package com.mapr.db.tests.securitypolicy;

import com.mapr.db.JsonTable;
import com.mapr.db.Table;
import com.mapr.db.exceptions.AccessDeniedException;
import com.mapr.db.exceptions.DBException;
import com.mapr.db.impl.MapRDBImpl;
import com.mapr.db.index.IndexDesc;
import com.mapr.db.tests.utils.DBTests;
import com.mapr.db.util.MutationParser;
import com.mapr.fs.utils.ssh.RunCommand;
import com.mapr.fs.utils.ssh.TestCluster;
import com.mapr.tests.BaseTest;
import com.mapr.tests.annotations.ClusterTest;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivilegedExceptionAction;
import java.time.Clock;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.json.JSONArray;
import org.json.JSONObject;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.ojai.Document;
import org.ojai.DocumentReader;
import org.ojai.DocumentStream;
import org.ojai.store.exceptions.DocumentExistsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({ClusterTest.class})
/* loaded from: input_file:com/mapr/db/tests/securitypolicy/TestJSONSecurityPolicyEnforcement.class */
public class TestJSONSecurityPolicyEnforcement extends BaseTest {
    private static final Logger _logger;
    private static String VOLUME_TAGGED_OK;
    private static String VOLUME_TAGGED_NOACCESS;
    private static String VOLUME_UNTAGGED;
    private static String VOLUME_UNTAGGED_POLICYACEONLY;
    private static String VOLUME_TAGGED_OK_PATH;
    private static String VOLUME_TAGGED_NOACCESS_PATH;
    private static String VOLUME_UNTAGGED_PATH;
    private static String VOLUME_UNTAGGED_POLICYACEONLY_PATH;
    private static String VOLUME_NOWIREENCRYPTION;
    private static String VOLUME_NOWIREENCRYPTION_PATH;
    private static String VOLUME_TAGGED_OK_POLICYACEONLY;
    private static String VOLUME_TAGGED_OK_POLICYACEONLY_PATH;
    private static String SECURITY_POLICY_ENFORCE_OK;
    private static String SECURITY_POLICY_ENFORCE_NOTALLOWED;
    private static String SECURITY_POLICY_ENFORCE_PUBLIC;
    private static String defaultCFName;
    private static String REGEX_AUDIT_MATCH;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/mapr/db/tests/securitypolicy/TestJSONSecurityPolicyEnforcement$OpType.class */
    public enum OpType {
        OP_INSERT,
        OP_REPLACE,
        OP_INSERTORREPLACE
    }

