package org.apache.hadoop.security.authorize;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.NativeCodeLoader;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/security/authorize/TestAccessControlList.class */
public class TestAccessControlList {
    private static final Logger LOG = LoggerFactory.getLogger(TestAccessControlList.class);

    @Test
    public void testNetgroups() throws Exception {
        if (!NativeCodeLoader.isNativeCodeLoaded()) {
            LOG.info("Not testing netgroups, this test only runs when native code is compiled");
            return;
        }
        String property = System.getProperty("TestAccessControlListGroupMapping");
        if (property == null) {
            LOG.info("Not testing netgroups, no group mapping class specified, use -DTestAccessControlListGroupMapping=$className to specify group mapping class (must implement GroupMappingServiceProvider interface and support netgroups)");
            return;
        }
        LOG.info("Testing netgroups using: " + property);
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.group.mapping", property);
        Groups userToGroupsMappingService = Groups.getUserToGroupsMappingService(configuration);
        new AccessControlList("ja my");
        new AccessControlList("sinatra ratpack,@lasVegas");
        new AccessControlList(" somegroup,@someNetgroup");
        AccessControlList accessControlList = new AccessControlList("carlPerkins ratpack,@lasVegas");
        accessControlList.addGroup("@memphis");
        validateNetgroups(userToGroupsMappingService, accessControlList);
        userToGroupsMappingService.refresh();
        validateNetgroups(userToGroupsMappingService, accessControlList);
    }

    private void validateNetgroups(Groups groups, AccessControlList accessControlList) throws Exception {
        List groups2 = groups.getGroups("elvis");
        Assertions.assertTrue(groups2.contains("@lasVegas"));
        Assertions.assertTrue(groups2.contains("@memphis"));
        Assertions.assertTrue(groups.getGroups("jerryLeeLewis").contains("@memphis"));
        assertUserAllowed(UserGroupInformation.createRemoteUser("elvis"), accessControlList);
        assertUserAllowed(UserGroupInformation.createRemoteUser("carlPerkins"), accessControlList);
        assertUserNotAllowed(UserGroupInformation.createRemoteUser("littleRichard"), accessControlList);
    }

    @Test
    public void testWildCardAccessControlList() throws Exception {
        Assertions.assertTrue(new AccessControlList("*").isAllAllowed());
        Assertions.assertTrue(new AccessControlList("  * ").isAllAllowed());
        Assertions.assertTrue(new AccessControlList(" *").isAllAllowed());
        Assertions.assertTrue(new AccessControlList("*  ").isAllAllowed());
    }

    @Test
    public void testAclString() {
        AccessControlList accessControlList = new AccessControlList("*");
        org.assertj.core.api.Assertions.assertThat(accessControlList.toString()).isEqualTo("All users are allowed");
        validateGetAclString(accessControlList);
        org.assertj.core.api.Assertions.assertThat(new AccessControlList(" ").toString()).isEqualTo("No users are allowed");
        AccessControlList accessControlList2 = new AccessControlList("user1,user2");
        org.assertj.core.api.Assertions.assertThat(accessControlList2.toString()).isEqualTo("Users [user1, user2] are allowed");
        validateGetAclString(accessControlList2);
        AccessControlList accessControlList3 = new AccessControlList("user1,user2 ");
        org.assertj.core.api.Assertions.assertThat(accessControlList3.toString()).isEqualTo("Users [user1, user2] are allowed");
        validateGetAclString(accessControlList3);
        AccessControlList accessControlList4 = new AccessControlList(" group1,group2");
        org.assertj.core.api.Assertions.assertThat(accessControlList4.toString()).isEqualTo("Members of the groups [group1, group2] are allowed");
        validateGetAclString(accessControlList4);
        AccessControlList accessControlList5 = new AccessControlList("user1,user2 group1,group2");
        org.assertj.core.api.Assertions.assertThat(accessControlList5.toString()).isEqualTo("Users [user1, user2] and members of the groups [group1, group2] are allowed");
        validateGetAclString(accessControlList5);
    }

    private void validateGetAclString(AccessControlList accessControlList) {
        Assertions.assertTrue(accessControlList.toString().equals(new AccessControlList(accessControlList.getAclString()).toString()));
    }

