package org.apache.hadoop.hdfs;

import java.io.IOException;
import java.util.HashMap;
import java.util.Random;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.Progressable;
import org.apache.hadoop.util.Time;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission.class */
public class TestDFSPermission {
    private static final String GROUP1_NAME = "group1";
    private static final String GROUP2_NAME = "group2";
    private static final String GROUP3_NAME = "group3";
    private static final String GROUP4_NAME = "group4";
    private static final String USER1_NAME = "user1";
    private static final String USER2_NAME = "user2";
    private static final String USER3_NAME = "user3";
    private static UserGroupInformation SUPERUSER;
    private static UserGroupInformation USER1;
    private static UserGroupInformation USER2;
    private static UserGroupInformation USER3;
    private static final short MAX_PERMISSION = 511;
    private static final short DEFAULT_UMASK = 18;
    private FileSystem fs;
    private MiniDFSCluster cluster;
    private static Random r;
    private static final String ANCESTOR_NAME = "/ancestor";
    private static final String PARENT_NAME = "parent";
    private static final String FILE_NAME = "file";
    private static final String DIR_NAME = "dir";
    private static final String FILE_DIR_NAME = "filedir";
    private static final short SUPER_MASK = 0;
    private static final short READ_MASK = 292;
    private static final short WRITE_MASK = 146;
    private static final short SEARCH_MASK = 73;
    private static final short NULL_MASK = 0;
    private static final short OWNER_MASK = 448;
    private static final short GROUP_MASK = 56;
    private static final short OTHER_MASK = 7;
    private CreatePermissionVerifier createVerifier = new CreatePermissionVerifier();
    private OpenPermissionVerifier openVerifier = new OpenPermissionVerifier();
    private SetReplicationPermissionVerifier replicatorVerifier = new SetReplicationPermissionVerifier();
    private SetTimesPermissionVerifier timesVerifier = new SetTimesPermissionVerifier();
    private StatsPermissionVerifier statsVerifier = new StatsPermissionVerifier();
    ListPermissionVerifier listVerifier = new ListPermissionVerifier();
    RenamePermissionVerifier renameVerifier = new RenamePermissionVerifier();
    DeletePermissionVerifier fileDeletionVerifier = new DeletePermissionVerifier();
    DeleteDirPermissionVerifier dirDeletionVerifier = new DeleteDirPermissionVerifier();
    final DeleteEmptyDirPermissionVerifier emptyDirDeletionVerifier = new DeleteEmptyDirPermissionVerifier();
    public static final Log LOG = LogFactory.getLog(TestDFSPermission.class);
    private static final Configuration conf = new HdfsConfiguration();
    private static final FsPermission DEFAULT_PERMISSION = FsPermission.createImmutable(511);
    private static final int NUM_TEST_PERMISSIONS = (conf.getInt("test.dfs.permission.num", 10) * 512) / 100;
    private static final String PATH_NAME = "xx";
    private static final Path FILE_DIR_PATH = new Path("/", PATH_NAME);
    private static final Path NON_EXISTENT_PATH = new Path("/parent", PATH_NAME);
    private static final Path NON_EXISTENT_FILE = new Path("/NonExistentFile");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$CreatePermissionVerifier.class */
    public class CreatePermissionVerifier extends PermissionVerifier {
        private OpType opType;
        private boolean cleanup;

        private CreatePermissionVerifier() {
            super();
            this.cleanup = true;
        }

        protected void set(Path path, OpType opType, short s, short s2) {
            super.set(path, s, s2, (short) 0);
            setOpType(opType);
        }

        void setCleanup(boolean z) {
            this.cleanup = z;
        }

        void setOpType(OpType opType) {
            this.opType = opType;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 219;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            TestDFSPermission.this.create(this.opType, this.path);
            if (this.cleanup) {
                TestDFSPermission.this.fs.delete(this.path, true);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$DeleteDirPermissionVerifier.class */
    public class DeleteDirPermissionVerifier extends DeletePermissionVerifier {
        private short[] childPermissions;

