package org.apache.hadoop.fs.azurebfs;

import com.google.common.collect.Lists;
import java.io.FileNotFoundException;
import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.azurebfs.constants.TestConfigurationKeys;
import org.apache.hadoop.fs.azurebfs.utils.AclTestHelpers;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryScope;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.security.AccessControlException;
import org.junit.Assume;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/fs/azurebfs/ITestAzureBlobFileSystemCheckAccess.class */
public class ITestAzureBlobFileSystemCheckAccess extends AbstractAbfsIntegrationTest {
    private static final String TEST_FOLDER_PATH = "CheckAccessTestFolder";
    private final FileSystem superUserFs;
    private FileSystem testUserFs;
    private final String testUserGuid;
    private final boolean isCheckAccessEnabled;
    private final boolean isHNSEnabled;

    public ITestAzureBlobFileSystemCheckAccess() throws Exception {
        super.setup();
        this.superUserFs = getFileSystem();
        this.testUserGuid = getConfiguration().get(TestConfigurationKeys.FS_AZURE_BLOB_FS_CHECKACCESS_TEST_USER_GUID);
        this.isCheckAccessEnabled = getConfiguration().isCheckAccessEnabled();
        this.isHNSEnabled = getConfiguration().getBoolean(TestConfigurationKeys.FS_AZURE_TEST_NAMESPACE_ENABLED_ACCOUNT, false);
    }

    private void setTestUserFs() throws Exception {
        if (this.testUserFs != null) {
            return;
        }
        String str = getConfiguration().get(TestConfigurationKeys.FS_AZURE_BLOB_FS_CLIENT_ID);
        String str2 = getConfiguration().get(TestConfigurationKeys.FS_AZURE_BLOB_FS_CLIENT_SECRET);
        Boolean valueOf = Boolean.valueOf(getConfiguration().getBoolean("fs.azure.createRemoteFileSystemDuringInitialization", true));
        getRawConfiguration().set(TestConfigurationKeys.FS_AZURE_BLOB_FS_CLIENT_ID, getConfiguration().get(TestConfigurationKeys.FS_AZURE_BLOB_FS_CHECKACCESS_TEST_CLIENT_ID));
        getRawConfiguration().set(TestConfigurationKeys.FS_AZURE_BLOB_FS_CLIENT_SECRET, getConfiguration().get(TestConfigurationKeys.FS_AZURE_BLOB_FS_CHECKACCESS_TEST_CLIENT_SECRET));
        getRawConfiguration().setBoolean("fs.azure.createRemoteFileSystemDuringInitialization", false);
        FileSystem newInstance = FileSystem.newInstance(getRawConfiguration());
        getRawConfiguration().set(TestConfigurationKeys.FS_AZURE_BLOB_FS_CLIENT_ID, str);
        getRawConfiguration().set(TestConfigurationKeys.FS_AZURE_BLOB_FS_CLIENT_SECRET, str2);
        getRawConfiguration().setBoolean("fs.azure.createRemoteFileSystemDuringInitialization", valueOf.booleanValue());
        this.testUserFs = newInstance;
    }

    @Test(expected = IllegalArgumentException.class)
    @Ignore
    public void testCheckAccessWithNullPath() throws IOException {
        this.superUserFs.access((Path) null, FsAction.READ);
    }

    @Test(expected = NullPointerException.class)
    public void testCheckAccessForFileWithNullFsAction() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        this.superUserFs.access(new Path("test.txt"), (FsAction) null);
    }

    @Test(expected = FileNotFoundException.class)
    public void testCheckAccessForNonExistentFile() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/nonExistentFile1.txt", FsAction.ALL);
        this.superUserFs.delete(path, true);
        this.testUserFs.access(path, FsAction.READ);
    }

