package org.apache.hadoop.fs.permission;

import java.io.Closeable;
import java.io.IOException;
import java.util.Arrays;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.server.datanode.DataStorage;
import org.apache.hadoop.hdfs.server.namenode.AclTestHelpers;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-hdfs-2.6.3-tests.jar:org/apache/hadoop/fs/permission/TestStickyBit.class */
public class TestStickyBit {
    static final UserGroupInformation user1 = UserGroupInformation.createUserForTesting("theDoctor", new String[]{"tardis"});
    static final UserGroupInformation user2 = UserGroupInformation.createUserForTesting("rose", new String[]{"powellestates"});
    private static MiniDFSCluster cluster;
    private static Configuration conf;
    private static FileSystem hdfs;
    private static FileSystem hdfsAsUser1;
    private static FileSystem hdfsAsUser2;

    @BeforeClass
    public static void init() throws Exception {
        conf = new HdfsConfiguration();
        conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true);
        conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
        initCluster(true);
    }

    private static void initCluster(boolean z) throws Exception {
        cluster = new MiniDFSCluster.Builder(conf).numDataNodes(4).format(z).build();
        hdfs = cluster.getFileSystem();
        Assert.assertTrue(hdfs instanceof DistributedFileSystem);
        hdfsAsUser1 = DFSTestUtil.getFileSystemAs(user1, conf);
        Assert.assertTrue(hdfsAsUser1 instanceof DistributedFileSystem);
        hdfsAsUser2 = DFSTestUtil.getFileSystemAs(user2, conf);
        Assert.assertTrue(hdfsAsUser2 instanceof DistributedFileSystem);
    }

    @Before
    public void setup() throws Exception {
        if (hdfs != null) {
            for (FileStatus fileStatus : hdfs.listStatus(new Path("/"))) {
                hdfs.delete(fileStatus.getPath(), true);
            }
        }
    }

    @AfterClass
    public static void shutdown() throws Exception {
        IOUtils.cleanup(null, hdfs, hdfsAsUser1, hdfsAsUser2);
        if (cluster != null) {
            cluster.shutdown();
        }
    }

    private void confirmCanAppend(Configuration configuration, Path path) throws Exception {
        Path path2 = new Path(path, "foo");
        writeFile(hdfsAsUser1, path2);
        hdfsAsUser1.setPermission(path2, new FsPermission((short) 511));
        Closeable closeable = null;
        try {
            FSDataOutputStream append = hdfsAsUser2.append(new Path(path, "foo"));
            append.write("Some more data".getBytes());
            append.close();
            closeable = null;
            IOUtils.cleanup(null, null);
        } catch (Throwable th) {
            IOUtils.cleanup(null, closeable);
            throw th;
        }
    }

    private void confirmDeletingFiles(Configuration configuration, Path path) throws Exception {
        Path path2 = new Path(path, "foo");
        writeFile(hdfsAsUser1, path2);
        Assert.assertEquals(user1.getShortUserName(), hdfsAsUser1.getFileStatus(path2).getOwner());
        try {
            hdfsAsUser2.delete(path2, false);
            Assert.fail("Shouldn't be able to delete someone else's file with SB on");
        } catch (IOException e) {
            Assert.assertTrue(e instanceof org.apache.hadoop.security.AccessControlException);
            Assert.assertTrue(e.getMessage().contains("sticky bit"));
        }
    }

    private void confirmStickyBitDoesntPropagate(FileSystem fileSystem, Path path) throws IOException {
        Path path2 = new Path(path, "bar");
        fileSystem.mkdirs(path2);
        Assert.assertFalse(fileSystem.getFileStatus(path2).getPermission().getStickyBit());
    }

    private void confirmSettingAndGetting(FileSystem fileSystem, Path path, Path path2) throws IOException {
        Assert.assertFalse(fileSystem.getFileStatus(path).getPermission().getStickyBit());
        short s = (short) (fileSystem.getFileStatus(path).getPermission().toShort() | 512);
        Assert.assertTrue(new FsPermission(s).getStickyBit());
        fileSystem.setPermission(path, new FsPermission(s));
        Assert.assertTrue(fileSystem.getFileStatus(path).getPermission().getStickyBit());
        Path path3 = new Path(path2, "somefile");
        writeFile(fileSystem, path3);
        Assert.assertFalse(fileSystem.getFileStatus(path3).getPermission().getStickyBit());
        fileSystem.setPermission(path3, new FsPermission((short) (fileSystem.getFileStatus(path3).getPermission().toShort() | 512)));
        Assert.assertTrue(fileSystem.getFileStatus(path3).getPermission().getStickyBit());
    }

    @Test
    public void testGeneralSBBehavior() throws Exception {
        Path path = new Path("/mcgann");
        hdfs.mkdirs(path);
        Path path2 = new Path(path, DataStorage.STORAGE_DIR_TMP);
        hdfs.mkdirs(path2);
        hdfs.setPermission(path2, new FsPermission((short) 1023));
        confirmCanAppend(conf, path2);
        Path path3 = new Path("/eccleston");
        hdfs.mkdirs(path3);
        Path path4 = new Path(path3, "roguetraders");
        hdfs.mkdirs(path4);
        confirmSettingAndGetting(hdfs, path4, path3);
        Path path5 = new Path("/tennant");
        hdfs.mkdirs(path5);
        Path path6 = new Path(path5, "contemporary");
        hdfs.mkdirs(path6);
        hdfs.setPermission(path6, new FsPermission((short) 1023));
        confirmDeletingFiles(conf, path6);
        Path path7 = new Path("/smith");
        hdfs.mkdirs(path7);
        hdfs.mkdirs(new Path(path7, "scissorsisters"), new FsPermission((short) 950));
        confirmStickyBitDoesntPropagate(hdfs, path7);
    }