    @BeforeClass
    public static void prep() throws Exception {
        SECURITY_POLICY_ENFORCE_OK = "spenforceok";
        SECURITY_POLICY_ENFORCE_NOTALLOWED = "spenforcenotallowed";
        SECURITY_POLICY_ENFORCE_PUBLIC = "spenforcepublic";
        VOLUME_TAGGED_OK = "voltaggedok";
        VOLUME_TAGGED_OK_POLICYACEONLY = "voltaggedokpolaceonly";
        VOLUME_UNTAGGED = "voluntagged";
        VOLUME_UNTAGGED_POLICYACEONLY = "voluntaggedpolicyaceonly";
        VOLUME_TAGGED_NOACCESS = "voltaggednoaccess";
        VOLUME_NOWIREENCRYPTION = "volnowire";
        REGEX_AUDIT_MATCH = "(.|\\n)*\\{.+\"AccessDeniedPolicyId\":\\d.+\"AccessDeniedPolicyName\":" + SECURITY_POLICY_ENFORCE_NOTALLOWED + ".+\"PolicyPmStatus\":13.+\"status\":0.*\\}(.|\\n)*";
        VOLUME_TAGGED_OK_PATH = DBTests.getTestRoot() + "/" + VOLUME_TAGGED_OK;
        VOLUME_TAGGED_OK_POLICYACEONLY_PATH = DBTests.getTestRoot() + "/" + VOLUME_TAGGED_OK_POLICYACEONLY;
        VOLUME_UNTAGGED_PATH = DBTests.getTestRoot() + "/" + VOLUME_UNTAGGED;
        VOLUME_UNTAGGED_POLICYACEONLY_PATH = DBTests.getTestRoot() + "/" + VOLUME_UNTAGGED_POLICYACEONLY;
        VOLUME_TAGGED_NOACCESS_PATH = DBTests.getTestRoot() + "/" + VOLUME_TAGGED_NOACCESS;
        VOLUME_NOWIREENCRYPTION_PATH = DBTests.getTestRoot() + "/" + VOLUME_NOWIREENCRYPTION;
        defaultCFName = "default";
        _logger.info("Setting CLDB to global PBS master");
        DBTests.updatePolicyServiceMasterStatus();
        TestCluster.runCommand("maprcli audit cluster -enabled true; maprcli audit data -enabled true");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"0\"}");
        TestCluster.runCommand("/opt/mapr/server/mrconfig -h " + getHostName() + " audit setaudittestparams 2");
        _logger.info("Checking if security policy " + SECURITY_POLICY_ENFORCE_OK + " exists");
        if (TestCluster.runCommand("maprcli security policy info -columns policyname -name " + SECURITY_POLICY_ENFORCE_OK).getExitCode() != 0) {
            _logger.info("Security policy " + SECURITY_POLICY_ENFORCE_OK + " does not exist, creating");
            TestCluster.runCommand("maprcli security policy create -name " + SECURITY_POLICY_ENFORCE_OK + " -allowtagging true -accesscontrol Armed -readaces 'u:root' -writeaces 'u:root' -auditenabled true");
        } else {
            _logger.info("Security policy " + SECURITY_POLICY_ENFORCE_OK + " exists, setting allowtagging=true, accesscontrol=Armed, readaces|writeaces=u:root, auditenabled true");
            TestCluster.runCommand("maprcli security policy modify -name " + SECURITY_POLICY_ENFORCE_OK + " -wiresecurityenabled true -allowtagging true -accesscontrol Armed  -readaces 'u:root' -writeaces 'u:root' -auditenabled true");
        }
        _logger.info("Checking if security policy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " exists");
        if (TestCluster.runCommand("maprcli security policy info -columns policyname -name " + SECURITY_POLICY_ENFORCE_NOTALLOWED).getExitCode() != 0) {
            _logger.info("Security policy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " does not exist, creating");
            TestCluster.runCommand("maprcli security policy create -name " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -allowtagging true -accesscontrol Armed -readaces '!u:root' -writeaces '!u:root' -auditenabled true");
        } else {
            _logger.info("Security policy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " already exists, setting allowtagging=true, accesscontrol=Armed, readaces|writeaces=!u=root, auditenabled true");
            TestCluster.runCommand("maprcli security policy modify -name " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -allowtagging true -accesscontrol Armed -readaces '!u:root'  -writeaces '!u:root' -auditenabled true");
        }
        _logger.info("Checking if security policy " + SECURITY_POLICY_ENFORCE_PUBLIC + " exists");
        if (TestCluster.runCommand("maprcli security policy info -columns policyname -name " + SECURITY_POLICY_ENFORCE_PUBLIC).getExitCode() != 0) {
            _logger.info("Security policy " + SECURITY_POLICY_ENFORCE_PUBLIC + " does not exist, creating");
            TestCluster.runCommand("maprcli security policy create -name " + SECURITY_POLICY_ENFORCE_PUBLIC + " -allowtagging true -accesscontrol Armed -readaces p -writeaces p -auditenabled true");
        } else {
            _logger.info("Security policy " + SECURITY_POLICY_ENFORCE_PUBLIC + " exists, setting allowtagging=true, accesscontrol=Armed, readaces|writeaces=p, auditenabled true");
            TestCluster.runCommand("maprcli security policy modify -name " + SECURITY_POLICY_ENFORCE_PUBLIC + " -allowtagging true -accesscontrol Armed -readaces p -writeaces p -auditenabled true");
        }
        Thread.sleep(45000L);
        createUntaggedVolume(VOLUME_UNTAGGED, VOLUME_UNTAGGED_PATH);
        createUntaggedVolume(VOLUME_UNTAGGED_POLICYACEONLY, VOLUME_UNTAGGED_POLICYACEONLY_PATH);
        createTaggedVolume(VOLUME_TAGGED_OK, VOLUME_TAGGED_OK_PATH, SECURITY_POLICY_ENFORCE_OK, "PolicyAceAndDataAce");
        createTaggedVolume(VOLUME_TAGGED_OK_POLICYACEONLY, VOLUME_TAGGED_OK_POLICYACEONLY_PATH, SECURITY_POLICY_ENFORCE_OK, "PolicyAceOnly");
        createTaggedVolume(VOLUME_TAGGED_NOACCESS, VOLUME_TAGGED_NOACCESS_PATH, SECURITY_POLICY_ENFORCE_NOTALLOWED, "PolicyAceAndDataAce");
        createUntaggedVolume(VOLUME_NOWIREENCRYPTION, VOLUME_NOWIREENCRYPTION_PATH, "-wiresecurityenabled false");
        Thread.sleep(45000L);
    }

