package org.apache.hadoop.hdfs.server.namenode;

import java.io.File;
import org.apache.hadoop.fs.FileSystemTestHelper;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.HdfsConstants;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-hdfs-2.7.4-tests.jar:org/apache/hadoop/hdfs/server/namenode/TestNestedEncryptionZones.class */
public class TestNestedEncryptionZones {
    private File testRootDir;
    private MiniDFSCluster cluster;
    protected DistributedFileSystem fs;
    private final String TOP_EZ_KEY = "topezkey";
    private final String NESTED_EZ_KEY = "nestedezkey";
    private final Path rootDir = new Path("/");
    private final Path rawDir = new Path("/.reserved/raw/");
    private final Path topEZDir = new Path(this.rootDir, "topEZ");
    private final Path nestedEZDir = new Path(this.topEZDir, "nestedEZ");
    private final Path topEZBaseFile = new Path(this.rootDir, "topEZBaseFile");
    private Path topEZFile = new Path(this.topEZDir, "file");
    private Path topEZRawFile = new Path(this.rawDir, "topEZ/file");
    private final Path nestedEZBaseFile = new Path(this.rootDir, "nestedEZBaseFile");
    private Path nestedEZFile = new Path(this.nestedEZDir, "file");
    private Path nestedEZRawFile = new Path(this.rawDir, "topEZ/nestedEZ/file");
    private final int len = 8196;

    private String getKeyProviderURI() {
        return "jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri();
    }

    private void setProvider() {
        this.fs.getClient().setKeyProvider(this.cluster.getNameNode().getNamesystem().getProvider());
    }

    @Before
    public void setup() throws Exception {
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
        this.testRootDir = new File(new FileSystemTestHelper().getTestRootDir()).getAbsoluteFile();
        hdfsConfiguration.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, getKeyProviderURI());
        hdfsConfiguration.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
        hdfsConfiguration.setInt(DFSConfigKeys.DFS_NAMENODE_LIST_ENCRYPTION_ZONES_NUM_RESPONSES, 2);
        this.cluster = new MiniDFSCluster.Builder(hdfsConfiguration).numDataNodes(1).build();
        Logger.getLogger(EncryptionZoneManager.class).setLevel(Level.TRACE);
        this.fs = this.cluster.getFileSystem();
        setProvider();
        DFSTestUtil.createKey("topezkey", this.cluster, hdfsConfiguration);
        DFSTestUtil.createKey("nestedezkey", this.cluster, hdfsConfiguration);
        this.fs.mkdir(this.topEZDir, FsPermission.getDirDefault());
        this.fs.createEncryptionZone(this.topEZDir, "topezkey");
        this.fs.mkdir(this.nestedEZDir, FsPermission.getDirDefault());
        this.cluster.getNamesystem().getFSDirectory().ezManager.setAllowNestedEZ();
        this.fs.createEncryptionZone(this.nestedEZDir, "nestedezkey");
        this.cluster.getNamesystem().getFSDirectory().ezManager.setDisallowNestedEZ();
        DFSTestUtil.createFile(this.fs, this.topEZBaseFile, 8196L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, this.topEZFile, 8196L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, this.nestedEZBaseFile, 8196L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, this.nestedEZFile, 8196L, (short) 1, 65261L);
    }

