package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.XAttr;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.AclStatus;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
import org.apache.hadoop.hdfs.web.resources.UserParam;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mortbay.util.URIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.class
  input_file:test-classes/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.class
 */
/* loaded from: input_file:hadoop-hdfs-2.10.1/share/hadoop/hdfs/hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.class */
public class TestINodeAttributeProvider {
    private MiniDFSCluster miniDFS;
    private static final short HDFS_PERMISSION = 511;
    private static final short PROVIDER_PERMISSION = 504;
    private static final Logger LOG = LoggerFactory.getLogger(TestINodeAttributeProvider.class);
    private static final Set<String> CALLED = new HashSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$AssertHelper.class
      input_file:test-classes/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$AssertHelper.class
     */
    /* loaded from: input_file:hadoop-hdfs-2.10.1/share/hadoop/hdfs/hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$AssertHelper.class */
    public class AssertHelper {
        private boolean bypass;

        AssertHelper(boolean z) {
            this.bypass = true;
            this.bypass = z;
        }

        public void doAssert(boolean z) {
            if (this.bypass) {
                Assert.assertFalse(z);
            } else {
                Assert.assertTrue(z);
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider.class
      input_file:test-classes/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider.class
     */
    /* loaded from: input_file:hadoop-hdfs-2.10.1/share/hadoop/hdfs/hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider.class */
    public static class MyAuthorizationProvider extends INodeAttributeProvider {

        /* JADX WARN: Classes with same name are omitted:
          input_file:hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider$MyAccessControlEnforcer.class
          input_file:test-classes/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider$MyAccessControlEnforcer.class
         */
        /* loaded from: input_file:hadoop-hdfs-2.10.1/share/hadoop/hdfs/hadoop-hdfs-2.10.1-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider$MyAccessControlEnforcer.class */
        public static class MyAccessControlEnforcer implements INodeAttributeProvider.AccessControlEnforcer {
            @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider.AccessControlEnforcer
            public void checkPermission(String str, String str2, UserGroupInformation userGroupInformation, INodeAttributes[] iNodeAttributesArr, INode[] iNodeArr, byte[][] bArr, int i, String str3, int i2, boolean z, FsAction fsAction, FsAction fsAction2, FsAction fsAction3, FsAction fsAction4, boolean z2) throws AccessControlException {
                TestINodeAttributeProvider.CALLED.add("checkPermission|" + fsAction + "|" + fsAction2 + "|" + fsAction3);
            }
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public void start() {
            TestINodeAttributeProvider.CALLED.add("start");
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public void stop() {
            TestINodeAttributeProvider.CALLED.add("stop");
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public INodeAttributes getAttributes(String[] strArr, final INodeAttributes iNodeAttributes) {
            TestINodeAttributeProvider.CALLED.add("getAttributes");
            final boolean useDefault = useDefault(strArr);
            return new INodeAttributes() { // from class: org.apache.hadoop.hdfs.server.namenode.TestINodeAttributeProvider.MyAuthorizationProvider.1
                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public boolean isDirectory() {
                    return iNodeAttributes.isDirectory();
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public byte[] getLocalNameBytes() {
                    return iNodeAttributes.getLocalNameBytes();
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public String getUserName() {
                    return useDefault ? iNodeAttributes.getUserName() : "foo";
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public String getGroupName() {
                    return useDefault ? iNodeAttributes.getGroupName() : "bar";
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public FsPermission getFsPermission() {
                    return useDefault ? iNodeAttributes.getFsPermission() : new FsPermission(getFsPermissionShort());
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public short getFsPermissionShort() {
                    return useDefault ? iNodeAttributes.getFsPermissionShort() : (short) getPermissionLong();
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public long getPermissionLong() {
                    if (useDefault) {
                        return iNodeAttributes.getPermissionLong();
                    }
                    return 504L;
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public AclFeature getAclFeature() {
                    return useDefault ? iNodeAttributes.getAclFeature() : new AclFeature(AclEntryStatusFormat.toInt(Lists.newArrayList(new AclEntry.Builder().setType(AclEntryType.GROUP).setPermission(FsAction.ALL).setName("xxx").build())));
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public XAttrFeature getXAttrFeature() {
                    return useDefault ? iNodeAttributes.getXAttrFeature() : new XAttrFeature(ImmutableList.copyOf((Collection) Lists.newArrayList(new XAttr.Builder().setName("test").setValue(new byte[]{1, 2}).build())));
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public long getModificationTime() {
                    if (useDefault) {
                        return iNodeAttributes.getModificationTime();
                    }
                    return 0L;
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public long getAccessTime() {
                    if (useDefault) {
                        return iNodeAttributes.getAccessTime();
                    }
                    return 0L;
                }
            };
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public INodeAttributeProvider.AccessControlEnforcer getExternalAccessControlEnforcer(INodeAttributeProvider.AccessControlEnforcer accessControlEnforcer) {
            return new MyAccessControlEnforcer();
        }