    @AfterClass
    public static void cleanup() throws Exception {
        removeVolume(VOLUME_UNTAGGED);
        removeVolume(VOLUME_UNTAGGED_POLICYACEONLY);
        removeVolume(VOLUME_TAGGED_OK);
        removeVolume(VOLUME_TAGGED_NOACCESS);
        removeVolume(VOLUME_NOWIREENCRYPTION);
    }

    public static String getHostName() throws UnknownHostException {
        Map<String, String> map = System.getenv();
        return map.containsKey("COMPUTERNAME") ? map.get("COMPUTERNAME") : map.containsKey("HOSTNAME") ? map.get("HOSTNAME") : InetAddress.getLocalHost().getCanonicalHostName();
    }

    @Test
    public void testPutTableLevelEnforcementPolicyAceAndDataAce() throws Exception {
        String str = VOLUME_TAGGED_OK_PATH + "/" + "t1-voltaggedok";
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce");
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        insertDocumentId(str, "id1", 0, OpType.OP_INSERTORREPLACE);
        deleteTable(str);
    }

    @Test
    public void testUpdateGetTableLevelEnforcement() throws Exception {
        String str = VOLUME_TAGGED_OK_PATH + "/" + "t1a-voltaggedok";
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce");
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        insertDocumentId(str, "id1", 0, OpType.OP_INSERT);
        insertDocumentId(str, "id1", 3, OpType.OP_INSERT);
        _logger.info("Running command " + ("maprcli table securitypolicy add -path " + str + " -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        insertDocumentId(str, "id1", 1, OpType.OP_INSERT);
        insertDocumentId(str, "id2", 1, OpType.OP_INSERT);
        insertDocumentId(str, "id1", 1, OpType.OP_REPLACE);
        deleteTable(str);
    }

    @Test
    public void testPutTableLevelEnforcementAccessDenied() throws Exception {
        String str = VOLUME_TAGGED_OK_PATH + "/" + "t2-voltaggedok";
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce");
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        insertDocumentId(str, "id1", 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Running command " + ("maprcli table securitypolicy add -path " + str + " -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Verifying that inserting a row into the table is denied");
        insertDocumentId(str, "id1", 1, OpType.OP_INSERTORREPLACE);
        deleteTable(str);
    }

    @Test
    public void testPutTableLevelEnforcementPolicyAceOnly() throws Exception {
        String str = VOLUME_TAGGED_OK_PATH + "/" + "t3-voltaggedok";
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Verifying that inserting to " + str + " initially succeeds");
        insertDocumentId(str, "id1", 0, OpType.OP_INSERTORREPLACE);
        insertDocumentId(str, "id2", 0, OpType.OP_INSERTORREPLACE);
        insertDocumentId(str, "id3", 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that deleting from " + str + " initially succeeds");
        deleteRow(str, "id3", 0);
        _logger.info("Running command " + ("maprcli table cf edit -path " + str + " -cfname default -readperm '!u:root'  -writeperm '!u:root' -traverseperm '!u:root'"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that inserting a row into " + str + " is now denied");
        insertDocumentId(str, "id2", 1, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that deleting from " + str + " is now denied");
        deleteRow(str, "id2", 1);
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceOnly"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that inserting a row into " + str + " is now allowed in PolicyAceOnly mode");
        insertDocumentId(str, "id3", 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Running command " + ("maprcli table securitypolicy add -path " + str + " -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Verifying that inserting a row into " + str + " fails in PolicyAceOnly mode since it is disallowed by policy");
        insertDocumentId(str, "id4a", 1, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that deleting a row from " + str + " fails in PolicyAceOnly mode since it is disallowed by policy");
        deleteRow(str, "id3", 1);
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode DataAceOnly"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that inserting a row into " + str + " initially fails in DataAceOnly mode since it is disallowed by data ACE");
        insertDocumentId(str, "id5", 1, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that deleting a row from " + str + " fails in DataAceOnly mode since it is disallowed by data ACE");
        deleteRow(str, "id5", 1);
        _logger.info("Running command " + ("maprcli table cf edit -path " + str + " -cfname default -readperm 'u:root'  -writeperm 'u:root' -traverseperm 'u:root'"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that inserting a row into " + str + " now succeeds in DataAceOnly mode since it is allowed by data ACE");
        insertDocumentId(str, "id6", 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that inserting a row into " + str + " fails in PolicyAceAndDataAce mode since it is disallowed by policy");
        insertDocumentDefaultContents(str, "id7", 1, OpType.OP_INSERTORREPLACE);
        _logger.info("Running command " + ("maprcli table securitypolicy remove -path " + str + " -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Verifying that inserting a row into " + str + " now succeeds since it is allowed by both data and policy ACE");
        insertDocumentId(str, "id8", 0, OpType.OP_INSERTORREPLACE);
        deleteTable(str);
    }

