package org.apache.hadoop.hdfs.server.namenode;

import java.io.File;
import org.apache.hadoop.fs.FileSystemTestHelper;
import org.apache.hadoop.fs.FsShell;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.HdfsConstants;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.ToolRunner;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestNestedEncryptionZones.class */
public class TestNestedEncryptionZones {
    private File testRootDir;
    private MiniDFSCluster cluster;
    protected DistributedFileSystem fs;
    private Path topEZDir;
    private Path nestedEZDir;
    private Path topEZFile;
    private Path nestedEZFile;
    private Path topEZRawFile;
    private Path nestedEZRawFile;
    private final String TOP_EZ_KEY = "topezkey";
    private final String NESTED_EZ_KEY = "nestedezkey";
    private final Path rootDir = new Path("/");
    private final Path rawDir = new Path("/.reserved/raw/");
    private Path nestedEZBaseFile = new Path(this.rootDir, "nestedEZBaseFile");
    private Path topEZBaseFile = new Path(this.rootDir, "topEZBaseFile");
    private final int len = 8196;

    private String getKeyProviderURI() {
        return "jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri();
    }

    private void setProvider() {
        this.fs.getClient().setKeyProvider(this.cluster.getNameNode().getNamesystem().getProvider());
    }

    @Before
    public void setup() throws Exception {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        this.testRootDir = new File(new FileSystemTestHelper().getTestRootDir()).getAbsoluteFile();
        hdfsConfiguration.set("hadoop.security.key.provider.path", getKeyProviderURI());
        hdfsConfiguration.setBoolean("dfs.namenode.delegation.token.always-use", true);
        hdfsConfiguration.setInt("dfs.namenode.list.encryption.zones.num.responses", 2);
        hdfsConfiguration.setLong("fs.trash.interval", 1L);
        this.cluster = new MiniDFSCluster.Builder(hdfsConfiguration).numDataNodes(1).build();
        Logger.getLogger(EncryptionZoneManager.class).setLevel(Level.TRACE);
        this.fs = this.cluster.getFileSystem();
        setProvider();
        DFSTestUtil.createKey("topezkey", this.cluster, hdfsConfiguration);
        DFSTestUtil.createKey("nestedezkey", this.cluster, hdfsConfiguration);
    }

    @After
    public void tearDown() throws Exception {
        if (this.cluster != null) {
            this.cluster.shutdown();
            this.cluster = null;
        }
    }

    @Test(timeout = 60000)
    public void testNestedEncryptionZones() throws Exception {
        initTopEZDirAndNestedEZDir(new Path(this.rootDir, "topEZ"));
        verifyEncryption();
        this.cluster.restartNameNodes();
        this.cluster.waitActive();
        this.fs = this.cluster.getFileSystem();
        verifyEncryption();
        this.fs.setSafeMode(HdfsConstants.SafeModeAction.SAFEMODE_ENTER);
        this.fs.saveNamespace();
        this.fs.setSafeMode(HdfsConstants.SafeModeAction.SAFEMODE_LEAVE);
        this.cluster.restartNameNodes();
        this.cluster.waitActive();
        this.fs = this.cluster.getFileSystem();
        verifyEncryption();
        renameChildrenOfEZ();
        Path path = new Path(this.rootDir, "topEZ2");
        this.fs.mkdir(path, FsPermission.getDirDefault());
        this.fs.createEncryptionZone(path, "topezkey");
        try {
            this.fs.rename(path, new Path(this.topEZDir, "topEZ2"));
            Assert.fail("Shouldn't be able to move a non-nested EZ into another existing EZ.");
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("can't be moved into an encryption zone"));
        }
        this.fs.rename(this.topEZDir, new Path(this.rootDir, "newTopEZ"));
        this.fs.rename(new Path(this.rootDir, "newTopEZ/nestedEZ"), new Path(this.rootDir, "newTopEZ/newNestedEZ"));
    }

    @Test(timeout = 60000)
    public void testNestedEZWithRoot() throws Exception {
        initTopEZDirAndNestedEZDir(this.rootDir);
        verifyEncryption();
        renameChildrenOfEZ();
        Path path = new Path(".Trash", UserGroupInformation.getCurrentUser().getShortUserName());
        Path trashRoot = this.fs.getTrashRoot(this.rootDir);
        Path trashRoot2 = this.fs.getTrashRoot(this.topEZFile);
        Path trashRoot3 = this.fs.getTrashRoot(this.nestedEZFile);
        Path makeQualified = this.fs.makeQualified(new Path(this.topEZDir, path));
        Path makeQualified2 = this.fs.makeQualified(new Path(this.nestedEZDir, path));
        Assert.assertEquals("Top ez trash should be " + makeQualified, makeQualified, trashRoot2);
        Assert.assertEquals("Root trash should be equal with TopEZFile trash", trashRoot2, trashRoot);
        Assert.assertEquals("Nested ez Trash should be " + makeQualified2, makeQualified2, trashRoot3);
        FsShell fsShell = new FsShell(this.fs.getConf());
        Path path2 = new Path(fsShell.getCurrentTrashDir(this.topEZFile) + "/" + this.topEZFile);
        Path path3 = new Path(fsShell.getCurrentTrashDir(this.nestedEZFile) + "/" + this.nestedEZFile);
        ToolRunner.run(fsShell, new String[]{"-rm", this.topEZFile.toString()});
        ToolRunner.run(fsShell, new String[]{"-rm", this.nestedEZFile.toString()});
        Assert.assertTrue("File not in trash : " + path2, this.fs.exists(path2));
        Assert.assertTrue("File not in trash : " + path3, this.fs.exists(path3));
    }