        private DeleteDirPermissionVerifier() {
            super();
        }

        void set(Path path, short s, short s2, short s3, short[] sArr) {
            set(path, s, s2, s3);
            this.childPermissions = sArr;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.DeletePermissionVerifier, org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 219;
            this.opPermission = (short) 511;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        protected boolean expectPermissionDeny() {
            if (super.expectPermissionDeny()) {
                return true;
            }
            if (this.childPermissions == null) {
                return false;
            }
            for (short s : this.childPermissions) {
                if ((this.requiredPermission & s) != this.requiredPermission) {
                    return true;
                }
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$DeleteEmptyDirPermissionVerifier.class */
    public class DeleteEmptyDirPermissionVerifier extends DeleteDirPermissionVerifier {
        private DeleteEmptyDirPermissionVerifier() {
            super();
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.DeleteDirPermissionVerifier, org.apache.hadoop.hdfs.TestDFSPermission.DeletePermissionVerifier, org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 219;
            this.opPermission = (short) 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$DeletePermissionVerifier.class */
    public class DeletePermissionVerifier extends PermissionVerifier {
        private DeletePermissionVerifier() {
            super();
        }

        void set(Path path, short s, short s2) {
            super.set(path, s, s2, (short) 0);
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 219;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            TestDFSPermission.this.fs.delete(this.path, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$InodeType.class */
    public enum InodeType {
        FILE,
        DIR
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$ListPermissionVerifier.class */
    public class ListPermissionVerifier extends PermissionVerifier {
        private InodeType inodeType;

        private ListPermissionVerifier() {
            super();
        }

        void set(Path path, InodeType inodeType, short s, short s2, short s3) {
            this.inodeType = inodeType;
            super.set(path, s, s2, s3);
        }

        void setInodeType(Path path, InodeType inodeType) {
            this.path = path;
            this.inodeType = inodeType;
            setOpPermission();
            this.ugi = null;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 73;
            switch (this.inodeType) {
                case FILE:
                    this.opPermission = (short) 0;
                    return;
                case DIR:
                    this.opPermission = (short) 365;
                    return;
                default:
                    throw new IllegalArgumentException("Illegal inode type: " + this.inodeType);
            }
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            TestDFSPermission.this.fs.listStatus(this.path);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$OpType.class */
    public enum OpType {
        CREATE,
        MKDIRS,
        OPEN,
        SET_REPLICATION,
        GET_FILEINFO,
        IS_DIR,
        EXISTS,
        GET_CONTENT_LENGTH,
        LIST,
        RENAME,
        DELETE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$OpenPermissionVerifier.class */
    public class OpenPermissionVerifier extends PermissionVerifier {
        private OpenPermissionVerifier() {
            super();
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 73;
            this.opPermission = (short) 292;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            TestDFSPermission.this.fs.open(this.path).close();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$PermissionGenerator.class */
    public static class PermissionGenerator {
        private Random r;
        private short[] permissions = new short[512];
        private int numLeft = 512;

        PermissionGenerator(Random random) {
            this.r = random;
            for (int i = 0; i <= 511; i++) {
                this.permissions[i] = (short) i;
            }
        }

        short next() throws IOException {
            if (this.numLeft == 0) {
                throw new IOException("No more permission is avaialbe");
            }
            int nextInt = this.r.nextInt(this.numLeft);
            this.numLeft--;
            short s = this.permissions[this.numLeft];
            this.permissions[this.numLeft] = this.permissions[nextInt];
            this.permissions[nextInt] = s;
            return this.permissions[this.numLeft];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$PermissionVerifier.class */
    public abstract class PermissionVerifier {
        protected Path path;
        protected short ancestorPermission;
        protected short parentPermission;
        private short permission;
        protected short requiredAncestorPermission;
        protected short requiredParentPermission;
        protected short requiredPermission;
        protected static final short opAncestorPermission = 73;
        protected short opParentPermission;
        protected short opPermission;
        protected UserGroupInformation ugi;

