package org.apache.hadoop.hdfs;

import java.io.File;
import java.io.FileWriter;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.kms.server.MiniKMS;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.FsShell;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.client.CreateEncryptionZoneFlag;
import org.apache.hadoop.hdfs.client.HdfsAdmin;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.util.Lists;
import org.apache.hadoop.util.ToolRunner;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/apache/hadoop/hdfs/TestTrashWithSecureEncryptionZones.class */
public class TestTrashWithSecureEncryptionZones {
    private static HdfsConfiguration baseConf;
    private static File baseDir;
    private static final String HDFS_USER_NAME = "hdfs";
    private static final String SPNEGO_USER_NAME = "HTTP";
    private static final String OOZIE_USER_NAME = "oozie";
    private static final String OOZIE_PROXIED_USER_NAME = "oozie_user";
    private static String hdfsPrincipal;
    private static String spnegoPrincipal;
    private static String keytab;
    private static MiniKdc kdc;
    private static MiniKMS miniKMS;
    private static final String TEST_KEY = "test_key";
    private static MiniDFSCluster cluster;
    private static HdfsConfiguration conf;
    private static FileSystem fs;
    private static HdfsAdmin dfsAdmin;
    private static Configuration clientConf;
    private static FsShell shell;
    private static final int LEN = 8192;
    private static final EnumSet<CreateEncryptionZoneFlag> PROVISION_TRASH = EnumSet.of(CreateEncryptionZoneFlag.PROVISION_TRASH);
    private static final Path CURRENT = new Path("Current");
    private static AtomicInteger zoneCounter = new AtomicInteger(1);
    private static AtomicInteger fileCounter = new AtomicInteger(1);

    public static File getTestDir() throws Exception {
        File file = new File(new File(new File("dummy").getAbsoluteFile().getParentFile(), "target"), UUID.randomUUID().toString());
        if (file.mkdirs()) {
            return file;
        }
        throw new RuntimeException("Could not create test directory: " + file);
    }

    @BeforeClass
    public static void init() throws Exception {
        baseDir = getTestDir();
        FileUtil.fullyDelete(baseDir);
        Assert.assertTrue(baseDir.mkdirs());
        kdc = new MiniKdc(MiniKdc.createConf(), baseDir);
        kdc.start();
        baseConf = new HdfsConfiguration();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, baseConf);
        UserGroupInformation.setConfiguration(baseConf);
        Assert.assertTrue("Expected configuration to enable security", UserGroupInformation.isSecurityEnabled());
        File file = new File(baseDir, "test.keytab");
        keytab = file.getAbsolutePath();
        String str = Path.WINDOWS ? HConstants.LOCALHOST_IP : "localhost";
        kdc.createPrincipal(file, new String[]{"hdfs/" + str, "HTTP/" + str, "oozie/" + str, "oozie_user/" + str});
        hdfsPrincipal = "hdfs/" + str + "@" + kdc.getRealm();
        spnegoPrincipal = "HTTP/" + str + "@" + kdc.getRealm();
        baseConf.set("dfs.namenode.kerberos.principal", hdfsPrincipal);
        baseConf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
        baseConf.set("dfs.datanode.kerberos.principal", hdfsPrincipal);
        baseConf.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
        baseConf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
        baseConf.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
        baseConf.set("dfs.data.transfer.protection", HttpServer2.SPNEGO_FILTER);
        baseConf.set("dfs.http.policy", HttpConfig.Policy.HTTPS_ONLY.name());
        baseConf.set("dfs.namenode.https-address", "localhost:0");
        baseConf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
        baseConf.set(DFSConfigKeys.DFS_JOURNALNODE_HTTPS_ADDRESS_KEY, "localhost:0");
        baseConf.setInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);
        baseConf.set(CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE, "4");
        baseConf.set(CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK, "0.5");
        KeyStoreTestUtil.setupSSLConfig(baseDir.getAbsolutePath(), KeyStoreTestUtil.getClasspathDir(TestSecureEncryptionZoneWithKMS.class), baseConf, false);
        baseConf.set("dfs.client.https.keystore.resource", KeyStoreTestUtil.getClientSSLConfigFileName());
        baseConf.set(DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, KeyStoreTestUtil.getServerSSLConfigFileName());
        File file2 = new File(baseDir, "kms-site.xml");
        if (file2.exists()) {
            FileUtil.fullyDelete(file2);
        }
        Configuration configuration = new Configuration(true);
        configuration.set("hadoop.kms.key.provider.uri", "jceks://file@" + new Path(baseDir.toString(), "kms.keystore").toUri());
        configuration.set("hadoop.kms.authentication.type", "kerberos");
        configuration.set("hadoop.kms.authentication.kerberos.keytab", keytab);
        configuration.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
        configuration.set("hadoop.kms.authentication.kerberos.name.rules", "DEFAULT");
        configuration.set("hadoop.kms.acl.GENERATE_EEK", "hdfs");
        FileWriter fileWriter = new FileWriter(file2);
        configuration.writeXml(fileWriter);
        fileWriter.close();
        miniKMS = new MiniKMS.Builder().setKmsConfDir(baseDir).build();
        miniKMS.start();
        baseConf.set("hadoop.security.key.provider.path", getKeyProviderURI());
        baseConf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
        conf = new HdfsConfiguration(baseConf);
        cluster = new MiniDFSCluster.Builder(conf).build();
        cluster.waitActive();
        fs = cluster.getFileSystem();
        dfsAdmin = new HdfsAdmin(cluster.getURI(), conf);
        cluster.waitActive();
        DFSTestUtil.createKey(TEST_KEY, cluster, conf);
        clientConf = new Configuration(conf);
        clientConf.setLong(CommonConfigurationKeysPublic.FS_TRASH_INTERVAL_KEY, 1L);
        shell = new FsShell(clientConf);
    }

