package org.apache.hadoop.security;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Random;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hbase.util.CommonFSUtils;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.util.Progressable;
import org.hamcrest.CoreMatchers;
import org.hamcrest.core.Is;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/security/TestPermission.class */
public class TestPermission {
    private static final int FILE_LEN = 100;
    private static final String NOUSER = "nouser";
    private static final String NOGROUP = "nogroup";
    private FileSystem nnfs;
    private FileSystem userfs;
    public static final Log LOG = LogFactory.getLog(TestPermission.class);
    private static final Path ROOT_PATH = new Path("/data");
    private static final Path CHILD_DIR1 = new Path(ROOT_PATH, "child1");
    private static final Path CHILD_DIR2 = new Path(ROOT_PATH, "child2");
    private static final Path CHILD_FILE1 = new Path(ROOT_PATH, "file1");
    private static final Path CHILD_FILE2 = new Path(ROOT_PATH, "file2");
    private static final Path CHILD_FILE3 = new Path(ROOT_PATH, "file3");
    private static final Random RAN = new Random();
    private static final String USER_NAME = "user" + RAN.nextInt();
    private static final String[] GROUP_NAMES = {"group1", "group2"};

    static FsPermission checkPermission(FileSystem fileSystem, String str, FsPermission fsPermission) throws IOException {
        FileStatus fileStatus = fileSystem.getFileStatus(new Path(str));
        LOG.info(fileStatus.getPath() + ": " + fileStatus.isDirectory() + " " + fileStatus.getPermission() + ":" + fileStatus.getOwner() + ":" + fileStatus.getGroup());
        if (fsPermission != null) {
            Assert.assertEquals(fsPermission, fileStatus.getPermission());
            Assert.assertEquals(fsPermission.toShort(), fileStatus.getPermission().toShort());
        }
        return fileStatus.getPermission();
    }

    static Path createFile(FileSystem fileSystem, String str) throws IOException {
        Path path = new Path(ROOT_PATH, str);
        fileSystem.create(path);
        return path;
    }

    @Test
    public void testBackwardCompatibility() {
        FsPermission fsPermission = new FsPermission((short) 18);
        FsPermission.setUMask(new Configuration(), fsPermission);
        Assert.assertEquals(18L, FsPermission.getUMask(r0).toShort());
        new FsPermission((short) 18);
        new Configuration().set(FsPermission.DEPRECATED_UMASK_LABEL, "18");
        Assert.assertEquals(18L, FsPermission.getUMask(r0).toShort());
        Configuration configuration = new Configuration();
        configuration.set(FsPermission.DEPRECATED_UMASK_LABEL, "18");
        configuration.set("fs.permissions.umask-mode", "000");
        Assert.assertEquals(18L, FsPermission.getUMask(configuration).toShort());
        new Configuration().set("fs.permissions.umask-mode", "022");
        Assert.assertEquals(18L, FsPermission.getUMask(r0).toShort());
        new Configuration().set("fs.permissions.umask-mode", "0022");
        Assert.assertEquals(18L, FsPermission.getUMask(r0).toShort());
        Configuration configuration2 = new Configuration();
        configuration2.set("fs.permissions.umask-mode", "1222");
        try {
            FsPermission.getUMask(configuration2);
            Assert.fail("expect IllegalArgumentException happen");
        } catch (IllegalArgumentException e) {
        }
        Configuration configuration3 = new Configuration();
        configuration3.set("fs.permissions.umask-mode", "01222");
        try {
            FsPermission.getUMask(configuration3);
            Assert.fail("expect IllegalArgumentException happen");
        } catch (IllegalArgumentException e2) {
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x01ce A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @org.junit.Test
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void testCreate() throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 488
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.hadoop.security.TestPermission.testCreate():void");
    }