    @Test
    public void testPutEnforcementPolicyAceOnly() throws Exception {
        String str = VOLUME_TAGGED_OK_POLICYACEONLY_PATH + "/" + "t3a-voltaggedok";
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf edit -path " + str + " -cfname default -writeperm '!u:root'"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that inserting a row into " + str + " is allowed");
        insertDocumentId(str, "id2", 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that deleting from " + str + " is allowed");
        deleteRow(str, "id2", 0);
        _logger.info("Running command " + ("maprcli table securitypolicy add -path " + str + " -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Verifying that inserting a row into " + str + " fails in PolicyAceOnly mode since it is disallowed by policy");
        insertDocumentId(str, "id4a", 1, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that deleting a row from " + str + " fails in PolicyAceOnly mode since it is disallowed by policy");
        deleteRow(str, "id3", 1);
    }

    @Test
    public void testScanTableAndCfLevelEnforcement() throws Exception {
        String str = VOLUME_UNTAGGED_PATH + "/" + "t4-voluntagged";
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf create -path " + str + " -cfname mycf -jsonpath b -force true"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf create -path " + str + " -cfname mycf2 -jsonpath c -force true"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Inserting row 1  into the table");
        Document newDocument = MapRDBImpl.newDocument();
        newDocument.set("a.x", true);
        newDocument.set("b.y", "hello");
        newDocument.set("c.x1", "aaa");
        JsonTable table = MapRDBImpl.getTable(str);
        insertDocumentContents(str, table, "id1", newDocument, 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that all CF's are returned");
        Iterator it = table.find().documentReaders().iterator();
        while (it.hasNext()) {
            validateScanOk(table, (DocumentReader) it.next());
        }
        table.close();
        _logger.info("Running command " + ("maprcli table cf securitypolicy add -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -path " + str + " -cfname mycf2"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        JsonTable table2 = MapRDBImpl.getTable(str);
        _logger.info("Verifying that denied CF is not returned");
        Iterator it2 = table2.find().documentReaders().iterator();
        while (it2.hasNext()) {
            validateScanCf3Denied(table2, (DocumentReader) it2.next());
        }
        table2.close();
        _logger.info("Running command " + ("maprcli table securitypolicy add -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -path " + str));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that access to table is denied");
        JsonTable table3 = MapRDBImpl.getTable(str);
        int i = 0;
        for (DocumentReader documentReader : table3.find().documentReaders()) {
            try {
            } catch (DBException e) {
                _logger.info("Obtained DB Exception");
                i = 2;
            } catch (AccessDeniedException e2) {
                _logger.info("Obtained Access Denied Exception");
                i = 1;
            }
        }
        Assert.assertEquals(1L, i);
        table3.close();
        deleteTable(str);
    }

    @Test
    public void testGetTableAndCfLevelEnforcement() throws Exception {
        String str = VOLUME_UNTAGGED_PATH + "/" + "t5-voluntagged";
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf create -path " + str + " -cfname mycf -jsonpath b -force true"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf create -path " + str + " -cfname mycf2 -jsonpath c -force true"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Inserting row 1  into the table");
        Document newDocument = MapRDBImpl.newDocument();
        newDocument.set("a.x", true);
        newDocument.set("b.y", "hello");
        newDocument.set("c.x1", "aaa");
        JsonTable table = MapRDBImpl.getTable(str);
        insertDocumentContents(str, table, "id1", newDocument, 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that all CF's are returned by GET");
        Document findById = table.findById("id1");
        Assert.assertTrue(findById.getBoolean("a.x"));
        Assert.assertEquals("hello", findById.getString("b.y"));
        Assert.assertEquals("aaa", findById.getString("c.x1"));
        table.close();
        _logger.info("Running command " + ("maprcli table cf securitypolicy add -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -path " + str + " -cfname mycf2"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        JsonTable table2 = MapRDBImpl.getTable(str);
        _logger.info("Verifying that denied CF is not returned");
        Document findById2 = table2.findById("id1");
        Assert.assertTrue(findById2.getBoolean("a.x"));
        Assert.assertEquals("hello", findById2.getString("b.y"));
        Assert.assertNull(findById2.getString("c.x1"));
        table2.close();
        _logger.info("Running command " + ("maprcli table securitypolicy add -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -path " + str));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that access to table is denied");
        JsonTable table3 = MapRDBImpl.getTable(str);
        int i = 0;
        try {
            table3.findById("id1");
        } catch (DBException e) {
            _logger.info("Obtained DB Exception");
            i = 2;
        } catch (AccessDeniedException e2) {
            _logger.info("Obtained Access Denied Exception");
            i = 1;
        }
        Assert.assertEquals(1L, i);
        table3.close();
        deleteTable(str);
    }