        PermissionVerifier() {
        }

        protected void set(Path path, short s, short s2, short s3) {
            this.path = path;
            this.ancestorPermission = s;
            this.parentPermission = s2;
            this.permission = s3;
            setOpPermission();
            this.ugi = null;
        }

        void verifyPermission(UserGroupInformation userGroupInformation) throws IOException {
            if (this.ugi != userGroupInformation) {
                setRequiredPermissions(userGroupInformation);
                this.ugi = userGroupInformation;
            }
            try {
                try {
                    call();
                    Assert.assertFalse(expectPermissionDeny());
                } catch (AccessControlException e) {
                    Assert.assertTrue(expectPermissionDeny());
                }
            } catch (AssertionError e2) {
                logPermissions();
                throw e2;
            }
        }

        protected void logPermissions() {
            TestDFSPermission.LOG.info("required ancestor permission:" + Integer.toOctalString(this.requiredAncestorPermission));
            TestDFSPermission.LOG.info("ancestor permission: " + Integer.toOctalString(this.ancestorPermission));
            TestDFSPermission.LOG.info("required parent permission:" + Integer.toOctalString(this.requiredParentPermission));
            TestDFSPermission.LOG.info("parent permission: " + Integer.toOctalString(this.parentPermission));
            TestDFSPermission.LOG.info("required permission:" + Integer.toOctalString(this.requiredPermission));
            TestDFSPermission.LOG.info("permission: " + Integer.toOctalString(this.permission));
        }

        protected boolean expectPermissionDeny() {
            return ((this.requiredPermission & this.permission) == this.requiredPermission && (this.requiredParentPermission & this.parentPermission) == this.requiredParentPermission && (this.requiredAncestorPermission & this.ancestorPermission) == this.requiredAncestorPermission) ? false : true;
        }

        protected void setRequiredPermissions(UserGroupInformation userGroupInformation) {
            if (TestDFSPermission.SUPERUSER.equals(userGroupInformation)) {
                this.requiredAncestorPermission = (short) 0;
                this.requiredParentPermission = (short) 0;
                this.requiredPermission = (short) 0;
                return;
            }
            if (TestDFSPermission.USER1.equals(userGroupInformation)) {
                this.requiredAncestorPermission = (short) 64;
                this.requiredParentPermission = (short) (this.opParentPermission & TestDFSPermission.OWNER_MASK);
                this.requiredPermission = (short) (this.opPermission & TestDFSPermission.OWNER_MASK);
            } else if (TestDFSPermission.USER2.equals(userGroupInformation)) {
                this.requiredAncestorPermission = (short) 8;
                this.requiredParentPermission = (short) (this.opParentPermission & 56);
                this.requiredPermission = (short) (this.opPermission & 56);
            } else {
                if (!TestDFSPermission.USER3.equals(userGroupInformation)) {
                    throw new IllegalArgumentException("Non-supported user: " + userGroupInformation);
                }
                this.requiredAncestorPermission = (short) 1;
                this.requiredParentPermission = (short) (this.opParentPermission & 7);
                this.requiredPermission = (short) (this.opPermission & 7);
            }
        }

        abstract void setOpPermission();

        abstract void call() throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$RenamePermissionVerifier.class */
    public class RenamePermissionVerifier extends PermissionVerifier {
        private Path dst;
        private short dstAncestorPermission;
        private short dstParentPermission;

