }

    private int verifyAuditLogs(boolean z, String str) {
        return verifyAuditLogs(".*allowed=" + z + str);
    }

    private int verifyAuditLogs(String str) {
        int length = auditlog.getOutput().split("\n").length;
        Assert.assertTrue("Unexpected log!", auditlog.getOutput().split("\n")[length - 1].matches(str));
        return length;
    }

    private void removeExistingCachePools(String str) throws Exception {
        BatchedRemoteIterator.BatchedEntries<CachePoolEntry> listCachePools = proto.listCachePools(str);
        for (int i = 0; i < listCachePools.size(); i++) {
            proto.removeCachePool(((CachePoolEntry) listCachePools.get(i)).getInfo().getPoolName());
        }
    }
}
