package org.apache.hadoop.security;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileContext;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileSystemTestWrapper;
import org.apache.hadoop.fs.Options;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.AclEntryScope;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.server.namenode.AclTestHelpers;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-2.7.0-mapr-1710-EBF1-tests.jar:org/apache/hadoop/security/TestPermissionSymlinks.class
  input_file:test-classes/org/apache/hadoop/security/TestPermissionSymlinks.class
 */
/* loaded from: input_file:hadoop-hdfs-2.7.0-mapr-1710-EBF1/share/hadoop/hdfs/hadoop-hdfs-2.7.0-mapr-1710-EBF1-tests.jar:org/apache/hadoop/security/TestPermissionSymlinks.class */
public class TestPermissionSymlinks {
    private static final Log LOG = LogFactory.getLog(TestPermissionSymlinks.class);
    private static final Configuration conf = new HdfsConfiguration();
    private static final UserGroupInformation user = UserGroupInformation.createRemoteUser("myuser");
    private static final Path linkParent = new Path("/symtest1");
    private static final Path targetParent = new Path("/symtest2");
    private static final Path link = new Path(linkParent, "link");
    private static final Path target = new Path(targetParent, "target");
    private static MiniDFSCluster cluster;
    private static FileSystem fs;
    private static FileSystemTestWrapper wrapper;

    @BeforeClass
    public static void beforeClassSetUp() throws Exception {
        conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true);
        conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
        conf.set("fs.permissions.umask-mode", "000");
        cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build();
        cluster.waitActive();
        fs = cluster.getFileSystem();
        wrapper = new FileSystemTestWrapper(fs);
    }

    @AfterClass
    public static void afterClassTearDown() throws Exception {
        if (fs != null) {
            fs.close();
        }
        if (cluster != null) {
            cluster.shutdown();
        }
    }

    @Before
    public void setUp() throws Exception {
        fs.mkdirs(linkParent);
        fs.mkdirs(targetParent);
        DFSTestUtil.createFile(fs, target, FileUtils.ONE_KB, (short) 3, 48879L);
        wrapper.createSymlink(target, link, false);
    }

    @After
    public void tearDown() throws Exception {
        fs.delete(linkParent, true);
        fs.delete(targetParent, true);
    }

    @Test(timeout = 5000)
    public void testDelete() throws Exception {
        fs.setPermission(linkParent, new FsPermission((short) 365));
        doDeleteLinkParentNotWritable();
        fs.setPermission(linkParent, new FsPermission((short) 511));
        fs.setPermission(targetParent, new FsPermission((short) 365));
        fs.setPermission(target, new FsPermission((short) 365));
        doDeleteTargetParentAndTargetNotWritable();
    }

    @Test
    public void testAclDelete() throws Exception {
        fs.setAcl(linkParent, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        doDeleteLinkParentNotWritable();
        fs.setAcl(linkParent, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        fs.setAcl(targetParent, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        fs.setAcl(target, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        doDeleteTargetParentAndTargetNotWritable();
    }

    private void doDeleteLinkParentNotWritable() throws Exception {
        try {
            user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException {
                    FileContext.getFileContext(TestPermissionSymlinks.conf).delete(TestPermissionSymlinks.link, false);
                    return null;
                }
            });
            Assert.fail("Deleted symlink without write permissions on parent!");
        } catch (AccessControlException e) {
            GenericTestUtils.assertExceptionContains("Permission denied", e);
        }
    }

    private void doDeleteTargetParentAndTargetNotWritable() throws Exception {
        user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                FileContext.getFileContext(TestPermissionSymlinks.conf).delete(TestPermissionSymlinks.link, false);
                return null;
            }
        });
        Assert.assertTrue("Target should not have been deleted!", wrapper.exists(target));
        Assert.assertFalse("Link should have been deleted!", wrapper.exists(link));
    }

    @Test(timeout = 5000)
    public void testReadWhenTargetNotReadable() throws Exception {
        fs.setPermission(target, new FsPermission((short) 0));
        doReadTargetNotReadable();
    }

    @Test
    public void testAclReadTargetNotReadable() throws Exception {
        fs.setAcl(target, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.READ_WRITE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.NONE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.READ)));
        doReadTargetNotReadable();
    }

    private void doReadTargetNotReadable() throws Exception {
        try {
            user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.3
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException {
                    FileContext.getFileContext(TestPermissionSymlinks.conf).open(TestPermissionSymlinks.link).read();
                    return null;
                }
            });
            Assert.fail("Read link target even though target does not have read permissions!");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Permission denied", e);
        }
    }

    @Test(timeout = 5000)
    public void testFileStatus() throws Exception {
        fs.setPermission(target, new FsPermission((short) 0));
        doGetFileLinkStatusTargetNotReadable();
    }

    @Test
    public void testAclGetFileLinkStatusTargetNotReadable() throws Exception {
        fs.setAcl(target, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.READ_WRITE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.NONE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.READ)));
        doGetFileLinkStatusTargetNotReadable();
    }

    private void doGetFileLinkStatusTargetNotReadable() throws Exception {
        user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                FileContext fileContext = FileContext.getFileContext(TestPermissionSymlinks.conf);
                Assert.assertEquals("Expected link's FileStatus path to match link!", TestPermissionSymlinks.link.makeQualified(TestPermissionSymlinks.fs.getUri(), TestPermissionSymlinks.fs.getWorkingDirectory()), fileContext.getFileLinkStatus(TestPermissionSymlinks.link).getPath());
                Assert.assertEquals("Expected link's target to match target!", TestPermissionSymlinks.target, fileContext.getLinkTarget(TestPermissionSymlinks.link));
                return null;
            }
        });
    }

