package org.apache.hadoop.hdfs.server.namenode;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.regex.Pattern;
import org.apache.commons.logging.impl.Log4JLogger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.web.HftpFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.PathUtils;
import org.apache.log4j.Appender;
import org.apache.log4j.AsyncAppender;
import org.apache.log4j.Level;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.apache.log4j.PatternLayout;
import org.apache.log4j.RollingFileAppender;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.class */
public class TestAuditLogs {
    final boolean useAsyncLog;
    static final String username = "bob";
    static final String fileName = "/srcdat";
    DFSTestUtil util;
    MiniDFSCluster cluster;
    FileSystem fs;
    String[] fnames;
    Configuration conf;
    UserGroupInformation userGroupInfo;
    static final String auditLogFile = PathUtils.getTestDirName(TestAuditLogs.class) + "/TestAuditLogs-audit.log";
    static final Pattern auditPattern = Pattern.compile("allowed=.*?\\sugi=.*?\\sip=/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\scmd=.*?\\ssrc=.*?\\sdst=null\\sperm=.*?");
    static final Pattern successPattern = Pattern.compile(".*allowed=true.*");
    static final Pattern webOpenPattern = Pattern.compile(".*cmd=open.*proto=webhdfs.*");
    static final String[] groups = {"group1"};

    @Parameterized.Parameters
    public static Collection<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Object[]{new Boolean(false)});
        arrayList.add(new Object[]{new Boolean(true)});
        return arrayList;
    }

    public TestAuditLogs(boolean z) {
        this.useAsyncLog = z;
    }

    @Before
    public void setupCluster() throws Exception {
        configureAuditLogs();
        this.conf = new HdfsConfiguration();
        this.conf.setLong(DFSConfigKeys.DFS_NAMENODE_ACCESSTIME_PRECISION_KEY, 1L);
        this.conf.setLong(DFSConfigKeys.DFS_BLOCKREPORT_INTERVAL_MSEC_KEY, 10000L);
        this.conf.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
        this.conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_AUDIT_LOG_ASYNC_KEY, this.useAsyncLog);
        this.util = new DFSTestUtil.Builder().setName("TestAuditAllowed").setNumFiles(20).build();
        this.cluster = new MiniDFSCluster.Builder(this.conf).numDataNodes(4).build();
        this.fs = this.cluster.getFileSystem();
        this.util.createFiles(this.fs, fileName);
        ArrayList list = Collections.list(((Log4JLogger) FSNamesystem.auditLog).getLogger().getAllAppenders());
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals(Boolean.valueOf(this.useAsyncLog), Boolean.valueOf(list.get(0) instanceof AsyncAppender));
        this.fnames = this.util.getFileNames(fileName);
        this.util.waitReplication(this.fs, fileName, (short) 3);
        this.userGroupInfo = UserGroupInformation.createUserForTesting(username, groups);
    }

    @After
    public void teardownCluster() throws Exception {
        this.util.cleanup(this.fs, fileName);
        this.fs.close();
        this.cluster.shutdown();
    }

    @Test
    public void testAuditAllowed() throws Exception {
        Path path = new Path(this.fnames[0]);
        FileSystem fileSystemAs = DFSTestUtil.getFileSystemAs(this.userGroupInfo, this.conf);
        setupAuditLogs();
        FSDataInputStream open = fileSystemAs.open(path);
        int read = open.read();
        open.close();
        verifyAuditLogs(true);
        Assert.assertTrue("failed to read from file", read >= 0);
    }

    @Test
    public void testAuditAllowedStat() throws Exception {
        Path path = new Path(this.fnames[0]);
        FileSystem fileSystemAs = DFSTestUtil.getFileSystemAs(this.userGroupInfo, this.conf);
        setupAuditLogs();
        FileStatus fileStatus = fileSystemAs.getFileStatus(path);
        verifyAuditLogs(true);
        Assert.assertTrue("failed to stat file", fileStatus != null && fileStatus.isFile());
    }

    @Test
    public void testAuditDenied() throws Exception {
        Path path = new Path(this.fnames[0]);
        FileSystem fileSystemAs = DFSTestUtil.getFileSystemAs(this.userGroupInfo, this.conf);
        this.fs.setPermission(path, new FsPermission((short) 384));
        this.fs.setOwner(path, "root", null);
        setupAuditLogs();
        try {
            fileSystemAs.open(path);
            Assert.fail("open must not succeed");
        } catch (AccessControlException e) {
            System.out.println("got access denied, as expected.");
        }
        verifyAuditLogs(false);
    }

    @Test
    public void testAuditWebHdfs() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 420));
        this.fs.setOwner(path, "root", null);
        setupAuditLogs();
        FSDataInputStream open = WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, WebHdfsFileSystem.SCHEME).open(path);
        int read = open.read();
        open.close();
        verifyAuditLogsRepeat(true, 3);
        Assert.assertTrue("failed to read from file", read >= 0);
    }