    @Test
    public void testResourceLevelWireEncryption() throws Exception {
        String str = VOLUME_NOWIREENCRYPTION_PATH + "/" + "t11-ResourceWireEncryption";
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("hadoop mfs -setnetworkencryption off " + str));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(60000L);
        String str2 = "maprcli table info -path " + str + " -json";
        _logger.info("Running command " + str2);
        JSONArray jSONArray = new JSONObject(TestCluster.runCommand(str2).getStdOut().replace("\"", "'")).getJSONArray("data");
        for (int i = 0; i < jSONArray.length(); i++) {
            String string = jSONArray.getJSONObject(i).getString("wireencryptionfrompolicies");
            _logger.info("Comparing expected value of tag wireencryptionfrompolicies (true) with actual");
            Assert.assertEquals("true", string);
        }
        insertDocumentId(str, "id1", 0, OpType.OP_INSERTORREPLACE);
        deleteTable(str);
    }

    @Test
    public void testPutColumnLevelEnforcement() throws Exception {
        String str = VOLUME_UNTAGGED_PATH + "/" + "t5a-voluntagged";
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Inserting row 1  into the table");
        JsonTable table = MapRDBImpl.getTable(str);
        Document newDocument = MapRDBImpl.newDocument();
        newDocument.set("a.x", true);
        newDocument.set("b.y", "hello");
        newDocument.set("c.x1", "aaa");
        insertDocumentContents(str, table, "id1", newDocument, 0, OpType.OP_INSERTORREPLACE);
        table.close();
        _logger.info("Running command " + ("maprcli table cf column securitypolicy set -path " + str + " -cfname default -name a.x -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        JsonTable table2 = MapRDBImpl.getTable(str);
        Document newDocument2 = MapRDBImpl.newDocument();
        newDocument2.set("a.x", false);
        newDocument2.set("b.y", "hello2");
        newDocument2.set("c.x1", "aaa2");
        insertDocumentContents(str, table2, "id1", newDocument2, 1, OpType.OP_INSERTORREPLACE);
        Document newDocument3 = MapRDBImpl.newDocument();
        newDocument3.set("a.x", true);
        newDocument3.set("b.y", "hello3");
        newDocument3.set("c.x1", "aaa3");
        insertDocumentContents(str, table2, "id1a", newDocument3, 1, OpType.OP_INSERT);
        Document newDocument4 = MapRDBImpl.newDocument();
        newDocument4.set("a.x", true);
        newDocument4.set("b.y", "hello4");
        newDocument4.set("c.x1", "aaa4");
        insertDocumentContents(str, table2, "id1", newDocument4, 1, OpType.OP_REPLACE);
        Document newDocument5 = MapRDBImpl.newDocument();
        newDocument5.set("b.y", "hello3");
        newDocument5.set("c.x1", "aaa3");
        insertDocumentContents(str, table2, "id2", newDocument5, 0, OpType.OP_INSERTORREPLACE);
        Document newDocument6 = MapRDBImpl.newDocument();
        newDocument6.set("b.y", "hello4");
        newDocument6.set("c.x1", "aaa4");
        insertDocumentContents(str, table2, "id2a", newDocument6, 0, OpType.OP_INSERT);
        Document newDocument7 = MapRDBImpl.newDocument();
        newDocument7.set("b.y", "hello5");
        newDocument7.set("c.x1", "aaa5");
        insertDocumentContents(str, table2, "id2", newDocument5, 0, OpType.OP_REPLACE);
        deleteRow(str, table2, "id1", 0);
        deleteRow(str, table2, "id2", 0);
        table2.close();
        _logger.info("Running command " + ("maprcli table cf column securitypolicy set -path " + str + " -cfname default -name a.x -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        JsonTable table3 = MapRDBImpl.getTable(str);
        Document newDocument8 = MapRDBImpl.newDocument();
        newDocument8.set("a.x", false);
        newDocument8.set("b.y", "hello2");
        newDocument8.set("c.x1", "aaa2");
        insertDocumentContents(str, table3, "id1", newDocument8, 0, OpType.OP_INSERTORREPLACE);
        table3.close();
        deleteTable(str);
    }

