package org.apache.hadoop.fs.azurebfs;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.azurebfs.oauth2.IdentityTransformer;
import org.apache.hadoop.fs.azurebfs.utils.AclTestHelpers;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryScope;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/fs/azurebfs/ITestAbfsIdentityTransformer.class */
public class ITestAbfsIdentityTransformer extends AbstractAbfsScaleTest {
    private final UserGroupInformation userGroupInfo = UserGroupInformation.getCurrentUser();
    private final String localUser = this.userGroupInfo.getShortUserName();
    private final String localGroup = this.userGroupInfo.getPrimaryGroupName();
    private static final String DAEMON = "daemon";
    private static final String ASTERISK = "*";
    private static final String SHORT_NAME = "abc";
    private static final String DOMAIN = "domain.com";
    private static final String FULLY_QUALIFIED_NAME = "abc@domain.com";
    private static final String SERVICE_PRINCIPAL_ID = UUID.randomUUID().toString();

    @Test
    public void testDaemonServiceSettingIdentity() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        assertEquals("Identity should not change for default config", DAEMON, getTransformerWithDefaultIdentityConfig(rawConfiguration).transformUserOrGroupForSetRequest(DAEMON));
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", SERVICE_PRINCIPAL_ID);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", "a,b,c,d");
        assertEquals("Identity should not change when substitution list doesn't contain daemon", DAEMON, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformUserOrGroupForSetRequest(DAEMON));
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", "daemon,a,b,c,d");
        assertEquals("Identity should be replaced to servicePrincipalId", SERVICE_PRINCIPAL_ID, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformUserOrGroupForSetRequest(DAEMON));
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", ASTERISK);
        assertEquals("Identity should be replaced to servicePrincipalId", SERVICE_PRINCIPAL_ID, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformUserOrGroupForSetRequest(DAEMON));
    }

    @Test
    public void testFullyQualifiedNameSettingIdentity() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        assertEquals("short name should not be converted to full name by default", SHORT_NAME, getTransformerWithDefaultIdentityConfig(rawConfiguration).transformUserOrGroupForSetRequest(SHORT_NAME));
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.setBoolean("fs.azure.identity.transformer.enable.short.name", true);
        rawConfiguration.set("fs.azure.identity.transformer.domain.name", DOMAIN);
        assertEquals("short name should be converted to full name", FULLY_QUALIFIED_NAME, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformUserOrGroupForSetRequest(SHORT_NAME));
    }

    @Test
    public void testNoOpForSettingOidAsIdentity() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.setBoolean("fs.azure.identity.transformer.enable.short.name", true);
        rawConfiguration.set("fs.azure.identity.transformer.domain.name", DOMAIN);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", UUID.randomUUID().toString());
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", "a,b,c,d");
        IdentityTransformer transformerWithCustomizedIdentityConfig = getTransformerWithCustomizedIdentityConfig(rawConfiguration);
        String uuid = UUID.randomUUID().toString();
        assertEquals("Identity should not be changed when owner is already a principal id ", uuid, transformerWithCustomizedIdentityConfig.transformUserOrGroupForSetRequest(uuid));
    }

    @Test
    public void testNoOpWhenSettingSuperUserAsdentity() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.setBoolean("fs.azure.identity.transformer.enable.short.name", true);
        rawConfiguration.set("fs.azure.identity.transformer.domain.name", DOMAIN);
        assertEquals("Identity should not be changed because it is not in substitution list", "$superuser", getTransformerWithDefaultIdentityConfig(rawConfiguration).transformUserOrGroupForSetRequest("$superuser"));
    }

    @Test
    public void testIdentityReplacementForSuperUserGetRequest() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        assertEquals("$superuser should be replaced with local user by default", this.localUser, getTransformerWithDefaultIdentityConfig(rawConfiguration).transformIdentityForGetRequest("$superuser", true, this.localUser));
        rawConfiguration.setBoolean("fs.azure.identity.transformer.skip.superuser.replacement", true);
        assertEquals("$superuser should not be replaced", "$superuser", getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformIdentityForGetRequest("$superuser", true, this.localUser));
    }

    @Test
    public void testIdentityReplacementForDaemonServiceGetRequest() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        assertEquals("By default servicePrincipalId should not be converted for GetFileStatus(), listFileStatus(), getAcl()", SERVICE_PRINCIPAL_ID, getTransformerWithDefaultIdentityConfig(rawConfiguration).transformIdentityForGetRequest(SERVICE_PRINCIPAL_ID, true, this.localUser));
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", "a,b,c,d");
        assertEquals("servicePrincipalId should not be replaced if local daemon user is not in substitution list", SERVICE_PRINCIPAL_ID, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformIdentityForGetRequest(SERVICE_PRINCIPAL_ID, true, this.localUser));
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", this.localUser + ",a,b,c,d");
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", UUID.randomUUID().toString());
        assertEquals("servicePrincipalId should not be replaced if it is not equal to the SPN set in config", SERVICE_PRINCIPAL_ID, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformIdentityForGetRequest(SERVICE_PRINCIPAL_ID, true, this.localUser));
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", this.localUser + ",a,b,c,d");
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", SERVICE_PRINCIPAL_ID);
        assertEquals("servicePrincipalId should be transformed to local use", this.localUser, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformIdentityForGetRequest(SERVICE_PRINCIPAL_ID, true, this.localUser));
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", ASTERISK);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", UUID.randomUUID().toString());
        assertEquals("servicePrincipalId should not be replaced if it is not equal to the SPN set in config", SERVICE_PRINCIPAL_ID, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformIdentityForGetRequest(SERVICE_PRINCIPAL_ID, true, this.localUser));
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", ASTERISK);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", SERVICE_PRINCIPAL_ID);
        assertEquals("servicePrincipalId should be transformed to local user", this.localUser, getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformIdentityForGetRequest(SERVICE_PRINCIPAL_ID, true, this.localUser));
    }