    @Test(timeout = 5000)
    public void testRenameLinkTargetNotWritableFC() throws Exception {
        fs.setPermission(target, new FsPermission((short) 365));
        fs.setPermission(targetParent, new FsPermission((short) 365));
        doRenameLinkTargetNotWritableFC();
    }

    @Test
    public void testAclRenameTargetNotWritableFC() throws Exception {
        fs.setAcl(target, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        fs.setAcl(targetParent, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        doRenameLinkTargetNotWritableFC();
    }

    private void doRenameLinkTargetNotWritableFC() throws Exception {
        user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                FileContext fileContext = FileContext.getFileContext(TestPermissionSymlinks.conf);
                Path path = new Path(TestPermissionSymlinks.linkParent, "newlink");
                fileContext.rename(TestPermissionSymlinks.link, path, new Options.Rename[]{Options.Rename.NONE});
                Assert.assertEquals("Expected link's target to match target!", TestPermissionSymlinks.target, fileContext.getLinkTarget(path));
                return null;
            }
        });
        Assert.assertTrue("Expected target to exist", wrapper.exists(target));
    }

    @Test(timeout = 5000)
    public void testRenameSrcNotWritableFC() throws Exception {
        fs.setPermission(linkParent, new FsPermission((short) 365));
        doRenameSrcNotWritableFC();
    }

    @Test
    public void testAclRenameSrcNotWritableFC() throws Exception {
        fs.setAcl(linkParent, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        doRenameSrcNotWritableFC();
    }

    private void doRenameSrcNotWritableFC() throws Exception {
        try {
            user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.6
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException {
                    FileContext.getFileContext(TestPermissionSymlinks.conf).rename(TestPermissionSymlinks.link, new Path(TestPermissionSymlinks.targetParent, "newlink"), new Options.Rename[]{Options.Rename.NONE});
                    return null;
                }
            });
            Assert.fail("Renamed link even though link's parent is not writable!");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Permission denied", e);
        }
    }

    @Test(timeout = 5000)
    public void testRenameLinkTargetNotWritableFS() throws Exception {
        fs.setPermission(target, new FsPermission((short) 365));
        fs.setPermission(targetParent, new FsPermission((short) 365));
        doRenameLinkTargetNotWritableFS();
    }

    @Test
    public void testAclRenameTargetNotWritableFS() throws Exception {
        fs.setAcl(target, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        fs.setAcl(targetParent, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        doRenameLinkTargetNotWritableFS();
    }

    private void doRenameLinkTargetNotWritableFS() throws Exception {
        user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.7
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                FileSystem fileSystem = FileSystem.get(TestPermissionSymlinks.conf);
                Path path = new Path(TestPermissionSymlinks.linkParent, "newlink");
                fileSystem.rename(TestPermissionSymlinks.link, path);
                Assert.assertEquals("Expected link's target to match target!", TestPermissionSymlinks.target, fileSystem.getLinkTarget(path));
                return null;
            }
        });
        Assert.assertTrue("Expected target to exist", wrapper.exists(target));
    }

    @Test(timeout = 5000)
    public void testRenameSrcNotWritableFS() throws Exception {
        fs.setPermission(linkParent, new FsPermission((short) 365));
        doRenameSrcNotWritableFS();
    }

    @Test
    public void testAclRenameSrcNotWritableFS() throws Exception {
        fs.setAcl(linkParent, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getUserName(), FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.ALL)));
        doRenameSrcNotWritableFS();
    }

    private void doRenameSrcNotWritableFS() throws Exception {
        try {
            user.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.8
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException {
                    FileSystem.get(TestPermissionSymlinks.conf).rename(TestPermissionSymlinks.link, new Path(TestPermissionSymlinks.targetParent, "newlink"));
                    return null;
                }
            });
            Assert.fail("Renamed link even though link's parent is not writable!");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Permission denied", e);
        }
    }

    @Test
    public void testAccess() throws Exception {
        fs.setPermission(target, new FsPermission((short) 2));
        fs.setAcl(target, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.NONE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user.getShortUserName(), FsAction.WRITE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.WRITE)));
        FileContext fileContext = (FileContext) user.doAs(new PrivilegedExceptionAction<FileContext>() { // from class: org.apache.hadoop.security.TestPermissionSymlinks.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public FileContext run() throws IOException {
                return FileContext.getFileContext(TestPermissionSymlinks.conf);
            }
        });
        fileContext.access(link, FsAction.WRITE);
        try {
            fileContext.access(link, FsAction.ALL);
            Assert.fail("The access call should have failed.");
        } catch (AccessControlException e) {
        }
        try {
            fileContext.access(new Path(link, "bad"), FsAction.READ);
            Assert.fail("The access call should have failed");
        } catch (FileNotFoundException e2) {
        }
    }
}