    @Test(timeout = 60000)
    public void testNestedEncryptionZones() throws Exception {
        verifyEncryption();
        this.cluster.restartNameNodes();
        this.cluster.waitActive();
        verifyEncryption();
        this.fs.setSafeMode(HdfsConstants.SafeModeAction.SAFEMODE_ENTER);
        this.fs.saveNamespace();
        this.fs.setSafeMode(HdfsConstants.SafeModeAction.SAFEMODE_LEAVE);
        this.cluster.restartNameNodes();
        this.cluster.waitActive();
        verifyEncryption();
        Path path = new Path(this.topEZDir, "renamedFile");
        Path path2 = new Path(this.nestedEZDir, "renamedFile");
        try {
            this.fs.rename(this.topEZFile, path);
            this.fs.rename(this.nestedEZFile, path2);
        } catch (Exception e) {
            Assert.fail("Should be able to rename files within the same EZ.");
        }
        this.topEZFile = path;
        this.nestedEZFile = path2;
        this.topEZRawFile = new Path(this.rawDir, "topEZ/renamedFile");
        this.nestedEZRawFile = new Path(this.rawDir, "topEZ/nestedEZ/renamedFile");
        verifyEncryption();
        try {
            this.fs.rename(this.topEZFile, new Path(this.nestedEZDir, "movedTopEZFile"));
            Assert.fail("Shouldn't be able to rename between top EZ and nested EZ.");
        } catch (Exception e2) {
            Assert.assertTrue(e2.getMessage().contains("can't be moved from encryption zone " + this.topEZDir.toString() + " to encryption zone " + this.nestedEZDir.toString()));
        }
        try {
            this.fs.rename(this.nestedEZFile, new Path(this.topEZDir, "movedNestedEZFile"));
            Assert.fail("Shouldn't be able to rename between top EZ and nested EZ.");
        } catch (Exception e3) {
            Assert.assertTrue(e3.getMessage().contains("can't be moved from encryption zone " + this.nestedEZDir.toString() + " to encryption zone " + this.topEZDir.toString()));
        }
        try {
            this.fs.rename(this.nestedEZFile, new Path(this.rootDir, "movedNestedEZFile"));
            Assert.fail("Shouldn't be able to move the nested EZ out of the top EZ.");
        } catch (Exception e4) {
            Assert.assertTrue(e4.getMessage().contains("can't be moved from an encryption zone"));
        }
        Path path3 = new Path(this.rootDir, "topEZ2");
        this.fs.mkdir(path3, FsPermission.getDirDefault());
        this.fs.createEncryptionZone(path3, "topezkey");
        try {
            this.fs.rename(path3, new Path(this.topEZDir, "topEZ2"));
            Assert.fail("Shouldn't be able to move a non-nested EZ into another existing EZ.");
        } catch (Exception e5) {
            Assert.assertTrue(e5.getMessage().contains("can't be moved from encryption zone " + path3.toString() + " to encryption zone"));
        }
        try {
            this.fs.rename(this.topEZDir, new Path(this.rootDir, "newTopEZDir"));
        } catch (Exception e6) {
            Assert.fail("Should be able to rename the root dir of an EZ.");
        }
        try {
            this.fs.rename(new Path(this.rootDir, "newTopEZDir/nestedEZDir"), new Path(this.rootDir, "newTopEZDir/newNestedEZDir"));
        } catch (Exception e7) {
            Assert.fail("Should be able to rename the nested EZ dir within the same top EZ.");
        }
    }

    private void verifyEncryption() throws Exception {
        Assert.assertEquals("Top EZ dir is encrypted", (Object) true, (Object) Boolean.valueOf(this.fs.getFileStatus(this.topEZDir).isEncrypted()));
        Assert.assertEquals("Nested EZ dir is encrypted", (Object) true, (Object) Boolean.valueOf(this.fs.getFileStatus(this.nestedEZDir).isEncrypted()));
        Assert.assertEquals("Top zone file is encrypted", (Object) true, (Object) Boolean.valueOf(this.fs.getFileStatus(this.topEZFile).isEncrypted()));
        Assert.assertEquals("Nested zone file is encrypted", (Object) true, (Object) Boolean.valueOf(this.fs.getFileStatus(this.nestedEZFile).isEncrypted()));
        DFSTestUtil.verifyFilesEqual(this.fs, this.topEZBaseFile, this.topEZFile, 8196);
        DFSTestUtil.verifyFilesEqual(this.fs, this.nestedEZBaseFile, this.nestedEZFile, 8196);
        DFSTestUtil.verifyFilesNotEqual(this.fs, this.topEZRawFile, this.nestedEZRawFile, 8196);
    }
}
