package alluxio.master.file;

import alluxio.AlluxioURI;
import alluxio.conf.Configuration;
import alluxio.conf.PropertyKey;
import alluxio.exception.AccessControlException;
import alluxio.exception.ExceptionMessage;
import alluxio.exception.InvalidPathException;
import alluxio.grpc.CreateFilePOptions;
import alluxio.master.CoreMasterContext;
import alluxio.master.MasterRegistry;
import alluxio.master.MasterTestUtils;
import alluxio.master.block.BlockMaster;
import alluxio.master.block.BlockMasterFactory;
import alluxio.master.file.contexts.CreateFileContext;
import alluxio.master.file.meta.Inode;
import alluxio.master.file.meta.InodeDirectoryIdGenerator;
import alluxio.master.file.meta.InodeLockManager;
import alluxio.master.file.meta.InodeTree;
import alluxio.master.file.meta.LockedInodePath;
import alluxio.master.file.meta.MountTable;
import alluxio.master.file.meta.MutableInode;
import alluxio.master.file.meta.options.MountInfo;
import alluxio.master.journal.NoopJournalContext;
import alluxio.master.metastore.InodeStore;
import alluxio.master.metrics.MetricsMaster;
import alluxio.master.metrics.MetricsMasterFactory;
import alluxio.security.GroupMappingServiceTestUtils;
import alluxio.security.authentication.AuthType;
import alluxio.security.authentication.AuthenticatedClientUser;
import alluxio.security.authorization.Mode;
import alluxio.security.group.GroupMappingService;
import alluxio.underfs.UfsManager;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.time.Clock;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.TemporaryFolder;
import org.mockito.Mockito;

@Ignore("metadata no longer exists in master")
/* loaded from: input_file:alluxio/master/file/PermissionCheckerTest.class */
public final class PermissionCheckerTest {
    private static final String TEST_SUPER_GROUP = "test-supergroup";
    private static final String TEST_DIR_URI = "/testDir";
    private static final String TEST_DIR_FILE_URI = "/testDir/file";
    private static final String TEST_FILE_URI = "/testFile";
    private static final String TEST_NOT_EXIST_URI = "/testDir/notExistDir/notExistFile";
    private static final String TEST_WEIRD_FILE_URI = "/testWeirdFile";
    private static CreateFileContext sFileContext;
    private static CreateFileContext sWeirdFileContext;
    private static CreateFileContext sNestedFileContext;
    private static InodeStore sInodeStore;
    private static InodeTree sTree;
    private static MasterRegistry sRegistry;
    private static MetricsMaster sMetricsMaster;
    private PermissionChecker mPermissionChecker;

    @Rule
    public ExpectedException mThrown = ExpectedException.none();
    private static final TestUser TEST_USER_ADMIN = new TestUser("admin", "admin");
    private static final TestUser TEST_USER_1 = new TestUser("user1", "group1");
    private static final TestUser TEST_USER_2 = new TestUser("user2", "group2");
    private static final TestUser TEST_USER_3 = new TestUser("user3", "group1");
    private static final TestUser TEST_USER_SUPERGROUP = new TestUser("user4", "group2,test-supergroup");
    private static final Mode TEST_NORMAL_MODE = new Mode(493);
    private static final Mode TEST_WEIRD_MODE = new Mode(111);

    @ClassRule
    public static TemporaryFolder sTestFolder = new TemporaryFolder();

    /* loaded from: input_file:alluxio/master/file/PermissionCheckerTest$FakeUserGroupsMapping.class */
    public static class FakeUserGroupsMapping implements GroupMappingService {
        private HashMap<String, String> mUserGroups = new HashMap<>();

        public FakeUserGroupsMapping() {
            this.mUserGroups.put(PermissionCheckerTest.TEST_USER_ADMIN.getUser(), PermissionCheckerTest.TEST_USER_ADMIN.getGroup());
            this.mUserGroups.put(PermissionCheckerTest.TEST_USER_1.getUser(), PermissionCheckerTest.TEST_USER_1.getGroup());
            this.mUserGroups.put(PermissionCheckerTest.TEST_USER_2.getUser(), PermissionCheckerTest.TEST_USER_2.getGroup());
            this.mUserGroups.put(PermissionCheckerTest.TEST_USER_3.getUser(), PermissionCheckerTest.TEST_USER_3.getGroup());
            this.mUserGroups.put(PermissionCheckerTest.TEST_USER_SUPERGROUP.getUser(), PermissionCheckerTest.TEST_USER_SUPERGROUP.getGroup());
        }

