package org.apache.hadoop.ozone.om.helpers;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.BitSet;
import java.util.List;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.OzoneAcl;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.OzoneAclConfig;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.class */
public class TestOzoneAclUtil {
    private static final List<OzoneAcl> DEFAULT_ACLS = getDefaultAcls(new OzoneConfiguration());
    private static final OzoneAcl USER1 = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "user1", IAccessAuthorizer.ACLType.READ_ACL, OzoneAcl.AclScope.ACCESS);
    private static final OzoneAcl USER2 = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "user2", IAccessAuthorizer.ACLType.WRITE, OzoneAcl.AclScope.ACCESS);
    private static final OzoneAcl GROUP1 = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.GROUP, "group1", IAccessAuthorizer.ACLType.ALL, OzoneAcl.AclScope.ACCESS);

    @Test
    public void testAddAcl() throws IOException {
        List<OzoneAcl> defaultAcls = getDefaultAcls(new OzoneConfiguration());
        Assert.assertTrue(defaultAcls.size() > 0);
        OzoneAcl ozoneAcl = defaultAcls.get(0);
        OzoneAcl ozoneAcl2 = new OzoneAcl(ozoneAcl.getType(), ozoneAcl.getName(), IAccessAuthorizer.ACLType.READ_ACL, OzoneAcl.AclScope.ACCESS);
        addAndVerifyAcl(defaultAcls, ozoneAcl2, true, DEFAULT_ACLS.size());
        addAndVerifyAcl(defaultAcls, ozoneAcl2, false, DEFAULT_ACLS.size());
        addAndVerifyAcl(defaultAcls, USER1, true, DEFAULT_ACLS.size() + 1);
        addAndVerifyAcl(defaultAcls, USER1, false, DEFAULT_ACLS.size() + 1);
        addAndVerifyAcl(defaultAcls, GROUP1, true, DEFAULT_ACLS.size() + 2);
        addAndVerifyAcl(defaultAcls, GROUP1, false, DEFAULT_ACLS.size() + 2);
    }

    @Test
    public void testRemoveAcl() {
        removeAndVerifyAcl(null, USER1, false, 0);
        addAndVerifyAcl(null, USER1, false, 0);
        removeAndVerifyAcl(null, USER1, false, 0);
        List<OzoneAcl> defaultAcls = getDefaultAcls(new OzoneConfiguration());
        Assert.assertTrue(defaultAcls.size() > 0);
        OzoneAcl ozoneAcl = defaultAcls.get(0);
        OzoneAcl ozoneAcl2 = new OzoneAcl(ozoneAcl.getType(), ozoneAcl.getName(), IAccessAuthorizer.ACLType.READ_ACL, OzoneAcl.AclScope.ACCESS);
        removeAndVerifyAcl(defaultAcls, USER1, false, DEFAULT_ACLS.size());
        removeAndVerifyAcl(defaultAcls, ozoneAcl2, false, DEFAULT_ACLS.size());
        addAndVerifyAcl(defaultAcls, ozoneAcl2, true, DEFAULT_ACLS.size());
        removeAndVerifyAcl(defaultAcls, ozoneAcl2, true, DEFAULT_ACLS.size());
        removeAndVerifyAcl(defaultAcls, ozoneAcl, true, DEFAULT_ACLS.size() - 1);
    }

    private void addAndVerifyAcl(List<OzoneAcl> list, OzoneAcl ozoneAcl, boolean z, int i) {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(OzoneAclUtil.addAcl(list, ozoneAcl)));
        if (list != null) {
            Assert.assertTrue("addedAcl: " + ozoneAcl + " should exist in the current acls: " + list, verifyAclAdded(list, ozoneAcl));
            Assert.assertEquals(i, list.size());
        }
    }

    private void removeAndVerifyAcl(List<OzoneAcl> list, OzoneAcl ozoneAcl, boolean z, int i) {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(OzoneAclUtil.removeAcl(list, ozoneAcl)));
        if (list != null) {
            Assert.assertTrue("removedAcl: " + ozoneAcl + " should not exist in the current acls: " + list, verifyAclRemoved(list, ozoneAcl));
            Assert.assertEquals(i, list.size());
        }
    }

    private boolean verifyAclRemoved(List<OzoneAcl> list, OzoneAcl ozoneAcl) {
        for (OzoneAcl ozoneAcl2 : list) {
            if (ozoneAcl2.getName().equals(ozoneAcl.getName()) && ozoneAcl2.getType().equals(ozoneAcl.getType()) && ozoneAcl2.getAclScope().equals(ozoneAcl.getAclScope())) {
                BitSet bitSet = (BitSet) ozoneAcl2.getAclBitSet().clone();
                bitSet.and(ozoneAcl.getAclBitSet());
                return !bitSet.equals(ozoneAcl.getAclBitSet());
            }
        }
        return true;
    }

    private boolean verifyAclAdded(List<OzoneAcl> list, OzoneAcl ozoneAcl) {
        for (OzoneAcl ozoneAcl2 : list) {
            if (ozoneAcl2.getName().equals(ozoneAcl.getName()) && ozoneAcl2.getType().equals(ozoneAcl.getType()) && ozoneAcl2.getAclScope().equals(ozoneAcl.getAclScope())) {
                BitSet bitSet = (BitSet) ozoneAcl2.getAclBitSet().clone();
                bitSet.and(ozoneAcl.getAclBitSet());
                return bitSet.equals(ozoneAcl.getAclBitSet());
            }
        }
        return false;
    }

    private static List<OzoneAcl> getDefaultAcls(OzoneConfiguration ozoneConfiguration) {
        UserGroupInformation createRemoteUser;
        ArrayList arrayList = new ArrayList();
        try {
            createRemoteUser = UserGroupInformation.getCurrentUser();
        } catch (IOException e) {
            createRemoteUser = UserGroupInformation.createRemoteUser("user0");
        }
        OzoneAclConfig ozoneAclConfig = (OzoneAclConfig) ozoneConfiguration.getObject(OzoneAclConfig.class);
        IAccessAuthorizer.ACLType userDefaultRights = ozoneAclConfig.getUserDefaultRights();
        IAccessAuthorizer.ACLType groupDefaultRights = ozoneAclConfig.getGroupDefaultRights();
        OzoneAclUtil.addAcl(arrayList, new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, createRemoteUser.getUserName(), userDefaultRights, OzoneAcl.AclScope.ACCESS));
        Arrays.asList(createRemoteUser.getGroupNames()).stream().forEach(str -> {
            OzoneAclUtil.addAcl(arrayList, new OzoneAcl(IAccessAuthorizer.ACLIdentityType.GROUP, str, groupDefaultRights, OzoneAcl.AclScope.ACCESS));
        });
        return arrayList;
    }
}
