package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.server.namenode.top.TopAuditLogger;
import org.apache.hadoop.hdfs.web.resources.GetOpParam;
import org.apache.hadoop.ipc.CallerContext;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.class */
public class TestAuditLogger {
    private static final Logger LOG = LoggerFactory.getLogger(TestAuditLogger.class);
    private static final short TEST_PERMISSION = 428;

    /* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestAuditLogger$BrokenAuditLogger.class */
    public static class BrokenAuditLogger implements AuditLogger {
        public void initialize(Configuration configuration) {
        }

        public void logAuditEvent(boolean z, String str, InetAddress inetAddress, String str2, String str3, String str4, FileStatus fileStatus) {
            if (str2.equals("setTimes")) {
                throw new RuntimeException("uh oh");
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestAuditLogger$DummyAuditLogger.class */
    public static class DummyAuditLogger implements AuditLogger {
        static boolean initialized;
        static int logCount;
        static int unsuccessfulCount;
        static short foundPermission;
        static String remoteAddr;
        private static String lastCommand;

        public void initialize(Configuration configuration) {
            initialized = true;
        }

        public static void resetLogCount() {
            logCount = 0;
            unsuccessfulCount = 0;
        }

        public void logAuditEvent(boolean z, String str, InetAddress inetAddress, String str2, String str3, String str4, FileStatus fileStatus) {
            remoteAddr = inetAddress.getHostAddress();
            logCount++;
            if (!z) {
                unsuccessfulCount++;
            }
            lastCommand = str2;
            if (fileStatus != null) {
                foundPermission = fileStatus.getPermission().toShort();
            }
        }

        public static String getLastCommand() {
            return lastCommand;
        }
    }

    @Before
    public void setup() {
        DummyAuditLogger.initialized = false;
        DummyAuditLogger.logCount = 0;
        DummyAuditLogger.remoteAddr = null;
        ProxyUsers.refreshSuperUserGroupsConfiguration(new HdfsConfiguration());
    }

    @Test
    public void testAuditLogger() throws IOException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.set("dfs.namenode.audit.loggers", DummyAuditLogger.class.getName());
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).build();
        try {
            build.waitClusterUp();
            Assert.assertTrue(DummyAuditLogger.initialized);
            DummyAuditLogger.resetLogCount();
            DistributedFileSystem fileSystem = build.getFileSystem();
            long currentTimeMillis = System.currentTimeMillis();
            fileSystem.setTimes(new Path("/"), currentTimeMillis, currentTimeMillis);
            Assert.assertEquals(1L, DummyAuditLogger.logCount);
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    @Test
    public void testDisableTopAuditLogger() throws IOException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.setBoolean("dfs.namenode.top.enabled", false);
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).build();
        try {
            build.waitClusterUp();
            Iterator it = build.getNameNode().getNamesystem().getAuditLoggers().iterator();
            while (it.hasNext()) {
                Assert.assertFalse("top audit logger is still hooked in after it is disabled", ((AuditLogger) it.next()) instanceof TopAuditLogger);
            }
        } finally {
            build.shutdown();
        }
    }

