package org.apache.hadoop.hdfs;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryScope;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.server.namenode.AclTestHelpers;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.thirdparty.com.google.common.collect.Lists;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hdfs/TestExtendedAcls.class */
public class TestExtendedAcls {
    private static MiniDFSCluster cluster;
    private static Configuration conf;
    private static final short REPLICATION = 3;
    private static DistributedFileSystem hdfs;

    @BeforeClass
    public static void setup() throws IOException {
        conf = new Configuration();
        conf.setBoolean("dfs.namenode.acls.enabled", true);
        cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build();
        cluster.waitActive();
        hdfs = cluster.getFileSystem();
    }

    @AfterClass
    public static void shutdown() throws IOException {
        if (cluster != null) {
            cluster.shutdown();
            cluster = null;
        }
    }

    @Test
    public void testDefaultAclNewChildDirFile() throws IOException {
        Path path = new Path("/testDefaultAclNewChildDirFile");
        ArrayList newArrayList = Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.ALL)});
        hdfs.mkdirs(path);
        hdfs.setAcl(path, newArrayList);
        Path path2 = new Path(path, "childDir");
        hdfs.mkdirs(path2);
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.READ_EXECUTE)}, hdfs.getAclStatus(path2).getEntries().toArray());
        Path path3 = new Path(path, "childFile");
        hdfs.create(path3).close();
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE)}, hdfs.getAclStatus(path3).getEntries().toArray());
        hdfs.delete(path, true);
    }

    @Test
    public void testDefaultAclExistingDirFile() throws Exception {
        Path path = new Path("/testDefaultAclExistingDirFile");
        hdfs.mkdirs(path);
        ArrayList newArrayList = Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.ALL)});
        ArrayList newArrayList2 = Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.READ_EXECUTE)});
        hdfs.setAcl(path, newArrayList);
        Path path2 = new Path(path, "childDir");
        hdfs.mkdirs(path2);
        AclEntry[] aclEntryArr = {AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.READ_EXECUTE)};
        Assert.assertArrayEquals(aclEntryArr, hdfs.getAclStatus(path2).getEntries().toArray());
        Path path3 = new Path(path2, "childFile");
        hdfs.create(path3).close();
        AclEntry[] aclEntryArr2 = {AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE)};
        Assert.assertArrayEquals(aclEntryArr2, hdfs.getAclStatus(path3).getEntries().toArray());
        hdfs.setAcl(path, newArrayList2);
        Assert.assertArrayEquals(aclEntryArr, hdfs.getAclStatus(path2).getEntries().toArray());
        Assert.assertArrayEquals(aclEntryArr2, hdfs.getAclStatus(path3).getEntries().toArray());
        hdfs.removeAcl(path);
        Assert.assertArrayEquals(aclEntryArr, hdfs.getAclStatus(path2).getEntries().toArray());
        Assert.assertArrayEquals(aclEntryArr2, hdfs.getAclStatus(path3).getEntries().toArray());
        hdfs.setPermission(path3, new FsPermission((short) 416));
        Assert.assertFalse(tryAccess(path3, "other", new String[]{"other"}, FsAction.READ));
        hdfs.delete(path, true);
    }

    @Test
    public void testAccessAclNotInherited() throws IOException {
        Path path = new Path("/testAccessAclNotInherited");
        hdfs.mkdirs(path);
        hdfs.setAcl(path, Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FsAction.READ_WRITE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, FsAction.READ), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "bar", FsAction.ALL)}));
        Path path2 = new Path(path, "childDir");
        hdfs.mkdirs(path2);
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FsAction.READ_WRITE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, FsAction.READ), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.READ)}, hdfs.getAclStatus(path2).getEntries().toArray());
        Path path3 = new Path(path, "childFile");
        hdfs.create(path3).close();
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ)}, hdfs.getAclStatus(path3).getEntries().toArray());
        hdfs.delete(path, true);
    }