    @Test
    public void testAccessControlList() throws Exception {
        AccessControlList accessControlList = new AccessControlList("drwho tardis");
        Collection users = accessControlList.getUsers();
        org.assertj.core.api.Assertions.assertThat(users.size()).isOne();
        org.assertj.core.api.Assertions.assertThat((String) users.iterator().next()).isEqualTo("drwho");
        Collection groups = accessControlList.getGroups();
        org.assertj.core.api.Assertions.assertThat(groups.size()).isOne();
        org.assertj.core.api.Assertions.assertThat((String) groups.iterator().next()).isEqualTo("tardis");
        AccessControlList accessControlList2 = new AccessControlList("drwho");
        Collection users2 = accessControlList2.getUsers();
        org.assertj.core.api.Assertions.assertThat(users2.size()).isOne();
        org.assertj.core.api.Assertions.assertThat((String) users2.iterator().next()).isEqualTo("drwho");
        org.assertj.core.api.Assertions.assertThat(accessControlList2.getGroups().size()).isZero();
        AccessControlList accessControlList3 = new AccessControlList("drwho ");
        Collection users3 = accessControlList3.getUsers();
        org.assertj.core.api.Assertions.assertThat(users3.size()).isOne();
        org.assertj.core.api.Assertions.assertThat((String) users3.iterator().next()).isEqualTo("drwho");
        org.assertj.core.api.Assertions.assertThat(accessControlList3.getGroups().size()).isZero();
        AccessControlList accessControlList4 = new AccessControlList(" tardis");
        org.assertj.core.api.Assertions.assertThat(accessControlList4.getUsers().size()).isZero();
        Collection groups2 = accessControlList4.getGroups();
        org.assertj.core.api.Assertions.assertThat(groups2.size()).isOne();
        org.assertj.core.api.Assertions.assertThat((String) groups2.iterator().next()).isEqualTo("tardis");
        AccessControlList accessControlList5 = new AccessControlList("drwho,joe tardis, users");
        Collection users4 = accessControlList5.getUsers();
        org.assertj.core.api.Assertions.assertThat(users4.size()).isEqualTo(2);
        Iterator it = users4.iterator();
        org.assertj.core.api.Assertions.assertThat((String) it.next()).isEqualTo("drwho");
        org.assertj.core.api.Assertions.assertThat((String) it.next()).isEqualTo("joe");
        Collection groups3 = accessControlList5.getGroups();
        org.assertj.core.api.Assertions.assertThat(groups3.size()).isEqualTo(2);
        Iterator it2 = groups3.iterator();
        org.assertj.core.api.Assertions.assertThat((String) it2.next()).isEqualTo("tardis");
        org.assertj.core.api.Assertions.assertThat((String) it2.next()).isEqualTo("users");
    }