        private boolean useDefault(String[] strArr) {
            return (strArr.length >= 2 && strArr[0].equals("user") && strArr[1].equals("authz")) ? false : true;
        }
    }

    @Before
    public void setUp() throws IOException {
        CALLED.clear();
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.set(DFSConfigKeys.DFS_NAMENODE_INODE_ATTRIBUTES_PROVIDER_KEY, MyAuthorizationProvider.class.getName());
        hdfsConfiguration.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
        hdfsConfiguration.set(DFSConfigKeys.DFS_NAMENODE_INODE_ATTRIBUTES_PROVIDER_BYPASS_USERS_KEY, " u2,, ,u3, ");
        EditLogFileOutputStream.setShouldSkipFsyncForTesting(true);
        this.miniDFS = new MiniDFSCluster.Builder(hdfsConfiguration).build();
    }

    @After
    public void cleanUp() throws IOException {
        CALLED.clear();
        if (this.miniDFS != null) {
            this.miniDFS.shutdown();
            this.miniDFS = null;
        }
        Assert.assertTrue(CALLED.contains("stop"));
    }

    @Test
    public void testDelegationToProvider() throws Exception {
        Assert.assertTrue(CALLED.contains("start"));
        FileSystem fileSystem = FileSystem.get(this.miniDFS.getConfiguration(0));
        Path path = new Path("/tmp");
        final Path path2 = new Path("/tmp/foo");
        fileSystem.mkdirs(path);
        fileSystem.setPermission(path, new FsPermission((short) 511));
        UserGroupInformation.createUserForTesting("u1", new String[]{"g1"}).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestINodeAttributeProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                FileSystem fileSystem2 = FileSystem.get(TestINodeAttributeProvider.this.miniDFS.getConfiguration(0));
                TestINodeAttributeProvider.CALLED.clear();
                fileSystem2.mkdirs(path2);
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|null"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|WRITE|null|null"));
                TestINodeAttributeProvider.CALLED.clear();
                fileSystem2.listStatus(path2);
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|READ_EXECUTE"));
                TestINodeAttributeProvider.CALLED.clear();
                fileSystem2.getAclStatus(path2);
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|null"));
                return null;
            }
        });
    }

