package org.apache.hadoop.ozone.security.acl;

import com.google.common.base.Optional;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import org.apache.commons.lang3.RandomUtils;
import org.apache.hadoop.hdds.client.StandaloneReplicationConfig;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.scm.protocol.ScmBlockLocationProtocol;
import org.apache.hadoop.hdds.utils.db.cache.CacheKey;
import org.apache.hadoop.hdds.utils.db.cache.CacheValue;
import org.apache.hadoop.ozone.OzoneAcl;
import org.apache.hadoop.ozone.om.BucketManagerImpl;
import org.apache.hadoop.ozone.om.KeyManagerImpl;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OmMetadataManagerImpl;
import org.apache.hadoop.ozone.om.PrefixManager;
import org.apache.hadoop.ozone.om.PrefixManagerImpl;
import org.apache.hadoop.ozone.om.VolumeManagerImpl;
import org.apache.hadoop.ozone.om.helpers.OmBucketInfo;
import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
import org.apache.hadoop.ozone.om.helpers.OmKeyInfo;
import org.apache.hadoop.ozone.om.helpers.OmVolumeArgs;
import org.apache.hadoop.ozone.om.helpers.OpenKeySession;
import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
import org.apache.hadoop.ozone.om.request.TestOMRequestUtils;
import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
import org.apache.hadoop.ozone.security.acl.RequestContext;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ozone.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/ozone/security/acl/TestParentAcl.class */
public class TestParentAcl {
    private static OzoneConfiguration ozConfig;
    private static KeyManagerImpl keyManager;
    private static VolumeManagerImpl volumeManager;
    private static BucketManagerImpl bucketManager;
    private static PrefixManager prefixManager;
    private static OMMetadataManager metadataManager;
    private static OzoneNativeAuthorizer nativeAuthorizer;
    private static UserGroupInformation adminUgi;
    private static UserGroupInformation testUgi;
    private static UserGroupInformation testUgi1;

    @BeforeClass
    public static void setup() throws IOException {
        ozConfig = new OzoneConfiguration();
        ozConfig.set("ozone.acl.authorizer.class", "org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer");
        ozConfig.set("ozone.metadata.dirs", GenericTestUtils.getRandomizedTestDir().toString());
        ozConfig.set("ozone.administrators", "om");
        metadataManager = new OmMetadataManagerImpl(ozConfig);
        volumeManager = new VolumeManagerImpl(metadataManager, ozConfig);
        bucketManager = new BucketManagerImpl(metadataManager);
        prefixManager = new PrefixManagerImpl(metadataManager, false);
        keyManager = new KeyManagerImpl((ScmBlockLocationProtocol) Mockito.mock(ScmBlockLocationProtocol.class), metadataManager, ozConfig, "om1", (OzoneBlockTokenSecretManager) null);
        nativeAuthorizer = new OzoneNativeAuthorizer(volumeManager, bucketManager, keyManager, prefixManager, Collections.singletonList("om"));
        adminUgi = UserGroupInformation.createUserForTesting("om", new String[]{"ozone"});
        testUgi = UserGroupInformation.createUserForTesting("testuser", new String[]{"test"});
        testUgi1 = UserGroupInformation.createUserForTesting("testuser1", new String[]{"test1"});
    }

    @Test
    public void testKeyAcl() throws IOException {
        int nextInt = RandomUtils.nextInt();
        String str = "vol" + nextInt;
        String str2 = "bucket" + nextInt;
        String str3 = "key" + nextInt;
        createVolume(str);
        createBucket(str, str2);
        OzoneObjInfo createKey = createKey(str, str2, str3);
        List<OzoneAcl> volumeAcls = getVolumeAcls(str);
        List<OzoneAcl> bucketAcls = getBucketAcls(str, str2);
        List<OzoneAcl> bucketAcls2 = getBucketAcls(str, str2);
        testParentChild(createKey, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.WRITE_ACL);
        resetAcl(str, volumeAcls, str2, bucketAcls, str3, bucketAcls2);
        testParentChild(createKey, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.DELETE);
        resetAcl(str, volumeAcls, str2, bucketAcls, str3, bucketAcls2);
        testParentChild(createKey, IAccessAuthorizer.ACLType.READ, IAccessAuthorizer.ACLType.READ_ACL);
        resetAcl(str, volumeAcls, str2, bucketAcls, str3, bucketAcls2);
        testParentChild(createKey, IAccessAuthorizer.ACLType.READ, IAccessAuthorizer.ACLType.LIST);
        resetAcl(str, volumeAcls, str2, bucketAcls, str3, bucketAcls2);
        testParentChild(createKey, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.CREATE);
        resetAcl(str, volumeAcls, str2, bucketAcls, str3, bucketAcls2);
        testParentChild(createKey, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.WRITE);
        resetAcl(str, volumeAcls, str2, bucketAcls, str3, bucketAcls2);
        testParentChild(createKey, IAccessAuthorizer.ACLType.READ, IAccessAuthorizer.ACLType.READ);
        resetAcl(str, volumeAcls, str2, bucketAcls, str3, bucketAcls2);
    }