    @Test
    public void testGradSubdirMoreAccess() throws Exception {
        Path path = new Path("/testGradSubdirMoreAccess");
        hdfs.mkdirs(path);
        ArrayList newArrayList = Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.READ_EXECUTE)});
        ArrayList newArrayList2 = Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, "bar", FsAction.READ_WRITE)});
        hdfs.setAcl(path, newArrayList);
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.READ_EXECUTE)}, hdfs.getAclStatus(path).getEntries().toArray());
        Path path2 = new Path(path, "childDir");
        hdfs.mkdirs(path2);
        hdfs.modifyAclEntries(path2, newArrayList2);
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, "bar", FsAction.READ_WRITE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.READ_EXECUTE)}, hdfs.getAclStatus(path2).getEntries().toArray());
        Path path3 = new Path(path, "parentFile");
        hdfs.create(path3).close();
        hdfs.setPermission(path3, new FsPermission((short) 416));
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE)}, hdfs.getAclStatus(path3).getEntries().toArray());
        Path path4 = new Path(path2, "childFile");
        hdfs.create(path4).close();
        hdfs.setPermission(path4, new FsPermission((short) 416));
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, "bar", FsAction.READ_WRITE)}, hdfs.getAclStatus(path4).getEntries().toArray());
        Assert.assertFalse(tryAccess(path3, "barUser", new String[]{"bar"}, FsAction.READ));
        Assert.assertTrue(tryAccess(path4, "barUser", new String[]{"bar"}, FsAction.READ));
        Assert.assertTrue(tryAccess(path3, "foo", new String[]{"fooGroup"}, FsAction.READ));
        Assert.assertTrue(tryAccess(path4, "foo", new String[]{"fooGroup"}, FsAction.READ));
        hdfs.delete(path, true);
    }

    @Test
    public void testRestrictAtSubDir() throws Exception {
        Path path = new Path("/testRestrictAtSubDir");
        hdfs.mkdirs(path);
        hdfs.setAcl(path, Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, "bar", FsAction.ALL)}));
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, "bar", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.READ_EXECUTE)}, hdfs.getAclStatus(path).getEntries().toArray());
        Path path2 = new Path(path, "parentFile");
        hdfs.create(path2).close();
        hdfs.setPermission(path2, new FsPermission((short) 416));
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, "bar", FsAction.ALL)}, hdfs.getAclStatus(path2).getEntries().toArray());
        Path path3 = new Path(path, "childDir");
        hdfs.mkdirs(path3);
        hdfs.modifyAclEntries(path3, Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, "bar", FsAction.NONE)}));
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, "bar", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, "bar", FsAction.NONE), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.READ_EXECUTE)}, hdfs.getAclStatus(path3).getEntries().toArray());
        Path path4 = new Path(path3, "childFile");
        hdfs.create(path4).close();
        hdfs.setPermission(path4, new FsPermission((short) 416));
        Assert.assertArrayEquals(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, "foo", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, FsAction.READ_EXECUTE), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, "bar", FsAction.NONE)}, hdfs.getAclStatus(path4).getEntries().toArray());
        Assert.assertFalse(tryAccess(path4, "barUser", new String[]{"bar"}, FsAction.READ));
        Assert.assertTrue(tryAccess(path4, "foo", new String[]{"fooGroup"}, FsAction.READ));
        Assert.assertTrue(tryAccess(path2, "barUser", new String[]{"bar"}, FsAction.READ));
        Assert.assertTrue(tryAccess(path2, "foo", new String[]{"fooGroup"}, FsAction.READ));
        hdfs.delete(path, true);
    }

    private boolean tryAccess(Path path, String str, String[] strArr, FsAction fsAction) throws Exception {
        boolean z;
        try {
            ((FileSystem) UserGroupInformation.createUserForTesting(str, strArr).doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.hadoop.hdfs.TestExtendedAcls.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    return FileSystem.get(TestExtendedAcls.conf);
                }
            })).access(path, fsAction);
            z = true;
        } catch (AccessControlException e) {
            z = false;
        }
        return z;
    }
}
