package org.apache.hadoop.security.authorize;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.NativeCodeLoader;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
/* loaded from: input_file:lib/hadoop-common-2.6.4-tests.jar:org/apache/hadoop/security/authorize/TestAccessControlList.class */
public class TestAccessControlList {
    private static final Log LOG = LogFactory.getLog(TestAccessControlList.class);

    @Test
    public void testNetgroups() throws Exception {
        if (!NativeCodeLoader.isNativeCodeLoaded()) {
            LOG.info("Not testing netgroups, this test only runs when native code is compiled");
            return;
        }
        String property = System.getProperty("TestAccessControlListGroupMapping");
        if (property == null) {
            LOG.info("Not testing netgroups, no group mapping class specified, use -DTestAccessControlListGroupMapping=$className to specify group mapping class (must implement GroupMappingServiceProvider interface and support netgroups)");
            return;
        }
        LOG.info("Testing netgroups using: " + property);
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.group.mapping", property);
        Groups userToGroupsMappingService = Groups.getUserToGroupsMappingService(configuration);
        new AccessControlList("ja my");
        new AccessControlList("sinatra ratpack,@lasVegas");
        new AccessControlList(" somegroup,@someNetgroup");
        AccessControlList accessControlList = new AccessControlList("carlPerkins ratpack,@lasVegas");
        accessControlList.addGroup("@memphis");
        validateNetgroups(userToGroupsMappingService, accessControlList);
        userToGroupsMappingService.refresh();
        validateNetgroups(userToGroupsMappingService, accessControlList);
    }

    private void validateNetgroups(Groups groups, AccessControlList accessControlList) throws Exception {
        List<String> groups2 = groups.getGroups("elvis");
        Assert.assertTrue(groups2.contains("@lasVegas"));
        Assert.assertTrue(groups2.contains("@memphis"));
        Assert.assertTrue(groups.getGroups("jerryLeeLewis").contains("@memphis"));
        assertUserAllowed(UserGroupInformation.createRemoteUser("elvis"), accessControlList);
        assertUserAllowed(UserGroupInformation.createRemoteUser("carlPerkins"), accessControlList);
        assertUserNotAllowed(UserGroupInformation.createRemoteUser("littleRichard"), accessControlList);
    }

    @Test
    public void testWildCardAccessControlList() throws Exception {
        Assert.assertTrue(new AccessControlList("*").isAllAllowed());
        Assert.assertTrue(new AccessControlList("  * ").isAllAllowed());
        Assert.assertTrue(new AccessControlList(" *").isAllAllowed());
        Assert.assertTrue(new AccessControlList("*  ").isAllAllowed());
    }

    @Test
    public void testAclString() {
        AccessControlList accessControlList = new AccessControlList("*");
        Assert.assertTrue(accessControlList.toString().equals("All users are allowed"));
        validateGetAclString(accessControlList);
        Assert.assertTrue(new AccessControlList(" ").toString().equals("No users are allowed"));
        AccessControlList accessControlList2 = new AccessControlList("user1,user2");
        Assert.assertTrue(accessControlList2.toString().equals("Users [user1, user2] are allowed"));
        validateGetAclString(accessControlList2);
        AccessControlList accessControlList3 = new AccessControlList("user1,user2 ");
        Assert.assertTrue(accessControlList3.toString().equals("Users [user1, user2] are allowed"));
        validateGetAclString(accessControlList3);
        AccessControlList accessControlList4 = new AccessControlList(" group1,group2");
        Assert.assertTrue(accessControlList4.toString().equals("Members of the groups [group1, group2] are allowed"));
        validateGetAclString(accessControlList4);
        AccessControlList accessControlList5 = new AccessControlList("user1,user2 group1,group2");
        Assert.assertTrue(accessControlList5.toString().equals("Users [user1, user2] and members of the groups [group1, group2] are allowed"));
        validateGetAclString(accessControlList5);
    }

    private void validateGetAclString(AccessControlList accessControlList) {
        Assert.assertTrue(accessControlList.toString().equals(new AccessControlList(accessControlList.getAclString()).toString()));
    }