    @Test
    public void testBucketAcl() throws IOException {
        int nextInt = RandomUtils.nextInt();
        String str = "vol" + nextInt;
        String str2 = "bucket" + nextInt;
        createVolume(str);
        OzoneObjInfo createBucket = createBucket(str, str2);
        List<OzoneAcl> volumeAcls = getVolumeAcls(str);
        List<OzoneAcl> bucketAcls = getBucketAcls(str, str2);
        testParentChild(createBucket, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.WRITE_ACL);
        resetAcl(str, volumeAcls, str2, bucketAcls, null, null);
        testParentChild(createBucket, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.DELETE);
        resetAcl(str, volumeAcls, str2, bucketAcls, null, null);
        testParentChild(createBucket, IAccessAuthorizer.ACLType.READ, IAccessAuthorizer.ACLType.READ_ACL);
        resetAcl(str, volumeAcls, str2, bucketAcls, null, null);
        testParentChild(createBucket, IAccessAuthorizer.ACLType.READ, IAccessAuthorizer.ACLType.LIST);
        resetAcl(str, volumeAcls, str2, bucketAcls, null, null);
        testParentChild(createBucket, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.CREATE);
        resetAcl(str, volumeAcls, str2, bucketAcls, null, null);
        testParentChild(createBucket, IAccessAuthorizer.ACLType.READ, IAccessAuthorizer.ACLType.READ);
        resetAcl(str, volumeAcls, str2, bucketAcls, null, null);
        testParentChild(createBucket, IAccessAuthorizer.ACLType.WRITE, IAccessAuthorizer.ACLType.WRITE);
        resetAcl(str, volumeAcls, str2, bucketAcls, null, null);
    }

    private void resetAcl(String str, List<OzoneAcl> list, String str2, List<OzoneAcl> list2, String str3, List<OzoneAcl> list3) throws IOException {
        if (list != null) {
            setVolumeAcl(str, list);
        }
        if (list2 != null) {
            setBucketAcl(str, str2, list2);
        }
        if (list3 != null) {
            setKeyAcl(str, str2, str3, list3);
        }
    }

    private void testParentChild(OzoneObj ozoneObj, IAccessAuthorizer.ACLType aCLType, IAccessAuthorizer.ACLType aCLType2) throws IOException {
        RequestContext build = new RequestContext.Builder().setClientUgi(testUgi1).setAclType(IAccessAuthorizer.ACLIdentityType.USER).setAclRights(aCLType2).build();
        OzoneAcl ozoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, testUgi1.getUserName(), aCLType2, OzoneAcl.AclScope.ACCESS);
        OzoneAcl ozoneAcl2 = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, testUgi1.getUserName(), aCLType, OzoneAcl.AclScope.ACCESS);
        Assert.assertFalse(nativeAuthorizer.checkAccess(ozoneObj, build));
        if (ozoneObj.getResourceType() == OzoneObj.ResourceType.BUCKET) {
            addBucketAcl(ozoneObj.getVolumeName(), ozoneObj.getBucketName(), ozoneAcl);
            Assert.assertFalse(nativeAuthorizer.checkAccess(ozoneObj, build));
            addVolumeAcl(ozoneObj.getVolumeName(), ozoneAcl2);
            Assert.assertTrue(nativeAuthorizer.checkAccess(ozoneObj, build));
            return;
        }
        if (ozoneObj.getResourceType() == OzoneObj.ResourceType.KEY) {
            addKeyAcl(ozoneObj.getVolumeName(), ozoneObj.getBucketName(), ozoneObj.getKeyName(), ozoneAcl);
            Assert.assertFalse(nativeAuthorizer.checkAccess(ozoneObj, build));
            addBucketAcl(ozoneObj.getVolumeName(), ozoneObj.getBucketName(), ozoneAcl2);
            Assert.assertFalse(nativeAuthorizer.checkAccess(ozoneObj, build));
            addVolumeAcl(ozoneObj.getVolumeName(), ozoneAcl2);
            Assert.assertTrue(nativeAuthorizer.checkAccess(ozoneObj, build));
        }
    }

    private void addVolumeAcl(String str, OzoneAcl ozoneAcl) throws IOException {
        String volumeKey = metadataManager.getVolumeKey(str);
        OmVolumeArgs omVolumeArgs = (OmVolumeArgs) metadataManager.getVolumeTable().get(volumeKey);
        omVolumeArgs.addAcl(ozoneAcl);
        metadataManager.getVolumeTable().addCacheEntry(new CacheKey(volumeKey), new CacheValue(Optional.of(omVolumeArgs), 1L));
    }

    private List<OzoneAcl> getVolumeAcls(String str) throws IOException {
        return ((OmVolumeArgs) metadataManager.getVolumeTable().get(metadataManager.getVolumeKey(str))).getAcls();
    }

