package alluxio.master.file;

import alluxio.AlluxioURI;
import alluxio.Configuration;
import alluxio.exception.AccessControlException;
import alluxio.exception.ExceptionMessage;
import alluxio.exception.InvalidPathException;
import alluxio.master.MasterContext;
import alluxio.master.block.BlockMaster;
import alluxio.master.file.meta.AbstractInodeTest;
import alluxio.master.file.meta.Inode;
import alluxio.master.file.meta.InodeDirectoryIdGenerator;
import alluxio.master.file.meta.InodeTree;
import alluxio.master.file.meta.MountTable;
import alluxio.master.file.meta.options.CreatePathOptions;
import alluxio.master.journal.ReadWriteJournal;
import alluxio.security.authorization.FileSystemAction;
import alluxio.security.authorization.PermissionStatus;
import alluxio.wire.FileInfo;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.List;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.TemporaryFolder;
import org.powermock.reflect.Whitebox;

/* loaded from: input_file:alluxio/master/file/PermissionCheckerTest.class */
public class PermissionCheckerTest {
    private static final String TEST_SUPER_GROUP = "test-supergroup";
    private static final String TEST_DIR_URI = "/testDir";
    private static final String TEST_DIR_FILE_URI = "/testDir/file";
    private static final String TEST_FILE_URI = "/testFile";
    private static final String TEST_NOT_EXIST_URI = "/testDir/notExistDir/notExistFile";
    private static final String TEST_WEIRD_FILE_URI = "/testWeirdFile";
    private static InodeTree sTree;

    @Rule
    public ExpectedException mThrown = ExpectedException.none();
    private static final TestUser TEST_USER_ADMIN = new TestUser("admin", "admin");
    private static final TestUser TEST_USER_1 = new TestUser(AbstractInodeTest.TEST_USER_NAME, AbstractInodeTest.TEST_GROUP_NAME);
    private static final TestUser TEST_USER_2 = new TestUser("user2", "group2");
    private static final TestUser TEST_USER_3 = new TestUser("user3", AbstractInodeTest.TEST_GROUP_NAME);
    private static final TestUser TEST_USER_SUPERGROUP = new TestUser("user4", "group2,test-supergroup");
    private static final PermissionStatus TEST_PERMISSION_STATUS_SUPER = new PermissionStatus(TEST_USER_ADMIN.getUser(), TEST_USER_ADMIN.getGroups(), 493);
    private static final PermissionStatus TEST_PERMISSION_STATUS_1 = new PermissionStatus(TEST_USER_1.getUser(), TEST_USER_1.getGroups(), 493);
    private static final PermissionStatus TEST_PERMISSION_STATUS_2 = new PermissionStatus(TEST_USER_2.getUser(), TEST_USER_2.getGroups(), 493);
    private static final PermissionStatus TEST_PERMISSION_STATUS_WEIRD = new PermissionStatus(TEST_USER_1.getUser(), TEST_USER_1.getGroups(), 111);
    private static final CreatePathOptions FILE_OPTIONS = new CreatePathOptions.Builder(MasterContext.getConf()).setBlockSizeBytes(1024).setPermissionStatus(TEST_PERMISSION_STATUS_2).build();
    private static final CreatePathOptions WEIRD_FILE_OPTIONS = new CreatePathOptions.Builder(MasterContext.getConf()).setBlockSizeBytes(1024).setPermissionStatus(TEST_PERMISSION_STATUS_WEIRD).build();
    private static final CreatePathOptions NESTED_FILE_OPTIONS = new CreatePathOptions.Builder(MasterContext.getConf()).setBlockSizeBytes(1024).setPermissionStatus(TEST_PERMISSION_STATUS_1).setRecursive(true).build();

    @ClassRule
    public static TemporaryFolder sTestFolder = new TemporaryFolder();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:alluxio/master/file/PermissionCheckerTest$TestUser.class */
    public static final class TestUser {
        private String mUser;
        private String mGroups;