    @Test
    public void testWebHdfsAuditLogger() throws IOException, URISyntaxException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.set("dfs.namenode.audit.loggers", DummyAuditLogger.class.getName());
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).build();
        GetOpParam.Op op = GetOpParam.Op.GETFILESTATUS;
        try {
            build.waitClusterUp();
            Assert.assertTrue(DummyAuditLogger.initialized);
            URI uri = new URI("http", NetUtils.getHostPortString(build.getNameNode().getHttpAddress()), "/webhdfs/v1/", op.toQueryString(), null);
            HttpURLConnection httpURLConnection = (HttpURLConnection) uri.toURL().openConnection();
            httpURLConnection.setRequestMethod(op.getType().toString());
            httpURLConnection.connect();
            Assert.assertEquals(200L, httpURLConnection.getResponseCode());
            httpURLConnection.disconnect();
            Assert.assertEquals("getfileinfo", DummyAuditLogger.lastCommand);
            DummyAuditLogger.resetLogCount();
            Assert.assertEquals("127.0.0.1", DummyAuditLogger.remoteAddr);
            HttpURLConnection httpURLConnection2 = (HttpURLConnection) uri.toURL().openConnection();
            httpURLConnection2.setRequestMethod(op.getType().toString());
            httpURLConnection2.setRequestProperty("X-Forwarded-For", "1.1.1.1");
            httpURLConnection2.connect();
            Assert.assertEquals(200L, httpURLConnection2.getResponseCode());
            httpURLConnection2.disconnect();
            Assert.assertEquals("getfileinfo", DummyAuditLogger.lastCommand);
            Assert.assertTrue(DummyAuditLogger.logCount == 1);
            DummyAuditLogger.resetLogCount();
            Assert.assertEquals("127.0.0.1", DummyAuditLogger.remoteAddr);
            hdfsConfiguration.set("hadoop.proxyservers", "127.0.0.1");
            ProxyUsers.refreshSuperUserGroupsConfiguration(hdfsConfiguration);
            HttpURLConnection httpURLConnection3 = (HttpURLConnection) uri.toURL().openConnection();
            httpURLConnection3.setRequestMethod(op.getType().toString());
            httpURLConnection3.setRequestProperty("X-Forwarded-For", "1.1.1.1");
            httpURLConnection3.connect();
            Assert.assertEquals(200L, httpURLConnection3.getResponseCode());
            httpURLConnection3.disconnect();
            Assert.assertEquals("getfileinfo", DummyAuditLogger.lastCommand);
            Assert.assertTrue(DummyAuditLogger.logCount == 1);
            Assert.assertEquals("1.1.1.1", DummyAuditLogger.remoteAddr);
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    @Test
    public void testAuditLoggerWithSetPermission() throws IOException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.set("dfs.namenode.audit.loggers", DummyAuditLogger.class.getName());
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).build();
        try {
            build.waitClusterUp();
            Assert.assertTrue(DummyAuditLogger.initialized);
            DummyAuditLogger.resetLogCount();
            DistributedFileSystem fileSystem = build.getFileSystem();
            long currentTimeMillis = System.currentTimeMillis();
            Path path = new Path("/");
            fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
            fileSystem.setPermission(path, new FsPermission((short) 428));
            Assert.assertEquals(428L, DummyAuditLogger.foundPermission);
            Assert.assertEquals(2L, DummyAuditLogger.logCount);
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    @Test
    public void testAuditLoggerWithCallContext() throws IOException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.setBoolean("hadoop.caller.context.enabled", true);
        hdfsConfiguration.setInt("hadoop.caller.context.max.size", 128);
        hdfsConfiguration.setInt("hadoop.caller.context.signature.max.size", 40);
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).build();
        GenericTestUtils.LogCapturer captureLogs = GenericTestUtils.LogCapturer.captureLogs(FSNamesystem.auditLog);
        try {
            build.waitClusterUp();
            final DistributedFileSystem fileSystem = build.getFileSystem();
            final long currentTimeMillis = System.currentTimeMillis();
            final Path path = new Path("/");
            Assert.assertNull(CallerContext.getCurrent());
            CallerContext.setCurrent(new CallerContext.Builder("setTimes").build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=setTimes%n", new Object[0])));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder("setTimes").setSignature("L".getBytes(CallerContext.SIGNATURE_ENCODING)).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=setTimes:L%n", new Object[0])));
            captureLogs.clearOutput();
            String repeat = StringUtils.repeat("foo", 100);
            CallerContext.setCurrent(new CallerContext.Builder(repeat).setSignature("L".getBytes(CallerContext.SIGNATURE_ENCODING)).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=%s:L%n", repeat.substring(0, 128))));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder("").setSignature("L".getBytes(CallerContext.SIGNATURE_ENCODING)).build());
            LOG.info("Set empty caller context");
            fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
            Assert.assertFalse(captureLogs.getOutput().contains("callerContext="));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder("setTimes").setSignature("L".getBytes(CallerContext.SIGNATURE_ENCODING)).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            Thread thread = new Thread(new Runnable() { // from class: org.apache.hadoop.hdfs.server.namenode.TestAuditLogger.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