    private void renameChildrenOfEZ() throws Exception {
        Path path = new Path(this.topEZDir, "renamedFile");
        Path path2 = new Path(this.nestedEZDir, "renamedFile");
        this.fs.rename(this.topEZFile, path);
        this.fs.rename(this.nestedEZFile, path2);
        this.topEZFile = path;
        this.nestedEZFile = path2;
        this.topEZRawFile = new Path(this.rawDir + this.topEZFile.toUri().getPath());
        this.nestedEZRawFile = new Path(this.rawDir + this.nestedEZFile.toUri().getPath());
        verifyEncryption();
        try {
            this.fs.rename(this.topEZFile, new Path(this.nestedEZDir, "movedTopEZFile"));
            Assert.fail("Shouldn't be able to rename between top EZ and nested EZ.");
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("can't be moved from encryption zone " + this.topEZDir.toString() + " to encryption zone " + this.nestedEZDir.toString()));
        }
        try {
            this.fs.rename(this.nestedEZFile, new Path(this.topEZDir, "movedNestedEZFile"));
            Assert.fail("Shouldn't be able to rename between top EZ and nested EZ.");
        } catch (Exception e2) {
            Assert.assertTrue(e2.getMessage().contains("can't be moved from encryption zone " + this.nestedEZDir.toString() + " to encryption zone " + this.topEZDir.toString()));
        }
        try {
            this.fs.rename(this.nestedEZFile, new Path(this.rootDir, "movedNestedEZFile"));
            Assert.fail("Shouldn't be able to move the nested EZ out of the top EZ.");
        } catch (Exception e3) {
            String message = e3.getMessage();
            Assert.assertTrue(message.contains("can't be moved from") && message.contains("encryption zone"));
        }
    }

    private void initTopEZDirAndNestedEZDir(Path path) throws Exception {
        this.fs.delete(this.rootDir, true);
        this.topEZDir = path;
        this.nestedEZDir = new Path(this.topEZDir, "nestedEZ");
        this.topEZFile = new Path(this.topEZDir, "file");
        this.nestedEZFile = new Path(this.nestedEZDir, "file");
        this.topEZRawFile = new Path(this.rawDir + this.topEZFile.toUri().getPath());
        this.nestedEZRawFile = new Path(this.rawDir + this.nestedEZFile.toUri().getPath());
        this.fs.mkdir(this.topEZDir, FsPermission.getDirDefault());
        this.fs.createEncryptionZone(this.topEZDir, "topezkey");
        this.fs.mkdir(this.nestedEZDir, FsPermission.getDirDefault());
        this.fs.createEncryptionZone(this.nestedEZDir, "nestedezkey");
        DFSTestUtil.createFile(this.fs, this.topEZBaseFile, 8196L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, this.topEZFile, 8196L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, this.nestedEZBaseFile, 8196L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, this.nestedEZFile, 8196L, (short) 1, 65261L);
    }

    private void verifyEncryption() throws Exception {
        Assert.assertEquals("Top EZ dir is encrypted", true, Boolean.valueOf(this.fs.getFileStatus(this.topEZDir).isEncrypted()));
        Assert.assertEquals("Nested EZ dir is encrypted", true, Boolean.valueOf(this.fs.getFileStatus(this.nestedEZDir).isEncrypted()));
        Assert.assertEquals("Top zone file is encrypted", true, Boolean.valueOf(this.fs.getFileStatus(this.topEZFile).isEncrypted()));
        Assert.assertEquals("Nested zone file is encrypted", true, Boolean.valueOf(this.fs.getFileStatus(this.nestedEZFile).isEncrypted()));
        DFSTestUtil.verifyFilesEqual(this.fs, this.topEZBaseFile, this.topEZFile, 8196);
        DFSTestUtil.verifyFilesEqual(this.fs, this.nestedEZBaseFile, this.nestedEZFile, 8196);
        DFSTestUtil.verifyFilesNotEqual(this.fs, this.topEZRawFile, this.nestedEZRawFile, 8196);
    }
}