        private RenamePermissionVerifier() {
            super();
        }

        void set(Path path, short s, short s2, Path path2, short s3, short s4) {
            super.set(path, s, s2, (short) 0);
            this.dst = path2;
            this.dstAncestorPermission = s3;
            this.dstParentPermission = s4;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 219;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            TestDFSPermission.this.fs.rename(this.path, this.dst);
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        protected boolean expectPermissionDeny() {
            return (!super.expectPermissionDeny() && (this.requiredParentPermission & this.dstParentPermission) == this.requiredParentPermission && (this.requiredAncestorPermission & this.dstAncestorPermission) == this.requiredAncestorPermission) ? false : true;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        protected void logPermissions() {
            super.logPermissions();
            TestDFSPermission.LOG.info("dst ancestor permission: " + Integer.toOctalString(this.dstAncestorPermission));
            TestDFSPermission.LOG.info("dst parent permission: " + Integer.toOctalString(this.dstParentPermission));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$SetReplicationPermissionVerifier.class */
    public class SetReplicationPermissionVerifier extends PermissionVerifier {
        private SetReplicationPermissionVerifier() {
            super();
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 73;
            this.opPermission = (short) 146;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            TestDFSPermission.this.fs.setReplication(this.path, (short) 1);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$SetTimesPermissionVerifier.class */
    public class SetTimesPermissionVerifier extends PermissionVerifier {
        private SetTimesPermissionVerifier() {
            super();
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 73;
            this.opPermission = (short) 146;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            TestDFSPermission.this.fs.setTimes(this.path, 100L, 100L);
            TestDFSPermission.this.fs.setTimes(this.path, -1L, 100L);
            TestDFSPermission.this.fs.setTimes(this.path, 100L, -1L);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.3.0-cdh5.1.3-tests.jar:org/apache/hadoop/hdfs/TestDFSPermission$StatsPermissionVerifier.class */
    public class StatsPermissionVerifier extends PermissionVerifier {
        OpType opType;

        private StatsPermissionVerifier() {
            super();
        }

        void set(Path path, OpType opType, short s, short s2) {
            super.set(path, s, s2, (short) 0);
            setOpType(opType);
        }

        void setOpType(OpType opType) {
            this.opType = opType;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void setOpPermission() {
            this.opParentPermission = (short) 73;
        }

        @Override // org.apache.hadoop.hdfs.TestDFSPermission.PermissionVerifier
        void call() throws IOException {
            switch (this.opType) {
                case GET_FILEINFO:
                    TestDFSPermission.this.fs.getFileStatus(this.path);
                    return;
                case IS_DIR:
                    TestDFSPermission.this.fs.isDirectory(this.path);
                    return;
                case EXISTS:
                    TestDFSPermission.this.fs.exists(this.path);
                    return;
                case GET_CONTENT_LENGTH:
                    TestDFSPermission.this.fs.getContentSummary(this.path).getLength();
                    return;
                default:
                    throw new IllegalArgumentException("Unexpected operation type: " + this.opType);
            }
        }
    }

    @Before
    public void setUp() throws IOException {
        this.cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build();
        this.cluster.waitActive();
    }

    @After
    public void tearDown() throws IOException {
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
    }

    @Test
    public void testPermissionSetting() throws Exception {
        testPermissionSetting(OpType.CREATE);
        testPermissionSetting(OpType.MKDIRS);
    }

    private void initFileSystem(short s) throws Exception {
        conf.set("fs.permissions.umask-mode", String.format("%1$03o", Short.valueOf(s)));
        this.fs = FileSystem.get(conf);
    }

    private void closeFileSystem() throws Exception {
        this.fs.close();
    }

    private void testPermissionSetting(OpType opType) throws Exception {
        PermissionGenerator permissionGenerator = new PermissionGenerator(r);
        FsPermission fsPermission = new FsPermission(DEFAULT_PERMISSION);
        short s = 0;
        while (true) {
            short s2 = s;
            if (s2 >= NUM_TEST_PERMISSIONS) {
                initFileSystem((short) 18);
                createAndCheckPermission(opType, FILE_DIR_PATH, (short) 18, new FsPermission((short) 419), true);
                closeFileSystem();
                initFileSystem((short) 146);
                createAndCheckPermission(opType, FILE_DIR_PATH, (short) 146, new FsPermission((short) 419), false);
                closeFileSystem();
                initFileSystem((short) 73);
                this.fs.setPermission(FILE_DIR_PATH, new FsPermission((short) 73));
                checkPermission(FILE_DIR_PATH, (short) 73, true);
                closeFileSystem();
                initFileSystem((short) 18);
                Assert.assertFalse("File shouldn't exists", this.fs.exists(NON_EXISTENT_PATH));
                createAndCheckPermission(opType, NON_EXISTENT_PATH, (short) 18, new FsPermission(DEFAULT_PERMISSION), false);
                Path parent = NON_EXISTENT_PATH.getParent();
                checkPermission(parent, getPermission(parent.getParent()), true);
                closeFileSystem();
                return;
            }
            short next = permissionGenerator.next();
            initFileSystem(next);
            createAndCheckPermission(opType, FILE_DIR_PATH, next, fsPermission, true);
            closeFileSystem();
            s = (short) (s2 + 1);
        }
    }