    @Test
    public void testWhenCheckAccessConfigIsOff() throws Exception {
        Assume.assumeTrue("fs.azure.test.namespace.enabled is false", this.isHNSEnabled);
        Configuration rawConfiguration = getRawConfiguration();
        rawConfiguration.setBoolean("fs.azure.enable.check.access", false);
        FileSystem newInstance = FileSystem.newInstance(rawConfiguration);
        Path path = setupTestDirectoryAndUserAccess("/test1.txt", FsAction.NONE);
        newInstance.access(path, FsAction.EXECUTE);
        newInstance.access(path, FsAction.READ);
        newInstance.access(path, FsAction.WRITE);
        newInstance.access(path, FsAction.READ_EXECUTE);
        newInstance.access(path, FsAction.WRITE_EXECUTE);
        newInstance.access(path, FsAction.READ_WRITE);
        newInstance.access(path, FsAction.ALL);
        Path path2 = setupTestDirectoryAndUserAccess("/test1.txt", FsAction.ALL);
        newInstance.access(path2, FsAction.EXECUTE);
        newInstance.access(path2, FsAction.READ);
        newInstance.access(path2, FsAction.WRITE);
        newInstance.access(path2, FsAction.READ_EXECUTE);
        newInstance.access(path2, FsAction.WRITE_EXECUTE);
        newInstance.access(path2, FsAction.READ_WRITE);
        newInstance.access(path2, FsAction.ALL);
        newInstance.access(path2, (FsAction) null);
        Path path3 = setupTestDirectoryAndUserAccess("/nonExistentFile2.txt", FsAction.NONE);
        this.superUserFs.delete(path3, true);
        newInstance.access(path3, FsAction.READ);
    }

    @Test
    public void testCheckAccessForAccountWithoutNS() throws Exception {
        Assume.assumeFalse("fs.azure.test.namespace.enabled is true", getConfiguration().getBoolean(TestConfigurationKeys.FS_AZURE_TEST_NAMESPACE_ENABLED_ACCOUNT, true));
        Assume.assumeTrue("fs.azure.enable.check.access is false", this.isCheckAccessEnabled);
        setTestUserFs();
        this.testUserFs.access(new Path("/"), FsAction.READ);
    }

    @Test
    public void testFsActionNONE() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/test2.txt", FsAction.NONE);
        assertInaccessible(path, FsAction.EXECUTE);
        assertInaccessible(path, FsAction.READ);
        assertInaccessible(path, FsAction.WRITE);
        assertInaccessible(path, FsAction.READ_EXECUTE);
        assertInaccessible(path, FsAction.WRITE_EXECUTE);
        assertInaccessible(path, FsAction.READ_WRITE);
        assertInaccessible(path, FsAction.ALL);
    }

    @Test
    public void testFsActionEXECUTE() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/test3.txt", FsAction.EXECUTE);
        assertAccessible(path, FsAction.EXECUTE);
        assertInaccessible(path, FsAction.READ);
        assertInaccessible(path, FsAction.WRITE);
        assertInaccessible(path, FsAction.READ_EXECUTE);
        assertInaccessible(path, FsAction.WRITE_EXECUTE);
        assertInaccessible(path, FsAction.READ_WRITE);
        assertInaccessible(path, FsAction.ALL);
    }

    @Test
    public void testFsActionREAD() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/test4.txt", FsAction.READ);
        assertAccessible(path, FsAction.READ);
        assertInaccessible(path, FsAction.EXECUTE);
        assertInaccessible(path, FsAction.WRITE);
        assertInaccessible(path, FsAction.READ_EXECUTE);
        assertInaccessible(path, FsAction.WRITE_EXECUTE);
        assertInaccessible(path, FsAction.READ_WRITE);
        assertInaccessible(path, FsAction.ALL);
    }

    @Test
    public void testFsActionWRITE() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/test5.txt", FsAction.WRITE);
        assertAccessible(path, FsAction.WRITE);
        assertInaccessible(path, FsAction.EXECUTE);
        assertInaccessible(path, FsAction.READ);
        assertInaccessible(path, FsAction.READ_EXECUTE);
        assertInaccessible(path, FsAction.WRITE_EXECUTE);
        assertInaccessible(path, FsAction.READ_WRITE);
        assertInaccessible(path, FsAction.ALL);
    }