    @Test
    public void testAddRemoveAPI() {
        AccessControlList accessControlList = new AccessControlList(" ");
        org.assertj.core.api.Assertions.assertThat(accessControlList.getUsers().size()).isZero();
        org.assertj.core.api.Assertions.assertThat(accessControlList.getGroups().size()).isZero();
        org.assertj.core.api.Assertions.assertThat(accessControlList.getAclString()).isEqualTo(" ");
        accessControlList.addUser("drwho");
        Collection users = accessControlList.getUsers();
        org.assertj.core.api.Assertions.assertThat(users.size()).isOne();
        org.assertj.core.api.Assertions.assertThat((String) users.iterator().next()).isEqualTo("drwho");
        org.assertj.core.api.Assertions.assertThat(accessControlList.getAclString()).isEqualTo("drwho ");
        accessControlList.addGroup("tardis");
        Collection groups = accessControlList.getGroups();
        org.assertj.core.api.Assertions.assertThat(groups.size()).isOne();
        org.assertj.core.api.Assertions.assertThat((String) groups.iterator().next()).isEqualTo("tardis");
        org.assertj.core.api.Assertions.assertThat(accessControlList.getAclString()).isEqualTo("drwho tardis");
        accessControlList.addUser("joe");
        accessControlList.addGroup("users");
        Collection users2 = accessControlList.getUsers();
        org.assertj.core.api.Assertions.assertThat(users2.size()).isEqualTo(2);
        Iterator it = users2.iterator();
        org.assertj.core.api.Assertions.assertThat((String) it.next()).isEqualTo("drwho");
        org.assertj.core.api.Assertions.assertThat((String) it.next()).isEqualTo("joe");
        Collection groups2 = accessControlList.getGroups();
        org.assertj.core.api.Assertions.assertThat(groups2.size()).isEqualTo(2);
        Iterator it2 = groups2.iterator();
        org.assertj.core.api.Assertions.assertThat((String) it2.next()).isEqualTo("tardis");
        org.assertj.core.api.Assertions.assertThat((String) it2.next()).isEqualTo("users");
        org.assertj.core.api.Assertions.assertThat(accessControlList.getAclString()).isEqualTo("drwho,joe tardis,users");
        accessControlList.removeUser("joe");
        accessControlList.removeGroup("users");
        Collection users3 = accessControlList.getUsers();
        org.assertj.core.api.Assertions.assertThat(users3.size()).isOne();
        Assertions.assertFalse(users3.contains("joe"));
        Collection groups3 = accessControlList.getGroups();
        org.assertj.core.api.Assertions.assertThat(groups3.size()).isOne();
        Assertions.assertFalse(groups3.contains("users"));
        org.assertj.core.api.Assertions.assertThat(accessControlList.getAclString()).isEqualTo("drwho tardis");
        accessControlList.removeGroup("tardis");
        Collection groups4 = accessControlList.getGroups();
        org.assertj.core.api.Assertions.assertThat(groups4.size()).isZero();
        Assertions.assertFalse(groups4.contains("tardis"));
        org.assertj.core.api.Assertions.assertThat(accessControlList.getAclString()).isEqualTo("drwho ");
        accessControlList.removeUser("drwho");
        org.assertj.core.api.Assertions.assertThat(users3.size()).isZero();
        Assertions.assertFalse(users3.contains("drwho"));
        org.assertj.core.api.Assertions.assertThat(accessControlList.getGroups().size()).isZero();
        org.assertj.core.api.Assertions.assertThat(accessControlList.getUsers().size()).isZero();
        org.assertj.core.api.Assertions.assertThat(accessControlList.getAclString()).isEqualTo(" ");
    }

    @Test
    public void testAddRemoveWildCard() {
        AccessControlList accessControlList = new AccessControlList("drwho tardis");
        Throwable th = null;
        try {
            accessControlList.addUser(" * ");
        } catch (Throwable th2) {
            th = th2;
        }
        org.assertj.core.api.Assertions.assertThat(th).isNotNull();
        org.assertj.core.api.Assertions.assertThat(th).isInstanceOf(IllegalArgumentException.class);
        Throwable th3 = null;
        try {
            accessControlList.addGroup(" * ");
        } catch (Throwable th4) {
            th3 = th4;
        }
        org.assertj.core.api.Assertions.assertThat(th3).isNotNull();
        org.assertj.core.api.Assertions.assertThat(th3).isInstanceOf(IllegalArgumentException.class);
        Throwable th5 = null;
        try {
            accessControlList.removeUser(" * ");
        } catch (Throwable th6) {
            th5 = th6;
        }
        org.assertj.core.api.Assertions.assertThat(th5).isNotNull();
        org.assertj.core.api.Assertions.assertThat(th5).isInstanceOf(IllegalArgumentException.class);
        Throwable th7 = null;
        try {
            accessControlList.removeGroup(" * ");
        } catch (Throwable th8) {
            th7 = th8;
        }
        org.assertj.core.api.Assertions.assertThat(th7).isNotNull();
        org.assertj.core.api.Assertions.assertThat(th7).isInstanceOf(IllegalArgumentException.class);
    }

    @Test
    public void testAddRemoveToWildCardACL() {
        AccessControlList accessControlList = new AccessControlList(" * ");
        Assertions.assertTrue(accessControlList.isAllAllowed());
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[]{"aliens"});
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("drwho2@EXAMPLE.COM", new String[]{"tardis"});
        accessControlList.addUser("drwho");
        Assertions.assertTrue(accessControlList.isAllAllowed());
        Assertions.assertFalse(accessControlList.getAclString().contains("drwho"));
        accessControlList.addGroup("tardis");
        Assertions.assertTrue(accessControlList.isAllAllowed());
        Assertions.assertFalse(accessControlList.getAclString().contains("tardis"));
        accessControlList.removeUser("drwho");
        Assertions.assertTrue(accessControlList.isAllAllowed());
        assertUserAllowed(createUserForTesting, accessControlList);
        accessControlList.removeGroup("tardis");
        Assertions.assertTrue(accessControlList.isAllAllowed());
        assertUserAllowed(createUserForTesting2, accessControlList);
    }