    private short getPermission(Path path) throws IOException {
        return this.fs.getFileStatus(path).getPermission().toShort();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void create(OpType opType, Path path) throws IOException {
        create(opType, path, (short) 18, new FsPermission(DEFAULT_PERMISSION));
    }

    private void create(OpType opType, Path path, short s, FsPermission fsPermission) throws IOException {
        conf.set("fs.permissions.umask-mode", String.format("%1$03o", Short.valueOf(s)));
        switch (opType) {
            case CREATE:
                this.fs.create(path, fsPermission, true, conf.getInt(CommonConfigurationKeysPublic.IO_FILE_BUFFER_SIZE_KEY, 4096), this.fs.getDefaultReplication(path), this.fs.getDefaultBlockSize(path), (Progressable) null).close();
                return;
            case MKDIRS:
                this.fs.mkdirs(path, fsPermission);
                return;
            default:
                throw new IOException("Unsupported operation: " + opType);
        }
    }

    private void createAndCheckPermission(OpType opType, Path path, short s, FsPermission fsPermission, boolean z) throws Exception {
        create(opType, path, s, fsPermission);
        short s2 = DEFAULT_PERMISSION.equals(fsPermission) ? (short) 511 : fsPermission.toShort();
        checkPermission(path, opType == OpType.CREATE ? (short) ((s ^ (-1)) & s2) : (short) ((s ^ (-1)) & s2), z);
    }

    private void checkPermission(Path path, short s, boolean z) throws IOException {
        try {
            Assert.assertEquals(getPermission(path), s);
            if (z) {
                this.fs.delete(path, true);
            }
        } catch (Throwable th) {
            if (z) {
                this.fs.delete(path, true);
            }
            throw th;
        }
    }

    @Test
    public void testImmutableFsPermission() throws IOException {
        this.fs = FileSystem.get(conf);
        this.fs.setPermission(new Path("/"), FsPermission.createImmutable((short) 511));
    }

    @Test
    public void testOwnership() throws Exception {
        testOwnership(OpType.CREATE);
        testOwnership(OpType.MKDIRS);
    }

    private void setOwner(Path path, String str, String str2, boolean z) throws IOException {
        String owner;
        if (str == null) {
            try {
                owner = getOwner(path);
            } catch (AccessControlException e) {
                Assert.assertTrue(z);
                return;
            }
        } else {
            owner = str;
        }
        String str3 = owner;
        String group = str2 == null ? getGroup(path) : str2;
        this.fs.setOwner(path, str, str2);
        checkOwnership(path, str3, group);
        Assert.assertFalse(z);
    }

    private void testOwnership(OpType opType) throws Exception {
        this.fs = FileSystem.get(conf);
        create(opType, FILE_DIR_PATH, (short) 18, new FsPermission(DEFAULT_PERMISSION));
        checkOwnership(FILE_DIR_PATH, SUPERUSER.getShortUserName(), getGroup(FILE_DIR_PATH.getParent()));
        setOwner(FILE_DIR_PATH, USER1.getShortUserName(), GROUP3_NAME, false);
        login(USER1);
        setOwner(FILE_DIR_PATH, USER2.getShortUserName(), null, true);
        setOwner(FILE_DIR_PATH, null, GROUP1_NAME, false);
        setOwner(FILE_DIR_PATH, null, GROUP3_NAME, true);
        login(USER2);
        setOwner(FILE_DIR_PATH, null, GROUP3_NAME, true);
        setOwner(FILE_DIR_PATH, USER2.getShortUserName(), null, true);
        login(SUPERUSER);
        this.fs.delete(FILE_DIR_PATH, true);
    }

    private String getGroup(Path path) throws IOException {
        return this.fs.getFileStatus(path).getGroup();
    }

    private String getOwner(Path path) throws IOException {
        return this.fs.getFileStatus(path).getOwner();
    }

    private void checkOwnership(Path path, String str, String str2) throws IOException {
        FileStatus fileStatus = this.fs.getFileStatus(path);
        Assert.assertEquals(fileStatus.getOwner(), str);
        Assert.assertEquals(fileStatus.getGroup(), str2);
    }