    @Test
    public void testAuditWebHdfsStat() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 420));
        this.fs.setOwner(path, "root", null);
        setupAuditLogs();
        FileStatus fileStatus = WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, WebHdfsFileSystem.SCHEME).getFileStatus(path);
        verifyAuditLogs(true);
        Assert.assertTrue("failed to stat file", fileStatus != null && fileStatus.isFile());
    }

    @Test
    public void testAuditHftp() throws Exception {
        Path path = new Path(this.fnames[0]);
        String str = "hftp://" + this.conf.get(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY);
        HftpFileSystem hftpFileSystem = null;
        setupAuditLogs();
        try {
            hftpFileSystem = (HftpFileSystem) new Path(str).getFileSystem(this.conf);
            FSDataInputStream open = hftpFileSystem.open(path);
            open.read();
            open.close();
            verifyAuditLogs(true);
            if (hftpFileSystem != null) {
                hftpFileSystem.close();
            }
        } catch (Throwable th) {
            if (hftpFileSystem != null) {
                hftpFileSystem.close();
            }
            throw th;
        }
    }

    @Test
    public void testAuditWebHdfsDenied() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 384));
        this.fs.setOwner(path, "root", null);
        setupAuditLogs();
        try {
            Assert.fail("open+read must not succeed, got " + WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, WebHdfsFileSystem.SCHEME).open(path).read());
        } catch (AccessControlException e) {
            System.out.println("got access denied, as expected.");
        }
        verifyAuditLogsRepeat(false, 2);
    }

    @Test
    public void testAuditWebHdfsOpen() throws Exception {
        Path path = new Path(this.fnames[0]);
        this.fs.setPermission(path, new FsPermission((short) 420));
        this.fs.setOwner(path, "root", null);
        setupAuditLogs();
        WebHdfsTestUtil.getWebHdfsFileSystemAs(this.userGroupInfo, this.conf, WebHdfsFileSystem.SCHEME).open(path).read();
        verifyAuditLogsCheckPattern(true, 3, webOpenPattern);
    }

    private void setupAuditLogs() throws IOException {
        ((Log4JLogger) FSNamesystem.auditLog).getLogger().setLevel(Level.INFO);
    }

    private void configureAuditLogs() throws IOException {
        LogManager.shutdown();
        File file = new File(auditLogFile);
        if (file.exists()) {
            Assert.assertTrue(file.delete());
        }
        Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger();
        logger.setLevel(Level.OFF);
        logger.addAppender(new RollingFileAppender(new PatternLayout(PatternLayout.DEFAULT_CONVERSION_PATTERN), auditLogFile));
    }

    private void verifyAuditLogs(boolean z) throws IOException {
        verifyAuditLogsRepeat(z, 1);
    }

    private void verifyAuditLogsRepeat(boolean z, int i) throws IOException {
        Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger();
        logger.setLevel(Level.OFF);
        Enumeration allAppenders = logger.getAllAppenders();
        while (allAppenders.hasMoreElements()) {
            ((Appender) allAppenders.nextElement()).close();
        }
        BufferedReader bufferedReader = new BufferedReader(new FileReader(auditLogFile));
        boolean z2 = true;
        for (int i2 = 0; i2 < i; i2++) {
            try {
                String readLine = bufferedReader.readLine();
                Assert.assertNotNull(readLine);
                Assert.assertTrue("Expected audit event not found in audit log", auditPattern.matcher(readLine).matches());
                z2 &= successPattern.matcher(readLine).matches();
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        }
        Assert.assertNull("Unexpected event in audit log", bufferedReader.readLine());
        Assert.assertTrue("Expected success=" + z, z2 == z);
        bufferedReader.close();
    }

    private void verifyAuditLogsCheckPattern(boolean z, int i, Pattern pattern) throws IOException {
        Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger();
        logger.setLevel(Level.OFF);
        Enumeration allAppenders = logger.getAllAppenders();
        while (allAppenders.hasMoreElements()) {
            ((Appender) allAppenders.nextElement()).close();
        }
        BufferedReader bufferedReader = new BufferedReader(new FileReader(auditLogFile));
        boolean z2 = true;
        boolean z3 = false;
        for (int i2 = 0; i2 < i; i2++) {
            try {
                String readLine = bufferedReader.readLine();
                Assert.assertNotNull(readLine);
                z3 |= pattern.matcher(readLine).matches();
                z2 &= successPattern.matcher(readLine).matches();
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        }
        Assert.assertNull("Unexpected event in audit log", bufferedReader.readLine());
        Assert.assertTrue("Expected audit event not found in audit log", z3);
        Assert.assertTrue("Expected success=" + z, z2 == z);
        bufferedReader.close();
    }
}
