package org.apache.hadoop.ozone.s3.endpoint;

import java.io.IOException;
import java.io.InputStream;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.apache.hadoop.ozone.OzoneAcl;
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.client.OzoneClientStub;
import org.apache.hadoop.ozone.client.OzoneVolume;
import org.apache.hadoop.ozone.s3.endpoint.S3Acl;
import org.apache.hadoop.ozone.s3.endpoint.S3BucketAcl;
import org.apache.hadoop.ozone.s3.exception.OS3Exception;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/ozone/s3/endpoint/TestBucketAcl.class */
public class TestBucketAcl {
    private static final String BUCKET_NAME = "s3Bucket";
    private OzoneClient client;
    private HttpServletRequest servletRequest;
    private Map<String, String[]> parameterMap;
    private HttpHeaders headers;
    private BucketEndpoint bucketEndpoint;
    private static final String ACL_MARKER = "acl";

    @BeforeEach
    public void setup() throws IOException {
        this.client = new OzoneClientStub();
        this.client.getObjectStore().createS3Bucket(BUCKET_NAME);
        this.servletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        this.parameterMap = (Map) Mockito.mock(Map.class);
        this.headers = (HttpHeaders) Mockito.mock(HttpHeaders.class);
        Mockito.when(this.servletRequest.getParameterMap()).thenReturn(this.parameterMap);
        this.bucketEndpoint = new BucketEndpoint();
        this.bucketEndpoint.setClient(this.client);
    }

    @AfterEach
    public void clean() throws IOException {
        if (this.client != null) {
            this.client.close();
        }
    }

    @Test
    public void testGetAcl() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Response response = this.bucketEndpoint.get(BUCKET_NAME, (String) null, (String) null, (String) null, 0, (String) null, (String) null, (String) null, (String) null, ACL_MARKER, this.headers);
        Assertions.assertEquals(200, response.getStatus());
        System.out.println(response.getEntity());
    }

    @Test
    public void testSetAclWithNotSupportedGranteeType() throws Exception {
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read")).thenReturn(S3Acl.ACLIdentityType.GROUP.getHeaderType() + "=root");
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Assertions.assertEquals(Assertions.assertThrows(OS3Exception.class, () -> {
            this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null);
        }).getHttpCode(), 501);
    }

    @Test
    public void testRead() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        S3BucketAcl acl = this.bucketEndpoint.getAcl(BUCKET_NAME);
        Assertions.assertEquals(1, acl.getAclList().getGrantList().size());
        Assertions.assertEquals(S3Acl.ACLType.READ.getValue(), ((S3BucketAcl.Grant) acl.getAclList().getGrantList().get(0)).getPermission());
    }

    @Test
    public void testWrite() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-write")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        S3BucketAcl acl = this.bucketEndpoint.getAcl(BUCKET_NAME);
        Assertions.assertEquals(1, acl.getAclList().getGrantList().size());
        Assertions.assertEquals(S3Acl.ACLType.WRITE.getValue(), ((S3BucketAcl.Grant) acl.getAclList().getGrantList().get(0)).getPermission());
    }

    @Test
    public void testReadACP() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read-acp")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        S3BucketAcl acl = this.bucketEndpoint.getAcl(BUCKET_NAME);
        Assertions.assertEquals(1, acl.getAclList().getGrantList().size());
        Assertions.assertEquals(S3Acl.ACLType.READ_ACP.getValue(), ((S3BucketAcl.Grant) acl.getAclList().getGrantList().get(0)).getPermission());
    }

    @Test
    public void testWriteACP() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-write-acp")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        S3BucketAcl acl = this.bucketEndpoint.getAcl(BUCKET_NAME);
        Assertions.assertEquals(1, acl.getAclList().getGrantList().size());
        Assertions.assertEquals(S3Acl.ACLType.WRITE_ACP.getValue(), ((S3BucketAcl.Grant) acl.getAclList().getGrantList().get(0)).getPermission());
    }

    @Test
    public void testFullControl() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-full-control")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        S3BucketAcl acl = this.bucketEndpoint.getAcl(BUCKET_NAME);
        Assertions.assertEquals(1, acl.getAclList().getGrantList().size());
        Assertions.assertEquals(S3Acl.ACLType.FULL_CONTROL.getValue(), ((S3BucketAcl.Grant) acl.getAclList().getGrantList().get(0)).getPermission());
    }

    @Test
    public void testCombination() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Mockito.when(this.headers.getHeaderString("x-amz-grant-write")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read-acp")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Mockito.when(this.headers.getHeaderString("x-amz-grant-write-acp")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Mockito.when(this.headers.getHeaderString("x-amz-grant-full-control")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        Assertions.assertEquals(5, this.bucketEndpoint.getAcl(BUCKET_NAME).getAclList().getGrantList().size());
    }

    @Test
    public void testPutClearOldAcls() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        S3BucketAcl acl = this.bucketEndpoint.getAcl(BUCKET_NAME);
        Assertions.assertEquals(1, acl.getAclList().getGrantList().size());
        Assertions.assertEquals(S3Acl.ACLType.READ.getValue(), ((S3BucketAcl.Grant) acl.getAclList().getGrantList().get(0)).getPermission());
        OzoneVolume volume = this.bucketEndpoint.getVolume();
        Assertions.assertEquals(1, volume.getAcls().size());
        Assertions.assertEquals(IAccessAuthorizer.ACLType.READ, ((OzoneAcl) volume.getAcls().get(0)).getAclList().get(0));
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read")).thenReturn((Object) null);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-write")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, (InputStream) null).getStatus());
        S3BucketAcl acl2 = this.bucketEndpoint.getAcl(BUCKET_NAME);
        Assertions.assertEquals(1, acl2.getAclList().getGrantList().size());
        Assertions.assertEquals(S3Acl.ACLType.WRITE.getValue(), ((S3BucketAcl.Grant) acl2.getAclList().getGrantList().get(0)).getPermission());
        OzoneVolume volume2 = this.bucketEndpoint.getVolume();
        Assertions.assertEquals(1, volume2.getAcls().size());
        Assertions.assertEquals(IAccessAuthorizer.ACLType.READ, ((OzoneAcl) volume2.getAcls().get(0)).getAclList().get(0));
    }

    @Test
    public void testAclInBodyWithGroupUser() {
        InputStream resourceAsStream = TestBucketAcl.class.getClassLoader().getResourceAsStream("groupAccessControlList.xml");
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Assertions.assertThrows(OS3Exception.class, () -> {
            this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, resourceAsStream);
        });
    }

    @Test
    public void testAclInBody() throws Exception {
        InputStream resourceAsStream = TestBucketAcl.class.getClassLoader().getResourceAsStream("userAccessControlList.xml");
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Assertions.assertEquals(200, this.bucketEndpoint.put(BUCKET_NAME, ACL_MARKER, this.headers, resourceAsStream).getStatus());
        Assertions.assertEquals(2, this.bucketEndpoint.getAcl(BUCKET_NAME).getAclList().getGrantList().size());
    }

    @Test
    public void testBucketNotExist() throws Exception {
        Mockito.when(Boolean.valueOf(this.parameterMap.containsKey(ACL_MARKER))).thenReturn(true);
        Mockito.when(this.headers.getHeaderString("x-amz-grant-read")).thenReturn(S3Acl.ACLIdentityType.USER.getHeaderType() + "=root");
        Assertions.assertEquals(Assertions.assertThrows(OS3Exception.class, () -> {
            this.bucketEndpoint.getAcl("bucket-not-exist");
        }).getHttpCode(), 404);
    }
}