    @Test
    public void testAclGeneralSBBehavior() throws Exception {
        Path path = new Path("/mcgann");
        hdfs.mkdirs(path);
        Path path2 = new Path(path, DataStorage.STORAGE_DIR_TMP);
        hdfs.mkdirs(path2);
        hdfs.setPermission(path2, new FsPermission((short) 1023));
        applyAcl(path2);
        confirmCanAppend(conf, path2);
        Path path3 = new Path("/eccleston");
        hdfs.mkdirs(path3);
        Path path4 = new Path(path3, "roguetraders");
        hdfs.mkdirs(path4);
        applyAcl(path4);
        confirmSettingAndGetting(hdfs, path4, path3);
        Path path5 = new Path("/tennant");
        hdfs.mkdirs(path5);
        Path path6 = new Path(path5, "contemporary");
        hdfs.mkdirs(path6);
        hdfs.setPermission(path6, new FsPermission((short) 1023));
        applyAcl(path6);
        confirmDeletingFiles(conf, path6);
        Path path7 = new Path("/smith");
        hdfs.mkdirs(path7);
        Path path8 = new Path(path7, "scissorsisters");
        hdfs.mkdirs(path8, new FsPermission((short) 950));
        applyAcl(path8);
        confirmStickyBitDoesntPropagate(hdfs, path8);
    }

    @Test
    public void testMovingFiles() throws Exception {
        testMovingFiles(false);
    }

    @Test
    public void testAclMovingFiles() throws Exception {
        testMovingFiles(true);
    }

    private void testMovingFiles(boolean z) throws Exception {
        Path path = new Path("/tmp");
        Path path2 = new Path("/tmp2");
        hdfs.mkdirs(path);
        hdfs.mkdirs(path2);
        hdfs.setPermission(path, new FsPermission((short) 1023));
        if (z) {
            applyAcl(path);
        }
        hdfs.setPermission(path2, new FsPermission((short) 1023));
        if (z) {
            applyAcl(path2);
        }
        Path path3 = new Path(path, "foo");
        writeFile(hdfsAsUser1, path3);
        try {
            hdfsAsUser2.rename(path3, new Path(path2, "renamed"));
            Assert.fail("Shouldn't be able to rename someone else's file with SB on");
        } catch (IOException e) {
            Assert.assertTrue(e instanceof org.apache.hadoop.security.AccessControlException);
            Assert.assertTrue(e.getMessage().contains("sticky bit"));
        }
    }

    @Test
    public void testStickyBitPersistence() throws Exception {
        Path path = new Path("/Housemartins");
        Path path2 = new Path("/INXS");
        Path path3 = new Path("/Easyworld");
        for (Path path4 : new Path[]{path, path2, path3}) {
            hdfs.mkdirs(path4);
        }
        hdfs.setPermission(path, new FsPermission((short) 1023));
        hdfs.setPermission(path3, new FsPermission((short) 511));
        shutdown();
        initCluster(false);
        Assert.assertTrue(hdfs.exists(path));
        Assert.assertTrue(hdfs.getFileStatus(path).getPermission().getStickyBit());
        Assert.assertTrue(hdfs.exists(path2));
        Assert.assertFalse(hdfs.getFileStatus(path2).getPermission().getStickyBit());
        Assert.assertTrue(hdfs.exists(path3));
        Assert.assertFalse(hdfs.getFileStatus(path3).getPermission().getStickyBit());
    }

    @Test
    public void testAclStickyBitPersistence() throws Exception {
        Path path = new Path("/Housemartins");
        Path path2 = new Path("/INXS");
        Path path3 = new Path("/Easyworld");
        for (Path path4 : new Path[]{path, path2, path3}) {
            hdfs.mkdirs(path4);
        }
        hdfs.setPermission(path, new FsPermission((short) 1023));
        applyAcl(path);
        hdfs.setPermission(path3, new FsPermission((short) 511));
        applyAcl(path3);
        shutdown();
        initCluster(false);
        Assert.assertTrue(hdfs.exists(path));
        Assert.assertTrue(hdfs.getFileStatus(path).getPermission().getStickyBit());
        Assert.assertTrue(hdfs.exists(path2));
        Assert.assertFalse(hdfs.getFileStatus(path2).getPermission().getStickyBit());
        Assert.assertTrue(hdfs.exists(path3));
        Assert.assertFalse(hdfs.getFileStatus(path3).getPermission().getStickyBit());
    }

    private static void writeFile(FileSystem fileSystem, Path path) throws IOException {
        Closeable closeable = null;
        try {
            FSDataOutputStream create = fileSystem.create(path);
            create.write("some file contents".getBytes());
            create.close();
            closeable = null;
            IOUtils.cleanup(null, null);
        } catch (Throwable th) {
            IOUtils.cleanup(null, closeable);
            throw th;
        }
    }

    private static void applyAcl(Path path) throws IOException {
        hdfs.modifyAclEntries(path, Arrays.asList(AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, user2.getShortUserName(), FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, user2.getShortUserName(), FsAction.ALL)));
    }
}