    @Test
    public void testFilePermision() throws Exception {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.setBoolean("dfs.permissions.enabled", true);
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).numDataNodes(3).build();
        build.waitActive();
        try {
            this.nnfs = FileSystem.get(hdfsConfiguration);
            Assert.assertFalse(this.nnfs.exists(CHILD_FILE1));
            try {
                this.nnfs.setPermission(CHILD_FILE1, new FsPermission((short) 511));
                Assert.assertTrue(false);
            } catch (FileNotFoundException e) {
                LOG.info("GOOD: got " + e);
            }
            this.nnfs.create(CHILD_FILE1, new FsPermission((short) 511), true, 1024, (short) 1, 1024L, (Progressable) null);
            Assert.assertTrue(this.nnfs.getFileStatus(CHILD_FILE1).getPermission().toString().equals("rwxr-xr-x"));
            this.nnfs.delete(CHILD_FILE1, false);
            this.nnfs.mkdirs(CHILD_DIR1);
            FSDataOutputStream create = this.nnfs.create(CHILD_FILE1);
            Assert.assertTrue(this.nnfs.getFileStatus(CHILD_FILE1).getPermission().toString().equals("rw-r--r--"));
            byte[] bArr = new byte[100];
            RAN.nextBytes(bArr);
            create.write(bArr);
            create.close();
            this.nnfs.setPermission(CHILD_FILE1, new FsPermission(DFSConfigKeys.DFS_DATANODE_DATA_DIR_PERMISSION_DEFAULT));
            Assert.assertTrue(this.nnfs.getFileStatus(CHILD_FILE1).getPermission().toString().equals("rwx------"));
            Assert.assertTrue(this.nnfs.open(CHILD_FILE1).read(new byte[100]) == 100);
            for (int i = 0; i < 100; i++) {
                Assert.assertEquals(bArr[i], r0[i]);
            }
            this.nnfs.setPermission(CHILD_FILE1, new FsPermission("755"));
            Assert.assertTrue(this.nnfs.getFileStatus(CHILD_FILE1).getPermission().toString().equals("rwxr-xr-x"));
            this.nnfs.setPermission(CHILD_FILE1, new FsPermission("744"));
            Assert.assertTrue(this.nnfs.getFileStatus(CHILD_FILE1).getPermission().toString().equals("rwxr--r--"));
            this.nnfs.setPermission(CHILD_FILE1, new FsPermission(DFSConfigKeys.DFS_DATANODE_DATA_DIR_PERMISSION_DEFAULT));
            this.userfs = DFSTestUtil.getFileSystemAs(UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES), hdfsConfiguration);
            this.userfs.mkdirs(CHILD_DIR1);
            Assert.assertTrue(!canMkdirs(this.userfs, CHILD_DIR2));
            Assert.assertTrue(!canCreate(this.userfs, CHILD_FILE2));
            Assert.assertTrue(!canOpen(this.userfs, CHILD_FILE1));
            this.nnfs.setPermission(ROOT_PATH, new FsPermission((short) 493));
            this.nnfs.setPermission(CHILD_DIR1, new FsPermission(CommonFSUtils.FULL_RWX_PERMISSIONS));
            this.nnfs.setPermission(new Path("/"), new FsPermission((short) 511));
            Path path = new Path("/foo/bar");
            this.userfs.mkdirs(path);
            Assert.assertTrue(canRename(this.userfs, path, CHILD_DIR1));
            Assert.assertFalse(this.userfs.exists(CHILD_FILE3));
            try {
                this.userfs.setPermission(CHILD_FILE3, new FsPermission((short) 511));
                Assert.fail("setPermission should fail for non-exist file");
            } catch (FileNotFoundException e2) {
            }
            this.nnfs.setPermission(ROOT_PATH, new FsPermission(CommonFSUtils.FULL_RWX_PERMISSIONS));
            testSuperCanChangeOwnerGroup();
            testNonSuperCanChangeToOwnGroup();
            testNonSuperCannotChangeToOtherGroup();
            testNonSuperCannotChangeGroupForOtherFile();
            testNonSuperCannotChangeGroupForNonExistentFile();
            testNonSuperCannotChangeOwner();
            testNonSuperCannotChangeOwnerForOtherFile();
            testNonSuperCannotChangeOwnerForNonExistentFile();
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    private void testSuperCanChangeOwnerGroup() throws Exception {
        Path createFile = createFile(this.userfs, "testSuperCanChangeOwnerGroup");
        this.nnfs.setOwner(createFile, NOUSER, NOGROUP);
        FileStatus fileStatus = this.nnfs.getFileStatus(createFile);
        Assert.assertThat("A super user can change owner", fileStatus.getOwner(), Is.is(NOUSER));
        Assert.assertThat("A super user can change group", fileStatus.getGroup(), Is.is(NOGROUP));
    }