    @Test
    public void testAccessControlList() throws Exception {
        AccessControlList accessControlList = new AccessControlList("drwho tardis");
        Collection<String> users = accessControlList.getUsers();
        Assert.assertEquals(users.size(), 1L);
        Assert.assertEquals(users.iterator().next(), "drwho");
        Collection<String> groups = accessControlList.getGroups();
        Assert.assertEquals(groups.size(), 1L);
        Assert.assertEquals(groups.iterator().next(), "tardis");
        Collection<String> users2 = new AccessControlList("drwho").getUsers();
        Assert.assertEquals(users2.size(), 1L);
        Assert.assertEquals(users2.iterator().next(), "drwho");
        Assert.assertEquals(r0.getGroups().size(), 0L);
        Collection<String> users3 = new AccessControlList("drwho ").getUsers();
        Assert.assertEquals(users3.size(), 1L);
        Assert.assertEquals(users3.iterator().next(), "drwho");
        Assert.assertEquals(r0.getGroups().size(), 0L);
        AccessControlList accessControlList2 = new AccessControlList(" tardis");
        Assert.assertEquals(accessControlList2.getUsers().size(), 0L);
        Collection<String> groups2 = accessControlList2.getGroups();
        Assert.assertEquals(groups2.size(), 1L);
        Assert.assertEquals(groups2.iterator().next(), "tardis");
        AccessControlList accessControlList3 = new AccessControlList("drwho,joe tardis, users");
        Collection<String> users4 = accessControlList3.getUsers();
        Assert.assertEquals(users4.size(), 2L);
        Iterator<String> it = users4.iterator();
        Assert.assertEquals(it.next(), "drwho");
        Assert.assertEquals(it.next(), "joe");
        Collection<String> groups3 = accessControlList3.getGroups();
        Assert.assertEquals(groups3.size(), 2L);
        Iterator<String> it2 = groups3.iterator();
        Assert.assertEquals(it2.next(), "tardis");
        Assert.assertEquals(it2.next(), "users");
    }

    @Test
    public void testAddRemoveAPI() {
        AccessControlList accessControlList = new AccessControlList(" ");
        Assert.assertEquals(0L, accessControlList.getUsers().size());
        Assert.assertEquals(0L, accessControlList.getGroups().size());
        Assert.assertEquals(" ", accessControlList.getAclString());
        accessControlList.addUser("drwho");
        Collection<String> users = accessControlList.getUsers();
        Assert.assertEquals(users.size(), 1L);
        Assert.assertEquals(users.iterator().next(), "drwho");
        Assert.assertEquals("drwho ", accessControlList.getAclString());
        accessControlList.addGroup("tardis");
        Collection<String> groups = accessControlList.getGroups();
        Assert.assertEquals(groups.size(), 1L);
        Assert.assertEquals(groups.iterator().next(), "tardis");
        Assert.assertEquals("drwho tardis", accessControlList.getAclString());
        accessControlList.addUser("joe");
        accessControlList.addGroup("users");
        Collection<String> users2 = accessControlList.getUsers();
        Assert.assertEquals(users2.size(), 2L);
        Iterator<String> it = users2.iterator();
        Assert.assertEquals(it.next(), "drwho");
        Assert.assertEquals(it.next(), "joe");
        Collection<String> groups2 = accessControlList.getGroups();
        Assert.assertEquals(groups2.size(), 2L);
        Iterator<String> it2 = groups2.iterator();
        Assert.assertEquals(it2.next(), "tardis");
        Assert.assertEquals(it2.next(), "users");
        Assert.assertEquals("drwho,joe tardis,users", accessControlList.getAclString());
        accessControlList.removeUser("joe");
        accessControlList.removeGroup("users");
        Collection<String> users3 = accessControlList.getUsers();
        Assert.assertEquals(users3.size(), 1L);
        Assert.assertFalse(users3.contains("joe"));
        Collection<String> groups3 = accessControlList.getGroups();
        Assert.assertEquals(groups3.size(), 1L);
        Assert.assertFalse(groups3.contains("users"));
        Assert.assertEquals("drwho tardis", accessControlList.getAclString());
        accessControlList.removeGroup("tardis");
        Collection<String> groups4 = accessControlList.getGroups();
        Assert.assertEquals(0L, groups4.size());
        Assert.assertFalse(groups4.contains("tardis"));
        Assert.assertEquals("drwho ", accessControlList.getAclString());
        accessControlList.removeUser("drwho");
        Assert.assertEquals(0L, users3.size());
        Assert.assertFalse(users3.contains("drwho"));
        Assert.assertEquals(0L, accessControlList.getGroups().size());
        Assert.assertEquals(0L, accessControlList.getUsers().size());
        Assert.assertEquals(" ", accessControlList.getAclString());
    }

    @Test
    public void testAddRemoveWildCard() {
        AccessControlList accessControlList = new AccessControlList("drwho tardis");
        Throwable th = null;
        try {
            accessControlList.addUser(" * ");
        } catch (Throwable th2) {
            th = th2;
        }
        Assert.assertNotNull(th);
        Assert.assertTrue(th instanceof IllegalArgumentException);
        Throwable th3 = null;
        try {
            accessControlList.addGroup(" * ");
        } catch (Throwable th4) {
            th3 = th4;
        }
        Assert.assertNotNull(th3);
        Assert.assertTrue(th3 instanceof IllegalArgumentException);
        Throwable th5 = null;
        try {
            accessControlList.removeUser(" * ");
        } catch (Throwable th6) {
            th5 = th6;
        }
        Assert.assertNotNull(th5);
        Assert.assertTrue(th5 instanceof IllegalArgumentException);
        Throwable th7 = null;
        try {
            accessControlList.removeGroup(" * ");
        } catch (Throwable th8) {
            th7 = th8;
        }
        Assert.assertNotNull(th7);
        Assert.assertTrue(th7 instanceof IllegalArgumentException);
    }