    @Test
    public void testIdentityReplacementForKinitUserGetRequest() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        assertEquals("full name should not be transformed if shortname is not enabled", FULLY_QUALIFIED_NAME, getTransformerWithDefaultIdentityConfig(rawConfiguration).transformIdentityForGetRequest(FULLY_QUALIFIED_NAME, true, this.localUser));
        rawConfiguration.setBoolean("fs.azure.identity.transformer.enable.short.name", true);
        IdentityTransformer transformerWithCustomizedIdentityConfig = getTransformerWithCustomizedIdentityConfig(rawConfiguration);
        assertEquals("should convert the full owner name to shortname ", SHORT_NAME, transformerWithCustomizedIdentityConfig.transformIdentityForGetRequest(FULLY_QUALIFIED_NAME, true, this.localUser));
        assertEquals("group name should not be converted to shortname ", FULLY_QUALIFIED_NAME, transformerWithCustomizedIdentityConfig.transformIdentityForGetRequest(FULLY_QUALIFIED_NAME, false, this.localGroup));
    }

    @Test
    public void transformAclEntriesForSetRequest() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        ArrayList newArrayList = Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, DAEMON, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FULLY_QUALIFIED_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "$superuser", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, SERVICE_PRINCIPAL_ID, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, DAEMON, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL)});
        ArrayList newArrayList2 = Lists.newArrayList(newArrayList);
        getTransformerWithDefaultIdentityConfig(rawConfiguration).transformAclEntriesForSetRequest(newArrayList2);
        checkAclEntriesList(newArrayList, newArrayList2);
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", "daemon,a,b,c,d");
        rawConfiguration.setBoolean("fs.azure.identity.transformer.enable.short.name", true);
        rawConfiguration.set("fs.azure.identity.transformer.domain.name", DOMAIN);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", SERVICE_PRINCIPAL_ID);
        getTransformerWithCustomizedIdentityConfig(rawConfiguration).transformAclEntriesForSetRequest(newArrayList2);
        checkAclEntriesList(newArrayList2, Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, SERVICE_PRINCIPAL_ID, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FULLY_QUALIFIED_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "$superuser", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, SERVICE_PRINCIPAL_ID, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, FULLY_QUALIFIED_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, SERVICE_PRINCIPAL_ID, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL)}));
    }

    @Test
    public void transformAclEntriesForGetRequest() throws IOException {
        Configuration rawConfiguration = getRawConfiguration();
        resetIdentityConfig(rawConfiguration);
        ArrayList newArrayList = Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, FULLY_QUALIFIED_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, "$superuser", FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, SERVICE_PRINCIPAL_ID, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL)});
        ArrayList newArrayList2 = Lists.newArrayList(newArrayList);
        getTransformerWithDefaultIdentityConfig(rawConfiguration).transformAclEntriesForGetRequest(newArrayList2, this.localUser, this.localGroup);
        checkAclEntriesList(newArrayList, newArrayList2);
        resetIdentityConfig(rawConfiguration);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.substitution.list", this.localUser + ",a,b,c,d");
        rawConfiguration.setBoolean("fs.azure.identity.transformer.enable.short.name", true);
        rawConfiguration.set("fs.azure.identity.transformer.domain.name", DOMAIN);
        rawConfiguration.set("fs.azure.identity.transformer.service.principal.id", SERVICE_PRINCIPAL_ID);
        IdentityTransformer transformerWithCustomizedIdentityConfig = getTransformerWithCustomizedIdentityConfig(rawConfiguration);
        ArrayList newArrayList3 = Lists.newArrayList(newArrayList);
        transformerWithCustomizedIdentityConfig.transformAclEntriesForGetRequest(newArrayList3, this.localUser, this.localGroup);
        checkAclEntriesList(newArrayList3, Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, this.localUser, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, this.localUser, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.USER, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.GROUP, SHORT_NAME, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.OTHER, FsAction.ALL), AclTestHelpers.aclEntry(AclEntryScope.DEFAULT, AclEntryType.MASK, FsAction.ALL)}));
    }

    private void resetIdentityConfig(Configuration configuration) {
        configuration.unset("fs.azure.identity.transformer.enable.short.name");
        configuration.unset("fs.azure.identity.transformer.domain.name");
        configuration.unset("fs.azure.identity.transformer.service.principal.id");
        configuration.unset("fs.azure.identity.transformer.service.principal.substitution.list");
        configuration.unset("fs.azure.identity.transformer.skip.superuser.replacement");
    }

    private IdentityTransformer getTransformerWithDefaultIdentityConfig(Configuration configuration) throws IOException {
        resetIdentityConfig(configuration);
        return new IdentityTransformer(configuration);
    }

    private IdentityTransformer getTransformerWithCustomizedIdentityConfig(Configuration configuration) throws IOException {
        return new IdentityTransformer(configuration);
    }

    private void checkAclEntriesList(List<AclEntry> list, List<AclEntry> list2) {
        assertTrue("list size not equals", list.size() == list2.size());
        for (int i = 0; i < list.size(); i++) {
            assertEquals("Identity doesn't match", list2.get(i).getName(), list.get(i).getName());
        }
    }
}