        TestUser(String str, String str2) {
            this.mUser = str;
            this.mGroups = str2;
        }

        String getUser() {
            return this.mUser;
        }

        String getGroups() {
            return this.mGroups;
        }
    }

    @BeforeClass
    public static void beforeClass() throws Exception {
        BlockMaster blockMaster = new BlockMaster(new ReadWriteJournal(sTestFolder.newFolder().getAbsolutePath()));
        sTree = new InodeTree(blockMaster, new InodeDirectoryIdGenerator(blockMaster), new MountTable());
        blockMaster.start(true);
        Configuration configuration = new Configuration();
        configuration.set("alluxio.security.authorization.permission.enabled", "true");
        configuration.set("alluxio.security.authorization.permission.supergroup", TEST_SUPER_GROUP);
        MasterContext.reset(configuration);
        sTree.initializeRoot(TEST_PERMISSION_STATUS_SUPER);
        verifyPermissionChecker(true, TEST_PERMISSION_STATUS_SUPER.getUserName(), TEST_SUPER_GROUP);
        Inode inodeByPath = sTree.getInodeByPath(new AlluxioURI("/"));
        sTree.initializeRoot(TEST_PERMISSION_STATUS_SUPER);
        verifyPermissionChecker(true, inodeByPath.getUserName(), TEST_SUPER_GROUP);
        createFileAndDirs();
    }

    private static void createFileAndDirs() throws Exception {
        sTree.createPath(new AlluxioURI(TEST_DIR_FILE_URI), NESTED_FILE_OPTIONS);
        sTree.createPath(new AlluxioURI(TEST_FILE_URI), FILE_OPTIONS);
        sTree.createPath(new AlluxioURI(TEST_WEIRD_FILE_URI), WEIRD_FILE_OPTIONS);
        verifyInodesList(TEST_DIR_FILE_URI.split("/"), sTree.collectInodes(new AlluxioURI(TEST_DIR_FILE_URI)));
        verifyInodesList(TEST_FILE_URI.split("/"), sTree.collectInodes(new AlluxioURI(TEST_FILE_URI)));
        verifyInodesList(TEST_WEIRD_FILE_URI.split("/"), sTree.collectInodes(new AlluxioURI(TEST_WEIRD_FILE_URI)));
        verifyInodesList(new String[]{"", "testDir"}, sTree.collectInodes(new AlluxioURI(TEST_NOT_EXIST_URI)));
    }

    private static void verifyInodesList(String[] strArr, List<Inode> list) {
        String[] strArr2 = new String[list.size()];
        for (int i = 0; i < list.size(); i++) {
            strArr2[i] = list.get(i).getName();
        }
        Assert.assertArrayEquals(strArr, strArr2);
    }

    private static void verifyPermissionChecker(boolean z, String str, String str2) {
        Assert.assertEquals(Boolean.valueOf(z), Whitebox.getInternalState(PermissionChecker.class, "sPermissionCheckEnabled"));
        Assert.assertEquals(str, Whitebox.getInternalState(PermissionChecker.class, "sFileSystemOwner"));
        Assert.assertEquals(str2, Whitebox.getInternalState(PermissionChecker.class, "sFileSystemSuperGroup"));
    }

    @Test
    public void fileSystemOwnerTest() throws Exception {
        checkSelfPermission(TEST_USER_ADMIN, FileSystemAction.ALL, TEST_DIR_FILE_URI);
        checkSelfPermission(TEST_USER_ADMIN, FileSystemAction.ALL, TEST_DIR_URI);
        checkSelfPermission(TEST_USER_ADMIN, FileSystemAction.ALL, TEST_FILE_URI);
    }

    @Test
    public void fileSystemSuperGroupTest() throws Exception {
        checkSelfPermission(TEST_USER_SUPERGROUP, FileSystemAction.ALL, TEST_DIR_FILE_URI);
        checkSelfPermission(TEST_USER_SUPERGROUP, FileSystemAction.ALL, TEST_DIR_URI);
        checkSelfPermission(TEST_USER_SUPERGROUP, FileSystemAction.ALL, TEST_FILE_URI);
    }