    private void testBypassProviderHelper(String[] strArr, final short s, boolean z) throws Exception {
        final AssertHelper assertHelper = new AssertHelper(z);
        Assert.assertTrue(CALLED.contains("start"));
        FileSystem fileSystem = FileSystem.get(this.miniDFS.getConfiguration(0));
        final Path path = new Path("/user");
        Path path2 = new Path("/user/authz");
        final Path path3 = new Path("/user/authz/child2");
        fileSystem.mkdirs(path);
        fileSystem.setPermission(path, new FsPermission((short) 511));
        fileSystem.mkdirs(path2);
        fileSystem.setPermission(path2, new FsPermission((short) 511));
        fileSystem.mkdirs(path3);
        fileSystem.setPermission(path3, new FsPermission((short) 511));
        for (String str : strArr) {
            UserGroupInformation.createUserForTesting(str, new String[]{"g1"}).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestINodeAttributeProvider.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    FileSystem fileSystem2 = FileSystem.get(TestINodeAttributeProvider.this.miniDFS.getConfiguration(0));
                    Assert.assertEquals(s, fileSystem2.getFileStatus(path3).getPermission().toShort());
                    assertHelper.doAssert(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                    assertHelper.doAssert(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|null"));
                    TestINodeAttributeProvider.CALLED.clear();
                    Assert.assertEquals(s, fileSystem2.listStatus(path)[0].getPermission().toShort());
                    assertHelper.doAssert(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                    assertHelper.doAssert(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|READ_EXECUTE"));
                    TestINodeAttributeProvider.CALLED.clear();
                    fileSystem2.getAclStatus(path3);
                    assertHelper.doAssert(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                    assertHelper.doAssert(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|null"));
                    return null;
                }
            });
        }
    }

    @Test
    public void testAuthzDelegationToProvider() throws Exception {
        LOG.info("Test not bypassing provider");
        testBypassProviderHelper(new String[]{"u1"}, (short) 504, false);
    }

    @Test
    public void testAuthzBypassingProvider() throws Exception {
        LOG.info("Test bypassing provider");
        testBypassProviderHelper(new String[]{"u2", "u3"}, (short) 511, true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void verifyFileStatus(UserGroupInformation userGroupInformation) throws IOException {
        FileSystem fileSystem = FileSystem.get(this.miniDFS.getConfiguration(0));
        FileStatus fileStatus = fileSystem.getFileStatus(new Path(URIUtil.SLASH));
        LOG.info("Path '/' is owned by: " + fileStatus.getOwner() + ":" + fileStatus.getGroup());
        Path path = new Path("/user/" + userGroupInformation.getShortUserName());
        fileSystem.mkdirs(path);
        FileStatus fileStatus2 = fileSystem.getFileStatus(path);
        Assert.assertEquals(userGroupInformation.getShortUserName(), fileStatus2.getOwner());
        Assert.assertEquals(DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT, fileStatus2.getGroup());
        Assert.assertEquals(new FsPermission((short) 493), fileStatus2.getPermission());
        Path path2 = new Path("/user/authz");
        fileSystem.mkdirs(path2);
        FileStatus fileStatus3 = fileSystem.getFileStatus(path2);
        Assert.assertEquals("foo", fileStatus3.getOwner());
        Assert.assertEquals("bar", fileStatus3.getGroup());
        Assert.assertEquals(new FsPermission((short) 504), fileStatus3.getPermission());
        AclStatus aclStatus = fileSystem.getAclStatus(path2);
        Assert.assertEquals(1L, aclStatus.getEntries().size());
        Assert.assertEquals(AclEntryType.GROUP, ((AclEntry) aclStatus.getEntries().get(0)).getType());
        Assert.assertEquals("xxx", ((AclEntry) aclStatus.getEntries().get(0)).getName());
        Assert.assertEquals(FsAction.ALL, ((AclEntry) aclStatus.getEntries().get(0)).getPermission());
        Assert.assertTrue(fileSystem.getXAttrs(path2).containsKey("user.test"));
        Assert.assertEquals(2L, ((byte[]) r0.get("user.test")).length);
    }

    @Test
    public void testCustomProvider() throws Exception {
        for (final UserGroupInformation userGroupInformation : new UserGroupInformation[]{UserGroupInformation.createUserForTesting(System.getProperty(UserParam.NAME), new String[]{DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT}), UserGroupInformation.createUserForTesting("normaluser", new String[]{"normalusergroup"})}) {
            userGroupInformation.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestINodeAttributeProvider.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    TestINodeAttributeProvider.this.verifyFileStatus(userGroupInformation);
                    return null;
                }
            });
        }
    }
}