        public List<String> getGroups(String str) throws IOException {
            return this.mUserGroups.containsKey(str) ? Lists.newArrayList(this.mUserGroups.get(str).split(",")) : new ArrayList();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:alluxio/master/file/PermissionCheckerTest$TestUser.class */
    public static final class TestUser {
        private String mUser;
        private String mGroup;

        TestUser(String str, String str2) {
            this.mUser = str;
            this.mGroup = str2;
        }

        String getUser() {
            return this.mUser;
        }

        String getGroup() {
            return this.mGroup;
        }
    }

    @BeforeClass
    public static void beforeClass() throws Exception {
        sFileContext = CreateFileContext.mergeFrom(CreateFilePOptions.newBuilder().setBlockSizeBytes(1024L).setMode(TEST_NORMAL_MODE.toProto())).setOwner(TEST_USER_2.getUser()).setGroup(TEST_USER_2.getGroup());
        sWeirdFileContext = CreateFileContext.mergeFrom(CreateFilePOptions.newBuilder().setBlockSizeBytes(1024L).setMode(TEST_WEIRD_MODE.toProto())).setOwner(TEST_USER_1.getUser()).setGroup(TEST_USER_1.getGroup());
        sNestedFileContext = CreateFileContext.mergeFrom(CreateFilePOptions.newBuilder().setBlockSizeBytes(1024L).setMode(TEST_NORMAL_MODE.toProto()).setRecursive(true)).setOwner(TEST_USER_1.getUser()).setGroup(TEST_USER_1.getGroup());
        sRegistry = new MasterRegistry();
        CoreMasterContext testMasterContext = MasterTestUtils.testMasterContext();
        sMetricsMaster = new MetricsMasterFactory().create(sRegistry, testMasterContext);
        sRegistry.add(MetricsMaster.class, sMetricsMaster);
        BlockMaster create = new BlockMasterFactory().create(sRegistry, testMasterContext);
        InodeDirectoryIdGenerator inodeDirectoryIdGenerator = new InodeDirectoryIdGenerator(create);
        MountTable mountTable = new MountTable((UfsManager) Mockito.mock(UfsManager.class), (MountInfo) Mockito.mock(MountInfo.class), Clock.systemUTC());
        InodeLockManager inodeLockManager = new InodeLockManager();
        sInodeStore = (InodeStore) testMasterContext.getInodeStoreFactory().apply(inodeLockManager);
        sTree = new InodeTree(sInodeStore, create, inodeDirectoryIdGenerator, mountTable, inodeLockManager);
        sRegistry.start(true);
        GroupMappingServiceTestUtils.resetCache();
        Configuration.set(PropertyKey.SECURITY_GROUP_MAPPING_CLASS, FakeUserGroupsMapping.class.getName());
        Configuration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE);
        Configuration.set(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_ENABLED, true);
        Configuration.set(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_SUPERGROUP, TEST_SUPER_GROUP);
        sTree.initializeRoot(TEST_USER_ADMIN.getUser(), TEST_USER_ADMIN.getGroup(), TEST_NORMAL_MODE, NoopJournalContext.INSTANCE);
        createAndSetPermission(TEST_DIR_FILE_URI, sNestedFileContext);
        createAndSetPermission(TEST_FILE_URI, sFileContext);
        createAndSetPermission(TEST_WEIRD_FILE_URI, sWeirdFileContext);
    }

    @AfterClass
    public static void afterClass() throws Exception {
        sRegistry.stop();
        AuthenticatedClientUser.remove();
        Configuration.reloadProperties();
    }

