package org.apache.hadoop.hdfs.server.namenode;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.log4j.AsyncAppender;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.class */
public class TestAuditLogs {
    final boolean useAsyncEdits;
    private static GenericTestUtils.LogCapturer auditLogCapture;
    static final String username = "bob";
    static final String fileName = "/srcdat";
    DFSTestUtil util;
    MiniDFSCluster cluster;
    FileSystem fs;
    String[] fnames;
    Configuration conf;
    UserGroupInformation userGroupInfo;
    private static final Logger LOG = LoggerFactory.getLogger(TestAuditLogs.class);
    private static final Pattern AUDIT_PATTERN = Pattern.compile("allowed=.*?\\sugi=.*?\\sip=/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\scmd=.*?\\ssrc=.*?\\sdst=null\\sperm=.*?");
    private static final Pattern SUCCESS_PATTERN = Pattern.compile(".*allowed=true.*");
    private static final Pattern FAILURE_PATTERN = Pattern.compile(".*allowed=false.*");
    private static final Pattern WEB_OPEN_PATTERN = Pattern.compile(".*cmd=open.*proto=webhdfs.*");
    static final String[] groups = {"group1"};

    @Parameterized.Parameters
    public static Collection<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Object[]{Boolean.FALSE});
        arrayList.add(new Object[]{Boolean.TRUE});
        return arrayList;
    }

    public TestAuditLogs(boolean z) {
        this.useAsyncEdits = z;
    }

    @Before
    public void setupCluster() throws Exception {
        this.conf = new HdfsConfiguration();
        this.conf.setLong("dfs.namenode.accesstime.precision", 1L);
        this.conf.setLong("dfs.blockreport.intervalMsec", 10000L);
        this.conf.setBoolean("dfs.namenode.edits.asynclogging", this.useAsyncEdits);
        this.util = new DFSTestUtil.Builder().setName("TestAuditAllowed").setNumFiles(20).build();
        this.cluster = new MiniDFSCluster.Builder(this.conf).numDataNodes(4).build();
        this.fs = this.cluster.getFileSystem();
        this.util.createFiles(this.fs, fileName);
        Assert.assertTrue(Collections.list(org.apache.log4j.Logger.getLogger("org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit").getAllAppenders()).get(0) instanceof AsyncAppender);
        this.fnames = this.util.getFileNames(fileName);
        this.util.waitReplication(this.fs, fileName, (short) 3);
        this.userGroupInfo = UserGroupInformation.createUserForTesting(username, groups);
    }

    @After
    public void teardownCluster() throws Exception {
        this.util.cleanup(this.fs, fileName);
        if (this.fs != null) {
            this.fs.close();
            this.fs = null;
        }
        if (this.cluster != null) {
            this.cluster.shutdown();
            this.cluster = null;
        }
    }

    @BeforeClass
    public static void beforeClass() {
        auditLogCapture = GenericTestUtils.LogCapturer.captureLogs(FSNamesystem.AUDIT_LOG);
    }

    @AfterClass
    public static void afterClass() {
        auditLogCapture.stopCapturing();
    }

    @Test
    public void testAuditAllowed() throws Exception {
        FSDataInputStream open = DFSTestUtil.getFileSystemAs(this.userGroupInfo, this.conf).open(new Path(this.fnames[0]));
        int read = open.read();
        open.close();
        verifySuccessCommandsAuditLogs(2, this.fnames[0], "cmd=open");
        Assert.assertTrue("failed to read from file", read >= 0);
    }

    @Test
    public void testAuditAllowedStat() throws Exception {
        FileStatus fileStatus = DFSTestUtil.getFileSystemAs(this.userGroupInfo, this.conf).getFileStatus(new Path(this.fnames[0]));
        verifySuccessCommandsAuditLogs(2, this.fnames[0], "cmd=getfileinfo");
        Assert.assertTrue("failed to stat file", fileStatus != null && fileStatus.isFile());
    }