    @Test
    public void testScanNGetColumnLevelEnforcement() throws Exception {
        String str = VOLUME_UNTAGGED_PATH + "/" + "t6-voluntagged";
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Inserting row 1  into the table");
        Document newDocument = MapRDBImpl.newDocument();
        newDocument.set("a.x", true);
        newDocument.set("b.y", "hello");
        newDocument.set("c.x1", "aaa");
        JsonTable table = MapRDBImpl.getTable(str);
        insertDocumentContents(str, table, "id1", newDocument, 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that all columns are returned using SCAN");
        Iterator it = table.find().documentReaders().iterator();
        while (it.hasNext()) {
            validateScanOk(table, (DocumentReader) it.next());
        }
        table.close();
        JsonTable table2 = MapRDBImpl.getTable(str);
        _logger.info("Verifying that all columns are returned using GET");
        Document findById = table2.findById("id1");
        Assert.assertTrue(findById.getBoolean("a.x"));
        Assert.assertEquals("hello", findById.getString("b.y"));
        Assert.assertEquals("aaa", findById.getString("c.x1"));
        _logger.info("Running command " + ("maprcli table cf column securitypolicy set -path " + str + " -cfname default -name c.x1 -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        JsonTable table3 = MapRDBImpl.getTable(str);
        _logger.info("Verifying that denied columns are not returned using GET");
        Document findById2 = table3.findById("id1");
        Assert.assertTrue(findById2.getBoolean("a.x"));
        Assert.assertEquals("hello", findById2.getString("b.y"));
        Assert.assertNull(findById2.getString("c.x1"));
        table3.close();
        JsonTable table4 = MapRDBImpl.getTable(str);
        _logger.info("Verifying that denied columns are not returned using SCAN");
        Iterator it2 = table4.find().documentReaders().iterator();
        while (it.hasNext()) {
            validateScanCf3Denied(table4, (DocumentReader) it2.next());
        }
        table4.close();
        deleteTable(str);
    }

    @Test
    public void testIndexCFScanEnforcement() throws Exception {
        JsonTable createTableForIndex = createTableForIndex("t7-IndexCFScan", "i7-IndexCFScan");
        Collection<IndexDesc> tableIndexes = DBTests.admin().getTableIndexes(createTableForIndex.getPath(), true);
        _logger.info("Running command " + ("maprcli table cf securitypolicy add -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -path " + createTableForIndex.getPath() + " -cfname default"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        verifyIndexTableReadDenied(tableIndexes);
        Collection tableIndexes2 = DBTests.admin().getTableIndexes(createTableForIndex.getPath(), true);
        if (!$assertionsDisabled && !tableIndexes2.isEmpty()) {
            throw new AssertionError();
        }
        _logger.info("Running command " + ("maprcli table cf securitypolicy set -securitypolicy " + SECURITY_POLICY_ENFORCE_OK + " -path " + createTableForIndex.getPath() + " -cfname default"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        verifyIndexTableReadOk(createTableForIndex.getPath());
        createTableForIndex.close();
        DBTests.deleteTables("t7-IndexCFScan");
    }

    @Test
    public void testIndexTableScanEnforcement() throws Exception {
        JsonTable createTableForIndex = createTableForIndex("t8-IndexTableScan", "i8-IndexTableScan");
        Collection<IndexDesc> tableIndexes = DBTests.admin().getTableIndexes(createTableForIndex.getPath(), true);
        _logger.info("Running command " + ("maprcli table securitypolicy set -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED + " -path " + createTableForIndex.getPath()));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        verifyIndexTableReadDenied(tableIndexes);
        int i = 0;
        try {
            DBTests.admin().getTableIndexes(createTableForIndex.getPath(), true);
        } catch (DBException e) {
            i = 1;
        }
        Assert.assertEquals(i, 1L);
        _logger.info("Running command " + ("maprcli table securitypolicy set -securitypolicy " + SECURITY_POLICY_ENFORCE_OK + " -path " + createTableForIndex.getPath()));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        verifyIndexTableReadOk(createTableForIndex.getPath());
        createTableForIndex.close();
        DBTests.deleteTables("t8-IndexTableScan");
    }