    @Test
    public void selfCheckSuccessTest() throws Exception {
        checkSelfPermission(TEST_USER_1, FileSystemAction.READ, TEST_DIR_FILE_URI);
        checkSelfPermission(TEST_USER_1, FileSystemAction.WRITE, TEST_DIR_FILE_URI);
        checkSelfPermission(TEST_USER_2, FileSystemAction.READ, TEST_DIR_FILE_URI);
        checkSelfPermission(TEST_USER_3, FileSystemAction.READ, TEST_DIR_FILE_URI);
    }

    @Test
    public void selfCheckFailByOtherGroupTest() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_2.getUser(), FileSystemAction.WRITE, TEST_DIR_FILE_URI, "file")}));
        checkSelfPermission(TEST_USER_2, FileSystemAction.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void selfCheckFailBySameGroupTest() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_3.getUser(), FileSystemAction.WRITE, TEST_DIR_FILE_URI, "file")}));
        checkSelfPermission(TEST_USER_3, FileSystemAction.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void checkFallThroughTest() throws Exception {
        checkSelfPermission(TEST_USER_1, FileSystemAction.READ, TEST_WEIRD_FILE_URI);
        checkSelfPermission(TEST_USER_1, FileSystemAction.WRITE, TEST_WEIRD_FILE_URI);
    }

    @Test
    public void parentCheckSuccessTest() throws Exception {
        checkParentOrAncestorPermission(TEST_USER_1, FileSystemAction.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void parentCheckFailTest() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_2.getUser(), FileSystemAction.WRITE, TEST_DIR_FILE_URI, "testDir")}));
        checkParentOrAncestorPermission(TEST_USER_2, FileSystemAction.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void ancestorCheckSuccessTest() throws Exception {
        checkParentOrAncestorPermission(TEST_USER_1, FileSystemAction.WRITE, TEST_NOT_EXIST_URI);
    }

    @Test
    public void ancestorCheckFailTest() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_2.getUser(), FileSystemAction.WRITE, TEST_NOT_EXIST_URI, "testDir")}));
        checkParentOrAncestorPermission(TEST_USER_2, FileSystemAction.WRITE, TEST_NOT_EXIST_URI);
    }

    @Test
    public void invalidPathTest() throws Exception {
        ArrayList newArrayList = Lists.newArrayList();
        this.mThrown.expect(InvalidPathException.class);
        PermissionChecker.checkPermission(TEST_USER_2.getUser(), Lists.newArrayList(TEST_USER_2.getGroups().split(",")), FileSystemAction.WRITE, new AlluxioURI(""), newArrayList);
    }

    private void checkSelfPermission(TestUser testUser, FileSystemAction fileSystemAction, String str) throws Exception {
        PermissionChecker.checkPermission(testUser.getUser(), Lists.newArrayList(testUser.getGroups().split(",")), fileSystemAction, new AlluxioURI(str), collectFileInfos(new AlluxioURI(str)));
    }

    private void checkParentOrAncestorPermission(TestUser testUser, FileSystemAction fileSystemAction, String str) throws Exception {
        PermissionChecker.checkParentPermission(testUser.getUser(), Lists.newArrayList(testUser.getGroups().split(",")), fileSystemAction, new AlluxioURI(str), collectFileInfos(new AlluxioURI(str)));
    }

    private List<FileInfo> collectFileInfos(AlluxioURI alluxioURI) throws Exception {
        List<Inode> collectInodes = sTree.collectInodes(alluxioURI);
        ArrayList arrayList = new ArrayList();
        for (Inode inode : collectInodes) {
            arrayList.add(inode.generateClientFileInfo(sTree.getPath(inode).toString()));
        }
        return arrayList;
    }

    private String toExceptionMessage(String str, FileSystemAction fileSystemAction, String str2, String str3) {
        return "user=" + str + ", access=" + fileSystemAction + ", path=" + str2 + ": failed at " + str3;
    }
}