    @AfterClass
    public static void destroy() {
        IOUtils.cleanupWithLogger(null, fs);
        if (cluster != null) {
            cluster.shutdown();
            cluster = null;
        }
        if (kdc != null) {
            kdc.stop();
        }
        if (miniKMS != null) {
            miniKMS.stop();
        }
        FileUtil.fullyDelete(baseDir);
    }

    private static String getKeyProviderURI() {
        return "kms://" + miniKMS.getKMSUrl().toExternalForm().replace("://", "@");
    }

    @Test
    public void testTrashCheckpoint() throws Exception {
        Path path = new Path("/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path);
        Path path2 = new Path(path + "/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path2);
        dfsAdmin.createEncryptionZone(path2, TEST_KEY, PROVISION_TRASH);
        Path path3 = new Path(path2, "encFile" + fileCounter.getAndIncrement());
        DFSTestUtil.createFile(fs, path3, 8192L, (short) 1, 65261L);
        StringBuilder sb = new StringBuilder();
        FileSystem fileSystem = fs;
        String str = new Path(path2, sb.append(FileSystem.TRASH_PREFIX).append("/").append("hdfs").append("/").append(CURRENT).toString()).toString() + path3.toString();
        Assert.assertEquals("Deleted file not at the expected trash location: " + str, str, verifyTrashLocationWithShellDelete(path3).toUri().getPath());
        StringBuilder append = new StringBuilder().append(fs.getHomeDirectory().toUri().getPath()).append("/");
        FileSystem fileSystem2 = fs;
        String sb2 = append.append(FileSystem.TRASH_PREFIX).append("/").append(CURRENT).append(path2).toString();
        Assert.assertEquals("Deleted zone not at the expected trash location: " + sb2, sb2, verifyTrashLocationWithShellDelete(path2).toUri().getPath());
    }

    @Test
    public void testTrashExpunge() throws Exception {
        Path path = new Path("/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path);
        Path path2 = new Path("/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path2);
        dfsAdmin.createEncryptionZone(path, TEST_KEY, PROVISION_TRASH);
        Path path3 = new Path(path, "encFile" + fileCounter.getAndIncrement());
        Path path4 = new Path(path2, "file" + fileCounter.getAndIncrement());
        DFSTestUtil.createFile(fs, path3, 8192L, (short) 1, 65261L);
        DFSTestUtil.createFile(fs, path4, 8192L, (short) 1, 65261L);
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.add(verifyTrashLocationWithShellDelete(path3));
        newArrayList.add(verifyTrashLocationWithShellDelete(path4));
        verifyTrashExpunge(newArrayList);
        Path path5 = new Path(path, "encFile" + fileCounter.getAndIncrement());
        DFSTestUtil.createFile(fs, path5, 8192L, (short) 1, 65261L);
        Path verifyTrashLocationWithShellDelete = verifyTrashLocationWithShellDelete(path5);
        DFSTestUtil.verifyDelete(shell, fs, path, true);
        verifyTrashExpunge(Lists.newArrayList(verifyTrashLocationWithShellDelete));
    }