    @Test
    public void testAddRemoveToWildCardACL() {
        AccessControlList accessControlList = new AccessControlList(" * ");
        Assert.assertTrue(accessControlList.isAllAllowed());
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[]{"aliens"});
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[]{"tardis"});
        accessControlList.addUser("drwho");
        Assert.assertTrue(accessControlList.isAllAllowed());
        Assert.assertFalse(accessControlList.getAclString().contains("drwho"));
        accessControlList.addGroup("tardis");
        Assert.assertTrue(accessControlList.isAllAllowed());
        Assert.assertFalse(accessControlList.getAclString().contains("tardis"));
        accessControlList.removeUser("drwho");
        Assert.assertTrue(accessControlList.isAllAllowed());
        assertUserAllowed(createUserForTesting, accessControlList);
        accessControlList.removeGroup("tardis");
        Assert.assertTrue(accessControlList.isAllAllowed());
        assertUserAllowed(createUserForTesting2, accessControlList);
    }

    @Test
    public void testIsUserAllowed() {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[]{"aliens", "humanoids", "timelord"});
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("susan@APACHE.ORG", new String[]{"aliens", "humanoids", "timelord"});
        UserGroupInformation createUserForTesting3 = UserGroupInformation.createUserForTesting("barbara@APACHE.ORG", new String[]{"humans", "teachers"});
        UserGroupInformation createUserForTesting4 = UserGroupInformation.createUserForTesting("ian@APACHE.ORG", new String[]{"humans", "teachers"});
        AccessControlList accessControlList = new AccessControlList("drwho humanoids");
        assertUserAllowed(createUserForTesting, accessControlList);
        assertUserAllowed(createUserForTesting2, accessControlList);
        assertUserNotAllowed(createUserForTesting3, accessControlList);
        assertUserNotAllowed(createUserForTesting4, accessControlList);
        AccessControlList accessControlList2 = new AccessControlList("drwho");
        assertUserAllowed(createUserForTesting, accessControlList2);
        assertUserNotAllowed(createUserForTesting2, accessControlList2);
        assertUserNotAllowed(createUserForTesting3, accessControlList2);
        assertUserNotAllowed(createUserForTesting4, accessControlList2);
        AccessControlList accessControlList3 = new AccessControlList("drwho ");
        assertUserAllowed(createUserForTesting, accessControlList3);
        assertUserNotAllowed(createUserForTesting2, accessControlList3);
        assertUserNotAllowed(createUserForTesting3, accessControlList3);
        assertUserNotAllowed(createUserForTesting4, accessControlList3);
        AccessControlList accessControlList4 = new AccessControlList(" humanoids");
        assertUserAllowed(createUserForTesting, accessControlList4);
        assertUserAllowed(createUserForTesting2, accessControlList4);
        assertUserNotAllowed(createUserForTesting3, accessControlList4);
        assertUserNotAllowed(createUserForTesting4, accessControlList4);
        AccessControlList accessControlList5 = new AccessControlList("drwho,ian aliens,teachers");
        assertUserAllowed(createUserForTesting, accessControlList5);
        assertUserAllowed(createUserForTesting2, accessControlList5);
        assertUserAllowed(createUserForTesting3, accessControlList5);
        assertUserAllowed(createUserForTesting4, accessControlList5);
        AccessControlList accessControlList6 = new AccessControlList("");
        UserGroupInformation userGroupInformation = (UserGroupInformation) Mockito.spy(createUserForTesting);
        accessControlList6.isUserAllowed(userGroupInformation);
        ((UserGroupInformation) Mockito.verify(userGroupInformation, Mockito.never())).getGroupNames();
    }

    private void assertUserAllowed(UserGroupInformation userGroupInformation, AccessControlList accessControlList) {
        Assert.assertTrue("User " + userGroupInformation + " is not granted the access-control!!", accessControlList.isUserAllowed(userGroupInformation));
    }

    private void assertUserNotAllowed(UserGroupInformation userGroupInformation, AccessControlList accessControlList) {
        Assert.assertFalse("User " + userGroupInformation + " is incorrectly granted the access-control!!", accessControlList.isUserAllowed(userGroupInformation));
    }
}