                    } catch (IOException e) {
                        Assert.fail("Unexpected exception found." + e);
                    }
                }
            });
            thread.start();
            try {
                thread.join();
            } catch (InterruptedException e) {
            }
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=setTimes:L%n", new Object[0])));
            captureLogs.clearOutput();
            final CallerContext build2 = new CallerContext.Builder("setPermission").setSignature("L".getBytes(CallerContext.SIGNATURE_ENCODING)).build();
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            Thread thread2 = new Thread(new Runnable() { // from class: org.apache.hadoop.hdfs.server.namenode.TestAuditLogger.2
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        CallerContext.setCurrent(build2);
                        fileSystem.setPermission(path, new FsPermission((short) 777));
                    } catch (IOException e2) {
                        Assert.fail("Unexpected exception found." + e2);
                    }
                }
            });
            thread2.start();
            try {
                thread2.join();
            } catch (InterruptedException e2) {
            }
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=setPermission:L%n", new Object[0])));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder("mkdirs").setSignature(CallerContext.getCurrent().getSignature()).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.mkdirs(new Path("/reuse-context-signature"));
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=mkdirs:L%n", new Object[0])));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder("setTimes").setSignature(new byte[41]).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=setTimes%n", new Object[0])));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder("setTimes").setSignature((byte[]) null).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.setTimes(path, currentTimeMillis, currentTimeMillis);
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=setTimes%n", new Object[0])));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder("mkdirs").setSignature("".getBytes(CallerContext.SIGNATURE_ENCODING)).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.mkdirs(new Path("/empty-signature"));
            Assert.assertTrue(captureLogs.getOutput().endsWith(String.format("callerContext=mkdirs%n", new Object[0])));
            captureLogs.clearOutput();
            CallerContext.setCurrent(new CallerContext.Builder((String) null).build());
            LOG.info("Set current caller context as {}", CallerContext.getCurrent());
            fileSystem.mkdirs(new Path("/empty-signature"));
            Assert.assertFalse(captureLogs.getOutput().contains("callerContext="));
            captureLogs.clearOutput();
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    @Test
    public void testAuditLogWithAclFailure() throws Exception {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.setBoolean("dfs.namenode.acls.enabled", true);
        hdfsConfiguration.set("dfs.namenode.audit.loggers", DummyAuditLogger.class.getName());
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).build();
        try {
            build.waitClusterUp();
            FSDirectory fSDirectory = (FSDirectory) Mockito.spy(build.getNamesystem().getFSDirectory());
            ((FSDirectory) Mockito.doThrow(new AccessControlException()).when(fSDirectory)).getPermissionChecker();
            build.getNamesystem().setFSDirectory(fSDirectory);
            Assert.assertTrue(DummyAuditLogger.initialized);
            DummyAuditLogger.resetLogCount();
            DistributedFileSystem fileSystem = build.getFileSystem();
            Path path = new Path("/");
            ArrayList newArrayList = Lists.newArrayList();
            try {
                fileSystem.getAclStatus(path);
            } catch (AccessControlException e) {
            }
            try {
                fileSystem.setAcl(path, newArrayList);
            } catch (AccessControlException e2) {
            }
            try {
                fileSystem.removeAcl(path);
            } catch (AccessControlException e3) {
            }
            try {
                fileSystem.removeDefaultAcl(path);
            } catch (AccessControlException e4) {
            }
            try {
                fileSystem.removeAclEntries(path, newArrayList);
            } catch (AccessControlException e5) {
            }
            try {
                fileSystem.modifyAclEntries(path, newArrayList);
            } catch (AccessControlException e6) {
            }
            Assert.assertEquals(6L, DummyAuditLogger.logCount);
            Assert.assertEquals(6L, DummyAuditLogger.unsuccessfulCount);
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    @Test
    public void testBrokenLogger() throws IOException {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        hdfsConfiguration.set("dfs.namenode.audit.loggers", BrokenAuditLogger.class.getName());
        MiniDFSCluster build = new MiniDFSCluster.Builder(hdfsConfiguration).build();
        try {
            build.waitClusterUp();
            DistributedFileSystem fileSystem = build.getFileSystem();
            long currentTimeMillis = System.currentTimeMillis();
            fileSystem.setTimes(new Path("/"), currentTimeMillis, currentTimeMillis);
            Assert.fail("Expected exception due to broken audit logger.");
            build.shutdown();
        } catch (RemoteException e) {
            build.shutdown();
        } catch (Throwable th) {
            build.shutdown();
            throw th;
        }
    }

    static {
        GenericTestUtils.setLogLevel(LOG, Level.ALL);
    }
}