    @Test
    public void testFsActionREADEXECUTE() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/test6.txt", FsAction.READ_EXECUTE);
        assertAccessible(path, FsAction.EXECUTE);
        assertAccessible(path, FsAction.READ);
        assertAccessible(path, FsAction.READ_EXECUTE);
        assertInaccessible(path, FsAction.WRITE);
        assertInaccessible(path, FsAction.WRITE_EXECUTE);
        assertInaccessible(path, FsAction.READ_WRITE);
        assertInaccessible(path, FsAction.ALL);
    }

    @Test
    public void testFsActionWRITEEXECUTE() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/test7.txt", FsAction.WRITE_EXECUTE);
        assertAccessible(path, FsAction.EXECUTE);
        assertAccessible(path, FsAction.WRITE);
        assertAccessible(path, FsAction.WRITE_EXECUTE);
        assertInaccessible(path, FsAction.READ);
        assertInaccessible(path, FsAction.READ_EXECUTE);
        assertInaccessible(path, FsAction.READ_WRITE);
        assertInaccessible(path, FsAction.ALL);
    }

    @Test
    public void testFsActionALL() throws Exception {
        assumeHNSAndCheckAccessEnabled();
        setTestUserFs();
        Path path = setupTestDirectoryAndUserAccess("/test8.txt", FsAction.ALL);
        assertAccessible(path, FsAction.EXECUTE);
        assertAccessible(path, FsAction.WRITE);
        assertAccessible(path, FsAction.WRITE_EXECUTE);
        assertAccessible(path, FsAction.READ);
        assertAccessible(path, FsAction.READ_EXECUTE);
        assertAccessible(path, FsAction.READ_WRITE);
        assertAccessible(path, FsAction.ALL);
    }

    private void assumeHNSAndCheckAccessEnabled() {
        Assume.assumeTrue("fs.azure.test.namespace.enabled is false", this.isHNSEnabled);
        Assume.assumeTrue("fs.azure.enable.check.access is false", this.isCheckAccessEnabled);
    }

    private void assertAccessible(Path path, FsAction fsAction) throws IOException {
        assertTrue("Should have been given access  " + fsAction + " on " + path, isAccessible(this.testUserFs, path, fsAction));
    }

    private void assertInaccessible(Path path, FsAction fsAction) throws IOException {
        assertFalse("Should have been denied access  " + fsAction + " on " + path, isAccessible(this.testUserFs, path, fsAction));
    }

    private void setExecuteAccessForParentDirs(Path path) throws IOException {
        Path parent = path.getParent();
        while (true) {
            Path path2 = parent;
            if (path2 == null) {
                return;
            }
            modifyAcl(path2, this.testUserGuid, FsAction.EXECUTE);
            parent = path2.getParent();
        }
    }

    private void modifyAcl(Path path, String str, FsAction fsAction) throws IOException {
        this.superUserFs.modifyAclEntries(path, Lists.newArrayList(new AclEntry[]{AclTestHelpers.aclEntry(AclEntryScope.ACCESS, AclEntryType.USER, str, fsAction)}));
    }

    private Path setupTestDirectoryAndUserAccess(String str, FsAction fsAction) throws Exception {
        Path makeQualified = this.superUserFs.makeQualified(new Path(TEST_FOLDER_PATH + str));
        this.superUserFs.delete(makeQualified, true);
        this.superUserFs.create(makeQualified);
        modifyAcl(makeQualified, this.testUserGuid, fsAction);
        setExecuteAccessForParentDirs(makeQualified);
        return makeQualified;
    }

    private boolean isAccessible(FileSystem fileSystem, Path path, FsAction fsAction) throws IOException {
        try {
            fileSystem.access(path, fsAction);
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }
}