    @Test
    public void testAuditDenied() throws Exception {
        Path path = new Path(this.fnames[0]);
        FileSystem fileSystemAs = DFSTestUtil.getFileSystemAs(this.userGroupInfo, this.conf);
        this.fs.setPermission(path, new FsPermission((short) 384));
        this.fs.setOwner(path, "root", (String) null);
        try {
            fileSystemAs.open(path);
            Assert.fail("open must not succeed");
        } catch (AccessControlException e) {
            System.out.println("got access denied, as expected.");
        }
        verifyFailedCommandsAuditLogs(1, this.fnames[0], "cmd=open");
    }

    @Test
    public void testAuditWebHdfs() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 420));
        this.fs.setOwner(path, "root", (String) null);
        FSDataInputStream open = WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, "webhdfs").open(path);
        int read = open.read();
        open.close();
        verifySuccessCommandsAuditLogs(3, this.fnames[0], "cmd=open");
        Assert.assertTrue("failed to read from file", read >= 0);
    }

    @Test
    public void testAuditWebHdfsStat() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 420));
        this.fs.setOwner(path, "root", (String) null);
        FileStatus fileStatus = WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, "webhdfs").getFileStatus(path);
        verifySuccessCommandsAuditLogs(2, this.fnames[0], "cmd=getfileinfo");
        Assert.assertTrue("failed to stat file", fileStatus != null && fileStatus.isFile());
    }

    @Test
    public void testAuditWebHdfsDenied() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 384));
        this.fs.setOwner(path, "root", (String) null);
        try {
            Assert.fail("open+read must not succeed, got " + WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, "webhdfs").open(path).read());
        } catch (AccessControlException e) {
            System.out.println("got access denied, as expected.");
        }
        verifyFailedCommandsAuditLogs(1, this.fnames[0], "cmd=open");
    }

    @Test
    public void testAuditWebHdfsOpen() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 420));
        this.fs.setOwner(path, "root", (String) null);
        WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, "webhdfs").open(path).read();
        verifySuccessCommandsAuditLogs(3, this.fnames[0], "cmd=open");
    }

    @Test
    public void testAuditCharacterEscape() throws Exception {
        this.fs.create(new Path("foo\r\nbar"));
        verifySuccessCommandsAuditLogs(1, "foo", "cmd=create");
    }

    private void verifySuccessCommandsAuditLogs(int i, String str, String str2) {
        int i2 = 0;
        for (String str3 : auditLogCapture.getOutput().split("\\n")) {
            if (str3.contains("allowed=")) {
                String str4 = "allowed=" + str3.split("allowed=")[1];
                LOG.info("Line: {}", str4);
                if (SUCCESS_PATTERN.matcher(str4).matches() && str4.contains(str) && str4.contains(str2)) {
                    Assert.assertTrue("Expected audit event not found in audit log", AUDIT_PATTERN.matcher(str4).matches());
                    LOG.info("Successful verification. Log line: {}", str4);
                    i2++;
                }
            }
        }
        if (i2 < i) {
            throw new AssertionError("Least expected: " + i + ". Actual success: " + i2);
        }
    }

    private void verifyFailedCommandsAuditLogs(int i, String str, String str2) {
        int i2 = 0;
        for (String str3 : auditLogCapture.getOutput().split("\\n")) {
            if (str3.contains("allowed=")) {
                String str4 = "allowed=" + str3.split("allowed=")[1];
                LOG.info("Line: {}", str4);
                if (FAILURE_PATTERN.matcher(str4).matches() && str4.contains(str) && str4.contains(str2)) {
                    Assert.assertTrue("Expected audit event not found in audit log", AUDIT_PATTERN.matcher(str4).matches());
                    LOG.info("Failure verification. Log line: {}", str4);
                    i2++;
                }
            }
        }
        Assert.assertEquals("Expected: " + i + ". Actual failure: " + i2, i, i2);
    }
}