    @Before
    public void before() throws Exception {
        AuthenticatedClientUser.remove();
        this.mPermissionChecker = new DefaultPermissionChecker(sTree);
    }

    private static void createAndSetPermission(String str, CreateFileContext createFileContext) throws Exception {
        LockedInodePath lockInodePath = sTree.lockInodePath(new AlluxioURI(str), InodeTree.LockPattern.WRITE_EDGE, NoopJournalContext.INSTANCE);
        Throwable th = null;
        try {
            try {
                List createPath = sTree.createPath(RpcContext.NOOP, lockInodePath, createFileContext);
                MutableInode mutableInode = (MutableInode) sInodeStore.getMutable(((Inode) createPath.get(createPath.size() - 1)).getId()).get();
                mutableInode.setOwner(createFileContext.getOwner()).setGroup(createFileContext.getGroup()).setMode(createFileContext.getMode().toShort());
                sInodeStore.writeInode(mutableInode);
                if (lockInodePath != null) {
                    if (0 == 0) {
                        lockInodePath.close();
                        return;
                    }
                    try {
                        lockInodePath.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (lockInodePath != null) {
                if (th != null) {
                    try {
                        lockInodePath.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    lockInodePath.close();
                }
            }
            throw th4;
        }
    }

    private static void verifyInodesList(String[] strArr, List<Inode> list) {
        String[] strArr2 = new String[list.size()];
        for (int i = 0; i < list.size(); i++) {
            strArr2[i] = list.get(i).getName();
        }
        Assert.assertArrayEquals(strArr, strArr2);
    }

    @Test
    public void createFileAndDirs() throws Exception {
        LockedInodePath lockInodePath = sTree.lockInodePath(new AlluxioURI(TEST_DIR_FILE_URI), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
        Throwable th = null;
        try {
            verifyInodesList(TEST_DIR_FILE_URI.split("/"), lockInodePath.getInodeList());
            if (lockInodePath != null) {
                if (0 != 0) {
                    try {
                        lockInodePath.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    lockInodePath.close();
                }
            }
            LockedInodePath lockInodePath2 = sTree.lockInodePath(new AlluxioURI(TEST_FILE_URI), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
            Throwable th3 = null;
            try {
                verifyInodesList(TEST_FILE_URI.split("/"), lockInodePath2.getInodeList());
                if (lockInodePath2 != null) {
                    if (0 != 0) {
                        try {
                            lockInodePath2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    } else {
                        lockInodePath2.close();
                    }
                }
                LockedInodePath lockInodePath3 = sTree.lockInodePath(new AlluxioURI(TEST_WEIRD_FILE_URI), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
                Throwable th5 = null;
                try {
                    verifyInodesList(TEST_WEIRD_FILE_URI.split("/"), lockInodePath3.getInodeList());
                    if (lockInodePath3 != null) {
                        if (0 != 0) {
                            try {
                                lockInodePath3.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            lockInodePath3.close();
                        }
                    }
                    LockedInodePath lockInodePath4 = sTree.lockInodePath(new AlluxioURI(TEST_NOT_EXIST_URI), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
                    Throwable th7 = null;
                    try {
                        verifyInodesList(new String[]{"", "testDir"}, lockInodePath4.getInodeList());
                        if (lockInodePath4 != null) {
                            if (0 == 0) {
                                lockInodePath4.close();
                                return;
                            }
                            try {
                                lockInodePath4.close();
                            } catch (Throwable th8) {
                                th7.addSuppressed(th8);
                            }
                        }
                    } catch (Throwable th9) {
                        if (lockInodePath4 != null) {
                            if (0 != 0) {
                                try {
                                    lockInodePath4.close();
                                } catch (Throwable th10) {
                                    th7.addSuppressed(th10);
                                }
                            } else {
                                lockInodePath4.close();
                            }
                        }
                        throw th9;
                    }
                } catch (Throwable th11) {
                    if (lockInodePath3 != null) {
                        if (0 != 0) {
                            try {
                                lockInodePath3.close();
                            } catch (Throwable th12) {
                                th5.addSuppressed(th12);
                            }
                        } else {
                            lockInodePath3.close();
                        }
                    }
                    throw th11;
                }
            } catch (Throwable th13) {
                if (lockInodePath2 != null) {
                    if (0 != 0) {
                        try {
                            lockInodePath2.close();
                        } catch (Throwable th14) {
                            th3.addSuppressed(th14);
                        }
                    } else {
                        lockInodePath2.close();
                    }
                }
                throw th13;
            }
        } catch (Throwable th15) {
            if (lockInodePath != null) {
                if (0 != 0) {
                    try {
                        lockInodePath.close();
                    } catch (Throwable th16) {
                        th.addSuppressed(th16);
                    }
                } else {
                    lockInodePath.close();
                }
            }
            throw th15;
        }
    }

