package org.apache.hadoop.hdfs;

import com.google.common.collect.Lists;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.RandomAccessFile;
import java.io.StringReader;
import java.io.StringWriter;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.xml.parsers.SAXParserFactory;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.CipherSuite;
import org.apache.hadoop.crypto.CryptoProtocolVersion;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FSTestWrapper;
import org.apache.hadoop.fs.FileContext;
import org.apache.hadoop.fs.FileContextTestWrapper;
import org.apache.hadoop.fs.FileEncryptionInfo;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileSystemTestHelper;
import org.apache.hadoop.fs.FileSystemTestWrapper;
import org.apache.hadoop.fs.Options;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.RemoteIterator;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.client.HdfsAdmin;
import org.apache.hadoop.hdfs.protocol.ClientProtocol;
import org.apache.hadoop.hdfs.protocol.EncryptionZone;
import org.apache.hadoop.hdfs.protocol.HdfsConstants;
import org.apache.hadoop.hdfs.protocol.HdfsFileStatus;
import org.apache.hadoop.hdfs.server.datanode.DataStorage;
import org.apache.hadoop.hdfs.server.namenode.EncryptionFaultInjector;
import org.apache.hadoop.hdfs.server.namenode.EncryptionZoneManager;
import org.apache.hadoop.hdfs.server.namenode.FSImageTestUtil;
import org.apache.hadoop.hdfs.server.namenode.NamenodeFsck;
import org.apache.hadoop.hdfs.tools.DFSck;
import org.apache.hadoop.hdfs.tools.offlineImageViewer.PBImageXmlWriter;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.hdfs.web.resources.GroupParam;
import org.apache.hadoop.hdfs.web.resources.OwnerParam;
import org.apache.hadoop.io.EnumSetWritable;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.util.ToolRunner;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.jboss.netty.handler.codec.http.multipart.HttpPostBodyUtil;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.mortbay.util.URIUtil;
import org.xml.sax.InputSource;
import org.xml.sax.helpers.DefaultHandler;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones.class
  input_file:hadoop-hdfs-2.6.0/share/hadoop/hdfs/hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/hdfs/TestEncryptionZones.class */
public class TestEncryptionZones {
    private Configuration conf;
    private FileSystemTestHelper fsHelper;
    private MiniDFSCluster cluster;
    private HdfsAdmin dfsAdmin;
    protected DistributedFileSystem fs;
    private File testRootDir;
    private final String TEST_KEY = "testKey";
    protected FileSystemTestWrapper fsWrapper;
    protected FileContextTestWrapper fcWrapper;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones$CreateFileTask.class
      input_file:hadoop-hdfs-2.6.0/share/hadoop/hdfs/hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones$CreateFileTask.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/hdfs/TestEncryptionZones$CreateFileTask.class */
    public class CreateFileTask implements Callable<Void> {
        private FileSystemTestWrapper fsWrapper;
        private Path name;

        CreateFileTask(FileSystemTestWrapper fileSystemTestWrapper, Path path) {
            this.fsWrapper = fileSystemTestWrapper;
            this.name = path;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Void call() throws Exception {
            this.fsWrapper.createFile(this.name);
            return null;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones$InjectFaultTask.class
      input_file:hadoop-hdfs-2.6.0/share/hadoop/hdfs/hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones$InjectFaultTask.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/hdfs/TestEncryptionZones$InjectFaultTask.class */
    private class InjectFaultTask implements Callable<Void> {
        final Path zone1;
        final Path file;
        final ExecutorService executor;
        MyInjector injector;

        private InjectFaultTask() {
            this.zone1 = new Path("/zone1");
            this.file = new Path(this.zone1, "file1");
            this.executor = Executors.newSingleThreadExecutor();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Void call() throws Exception {
            this.injector = new MyInjector();
            EncryptionFaultInjector.instance = this.injector;
            Future submit = this.executor.submit(new CreateFileTask(TestEncryptionZones.this.fsWrapper, this.file));
            this.injector.ready.await();
            doFault();
            this.injector.wait.countDown();
            submit.get();
            doCleanup();
            return null;
        }

        public void doFault() throws Exception {
        }

        public void doCleanup() throws Exception {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones$MyInjector.class
      input_file:hadoop-hdfs-2.6.0/share/hadoop/hdfs/hadoop-hdfs-2.6.0-tests.jar:org/apache/hadoop/hdfs/TestEncryptionZones$MyInjector.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/hdfs/TestEncryptionZones$MyInjector.class */
    public class MyInjector extends EncryptionFaultInjector {
        int generateCount;
        CountDownLatch ready = new CountDownLatch(1);
        CountDownLatch wait = new CountDownLatch(1);

        public MyInjector() {
        }

        @Override // org.apache.hadoop.hdfs.server.namenode.EncryptionFaultInjector
        public void startFileAfterGenerateKey() throws IOException {
            this.ready.countDown();
            try {
                this.wait.await();
                this.generateCount++;
            } catch (InterruptedException e) {
                throw new IOException(e);
            }
        }
    }

    protected String getKeyProviderURI() {
        return "jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri();
    }

    @Before
    public void setup() throws Exception {
        this.conf = new HdfsConfiguration();
        this.fsHelper = new FileSystemTestHelper();
        this.testRootDir = new File(this.fsHelper.getTestRootDir()).getAbsoluteFile();
        this.conf.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, getKeyProviderURI());
        this.conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
        this.conf.setInt(DFSConfigKeys.DFS_NAMENODE_LIST_ENCRYPTION_ZONES_NUM_RESPONSES, 2);
        this.cluster = new MiniDFSCluster.Builder(this.conf).numDataNodes(1).build();
        Logger.getLogger(EncryptionZoneManager.class).setLevel(Level.TRACE);
        this.fs = this.cluster.getFileSystem();
        this.fsWrapper = new FileSystemTestWrapper(this.fs);
        this.fcWrapper = new FileContextTestWrapper(FileContext.getFileContext(this.cluster.getURI(), this.conf));
        this.dfsAdmin = new HdfsAdmin(this.cluster.getURI(), this.conf);
        setProvider();
        DFSTestUtil.createKey("testKey", this.cluster, this.conf);
    }

    protected void setProvider() {
        this.fs.getClient().provider = this.cluster.getNameNode().getNamesystem().getProvider();
    }