    @Test
    public void testPermissionChecking() throws Exception {
        try {
            this.fs = FileSystem.get(conf);
            this.fs.setPermission(new Path("/"), new FsPermission((short) 511));
            PermissionGenerator permissionGenerator = new PermissionGenerator(r);
            PermissionGenerator permissionGenerator2 = new PermissionGenerator(r);
            PermissionGenerator permissionGenerator3 = new PermissionGenerator(r);
            short[] sArr = new short[NUM_TEST_PERMISSIONS];
            short[] sArr2 = new short[NUM_TEST_PERMISSIONS];
            short[] sArr3 = new short[NUM_TEST_PERMISSIONS];
            Path[] pathArr = new Path[NUM_TEST_PERMISSIONS];
            Path[] pathArr2 = new Path[NUM_TEST_PERMISSIONS];
            Path[] pathArr3 = new Path[NUM_TEST_PERMISSIONS];
            Path[] pathArr4 = new Path[NUM_TEST_PERMISSIONS];
            for (int i = 0; i < NUM_TEST_PERMISSIONS; i++) {
                pathArr[i] = new Path(ANCESTOR_NAME + i);
                create(OpType.MKDIRS, pathArr[i]);
                this.fs.setOwner(pathArr[i], USER1_NAME, GROUP2_NAME);
                pathArr2[i] = new Path(pathArr[i], "parent" + i);
                create(OpType.MKDIRS, pathArr2[i]);
                this.fs.setOwner(pathArr2[i], USER1_NAME, GROUP2_NAME);
                pathArr3[i] = new Path(pathArr2[i], "file" + i);
                pathArr4[i] = new Path(pathArr2[i], "dir" + i);
                sArr[i] = permissionGenerator.next();
                sArr2[i] = permissionGenerator2.next();
                sArr3[i] = permissionGenerator3.next();
                this.fs.setPermission(pathArr[i], new FsPermission(sArr[i]));
                this.fs.setPermission(pathArr2[i], new FsPermission(sArr2[i]));
            }
            testPermissionCheckingPerUser(USER1, sArr, sArr2, sArr3, pathArr2, pathArr3, pathArr4);
            testPermissionCheckingPerUser(USER2, sArr, sArr2, sArr3, pathArr2, pathArr3, pathArr4);
            testPermissionCheckingPerUser(USER3, sArr, sArr2, sArr3, pathArr2, pathArr3, pathArr4);
            testPermissionCheckingPerUser(SUPERUSER, sArr, sArr2, sArr3, pathArr2, pathArr3, pathArr4);
            this.fs.close();
        } catch (Throwable th) {
            this.fs.close();
            throw th;
        }
    }