    @Test
    public void testDeleteWithSkipTrash() throws Exception {
        Path path = new Path("/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path);
        Path path2 = new Path(path, "encFile" + fileCounter.getAndIncrement());
        Path path3 = new Path(path, "encFile" + fileCounter.getAndIncrement());
        DFSTestUtil.createFile(fs, path2, 8192L, (short) 1, 65261L);
        DFSTestUtil.createFile(fs, path3, 8192L, (short) 1, 65261L);
        verifyDeleteWithSkipTrash(path2);
        DFSTestUtil.verifyDelete(shell, fs, path3, true);
    }

    @Test
    public void testDeleteEmptyDirectory() throws Exception {
        Path path = new Path("/zone" + zoneCounter.getAndIncrement());
        Path path2 = new Path("/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path);
        fs.mkdirs(path2);
        Path path3 = new Path(shell.getCurrentTrashDir(path) + "/" + path);
        Path path4 = new Path(shell.getCurrentTrashDir(path) + "/" + path2);
        Assert.assertEquals("rm failed", 0L, ToolRunner.run(shell, new String[]{"-rm", "-r", path.toString()}));
        Assert.assertTrue("Empty directory not deleted even with -r : " + path3, fs.exists(path3));
        Assert.assertEquals("rm on empty directory did not fail", 1L, ToolRunner.run(shell, new String[]{"-rm", path2.toString()}));
        Assert.assertTrue("Empty directory deleted without -r : " + path4, !fs.exists(path4));
    }

    @Test
    public void testDeleteFromTrashWithinEZ() throws Exception {
        Path path = new Path("/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path);
        dfsAdmin.createEncryptionZone(path, TEST_KEY, PROVISION_TRASH);
        Path path2 = new Path(path, "encFile" + fileCounter.getAndIncrement());
        DFSTestUtil.createFile(fs, path2, 8192L, (short) 1, 65261L);
        Path path3 = new Path(shell.getCurrentTrashDir(path2) + "/" + path2);
        Assert.assertEquals("rm failed", 0L, ToolRunner.run(shell, new String[]{"-rm", "-r", path2.toString()}));
        Assert.assertEquals("rm failed", 0L, ToolRunner.run(shell, new String[]{"-rm", "-r", path3.toString()}));
        Assert.assertFalse("File deleted from Trash : " + path3, fs.exists(path3));
    }

    @Test
    public void testTrashRetentionAfterNamenodeRestart() throws Exception {
        Path path = new Path("/zone" + zoneCounter.getAndIncrement());
        fs.mkdirs(path);
        dfsAdmin.createEncryptionZone(path, TEST_KEY, PROVISION_TRASH);
        Path path2 = new Path(path, "encFile" + fileCounter.getAndIncrement());
        DFSTestUtil.createFile(fs, path2, 8192L, (short) 1, 65261L);
        Path path3 = new Path(shell.getCurrentTrashDir(path2) + "/" + path2);
        Assert.assertEquals("rm failed", 0L, ToolRunner.run(shell, new String[]{"-rm", "-r", path2.toString()}));
        Assert.assertTrue("File not in trash : " + path3, fs.exists(path3));
        cluster.restartNameNode(0);
        cluster.waitActive();
        fs = cluster.getFileSystem();
        Assert.assertTrue("On Namenode restart, file deleted from trash : " + path3, fs.exists(path3));
    }

    private Path verifyTrashLocationWithShellDelete(Path path) throws Exception {
        Path path2 = new Path(shell.getCurrentTrashDir(path) + "/" + path);
        Assert.assertFalse("File already present in Trash before delete", new File(String.valueOf(path2)).exists());
        DFSTestUtil.verifyDelete(shell, fs, path, path2, true);
        return path2;
    }

    private void verifyTrashExpunge(List<Path> list) throws Exception {
        Assert.assertEquals("expunge failed", 0L, ToolRunner.run(shell, new String[]{"-expunge"}));
        for (Path path : list) {
            Assert.assertFalse("File exists in trash after expunge : " + path, fs.exists(path));
        }
    }

    private void verifyDeleteWithSkipTrash(Path path) throws Exception {
        Assert.assertTrue(path + " file does not exist", fs.exists(path));
        Path path2 = new Path(shell.getCurrentTrashDir(path) + "/" + path);
        Assert.assertEquals("rm failed", 0L, ToolRunner.run(shell, new String[]{"-rm", "-r", "-skipTrash", path.toString()}));
        Assert.assertFalse("File in trash even with -skipTrash", fs.exists(path2));
    }
}