    @After
    public void teardown() {
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
        EncryptionFaultInjector.instance = new EncryptionFaultInjector();
    }

    public void assertNumZones(int i) throws IOException {
        RemoteIterator<EncryptionZone> listEncryptionZones = this.dfsAdmin.listEncryptionZones();
        int i2 = 0;
        while (listEncryptionZones.hasNext()) {
            i2++;
            listEncryptionZones.next();
        }
        Assert.assertEquals("Unexpected number of encryption zones!", i, i2);
    }

    public void assertZonePresent(String str, String str2) throws IOException {
        RemoteIterator<EncryptionZone> listEncryptionZones = this.dfsAdmin.listEncryptionZones();
        boolean z = false;
        while (true) {
            if (!listEncryptionZones.hasNext()) {
                break;
            }
            EncryptionZone encryptionZone = (EncryptionZone) listEncryptionZones.next();
            boolean z2 = str == null;
            boolean z3 = str2 == null;
            if (str != null && encryptionZone.getKeyName().equals(str)) {
                z2 = true;
            }
            if (str2 != null && encryptionZone.getPath().equals(str2)) {
                z3 = true;
            }
            if (z2 && z3) {
                z = true;
                break;
            }
        }
        Assert.assertTrue("Did not find expected encryption zone with keyName " + str + " path " + str2, z);
    }

    @Test(timeout = 60000)
    public void testBasicOperations() throws Exception {
        Path path = new Path("/zones");
        Path path2 = new Path(path, "zone1");
        try {
            this.dfsAdmin.createEncryptionZone(path2, "testKey");
            Assert.fail("expected /test doesn't exist");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("cannot find", e);
        }
        this.fsWrapper.mkdir(path2, FsPermission.getDirDefault(), true);
        this.dfsAdmin.createEncryptionZone(path2, "testKey");
        int i = 0 + 1;
        assertNumZones(i);
        assertZonePresent(null, path2.toString());
        try {
            this.dfsAdmin.createEncryptionZone(path2, "testKey");
        } catch (IOException e2) {
            GenericTestUtils.assertExceptionContains("already in an encryption zone", e2);
        }
        Path path3 = new Path(path2, "child");
        this.fsWrapper.mkdir(path3, FsPermission.getDirDefault(), false);
        try {
            this.dfsAdmin.createEncryptionZone(path3, "testKey");
            Assert.fail("EZ in an EZ");
        } catch (IOException e3) {
            GenericTestUtils.assertExceptionContains("already in an encryption zone", e3);
        }
        try {
            this.dfsAdmin.createEncryptionZone(path, "testKey");
            Assert.fail("EZ over an EZ");
        } catch (IOException e4) {
            GenericTestUtils.assertExceptionContains("encryption zone for a non-empty directory", e4);
        }
        Path path4 = new Path("/notEmpty");
        Path path5 = new Path(path4, "child");
        this.fsWrapper.mkdir(path5, FsPermission.getDirDefault(), true);
        try {
            this.dfsAdmin.createEncryptionZone(path4, "testKey");
            Assert.fail("Created EZ on an non-empty directory with folder");
        } catch (IOException e5) {
            GenericTestUtils.assertExceptionContains("create an encryption zone", e5);
        }
        this.fsWrapper.delete(path5, false);
        this.fsWrapper.createFile(path5);
        try {
            this.dfsAdmin.createEncryptionZone(path4, "testKey");
            Assert.fail("Created EZ on an non-empty directory with file");
        } catch (IOException e6) {
            GenericTestUtils.assertExceptionContains("create an encryption zone", e6);
        }
        try {
            this.dfsAdmin.createEncryptionZone(path5, "testKey");
            Assert.fail("Created EZ on a file");
        } catch (IOException e7) {
            GenericTestUtils.assertExceptionContains("create an encryption zone for a file.", e7);
        }
        Path path6 = new Path("/zone2");
        this.fsWrapper.mkdir(path6, FsPermission.getDirDefault(), false);
        try {
            this.dfsAdmin.createEncryptionZone(path6, "mykeyname");
            Assert.fail("expected key doesn't exist");
        } catch (IOException e8) {
            GenericTestUtils.assertExceptionContains("doesn't exist.", e8);
        }
        try {
            this.dfsAdmin.createEncryptionZone(path6, "");
            Assert.fail("created a zone with empty key name");
        } catch (IOException e9) {
            GenericTestUtils.assertExceptionContains("Must specify a key name when creating", e9);
        }
        try {
            this.dfsAdmin.createEncryptionZone(path6, null);
            Assert.fail("created a zone with null key name");
        } catch (IOException e10) {
            GenericTestUtils.assertExceptionContains("Must specify a key name when creating", e10);
        }
        assertNumZones(1);
        DFSTestUtil.createKey("mykeyname", this.cluster, this.conf);
        this.dfsAdmin.createEncryptionZone(path6, "mykeyname");
        int i2 = i + 1;
        assertNumZones(i2);
        assertZonePresent("mykeyname", path6.toString());
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user", new String[]{"mygroup"});
        final Path path7 = new Path("/nonSuper");
        this.fsWrapper.mkdir(path7, FsPermission.getDirDefault(), false);
        createUserForTesting.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.TestEncryptionZones.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    new HdfsAdmin(FileSystem.getDefaultUri(TestEncryptionZones.this.conf), TestEncryptionZones.this.conf).createEncryptionZone(path7, "testKey");
                    Assert.fail("createEncryptionZone is superuser-only operation");
                    return null;
                } catch (AccessControlException e11) {
                    GenericTestUtils.assertExceptionContains("Superuser privilege is required", e11);
                    return null;
                }
            }
        });
        Path path8 = new Path("/d/e/e/p/zone");
        this.fsWrapper.mkdir(path8, FsPermission.getDirDefault(), true);
        this.dfsAdmin.createEncryptionZone(path8, "testKey");
        int i3 = i2 + 1;
        assertNumZones(i3);
        assertZonePresent(null, path8.toString());
        for (int i4 = 1; i4 < 6; i4++) {
            Path path9 = new Path("/listZone" + i4);
            this.fsWrapper.mkdir(path9, FsPermission.getDirDefault(), false);
            this.dfsAdmin.createEncryptionZone(path9, "testKey");
            i3++;
            assertNumZones(i3);
            assertZonePresent(null, path9.toString());
        }
        this.fs.setSafeMode(HdfsConstants.SafeModeAction.SAFEMODE_ENTER);
        this.fs.saveNamespace();
        this.fs.setSafeMode(HdfsConstants.SafeModeAction.SAFEMODE_LEAVE);
        this.cluster.restartNameNode(true);
        assertNumZones(i3);
        assertZonePresent(null, path2.toString());
        Path path10 = new Path("/nonpersistZone");
        this.fsWrapper.mkdir(path10, FsPermission.getDirDefault(), false);
        this.dfsAdmin.createEncryptionZone(path10, "testKey");
        this.cluster.restartNameNode(true);
        assertNumZones(i3 + 1);
        assertZonePresent(null, path10.toString());
    }