    private void testPermissionCheckingPerUser(UserGroupInformation userGroupInformation, short[] sArr, short[] sArr2, short[] sArr3, Path[] pathArr, Path[] pathArr2, Path[] pathArr3) throws Exception {
        boolean[] zArr = new boolean[NUM_TEST_PERMISSIONS];
        login(SUPERUSER);
        for (int i = 0; i < NUM_TEST_PERMISSIONS; i++) {
            create(OpType.CREATE, pathArr2[i]);
            create(OpType.MKDIRS, pathArr3[i]);
            this.fs.setOwner(pathArr2[i], USER1_NAME, GROUP2_NAME);
            this.fs.setOwner(pathArr3[i], USER1_NAME, GROUP2_NAME);
            checkOwnership(pathArr3[i], USER1_NAME, GROUP2_NAME);
            checkOwnership(pathArr2[i], USER1_NAME, GROUP2_NAME);
            FsPermission fsPermission = new FsPermission(sArr3[i]);
            this.fs.setPermission(pathArr2[i], fsPermission);
            this.fs.setPermission(pathArr3[i], fsPermission);
            zArr[i] = this.fs.listStatus(pathArr3[i]).length == 0;
        }
        login(userGroupInformation);
        int i2 = 0;
        while (i2 < NUM_TEST_PERMISSIONS) {
            testCreateMkdirs(userGroupInformation, new Path(pathArr[i2], FILE_DIR_NAME), sArr[i2], sArr2[i2]);
            testOpen(userGroupInformation, pathArr2[i2], sArr[i2], sArr2[i2], sArr3[i2]);
            testSetReplication(userGroupInformation, pathArr2[i2], sArr[i2], sArr2[i2], sArr3[i2]);
            testSetTimes(userGroupInformation, pathArr2[i2], sArr[i2], sArr2[i2], sArr3[i2]);
            testStats(userGroupInformation, pathArr2[i2], sArr[i2], sArr2[i2]);
            testList(userGroupInformation, pathArr2[i2], pathArr3[i2], sArr[i2], sArr2[i2], sArr3[i2]);
            int i3 = i2 == NUM_TEST_PERMISSIONS - 1 ? 0 : i2 + 1;
            testRename(userGroupInformation, pathArr2[i2], pathArr2[i3], sArr[i2], sArr2[i2], sArr[i3], sArr2[i3]);
            testDeleteFile(userGroupInformation, pathArr2[i2], sArr[i2], sArr2[i2]);
            testDeleteDir(userGroupInformation, pathArr3[i2], sArr[i2], sArr2[i2], sArr3[i2], null, zArr[i2]);
            i2++;
        }
        checkNonExistentFile();
    }

    private void testCreateMkdirs(UserGroupInformation userGroupInformation, Path path, short s, short s2) throws Exception {
        this.createVerifier.set(path, OpType.MKDIRS, s, s2);
        this.createVerifier.verifyPermission(userGroupInformation);
        this.createVerifier.setOpType(OpType.CREATE);
        this.createVerifier.setCleanup(false);
        this.createVerifier.verifyPermission(userGroupInformation);
        this.createVerifier.setCleanup(true);
        this.createVerifier.verifyPermission(userGroupInformation);
    }

    private void testOpen(UserGroupInformation userGroupInformation, Path path, short s, short s2, short s3) throws Exception {
        this.openVerifier.set(path, s, s2, s3);
        this.openVerifier.verifyPermission(userGroupInformation);
    }

    private void testSetReplication(UserGroupInformation userGroupInformation, Path path, short s, short s2, short s3) throws Exception {
        this.replicatorVerifier.set(path, s, s2, s3);
        this.replicatorVerifier.verifyPermission(userGroupInformation);
    }

    private void testSetTimes(UserGroupInformation userGroupInformation, Path path, short s, short s2, short s3) throws Exception {
        this.timesVerifier.set(path, s, s2, s3);
        this.timesVerifier.verifyPermission(userGroupInformation);
    }

    private void testStats(UserGroupInformation userGroupInformation, Path path, short s, short s2) throws Exception {
        this.statsVerifier.set(path, OpType.GET_FILEINFO, s, s2);
        this.statsVerifier.verifyPermission(userGroupInformation);
        this.statsVerifier.setOpType(OpType.IS_DIR);
        this.statsVerifier.verifyPermission(userGroupInformation);
        this.statsVerifier.setOpType(OpType.EXISTS);
        this.statsVerifier.verifyPermission(userGroupInformation);
        this.statsVerifier.setOpType(OpType.GET_CONTENT_LENGTH);
        this.statsVerifier.verifyPermission(userGroupInformation);
    }

    private void testList(UserGroupInformation userGroupInformation, Path path, Path path2, short s, short s2, short s3) throws Exception {
        this.listVerifier.set(path, InodeType.FILE, s, s2, s3);
        this.listVerifier.verifyPermission(userGroupInformation);
        this.listVerifier.setInodeType(path2, InodeType.DIR);
        this.listVerifier.verifyPermission(userGroupInformation);
    }