    private void setVolumeAcl(String str, List<OzoneAcl> list) throws IOException {
        String volumeKey = metadataManager.getVolumeKey(str);
        OmVolumeArgs omVolumeArgs = (OmVolumeArgs) metadataManager.getVolumeTable().get(volumeKey);
        omVolumeArgs.setAcls(list);
        metadataManager.getVolumeTable().addCacheEntry(new CacheKey(volumeKey), new CacheValue(Optional.of(omVolumeArgs), 1L));
    }

    private void addKeyAcl(String str, String str2, String str3, OzoneAcl ozoneAcl) throws IOException {
        String ozoneKey = metadataManager.getOzoneKey(str, str2, str3);
        OmKeyInfo omKeyInfo = (OmKeyInfo) metadataManager.getKeyTable().get(ozoneKey);
        omKeyInfo.addAcl(ozoneAcl);
        metadataManager.getKeyTable().addCacheEntry(new CacheKey(ozoneKey), new CacheValue(Optional.of(omKeyInfo), 1L));
    }

    private void setKeyAcl(String str, String str2, String str3, List<OzoneAcl> list) throws IOException {
        String ozoneKey = metadataManager.getOzoneKey(str, str2, str3);
        OmKeyInfo omKeyInfo = (OmKeyInfo) metadataManager.getKeyTable().get(ozoneKey);
        omKeyInfo.setAcls(list);
        metadataManager.getKeyTable().addCacheEntry(new CacheKey(ozoneKey), new CacheValue(Optional.of(omKeyInfo), 1L));
    }

    private void addBucketAcl(String str, String str2, OzoneAcl ozoneAcl) throws IOException {
        String bucketKey = metadataManager.getBucketKey(str, str2);
        OmBucketInfo omBucketInfo = (OmBucketInfo) metadataManager.getBucketTable().get(bucketKey);
        omBucketInfo.addAcl(ozoneAcl);
        metadataManager.getBucketTable().addCacheEntry(new CacheKey(bucketKey), new CacheValue(Optional.of(omBucketInfo), 1L));
    }

    private List<OzoneAcl> getBucketAcls(String str, String str2) throws IOException {
        return ((OmBucketInfo) metadataManager.getBucketTable().get(metadataManager.getBucketKey(str, str2))).getAcls();
    }

    private void setBucketAcl(String str, String str2, List<OzoneAcl> list) throws IOException {
        String bucketKey = metadataManager.getBucketKey(str, str2);
        OmBucketInfo omBucketInfo = (OmBucketInfo) metadataManager.getBucketTable().get(bucketKey);
        omBucketInfo.setAcls(list);
        metadataManager.getBucketTable().addCacheEntry(new CacheKey(bucketKey), new CacheValue(Optional.of(omBucketInfo), 1L));
    }

    private static OzoneObjInfo createVolume(String str) throws IOException {
        TestOMRequestUtils.addVolumeToOM(metadataManager, OmVolumeArgs.newBuilder().setVolume(str).setAdminName(adminUgi.getUserName()).setOwnerName(testUgi.getUserName()).build());
        return new OzoneObjInfo.Builder().setVolumeName(str).setResType(OzoneObj.ResourceType.VOLUME).setStoreType(OzoneObj.StoreType.OZONE).build();
    }

    private static OzoneObjInfo createBucket(String str, String str2) throws IOException {
        TestOMRequestUtils.addBucketToOM(metadataManager, OmBucketInfo.newBuilder().setVolumeName(str).setBucketName(str2).build());
        return new OzoneObjInfo.Builder().setVolumeName(str).setBucketName(str2).setResType(OzoneObj.ResourceType.BUCKET).setStoreType(OzoneObj.StoreType.OZONE).build();
    }

    private OzoneObjInfo createKey(String str, String str2, String str3) throws IOException {
        OmKeyArgs build = new OmKeyArgs.Builder().setVolumeName(str).setBucketName(str2).setKeyName(str3).setReplicationConfig(new StandaloneReplicationConfig(HddsProtos.ReplicationFactor.ONE)).setDataSize(0L).setAcls(OzoneAclUtil.getAclList(testUgi.getUserName(), testUgi.getGroupNames(), IAccessAuthorizer.ACLType.ALL, IAccessAuthorizer.ACLType.ALL)).build();
        if (str3.split("/").length > 1) {
            keyManager.createDirectory(build);
        } else {
            OpenKeySession createFile = keyManager.createFile(build, true, false);
            build.setLocationInfoList(createFile.getKeyInfo().getLatestVersionLocations().getLocationList());
            keyManager.commitKey(build, createFile.getId());
        }
        return new OzoneObjInfo.Builder().setVolumeName(str).setBucketName(str2).setKeyName(str3).setResType(OzoneObj.ResourceType.KEY).setStoreType(OzoneObj.StoreType.OZONE).build();
    }
}