    @Test
    public void fileSystemOwner() throws Exception {
        checkPermission(TEST_USER_ADMIN, Mode.Bits.ALL, TEST_DIR_FILE_URI);
        checkPermission(TEST_USER_ADMIN, Mode.Bits.ALL, TEST_DIR_URI);
        checkPermission(TEST_USER_ADMIN, Mode.Bits.ALL, TEST_FILE_URI);
    }

    @Test
    public void fileSystemSuperGroup() throws Exception {
        checkPermission(TEST_USER_SUPERGROUP, Mode.Bits.ALL, TEST_DIR_FILE_URI);
        checkPermission(TEST_USER_SUPERGROUP, Mode.Bits.ALL, TEST_DIR_URI);
        checkPermission(TEST_USER_SUPERGROUP, Mode.Bits.ALL, TEST_FILE_URI);
    }

    @Test
    public void selfCheckSuccess() throws Exception {
        checkPermission(TEST_USER_1, Mode.Bits.READ, TEST_DIR_FILE_URI);
        checkPermission(TEST_USER_1, Mode.Bits.WRITE, TEST_DIR_FILE_URI);
        checkPermission(TEST_USER_2, Mode.Bits.READ, TEST_DIR_FILE_URI);
        checkPermission(TEST_USER_3, Mode.Bits.READ, TEST_DIR_FILE_URI);
    }

    @Test
    public void checkNoFallThroughFromOwnerToGroup() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_1.getUser(), Mode.Bits.READ, TEST_WEIRD_FILE_URI, "testWeirdFile")}));
        checkPermission(TEST_USER_1, Mode.Bits.READ, TEST_WEIRD_FILE_URI);
    }

    @Test
    public void checkNoFallThroughFromOwnerToOther() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_1.getUser(), Mode.Bits.WRITE, TEST_WEIRD_FILE_URI, "testWeirdFile")}));
        checkPermission(TEST_USER_1, Mode.Bits.WRITE, TEST_WEIRD_FILE_URI);
    }

    @Test
    public void checkNoFallThroughFromGroupToOther() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_3.getUser(), Mode.Bits.WRITE, TEST_WEIRD_FILE_URI, "testWeirdFile")}));
        checkPermission(TEST_USER_3, Mode.Bits.WRITE, TEST_WEIRD_FILE_URI);
    }

    @Test
    public void selfCheckFailByOtherGroup() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_2.getUser(), Mode.Bits.WRITE, TEST_DIR_FILE_URI, "file")}));
        checkPermission(TEST_USER_2, Mode.Bits.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void selfCheckFailBySameGroup() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_3.getUser(), Mode.Bits.WRITE, TEST_DIR_FILE_URI, "file")}));
        checkPermission(TEST_USER_3, Mode.Bits.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void parentCheckSuccess() throws Exception {
        checkParentOrAncestorPermission(TEST_USER_1, Mode.Bits.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void parentCheckFail() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_2.getUser(), Mode.Bits.WRITE, TEST_DIR_FILE_URI, "testDir")}));
        checkParentOrAncestorPermission(TEST_USER_2, Mode.Bits.WRITE, TEST_DIR_FILE_URI);
    }

    @Test
    public void ancestorCheckSuccess() throws Exception {
        checkParentOrAncestorPermission(TEST_USER_1, Mode.Bits.WRITE, TEST_NOT_EXIST_URI);
    }

