package org.apache.hadoop.hdfs.server.namenode;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.security.TestUGIWithSecurityOn;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.class */
public class TestSecureNameNode {
    private static final int NUM_OF_DATANODES = 0;

    @Before
    public void testKdcRunning() {
        Assume.assumeTrue(TestUGIWithSecurityOn.isKdcRunning());
    }

    @Test
    public void testName() throws IOException, InterruptedException {
        final MiniDFSCluster miniDFSCluster = NUM_OF_DATANODES;
        try {
            String str = System.getProperty("kdc.resource.dir") + "/keytabs";
            String str2 = str + "/nn1.keytab";
            String str3 = str + "/user1.keytab";
            HdfsConfiguration hdfsConfiguration = new HdfsConfiguration();
            hdfsConfiguration.set("hadoop.security.authentication", "kerberos");
            hdfsConfiguration.set("dfs.namenode.kerberos.principal", "nn1/localhost@EXAMPLE.COM");
            hdfsConfiguration.set("dfs.namenode.keytab.file", str2);
            miniDFSCluster = new MiniDFSCluster.Builder(hdfsConfiguration).numDataNodes(NUM_OF_DATANODES).build();
            miniDFSCluster.waitActive();
            DistributedFileSystem fileSystem = miniDFSCluster.getFileSystem();
            fileSystem.mkdirs(new Path("/tmp"));
            fileSystem.setPermission(new Path("/tmp"), new FsPermission((short) 511));
            UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI("user1@EXAMPLE.COM", str3);
            FileSystem fileSystem2 = (FileSystem) loginUserFromKeytabAndReturnUGI.doAs(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws Exception {
                    return miniDFSCluster.getFileSystem();
                }
            });
            try {
                fileSystem2.mkdirs(new Path("/users"));
                Assert.fail("user1 must not be allowed to write in /");
            } catch (IOException e) {
            }
            Path path = new Path("/tmp/alpha");
            fileSystem2.mkdirs(path);
            Assert.assertNotNull(fileSystem2.listStatus(path));
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, loginUserFromKeytabAndReturnUGI.getAuthenticationMethod());
            if (miniDFSCluster != null) {
                miniDFSCluster.shutdown();
            }
        } catch (Throwable th) {
            if (miniDFSCluster != null) {
                miniDFSCluster.shutdown();
            }
            throw th;
        }
    }
}