    private void testNonSuperCanChangeToOwnGroup() throws Exception {
        Path createFile = createFile(this.userfs, "testNonSuperCanChangeToOwnGroup");
        this.userfs.setOwner(createFile, null, GROUP_NAMES[1]);
        Assert.assertThat("A non-super user can change a file to own group", this.nnfs.getFileStatus(createFile).getGroup(), Is.is(GROUP_NAMES[1]));
    }

    private void testNonSuperCannotChangeToOtherGroup() throws Exception {
        Path createFile = createFile(this.userfs, "testNonSuperCannotChangeToOtherGroup");
        try {
            this.userfs.setOwner(createFile, null, NOGROUP);
            Assert.fail("Expect ACE when a non-super user tries to change a file to a group where the user does not belong.");
        } catch (AccessControlException e) {
            Assert.assertThat(e.getMessage(), CoreMatchers.startsWith("User " + this.userfs.getFileStatus(createFile).getOwner() + " does not belong to"));
        }
    }

    private void testNonSuperCannotChangeGroupForOtherFile() throws Exception {
        Path createFile = createFile(this.nnfs, "testNonSuperCannotChangeGroupForOtherFile");
        this.nnfs.setPermission(createFile, new FsPermission(CommonFSUtils.FULL_RWX_PERMISSIONS));
        try {
            this.userfs.setOwner(createFile, null, GROUP_NAMES[1]);
            Assert.fail("Expect ACE when a non-super user tries to set group for a file not owned");
        } catch (AccessControlException e) {
            Assert.assertThat(e.getMessage(), CoreMatchers.startsWith("Permission denied"));
        }
    }

    private void testNonSuperCannotChangeGroupForNonExistentFile() throws Exception {
        try {
            this.userfs.setOwner(new Path(ROOT_PATH, "testNonSuperCannotChangeGroupForNonExistentFile"), null, GROUP_NAMES[1]);
            Assert.fail("Expect FNFE when a non-super user tries to change group for a non-existent file");
        } catch (FileNotFoundException e) {
        }
    }

    private void testNonSuperCannotChangeOwner() throws Exception {
        Path createFile = createFile(this.userfs, "testNonSuperCannotChangeOwner");
        try {
            this.userfs.setOwner(createFile, NOUSER, null);
            Assert.fail("Expect ACE when a non-super user tries to change owner");
        } catch (AccessControlException e) {
            Assert.assertThat(e.getMessage(), CoreMatchers.startsWith("User " + this.userfs.getFileStatus(createFile).getOwner() + " is not a super user (non-super user cannot change owner)"));
        }
    }

    private void testNonSuperCannotChangeOwnerForOtherFile() throws Exception {
        Path createFile = createFile(this.nnfs, "testNonSuperCannotChangeOwnerForOtherFile");
        this.nnfs.setPermission(createFile, new FsPermission(CommonFSUtils.FULL_RWX_PERMISSIONS));
        try {
            this.userfs.setOwner(createFile, USER_NAME, null);
            Assert.fail("Expect ACE when a non-super user tries to own a file");
        } catch (AccessControlException e) {
            Assert.assertThat(e.getMessage(), CoreMatchers.startsWith("Permission denied"));
        }
    }

    private void testNonSuperCannotChangeOwnerForNonExistentFile() throws Exception {
        Path path = new Path(ROOT_PATH, "testNonSuperCannotChangeOwnerForNonExistentFile");
        Assert.assertFalse(this.userfs.exists(path));
        try {
            this.userfs.setOwner(path, NOUSER, null);
            Assert.fail("Expect ACE or FNFE when a non-super user tries to change owner for a non-existent file");
        } catch (FileNotFoundException e) {
        } catch (AccessControlException e2) {
            Assert.assertThat(e2.getMessage(), CoreMatchers.startsWith("Non-super user cannot change owner"));
        }
    }

    static boolean canMkdirs(FileSystem fileSystem, Path path) throws IOException {
        try {
            fileSystem.mkdirs(path);
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }

    static boolean canCreate(FileSystem fileSystem, Path path) throws IOException {
        try {
            fileSystem.create(path);
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }

    static boolean canOpen(FileSystem fileSystem, Path path) throws IOException {
        try {
            fileSystem.open(path);
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }

    static boolean canRename(FileSystem fileSystem, Path path, Path path2) throws IOException {
        try {
            fileSystem.rename(path, path2);
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }
}