    @Test
    public void testIndexColumnScanEnforcement() throws Exception {
        JsonTable createTableForIndex = createTableForIndex("t10-IndexColumnScanEnforcement", "i10-IndexColumnScanEnforcement");
        Collection<IndexDesc> tableIndexes = DBTests.admin().getTableIndexes(createTableForIndex.getPath(), true);
        _logger.info("Running command " + ("maprcli table cf column securitypolicy set -path " + createTableForIndex.getPath() + " -cfname default -name name.first -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        verifyIndexTableReadDenied(tableIndexes);
        Collection tableIndexes2 = DBTests.admin().getTableIndexes(createTableForIndex.getPath(), true);
        if (!$assertionsDisabled && !tableIndexes2.isEmpty()) {
            throw new AssertionError();
        }
        _logger.info("Running command " + ("maprcli table cf column securitypolicy set -path " + createTableForIndex.getPath() + " -cfname default -name name.first -securitypolicy " + SECURITY_POLICY_ENFORCE_OK));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        verifyIndexTableReadOk(createTableForIndex.getPath());
        createTableForIndex.close();
        DBTests.deleteTables("t10-IndexColumnScanEnforcement");
    }

    @Test
    public void testPutTableLevelPolicyAceOnlyFallback() throws Exception {
        final String str = VOLUME_UNTAGGED_POLICYACEONLY_PATH + "/" + "t12-voluntaggedpolicyace";
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_UNTAGGED_POLICYACEONLY + " -enforcementmode PolicyAceOnly"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Verifying that inserting to " + str + " initially succeeds");
        insertDocumentId(str, "id1", 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_UNTAGGED_POLICYACEONLY + " -writeAce '!u:root'"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Verifying that inserting a row into " + str + " is now denied");
        insertDocumentId(str, "id2", 1, OpType.OP_INSERTORREPLACE);
        createUser("m7user1").doAs(new PrivilegedExceptionAction<Void>() { // from class: com.mapr.db.tests.securitypolicy.TestJSONSecurityPolicyEnforcement.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                JsonTable table = MapRDBImpl.getTable(str);
                TestJSONSecurityPolicyEnforcement.this.insertDocumentId(str, "id3", 1, OpType.OP_INSERTORREPLACE);
                table.flush();
                table.close();
                return null;
            }
        });
        deleteTable(str);
    }

    @Test
    public void testScanGetTableLevelPolicyAceOnlyFallback() throws Exception {
        String str = VOLUME_UNTAGGED_POLICYACEONLY_PATH + "/" + "t13-voltaggedok";
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_UNTAGGED_POLICYACEONLY + " -readAce p -writeAce p -enforcementmode PolicyAceOnly"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str + " -tabletype json"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf create -path " + str + " -cfname mycf -jsonpath b -force true"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf create -path " + str + " -cfname mycf2 -jsonpath c -force true"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Inserting row 1 into the table");
        JsonTable table = MapRDBImpl.getTable(str);
        Document newDocument = MapRDBImpl.newDocument();
        newDocument.set("a.x", true);
        newDocument.set("b.y", "hello");
        newDocument.set("c.x1", "aaa");
        insertDocumentContents(str, table, "id1", newDocument, 0, OpType.OP_INSERTORREPLACE);
        _logger.info("Verifying that all CF's are returned");
        Iterator it = table.find().documentReaders().iterator();
        while (it.hasNext()) {
            validateScanOk(table, (DocumentReader) it.next());
        }
        table.close();
        _logger.info("Running command " + ("maprcli table cf edit -path " + str + " -cfname mycf2 -readperm '!u:root'  -writeperm '!u:root' -traverseperm '!u:root'"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        JsonTable table2 = MapRDBImpl.getTable(str);
        _logger.info("Verifying that denied CF is not returned");
        Iterator it2 = table2.find().documentReaders().iterator();
        while (it2.hasNext()) {
            validateScanCf3Denied(table2, (DocumentReader) it2.next());
        }
        table2.close();
        _logger.info("Running command " + ("maprcli volume modify -name " + VOLUME_UNTAGGED_POLICYACEONLY + " -readAce '!u:root'"));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        Thread.sleep(45000L);
        validateScanTableDenied(str);
        deleteTable(str);
    }