    @Test(timeout = 60000)
    public void testListEncryptionZonesAsNonSuperUser() throws Exception {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user", new String[]{"mygroup"});
        Path path = new Path("/tmp/TestEncryptionZones");
        Path path2 = new Path(path, "superuseronly");
        Path path3 = new Path(path, "accessall");
        this.fsWrapper.mkdir(path2, new FsPermission((short) 448), true);
        this.dfsAdmin.createEncryptionZone(path2, "testKey");
        this.fsWrapper.mkdir(path3, new FsPermission((short) 455), true);
        this.dfsAdmin.createEncryptionZone(path3, "testKey");
        createUserForTesting.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.TestEncryptionZones.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    new HdfsAdmin(FileSystem.getDefaultUri(TestEncryptionZones.this.conf), TestEncryptionZones.this.conf).listEncryptionZones();
                    return null;
                } catch (AccessControlException e) {
                    GenericTestUtils.assertExceptionContains("Superuser privilege is required", e);
                    return null;
                }
            }
        });
    }

    @Test(timeout = 60000)
    public void testGetEZAsNonSuperUser() throws Exception {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user", new String[]{"mygroup"});
        Path path = new Path("/tmp/TestEncryptionZones");
        Path path2 = new Path(path, "superuseronly");
        final Path path3 = new Path(path2, "file1");
        final Path path4 = new Path(path, "accessall");
        final Path path5 = new Path(path4, "file1");
        final Path path6 = new Path(path, "nonEZDir");
        final Path path7 = new Path(path6, "file1");
        final Path path8 = new Path("/nonexistent");
        this.fsWrapper.mkdir(path, new FsPermission((short) 511), true);
        this.fsWrapper.mkdir(path2, new FsPermission((short) 448), false);
        this.fsWrapper.mkdir(path4, new FsPermission((short) 511), false);
        this.fsWrapper.mkdir(path6, new FsPermission((short) 511), false);
        this.dfsAdmin.createEncryptionZone(path2, "testKey");
        this.dfsAdmin.createEncryptionZone(path4, "testKey");
        this.dfsAdmin.allowSnapshot(new Path(URIUtil.SLASH));
        final Path createSnapshot = this.fs.createSnapshot(new Path(URIUtil.SLASH));
        DFSTestUtil.createFile(this.fs, path3, 8192L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, path5, 8192L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, path7, 8192L, (short) 1, 65261L);
        createUserForTesting.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.TestEncryptionZones.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HdfsAdmin hdfsAdmin = new HdfsAdmin(FileSystem.getDefaultUri(TestEncryptionZones.this.conf), TestEncryptionZones.this.conf);
                try {
                    hdfsAdmin.getEncryptionZoneForPath(null);
                    Assert.fail("should have thrown NPE");
                } catch (NullPointerException e) {
                }
                Assert.assertEquals("expected ez path", path4.toString(), hdfsAdmin.getEncryptionZoneForPath(path4).getPath().toString());
                Assert.assertEquals("expected ez path", path4.toString(), hdfsAdmin.getEncryptionZoneForPath(path5).getPath().toString());
                try {
                    hdfsAdmin.getEncryptionZoneForPath(path3);
                    Assert.fail("expected AccessControlException");
                } catch (AccessControlException e2) {
                    GenericTestUtils.assertExceptionContains("Permission denied:", e2);
                }
                Assert.assertNull("expected null for nonexistent path", hdfsAdmin.getEncryptionZoneForPath(path8));
                Assert.assertNull("expected null for non-ez path", hdfsAdmin.getEncryptionZoneForPath(path6));
                Assert.assertNull("expected null for non-ez path", hdfsAdmin.getEncryptionZoneForPath(path7));
                String str = createSnapshot.toString() + path4.toString();
                Assert.assertEquals("expected ez path", path4.toString(), hdfsAdmin.getEncryptionZoneForPath(new Path(str)).getPath().toString());
                TestEncryptionZones.this.fs.delete(path5, false);
                Assert.assertEquals("expected ez path", path4.toString(), hdfsAdmin.getEncryptionZoneForPath(new Path(str)).getPath().toString());
                TestEncryptionZones.this.fs.delete(path4, true);
                Assert.assertEquals("expected ez path", path4.toString(), hdfsAdmin.getEncryptionZoneForPath(new Path(str)).getPath().toString());
                Assert.assertNull("expected null for deleted file path", hdfsAdmin.getEncryptionZoneForPath(path5));
                Assert.assertNull("expected null for deleted directory path", hdfsAdmin.getEncryptionZoneForPath(path4));
                return null;
            }
        });
    }

