package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.collect.Lists;
import com.sun.tools.doclets.internal.toolkit.util.VisibleMemberMap;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
import java.util.Set;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.jets3t.service.utils.gatekeeper.GatekeeperMessage;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-hdfs-2.7.0-mapr-1703-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.class */
public class TestINodeAttributeProvider {
    private MiniDFSCluster miniDFS;
    private static final Set<String> CALLED = new HashSet();

    /* loaded from: input_file:lib/hadoop-hdfs-2.7.0-mapr-1703-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider.class */
    public static class MyAuthorizationProvider extends INodeAttributeProvider {

        /* loaded from: input_file:lib/hadoop-hdfs-2.7.0-mapr-1703-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider$MyAuthorizationProvider$MyAccessControlEnforcer.class */
        public static class MyAccessControlEnforcer implements INodeAttributeProvider.AccessControlEnforcer {
            @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider.AccessControlEnforcer
            public void checkPermission(String str, String str2, UserGroupInformation userGroupInformation, INodeAttributes[] iNodeAttributesArr, INode[] iNodeArr, byte[][] bArr, int i, String str3, int i2, boolean z, FsAction fsAction, FsAction fsAction2, FsAction fsAction3, FsAction fsAction4, boolean z2) throws AccessControlException {
                TestINodeAttributeProvider.CALLED.add("checkPermission|" + fsAction + GatekeeperMessage.DELIM + fsAction2 + GatekeeperMessage.DELIM + fsAction3);
            }
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public void start() {
            TestINodeAttributeProvider.CALLED.add(VisibleMemberMap.STARTLEVEL);
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public void stop() {
            TestINodeAttributeProvider.CALLED.add("stop");
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public INodeAttributes getAttributes(String[] strArr, final INodeAttributes iNodeAttributes) {
            TestINodeAttributeProvider.CALLED.add("getAttributes");
            final boolean useDefault = useDefault(strArr);
            return new INodeAttributes() { // from class: org.apache.hadoop.hdfs.server.namenode.TestINodeAttributeProvider.MyAuthorizationProvider.1
                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public boolean isDirectory() {
                    return iNodeAttributes.isDirectory();
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public byte[] getLocalNameBytes() {
                    return iNodeAttributes.getLocalNameBytes();
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public String getUserName() {
                    return useDefault ? iNodeAttributes.getUserName() : "foo";
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public String getGroupName() {
                    return useDefault ? iNodeAttributes.getGroupName() : "bar";
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public FsPermission getFsPermission() {
                    return useDefault ? iNodeAttributes.getFsPermission() : new FsPermission(getFsPermissionShort());
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public short getFsPermissionShort() {
                    return useDefault ? iNodeAttributes.getFsPermissionShort() : (short) getPermissionLong();
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public long getPermissionLong() {
                    if (useDefault) {
                        return iNodeAttributes.getPermissionLong();
                    }
                    return 504L;
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public AclFeature getAclFeature() {
                    return useDefault ? iNodeAttributes.getAclFeature() : new AclFeature(AclEntryStatusFormat.toInt(Lists.newArrayList(new AclEntry.Builder().setType(AclEntryType.GROUP).setPermission(FsAction.ALL).setName("xxx").build())));
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public XAttrFeature getXAttrFeature() {
                    if (useDefault) {
                        return iNodeAttributes.getXAttrFeature();
                    }
                    return null;
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public long getModificationTime() {
                    if (useDefault) {
                        return iNodeAttributes.getModificationTime();
                    }
                    return 0L;
                }

                @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributes
                public long getAccessTime() {
                    if (useDefault) {
                        return iNodeAttributes.getAccessTime();
                    }
                    return 0L;
                }
            };
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider
        public INodeAttributeProvider.AccessControlEnforcer getExternalAccessControlEnforcer(INodeAttributeProvider.AccessControlEnforcer accessControlEnforcer) {
            return new MyAccessControlEnforcer();
        }

        private boolean useDefault(String[] strArr) {
            return (strArr.length >= 2 && strArr[0].equals("user") && strArr[1].equals("authz")) ? false : true;
        }
    }

    @Before
    public void setUp() throws IOException {
        CALLED.clear();
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.set(DFSConfigKeys.DFS_NAMENODE_INODE_ATTRIBUTES_PROVIDER_KEY, MyAuthorizationProvider.class.getName());
        hdfsConfiguration.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
        EditLogFileOutputStream.setShouldSkipFsyncForTesting(true);
        this.miniDFS = new MiniDFSCluster.Builder(hdfsConfiguration).build();
    }

    @After
    public void cleanUp() throws IOException {
        CALLED.clear();
        if (this.miniDFS != null) {
            this.miniDFS.shutdown();
        }
        Assert.assertTrue(CALLED.contains("stop"));
    }

    @Test
    public void testDelegationToProvider() throws Exception {
        Assert.assertTrue(CALLED.contains(VisibleMemberMap.STARTLEVEL));
        FileSystem fileSystem = FileSystem.get(this.miniDFS.getConfiguration(0));
        fileSystem.mkdirs(new Path("/tmp"));
        fileSystem.setPermission(new Path("/tmp"), new FsPermission((short) 511));
        UserGroupInformation.createUserForTesting("u1", new String[]{"g1"}).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestINodeAttributeProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                FileSystem fileSystem2 = FileSystem.get(TestINodeAttributeProvider.this.miniDFS.getConfiguration(0));
                TestINodeAttributeProvider.CALLED.clear();
                fileSystem2.mkdirs(new Path("/tmp/foo"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|null"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|WRITE|null|null"));
                TestINodeAttributeProvider.CALLED.clear();
                fileSystem2.listStatus(new Path("/tmp/foo"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|READ_EXECUTE"));
                TestINodeAttributeProvider.CALLED.clear();
                fileSystem2.getAclStatus(new Path("/tmp/foo"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("getAttributes"));
                Assert.assertTrue(TestINodeAttributeProvider.CALLED.contains("checkPermission|null|null|null"));
                return null;
            }
        });
    }

    @Test
    public void testCustomProvider() throws Exception {
        FileSystem fileSystem = FileSystem.get(this.miniDFS.getConfiguration(0));
        fileSystem.mkdirs(new Path("/user/xxx"));
        FileStatus fileStatus = fileSystem.getFileStatus(new Path("/user/xxx"));
        Assert.assertEquals(System.getProperty("user.name"), fileStatus.getOwner());
        Assert.assertEquals(DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT, fileStatus.getGroup());
        Assert.assertEquals(new FsPermission((short) 493), fileStatus.getPermission());
        fileSystem.mkdirs(new Path("/user/authz"));
        FileStatus fileStatus2 = fileSystem.getFileStatus(new Path("/user/authz"));
        Assert.assertEquals("foo", fileStatus2.getOwner());
        Assert.assertEquals("bar", fileStatus2.getGroup());
        Assert.assertEquals(new FsPermission((short) 504), fileStatus2.getPermission());
    }
}