    private void testRename(UserGroupInformation userGroupInformation, Path path, Path path2, short s, short s2, short s3, short s4) throws Exception {
        this.renameVerifier.set(path, s, s2, path2, s3, s4);
        this.renameVerifier.verifyPermission(userGroupInformation);
    }

    private void testDeleteFile(UserGroupInformation userGroupInformation, Path path, short s, short s2) throws Exception {
        this.fileDeletionVerifier.set(path, s, s2);
        this.fileDeletionVerifier.verifyPermission(userGroupInformation);
    }

    private void testDeleteDir(UserGroupInformation userGroupInformation, Path path, short s, short s2, short s3, short[] sArr, boolean z) throws Exception {
        DeleteDirPermissionVerifier deleteDirPermissionVerifier = z ? this.emptyDirDeletionVerifier : this.dirDeletionVerifier;
        deleteDirPermissionVerifier.set(path, s, s2, s3, sArr);
        deleteDirPermissionVerifier.verifyPermission(userGroupInformation);
    }

    private void login(UserGroupInformation userGroupInformation) throws IOException, InterruptedException {
        if (this.fs != null) {
            this.fs.close();
        }
        this.fs = DFSTestUtil.getFileSystemAs(userGroupInformation, conf);
    }

    private void checkNonExistentFile() {
        try {
            Assert.assertFalse(this.fs.exists(NON_EXISTENT_FILE));
        } catch (IOException e) {
            checkNoPermissionDeny(e);
        }
        try {
            this.fs.open(NON_EXISTENT_FILE);
        } catch (IOException e2) {
            checkNoPermissionDeny(e2);
        }
        try {
            this.fs.setReplication(NON_EXISTENT_FILE, (short) 4);
        } catch (IOException e3) {
            checkNoPermissionDeny(e3);
        }
        try {
            this.fs.getFileStatus(NON_EXISTENT_FILE);
        } catch (IOException e4) {
            checkNoPermissionDeny(e4);
        }
        try {
            this.fs.getContentSummary(NON_EXISTENT_FILE).getLength();
        } catch (IOException e5) {
            checkNoPermissionDeny(e5);
        }
        try {
            this.fs.listStatus(NON_EXISTENT_FILE);
        } catch (IOException e6) {
            checkNoPermissionDeny(e6);
        }
        try {
            this.fs.delete(NON_EXISTENT_FILE, true);
        } catch (IOException e7) {
            checkNoPermissionDeny(e7);
        }
        try {
            this.fs.rename(NON_EXISTENT_FILE, new Path(NON_EXISTENT_FILE + ".txt"));
        } catch (IOException e8) {
            checkNoPermissionDeny(e8);
        }
    }

    private void checkNoPermissionDeny(IOException iOException) {
        Assert.assertFalse(iOException instanceof AccessControlException);
    }

    static {
        try {
            long now = Time.now();
            r = new Random(now);
            LOG.info("Random number generator uses seed " + now);
            LOG.info("NUM_TEST_PERMISSIONS=" + NUM_TEST_PERMISSIONS);
            conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true);
            HashMap hashMap = new HashMap(3);
            hashMap.put(USER1_NAME, new String[]{GROUP1_NAME, GROUP2_NAME});
            hashMap.put(USER2_NAME, new String[]{GROUP2_NAME, GROUP3_NAME});
            hashMap.put(USER3_NAME, new String[]{GROUP3_NAME, GROUP4_NAME});
            DFSTestUtil.updateConfWithFakeGroupMapping(conf, hashMap);
            SUPERUSER = UserGroupInformation.getCurrentUser();
            USER1 = UserGroupInformation.createUserForTesting(USER1_NAME, new String[]{GROUP1_NAME, GROUP2_NAME});
            USER2 = UserGroupInformation.createUserForTesting(USER2_NAME, new String[]{GROUP2_NAME, GROUP3_NAME});
            USER3 = UserGroupInformation.createUserForTesting(USER3_NAME, new String[]{GROUP3_NAME, GROUP4_NAME});
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