    private void doRenameEncryptionZone(FSTestWrapper fSTestWrapper) throws Exception {
        Path path = new Path("/tmp/TestEncryptionZones");
        Path path2 = new Path(path, "foo");
        Path path3 = new Path(path2, "baz");
        Path path4 = new Path(path3, HttpPostBodyUtil.FILE);
        Path path5 = new Path(path2, "bar");
        Path path6 = new Path(path5, HttpPostBodyUtil.FILE);
        fSTestWrapper.mkdir(path2, FsPermission.getDirDefault(), true);
        this.dfsAdmin.createEncryptionZone(path2, "testKey");
        fSTestWrapper.mkdir(path3, FsPermission.getDirDefault(), true);
        DFSTestUtil.createFile(this.fs, path4, 8192L, (short) 1, 65261L);
        String readFile = DFSTestUtil.readFile(this.fs, path4);
        try {
            fSTestWrapper.rename(path3, path, new Options.Rename[0]);
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains(path3.toString() + " can't be moved from an encryption zone.", e);
        }
        Assert.assertTrue(this.fs.rename(path3, path5));
        Assert.assertTrue("Rename of dir and file within ez failed", !fSTestWrapper.exists(path3) && fSTestWrapper.exists(path5));
        Assert.assertEquals("Renamed file contents not the same", readFile, DFSTestUtil.readFile(this.fs, path6));
    }

    @Test(timeout = 60000)
    public void testRenameFileSystem() throws Exception {
        doRenameEncryptionZone(this.fsWrapper);
    }

    @Test(timeout = 60000)
    public void testRenameFileContext() throws Exception {
        doRenameEncryptionZone(this.fcWrapper);
    }

    private FileEncryptionInfo getFileEncryptionInfo(Path path) throws Exception {
        return this.fs.getClient().getLocatedBlocks(path.toString(), 0L).getFileEncryptionInfo();
    }

    @Test(timeout = 120000)
    public void testReadWrite() throws Exception {
        HdfsAdmin hdfsAdmin = new HdfsAdmin(FileSystem.getDefaultUri(this.conf), this.conf);
        Path path = new Path("/base");
        DFSTestUtil.createFile(this.fs, path, 8192L, (short) 1, 65261L);
        Path path2 = new Path("/zone");
        this.fs.mkdirs(path2);
        hdfsAdmin.createEncryptionZone(path2, "testKey");
        Path path3 = new Path(path2, "myfile");
        DFSTestUtil.createFile(this.fs, path3, 8192L, (short) 1, 65261L);
        DFSTestUtil.verifyFilesEqual(this.fs, path, path3, 8192);
        assertNumZones(1);
        this.cluster.getNamesystem().getProvider().rollNewVersion(((EncryptionZone) hdfsAdmin.listEncryptionZones().next()).getKeyName());
        DFSTestUtil.verifyFilesEqual(this.fs, path, path3, 8192);
        Path path4 = new Path(path2, "myfile2");
        DFSTestUtil.createFile(this.fs, path4, 8192L, (short) 1, 65261L);
        FileEncryptionInfo fileEncryptionInfo = getFileEncryptionInfo(path3);
        FileEncryptionInfo fileEncryptionInfo2 = getFileEncryptionInfo(path4);
        Assert.assertFalse("EDEKs should be different", Arrays.equals(fileEncryptionInfo.getEncryptedDataEncryptionKey(), fileEncryptionInfo2.getEncryptedDataEncryptionKey()));
        Assert.assertNotEquals("Key was rolled, versions should be different", fileEncryptionInfo.getEzKeyVersionName(), fileEncryptionInfo2.getEzKeyVersionName());
        DFSTestUtil.verifyFilesEqual(this.fs, path3, path4, 8192);
    }

    @Test(timeout = 120000)
    public void testReadWriteUsingWebHdfs() throws Exception {
        HdfsAdmin hdfsAdmin = new HdfsAdmin(FileSystem.getDefaultUri(this.conf), this.conf);
        WebHdfsFileSystem webHdfsFileSystem = WebHdfsTestUtil.getWebHdfsFileSystem(this.conf, WebHdfsFileSystem.SCHEME);
        Path path = new Path("/zone");
        this.fs.mkdirs(path);
        hdfsAdmin.createEncryptionZone(path, "testKey");
        Path path2 = new Path("/unenc");
        DFSTestUtil.createFile(webHdfsFileSystem, path2, 8192L, (short) 1, 65261L);
        Path path3 = new Path(path, "myfile");
        DFSTestUtil.createFile(webHdfsFileSystem, path3, 8192L, (short) 1, 65261L);
        DFSTestUtil.verifyFilesEqual(webHdfsFileSystem, path2, path3, 8192);
        DFSTestUtil.verifyFilesEqual(this.fs, path2, path3, 8192);
        Path path4 = new Path(path, "myfile2");
        DFSTestUtil.createFile(this.fs, path4, 8192L, (short) 1, 65261L);
        DFSTestUtil.verifyFilesEqual(webHdfsFileSystem, path2, path4, 8192);
        DFSTestUtil.verifyFilesEqual(this.fs, path2, path4, 8192);
        appendOneByte(this.fs, path2);
        appendOneByte(webHdfsFileSystem, path3);
        appendOneByte(this.fs, path4);
        DFSTestUtil.verifyFilesEqual(webHdfsFileSystem, path2, path3, 8192);
        DFSTestUtil.verifyFilesEqual(this.fs, path2, path3, 8192);
        DFSTestUtil.verifyFilesEqual(webHdfsFileSystem, path2, path4, 8192);
        DFSTestUtil.verifyFilesEqual(this.fs, path2, path4, 8192);
    }

    private void appendOneByte(FileSystem fileSystem, Path path) throws IOException {
        FSDataOutputStream append = fileSystem.append(path);
        append.write(35);
        append.close();
    }