    @Test
    public void testIsUserAllowed() {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("drwho@EXAMPLE.COM", new String[]{"aliens", "humanoids", "timelord"});
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("susan@EXAMPLE.COM", new String[]{"aliens", "humanoids", "timelord"});
        UserGroupInformation createUserForTesting3 = UserGroupInformation.createUserForTesting("barbara@EXAMPLE.COM", new String[]{"humans", "teachers"});
        UserGroupInformation createUserForTesting4 = UserGroupInformation.createUserForTesting("ian@EXAMPLE.COM", new String[]{"humans", "teachers"});
        AccessControlList accessControlList = new AccessControlList("drwho humanoids");
        assertUserAllowed(createUserForTesting, accessControlList);
        assertUserAllowed(createUserForTesting2, accessControlList);
        assertUserNotAllowed(createUserForTesting3, accessControlList);
        assertUserNotAllowed(createUserForTesting4, accessControlList);
        AccessControlList accessControlList2 = new AccessControlList("drwho");
        assertUserAllowed(createUserForTesting, accessControlList2);
        assertUserNotAllowed(createUserForTesting2, accessControlList2);
        assertUserNotAllowed(createUserForTesting3, accessControlList2);
        assertUserNotAllowed(createUserForTesting4, accessControlList2);
        AccessControlList accessControlList3 = new AccessControlList("drwho ");
        assertUserAllowed(createUserForTesting, accessControlList3);
        assertUserNotAllowed(createUserForTesting2, accessControlList3);
        assertUserNotAllowed(createUserForTesting3, accessControlList3);
        assertUserNotAllowed(createUserForTesting4, accessControlList3);
        AccessControlList accessControlList4 = new AccessControlList(" humanoids");
        assertUserAllowed(createUserForTesting, accessControlList4);
        assertUserAllowed(createUserForTesting2, accessControlList4);
        assertUserNotAllowed(createUserForTesting3, accessControlList4);
        assertUserNotAllowed(createUserForTesting4, accessControlList4);
        AccessControlList accessControlList5 = new AccessControlList("drwho,ian aliens,teachers");
        assertUserAllowed(createUserForTesting, accessControlList5);
        assertUserAllowed(createUserForTesting2, accessControlList5);
        assertUserAllowed(createUserForTesting3, accessControlList5);
        assertUserAllowed(createUserForTesting4, accessControlList5);
        AccessControlList accessControlList6 = new AccessControlList("");
        UserGroupInformation userGroupInformation = (UserGroupInformation) Mockito.spy(createUserForTesting);
        accessControlList6.isUserAllowed(userGroupInformation);
        ((UserGroupInformation) Mockito.verify(userGroupInformation, Mockito.never())).getGroupNames();
    }

    private void assertUserAllowed(UserGroupInformation userGroupInformation, AccessControlList accessControlList) {
        Assertions.assertTrue(accessControlList.isUserAllowed(userGroupInformation), "User " + userGroupInformation + " is not granted the access-control!!");
    }

    private void assertUserNotAllowed(UserGroupInformation userGroupInformation, AccessControlList accessControlList) {
        Assertions.assertFalse(accessControlList.isUserAllowed(userGroupInformation), "User " + userGroupInformation + " is incorrectly granted the access-control!!");
    }

    @Test
    public void testUseRealUserAclsForProxiedUser() {
        AccessControlList accessControlList = new AccessControlList("realUser");
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting("regularJane", UserGroupInformation.createRemoteUser("realUser"), new String[]{"group1"});
        Assertions.assertFalse(accessControlList.isUserAllowed(createProxyUserForTesting), "User " + createProxyUserForTesting + " should not have been granted access.");
        Assertions.assertTrue(new AccessControlList("~" + "realUser").isUserAllowed(createProxyUserForTesting), "User " + createProxyUserForTesting + " should have access but was denied.");
    }
}