    @Test
    public void ancestorCheckFail() throws Exception {
        this.mThrown.expect(AccessControlException.class);
        this.mThrown.expectMessage(ExceptionMessage.PERMISSION_DENIED.getMessage(new Object[]{toExceptionMessage(TEST_USER_2.getUser(), Mode.Bits.WRITE, TEST_NOT_EXIST_URI, "testDir")}));
        checkParentOrAncestorPermission(TEST_USER_2, Mode.Bits.WRITE, TEST_NOT_EXIST_URI);
    }

    @Test
    public void invalidPath() throws Exception {
        this.mThrown.expect(InvalidPathException.class);
        LockedInodePath lockInodePath = sTree.lockInodePath(new AlluxioURI(""), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
        Throwable th = null;
        try {
            this.mPermissionChecker.checkPermission(Mode.Bits.WRITE, lockInodePath);
            if (lockInodePath != null) {
                if (0 == 0) {
                    lockInodePath.close();
                    return;
                }
                try {
                    lockInodePath.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (lockInodePath != null) {
                if (0 != 0) {
                    try {
                        lockInodePath.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    lockInodePath.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void getPermission() throws Exception {
        LockedInodePath lockInodePath = sTree.lockInodePath(new AlluxioURI(TEST_WEIRD_FILE_URI), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
        Throwable th = null;
        try {
            AuthenticatedClientUser.set(TEST_USER_ADMIN.getUser());
            Assert.assertEquals(Mode.Bits.ALL, this.mPermissionChecker.getPermission(lockInodePath));
            AuthenticatedClientUser.set(TEST_USER_1.getUser());
            Assert.assertEquals(TEST_WEIRD_MODE.getOwnerBits(), this.mPermissionChecker.getPermission(lockInodePath));
            AuthenticatedClientUser.set(TEST_USER_3.getUser());
            Assert.assertEquals(TEST_WEIRD_MODE.getGroupBits(), this.mPermissionChecker.getPermission(lockInodePath));
            AuthenticatedClientUser.set(TEST_USER_2.getUser());
            Assert.assertEquals(TEST_WEIRD_MODE.getOtherBits(), this.mPermissionChecker.getPermission(lockInodePath));
            if (lockInodePath != null) {
                if (0 == 0) {
                    lockInodePath.close();
                    return;
                }
                try {
                    lockInodePath.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (lockInodePath != null) {
                if (0 != 0) {
                    try {
                        lockInodePath.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    lockInodePath.close();
                }
            }
            throw th3;
        }
    }

    private void checkPermission(TestUser testUser, Mode.Bits bits, String str) throws Exception {
        AuthenticatedClientUser.set(testUser.getUser());
        LockedInodePath lockInodePath = sTree.lockInodePath(new AlluxioURI(str), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
        Throwable th = null;
        try {
            try {
                this.mPermissionChecker.checkPermission(bits, lockInodePath);
                if (lockInodePath != null) {
                    if (0 == 0) {
                        lockInodePath.close();
                        return;
                    }
                    try {
                        lockInodePath.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (lockInodePath != null) {
                if (th != null) {
                    try {
                        lockInodePath.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    lockInodePath.close();
                }
            }
            throw th4;
        }
    }

    private void checkParentOrAncestorPermission(TestUser testUser, Mode.Bits bits, String str) throws Exception {
        AuthenticatedClientUser.set(testUser.getUser());
        LockedInodePath lockInodePath = sTree.lockInodePath(new AlluxioURI(str), InodeTree.LockPattern.READ, NoopJournalContext.INSTANCE);
        Throwable th = null;
        try {
            try {
                this.mPermissionChecker.checkParentPermission(bits, lockInodePath);
                if (lockInodePath != null) {
                    if (0 == 0) {
                        lockInodePath.close();
                        return;
                    }
                    try {
                        lockInodePath.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (lockInodePath != null) {
                if (th != null) {
                    try {
                        lockInodePath.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    lockInodePath.close();
                }
            }
            throw th4;
        }
    }

    private String toExceptionMessage(String str, Mode.Bits bits, String str2, String str3) {
        return "user=" + str + ", access=" + bits + ", path=" + str2 + ": failed at " + str3;
    }
}