    @Test(timeout = 60000)
    public void testVersionAndSuiteNegotiation() throws Exception {
        HdfsAdmin hdfsAdmin = new HdfsAdmin(FileSystem.getDefaultUri(this.conf), this.conf);
        Path path = new Path("/zone");
        this.fs.mkdirs(path);
        hdfsAdmin.createEncryptionZone(path, "testKey");
        DFSTestUtil.createFile(this.fs, new Path(path, "success1"), 0L, (short) 1, 65261L);
        DFSOutputStream.SUPPORTED_CRYPTO_VERSIONS = new CryptoProtocolVersion[0];
        try {
            DFSTestUtil.createFile(this.fs, new Path(path, "fail"), 0L, (short) 1, 65261L);
            Assert.fail("Created a file without specifying a crypto protocol version");
        } catch (UnknownCryptoProtocolVersionException e) {
            GenericTestUtils.assertExceptionContains("No crypto protocol versions", e);
        }
        DFSOutputStream.SUPPORTED_CRYPTO_VERSIONS = new CryptoProtocolVersion[]{CryptoProtocolVersion.UNKNOWN, CryptoProtocolVersion.UNKNOWN};
        try {
            DFSTestUtil.createFile(this.fs, new Path(path, "fail"), 0L, (short) 1, 65261L);
            Assert.fail("Created a file without specifying a known crypto protocol version");
        } catch (UnknownCryptoProtocolVersionException e2) {
            GenericTestUtils.assertExceptionContains("No crypto protocol versions", e2);
        }
        DFSOutputStream.SUPPORTED_CRYPTO_VERSIONS = new CryptoProtocolVersion[]{CryptoProtocolVersion.UNKNOWN, CryptoProtocolVersion.UNKNOWN, CryptoProtocolVersion.ENCRYPTION_ZONES};
        DFSTestUtil.createFile(this.fs, new Path(path, "success2"), 0L, (short) 1, 65261L);
        DFSOutputStream.SUPPORTED_CRYPTO_VERSIONS = new CryptoProtocolVersion[]{CryptoProtocolVersion.ENCRYPTION_ZONES, CryptoProtocolVersion.UNKNOWN, CryptoProtocolVersion.UNKNOWN};
        DFSTestUtil.createFile(this.fs, new Path(path, "success3"), 4096L, (short) 1, 65261L);
        this.cluster.getNamesystem().getProvider().flush();
        KeyProvider keyProvider = KeyProviderFactory.get(new URI(this.conf.get(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI)), this.conf);
        List keys = keyProvider.getKeys();
        Assert.assertEquals("Expected NN to have created one key per zone", 1L, keys.size());
        ArrayList newArrayList = Lists.newArrayList();
        Iterator it = keys.iterator();
        while (it.hasNext()) {
            List keyVersions = keyProvider.getKeyVersions((String) it.next());
            Assert.assertEquals("Should only have one key version per key", 1L, keyVersions.size());
            newArrayList.addAll(keyVersions);
        }
        for (int i = 2; i <= 3; i++) {
            Assert.assertEquals(getFileEncryptionInfo(new Path(path.toString() + "/success" + i)).getCipherSuite(), CipherSuite.AES_CTR_NOPADDING);
        }
        DFSClient dFSClient = this.fs.dfs;
        try {
            testCipherSuiteNegotiation(this.fs, this.conf);
            this.fs.dfs = dFSClient;
        } catch (Throwable th) {
            this.fs.dfs = dFSClient;
            throw th;
        }
    }

    private static void mockCreate(ClientProtocol clientProtocol, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion) throws Exception {
        ((ClientProtocol) Mockito.doReturn(new HdfsFileStatus(0L, false, 1, FileUtils.ONE_KB, 0L, 0L, new FsPermission((short) 777), OwnerParam.NAME, GroupParam.NAME, new byte[0], new byte[0], 1010L, 0, new FileEncryptionInfo(cipherSuite, cryptoProtocolVersion, new byte[cipherSuite.getAlgorithmBlockSize()], new byte[cipherSuite.getAlgorithmBlockSize()], "fakeKey", "fakeVersion"), (byte) 0)).when(clientProtocol)).create(Mockito.anyString(), (FsPermission) Matchers.anyObject(), Mockito.anyString(), (EnumSetWritable) Matchers.anyObject(), Matchers.anyBoolean(), Matchers.anyShort(), Matchers.anyLong(), (CryptoProtocolVersion[]) Matchers.anyObject());
    }

    private static void testCipherSuiteNegotiation(DistributedFileSystem distributedFileSystem, Configuration configuration) throws Exception {
        ClientProtocol clientProtocol = (ClientProtocol) Mockito.mock(ClientProtocol.class);
        Configuration configuration2 = new Configuration(configuration);
        CipherSuite cipherSuite = CipherSuite.AES_CTR_NOPADDING;
        configuration2.set("hadoop.security.crypto.codec.classes" + cipherSuite.getConfigSuffix(), "");
        distributedFileSystem.dfs = new DFSClient(null, clientProtocol, configuration2, null);
        mockCreate(clientProtocol, cipherSuite, CryptoProtocolVersion.ENCRYPTION_ZONES);
        try {
            distributedFileSystem.create(new Path("/mock"));
            Assert.fail("Created with no configured codecs!");
        } catch (UnknownCipherSuiteException e) {
            GenericTestUtils.assertExceptionContains("No configuration found for the cipher", e);
        }
        distributedFileSystem.dfs = new DFSClient(null, clientProtocol, configuration, null);
        CipherSuite cipherSuite2 = CipherSuite.UNKNOWN;
        cipherSuite2.setUnknownValue(989);
        mockCreate(clientProtocol, cipherSuite2, CryptoProtocolVersion.ENCRYPTION_ZONES);
        try {
            distributedFileSystem.create(new Path("/mock"));
            Assert.fail("Created with unknown cipher!");
        } catch (IOException e2) {
            GenericTestUtils.assertExceptionContains("unknown CipherSuite with ID 989", e2);
        }
    }

    @Test(timeout = 120000)
    public void testCreateEZWithNoProvider() throws Exception {
        Configuration configuration = this.cluster.getConfiguration(0);
        configuration.unset(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI);
        this.cluster.restartNameNode(true);
        this.cluster.waitActive();
        Path path = new Path("/zone1");
        this.fsWrapper.mkdir(path, FsPermission.getDirDefault(), true);
        try {
            this.dfsAdmin.createEncryptionZone(path, "testKey");
            Assert.fail("expected exception");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("since no key provider is available", e);
        }
        configuration.set(DFSConfigKeys.DFS_ENCRYPTION_KEY_PROVIDER_URI, "jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri());
        assertNumZones(0);
    }

    @Test(timeout = 120000)
    public void testIsEncryptedMethod() throws Exception {
        doTestIsEncryptedMethod(new Path(URIUtil.SLASH));
        doTestIsEncryptedMethod(new Path("/.reserved/raw"));
    }

    private void doTestIsEncryptedMethod(Path path) throws Exception {
        try {
            dTIEM(path);
            for (FileStatus fileStatus : this.fsWrapper.listStatus(path)) {
                this.fsWrapper.delete(fileStatus.getPath(), true);
            }
        } catch (Throwable th) {
            for (FileStatus fileStatus2 : this.fsWrapper.listStatus(path)) {
                this.fsWrapper.delete(fileStatus2.getPath(), true);
            }
            throw th;
        }
    }

    private void dTIEM(Path path) throws Exception {
        HdfsAdmin hdfsAdmin = new HdfsAdmin(FileSystem.getDefaultUri(this.conf), this.conf);
        Path path2 = new Path(path, "base");
        this.fsWrapper.createFile(path2);
        Assert.assertFalse("Expected isEncrypted to return false for " + path2, this.fsWrapper.getFileStatus(path2).isEncrypted());
        Path path3 = new Path(path, "zone");
        this.fsWrapper.mkdir(path3, FsPermission.getDirDefault(), true);
        hdfsAdmin.createEncryptionZone(path3, "testKey");
        Path path4 = new Path(path3, "encfile");
        this.fsWrapper.createFile(path4);
        Assert.assertTrue("Expected isEncrypted to return true for enc file" + path4, this.fsWrapper.getFileStatus(path4).isEncrypted());
        Assert.assertTrue("Expected isEncrypted to return true for ezroot", this.fsWrapper.getFileStatus(path3).isEncrypted());
        Path path5 = new Path(path3, DataStorage.BLOCK_SUBDIR_PREFIX);
        this.fsWrapper.mkdir(path5, FsPermission.getDirDefault(), true);
        Assert.assertTrue("Expected isEncrypted to return true for ez subdir " + path5, this.fsWrapper.getFileStatus(path5).isEncrypted());
        Path path6 = new Path(path, "nonzone");
        this.fsWrapper.mkdir(path6, FsPermission.getDirDefault(), true);
        Assert.assertFalse("Expected isEncrypted to return false for directory " + path6, this.fsWrapper.getFileStatus(path6).isEncrypted());
        for (FileStatus fileStatus : this.fsWrapper.listStatus(path3)) {
            Assert.assertTrue("Expected isEncrypted to return true for ez stat " + path3, fileStatus.isEncrypted());
        }
        for (FileStatus fileStatus2 : this.fsWrapper.listStatus(path4)) {
            Assert.assertTrue("Expected isEncrypted to return true for ez file stat " + path4, fileStatus2.isEncrypted());
        }
        for (FileStatus fileStatus3 : this.fsWrapper.listStatus(path6)) {
            Assert.assertFalse("Expected isEncrypted to return false for nonez stat " + path6, fileStatus3.isEncrypted());
        }
        for (FileStatus fileStatus4 : this.fsWrapper.listStatus(path2)) {
            Assert.assertFalse("Expected isEncrypted to return false for non ez stat " + path2, fileStatus4.isEncrypted());
        }
    }

    @Test(timeout = 120000)
    public void testStartFileRetry() throws Exception {
        Path path = new Path("/zone1");
        Path path2 = new Path(path, "file1");
        this.fsWrapper.mkdir(path, FsPermission.getDirDefault(), true);
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        newSingleThreadExecutor.submit(new InjectFaultTask() { // from class: org.apache.hadoop.hdfs.TestEncryptionZones.4
            @Override // org.apache.hadoop.hdfs.TestEncryptionZones.InjectFaultTask
            public void doFault() throws Exception {
                TestEncryptionZones.this.dfsAdmin.createEncryptionZone(this.zone1, "testKey");
            }

            @Override // org.apache.hadoop.hdfs.TestEncryptionZones.InjectFaultTask
            public void doCleanup() throws Exception {
                Assert.assertEquals("Expected a startFile retry", 2L, this.injector.generateCount);
                TestEncryptionZones.this.fsWrapper.delete(this.file, false);
            }
        }).get();
        newSingleThreadExecutor.submit(new InjectFaultTask() { // from class: org.apache.hadoop.hdfs.TestEncryptionZones.5
            @Override // org.apache.hadoop.hdfs.TestEncryptionZones.InjectFaultTask
            public void doFault() throws Exception {
                TestEncryptionZones.this.fsWrapper.delete(this.zone1, true);
            }

            @Override // org.apache.hadoop.hdfs.TestEncryptionZones.InjectFaultTask
            public void doCleanup() throws Exception {
                Assert.assertEquals("Expected no startFile retries", 1L, this.injector.generateCount);
                TestEncryptionZones.this.fsWrapper.delete(this.file, false);
            }
        }).get();
        this.fsWrapper.mkdir(path, FsPermission.getDirDefault(), true);
        DFSTestUtil.createKey("otherKey", this.cluster, this.conf);
        this.dfsAdmin.createEncryptionZone(path, "testKey");
        newSingleThreadExecutor.submit(new InjectFaultTask() { // from class: org.apache.hadoop.hdfs.TestEncryptionZones.6
            @Override // org.apache.hadoop.hdfs.TestEncryptionZones.InjectFaultTask
            public void doFault() throws Exception {
                TestEncryptionZones.this.fsWrapper.delete(this.zone1, true);
                TestEncryptionZones.this.fsWrapper.mkdir(this.zone1, FsPermission.getDirDefault(), true);
                TestEncryptionZones.this.dfsAdmin.createEncryptionZone(this.zone1, "otherKey");
            }

            @Override // org.apache.hadoop.hdfs.TestEncryptionZones.InjectFaultTask
            public void doCleanup() throws Exception {
                Assert.assertEquals("Expected a startFile retry", 2L, this.injector.generateCount);
                TestEncryptionZones.this.fsWrapper.delete(this.zone1, true);
            }
        }).get();
        this.fsWrapper.mkdir(path, FsPermission.getDirDefault(), true);
        DFSTestUtil.createKey("anotherKey", this.cluster, this.conf);
        this.dfsAdmin.createEncryptionZone(path, "anotherKey");
        String str = "otherKey";
        MyInjector myInjector = new MyInjector();
        EncryptionFaultInjector.instance = myInjector;
        Future submit = newSingleThreadExecutor.submit(new CreateFileTask(this.fsWrapper, path2));
        for (int i = 0; i < 11; i++) {
            myInjector.ready.await();
            this.fsWrapper.delete(path, true);
            this.fsWrapper.mkdir(path, FsPermission.getDirDefault(), true);
            this.dfsAdmin.createEncryptionZone(path, str);
            str = str == "otherKey" ? "anotherKey" : "otherKey";
            myInjector.wait.countDown();
            myInjector = new MyInjector();
            EncryptionFaultInjector.instance = myInjector;
        }
        try {
            submit.get();
            Assert.fail("Expected exception from too many retries");
        } catch (ExecutionException e) {
            GenericTestUtils.assertExceptionContains("Too many retries because of encryption zone operations", e.getCause());
        }
    }

    @Test(timeout = 120000)
    public void testDelegationToken() throws Exception {
        UserGroupInformation.createRemoteUser("JobTracker");
        DistributedFileSystem fileSystem = this.cluster.getFileSystem();
        KeyProviderDelegationTokenExtension.DelegationTokenExtension delegationTokenExtension = (KeyProvider) Mockito.mock(KeyProvider.class, Mockito.withSettings().extraInterfaces(new Class[]{KeyProviderDelegationTokenExtension.DelegationTokenExtension.class, KeyProviderCryptoExtension.CryptoExtension.class}));
        Mockito.when(delegationTokenExtension.getConf()).thenReturn(this.conf);
        Token token = new Token("Test identifier for delegation token".getBytes(), new byte[0], new Text(), new Text());
        Mockito.when(delegationTokenExtension.addDelegationTokens(Mockito.anyString(), (Credentials) Mockito.any())).thenReturn(new Token[]{token});
        fileSystem.getClient().provider = delegationTokenExtension;
        Token<?>[] addDelegationTokens = fileSystem.addDelegationTokens("JobTracker", new Credentials());
        DistributedFileSystem.LOG.debug("Delegation tokens: " + Arrays.asList(addDelegationTokens));
        Assert.assertEquals(2L, addDelegationTokens.length);
        Assert.assertEquals(addDelegationTokens[1], token);
        Assert.assertEquals(1L, r0.numberOfTokens());
    }

    @Test(timeout = 60000)
    public void testFsckOnEncryptionZones() throws Exception {
        Path path = new Path(new Path("/zones"), "zone1");
        Path path2 = new Path(path, HttpPostBodyUtil.FILE);
        this.fsWrapper.mkdir(path, FsPermission.getDirDefault(), true);
        this.dfsAdmin.createEncryptionZone(path, "testKey");
        DFSTestUtil.createFile(this.fs, path2, 8196L, (short) 1, 65261L);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream((OutputStream) byteArrayOutputStream, true);
        Assert.assertEquals("Fsck ran with non-zero error code", 0L, ToolRunner.run(new DFSck(this.conf, printStream), new String[]{URIUtil.SLASH}));
        Assert.assertTrue("Fsck did not return HEALTHY status", byteArrayOutputStream.toString().contains(NamenodeFsck.HEALTHY_STATUS));
        Assert.assertEquals("Fsck ran with non-zero error code", 0L, ToolRunner.run(new DFSck(this.conf, printStream), new String[]{r0.toString()}));
        Assert.assertTrue("Fsck did not return HEALTHY status", byteArrayOutputStream.toString().contains(NamenodeFsck.HEALTHY_STATUS));
    }

    @Test(timeout = 60000)
    public void testSnapshotsOnEncryptionZones() throws Exception {
        DFSTestUtil.createKey("testkey2", this.cluster, this.conf);
        Path path = new Path("/zones");
        Path path2 = new Path(path, "zone");
        Path path3 = new Path(path2, "zoneFile");
        this.fsWrapper.mkdir(path2, FsPermission.getDirDefault(), true);
        this.dfsAdmin.allowSnapshot(path);
        this.dfsAdmin.createEncryptionZone(path2, "testKey");
        DFSTestUtil.createFile(this.fs, path3, 8196L, (short) 1, 65261L);
        String readFile = DFSTestUtil.readFile(this.fs, path3);
        Path createSnapshot = this.fs.createSnapshot(path, "snap1");
        Path path4 = new Path(createSnapshot, path2.getName());
        Assert.assertEquals("Got unexpected ez path", path2.toString(), this.dfsAdmin.getEncryptionZoneForPath(path4).getPath().toString());
        this.fsWrapper.delete(path2, true);
        this.fsWrapper.mkdir(path2, FsPermission.getDirDefault(), true);
        Path createSnapshot2 = this.fs.createSnapshot(path, "snap2");
        Assert.assertNull("Expected null ez path", this.dfsAdmin.getEncryptionZoneForPath(new Path(createSnapshot2, path2.getName())));
        this.dfsAdmin.createEncryptionZone(path2, "testkey2");
        Path path5 = new Path(this.fs.createSnapshot(path, "snap3"), path2.getName());
        EncryptionZone encryptionZoneForPath = this.dfsAdmin.getEncryptionZoneForPath(path5);
        Assert.assertEquals("Got unexpected ez path", path2.toString(), encryptionZoneForPath.getPath().toString());
        Assert.assertEquals("Unexpected ez key", "testkey2", encryptionZoneForPath.getKeyName());
        EncryptionZone encryptionZoneForPath2 = this.dfsAdmin.getEncryptionZoneForPath(path4);
        Assert.assertEquals("Got unexpected ez path", path2.toString(), encryptionZoneForPath2.getPath().toString());
        Assert.assertEquals("Unexpected ez key", "testKey", encryptionZoneForPath2.getKeyName());
        ArrayList newArrayList = Lists.newArrayList();
        RemoteIterator<EncryptionZone> listEncryptionZones = this.dfsAdmin.listEncryptionZones();
        while (listEncryptionZones.hasNext()) {
            newArrayList.add(listEncryptionZones.next());
        }
        Iterator it = newArrayList.iterator();
        while (it.hasNext()) {
            System.out.println((EncryptionZone) it.next());
        }
        Assert.assertEquals("Did not expect additional encryption zones!", 1L, newArrayList.size());
        EncryptionZone encryptionZone = (EncryptionZone) newArrayList.get(0);
        Assert.assertEquals("Got unexpected ez path", path2.toString(), encryptionZone.getPath().toString());
        Assert.assertEquals("Unexpected ez key", "testkey2", encryptionZone.getKeyName());
        Assert.assertEquals("Contents of snapshotted file have changed unexpectedly", readFile, DFSTestUtil.readFile(this.fs, new Path(createSnapshot.toString() + URIUtil.SLASH + path2.getName() + URIUtil.SLASH + path3.getName())));
        this.fs.deleteSnapshot(path, createSnapshot2.getName());
        Assert.assertEquals("Got unexpected ez path", path2.toString(), this.dfsAdmin.getEncryptionZoneForPath(path4).getPath().toString());
        Assert.assertEquals("Got unexpected ez path", path2.toString(), this.dfsAdmin.getEncryptionZoneForPath(path5).getPath().toString());
        this.fs.deleteSnapshot(path, createSnapshot.getName());
        Assert.assertEquals("Got unexpected ez path", path2.toString(), this.dfsAdmin.getEncryptionZoneForPath(path5).getPath().toString());
    }

    @Test(timeout = 60000)
    public void testEncryptionZonesWithSymlinks() throws Exception {
        Path path = new Path("/parent");
        Path path2 = new Path(path, "symdir1");
        Path path3 = new Path(path, "symdir2");
        Path path4 = new Path(path2, "link");
        Path path5 = new Path(path3, "target");
        this.fs.mkdirs(path);
        this.dfsAdmin.createEncryptionZone(path, "testKey");
        this.fs.mkdirs(path2);
        this.fs.mkdirs(path3);
        DFSTestUtil.createFile(this.fs, path5, 8192L, (short) 1, 65261L);
        String readFile = DFSTestUtil.readFile(this.fs, path5);
        this.fs.createSymlink(path5, path4, false);
        Assert.assertEquals("Contents read from link are not the same as target", readFile, DFSTestUtil.readFile(this.fs, path4));
        this.fs.delete(path, true);
        this.fs.mkdirs(path2);
        this.fs.mkdirs(path3);
        this.dfsAdmin.createEncryptionZone(path2, "testKey");
        this.dfsAdmin.createEncryptionZone(path3, "testKey");
        DFSTestUtil.createFile(this.fs, path5, 8192L, (short) 1, 65261L);
        String readFile2 = DFSTestUtil.readFile(this.fs, path5);
        this.fs.createSymlink(path5, path4, false);
        Assert.assertEquals("Contents read from link are not the same as target", readFile2, DFSTestUtil.readFile(this.fs, path4));
        this.fs.delete(path4, true);
        this.fs.delete(path5, true);
    }

    @Test(timeout = 60000)
    public void testConcatFailsInEncryptionZones() throws Exception {
        Path path = new Path("/ez");
        this.fs.mkdirs(path);
        this.dfsAdmin.createEncryptionZone(path, "testKey");
        Path path2 = new Path(path, "src1");
        Path path3 = new Path(path, "src2");
        Path path4 = new Path(path, "target");
        DFSTestUtil.createFile(this.fs, path2, 8192L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, path3, 8192L, (short) 1, 65261L);
        DFSTestUtil.createFile(this.fs, path4, 8192L, (short) 1, 65261L);
        try {
            this.fs.concat(path4, new Path[]{path2, path3});
            Assert.fail("expected concat to throw en exception for files in an ez");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("concat can not be called for files in an encryption zone", e);
        }
        this.fs.delete(path, true);
    }

    @Test(timeout = 60000)
    public void testOfflineImageViewerOnEncryptionZones() throws Exception {
        Path path = new Path(new Path("/zones"), "zone1");
        Path path2 = new Path(path, HttpPostBodyUtil.FILE);
        this.fsWrapper.mkdir(path, FsPermission.getDirDefault(), true);
        this.dfsAdmin.createEncryptionZone(path, "testKey");
        DFSTestUtil.createFile(this.fs, path2, 8196L, (short) 1, 65261L);
        this.fs.setSafeMode(HdfsConstants.SafeModeAction.SAFEMODE_ENTER, false);
        this.fs.saveNamespace();
        File findLatestImageFile = FSImageTestUtil.findLatestImageFile(FSImageTestUtil.getFSImage(this.cluster.getNameNode()).getStorage().getStorageDir(0));
        if (findLatestImageFile == null) {
            throw new RuntimeException("Didn't generate or can't find fsimage");
        }
        StringWriter stringWriter = new StringWriter();
        new PBImageXmlWriter(new Configuration(), new PrintWriter(stringWriter)).visit(new RandomAccessFile(findLatestImageFile, "r"));
        SAXParserFactory.newInstance().newSAXParser().parse(new InputSource(new StringReader(stringWriter.getBuffer().toString())), new DefaultHandler());
    }

    @Test(timeout = 60000)
    public void testEncryptionZonesOnRootPath() throws Exception {
        Path path = new Path(URIUtil.SLASH);
        Path path2 = new Path(path, HttpPostBodyUtil.FILE);
        Path path3 = new Path("/.reserved/raw/file");
        this.dfsAdmin.createEncryptionZone(path, "testKey");
        DFSTestUtil.createFile(this.fs, path2, 8196L, (short) 1, 65261L);
        Assert.assertEquals("File can be created on the root encryption zone with correct length", 8196L, this.fs.getFileStatus(path2).getLen());
        Assert.assertEquals("Root dir is encrypted", true, Boolean.valueOf(this.fs.getFileStatus(path).isEncrypted()));
        Assert.assertEquals("File is encrypted", true, Boolean.valueOf(this.fs.getFileStatus(path2).isEncrypted()));
        DFSTestUtil.verifyFilesNotEqual(this.fs, path2, path3, 8196);
    }
}