    @Test
    public void testVolumeLevelAuditGlobal() throws Exception {
        _logger.info("Running command setting Audit Only Policy Check");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"1\"}");
        _logger.info("Running Tests...");
        volumeLevelAudit("PolicyAceOnly");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"0\"}");
    }

    @Test
    public void testVolumeLevelAuditEnforcement() throws Exception {
        volumeLevelAudit("PolicyAceAuditAndDataAce");
    }

    private void volumeLevelAudit(String str) throws Exception {
        String str2 = VOLUME_TAGGED_NOACCESS_PATH + "/t14-voltaggednoallowed";
        _logger.info("Starting time");
        Instant instant = Clock.systemUTC().instant();
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_NOACCESS + " -enforcementmode " + str);
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str2 + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_PUBLIC));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        insertDocumentId(str2, "id1", 0, OpType.OP_INSERTORREPLACE);
        Assert.assertTrue(checkAuditLogs(instant));
        Instant instant2 = Clock.systemUTC().instant();
        JsonTable table = MapRDBImpl.getTable(str2);
        table.findById("id1");
        Assert.assertTrue(checkAuditLogs(instant2));
        Instant minus = Clock.systemUTC().instant().minus(50L, (TemporalUnit) ChronoUnit.MILLIS);
        deleteRow(str2, table, "id1", 0);
        table.close();
        Assert.assertTrue(checkAuditLogs(minus));
        deleteTable(str2);
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_NOACCESS + " -enforcementmode PolicyAceAndDataAce");
    }

    @Test
    public void testTableLevelAuditGlobal() throws Exception {
        _logger.info("Running command setting Audit Only Policy Check");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"1\"}");
        _logger.info("Running Tests...");
        tableLevelAudit("PolicyAceOnly");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"0\"}");
    }

    @Test
    public void testTableLevelAuditEnforcement() throws Exception {
        tableLevelAudit("PolicyAceAuditAndDataAce");
    }

    private void tableLevelAudit(String str) throws Exception {
        String str2 = VOLUME_TAGGED_OK_PATH + "/t15-voltaggedok";
        Instant instant = Clock.systemUTC().instant();
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode " + str);
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str2 + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        insertDocumentId(str2, "id1", 0, OpType.OP_INSERTORREPLACE);
        Assert.assertTrue(checkAuditLogs(instant));
        Instant instant2 = Clock.systemUTC().instant();
        JsonTable table = MapRDBImpl.getTable(str2);
        table.findById("id1");
        Assert.assertTrue(checkAuditLogs(instant2));
        Instant minus = Clock.systemUTC().instant().minus(50L, (TemporalUnit) ChronoUnit.MILLIS);
        deleteRow(str2, table, "id1", 0);
        table.close();
        Assert.assertTrue(checkAuditLogs(minus));
        deleteTable(str2);
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce");
    }

    @Test
    public void testCFLevelAuditGlobal() throws Exception {
        _logger.info("Running command setting Audit Only Policy Check");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"1\"}");
        _logger.info("Running Tests...");
        cFLevelAudit("PolicyAceOnly");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"0\"}");
    }

    @Test
    public void testCFLevelAuditEnforcement() throws Exception {
        cFLevelAudit("PolicyAceAuditAndDataAce");
    }

    private void cFLevelAudit(String str) throws Exception {
        String str2 = VOLUME_TAGGED_OK_PATH + "/t16-voltaggedok";
        Instant instant = Clock.systemUTC().instant();
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode " + str);
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str2 + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_PUBLIC));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf create -path " + str2 + " -cfname mycf -jsonpath b -force true -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        insertDocumentDefaultContents(str2, "id1", 0, OpType.OP_INSERTORREPLACE);
        Assert.assertTrue(checkAuditLogs(instant));
        Instant instant2 = Clock.systemUTC().instant();
        JsonTable table = MapRDBImpl.getTable(str2);
        table.findById("id1");
        Assert.assertTrue(checkAuditLogs(instant2));
        Instant minus = Clock.systemUTC().instant().minus(50L, (TemporalUnit) ChronoUnit.MILLIS);
        deleteRow(str2, table, "id1", 0);
        table.close();
        Assert.assertTrue(checkAuditLogs(minus));
        deleteTable(str2);
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce");
    }

    @Test
    public void testColLevelAuditGlobal() throws Exception {
        _logger.info("Running command setting Audit Only Policy Check");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"1\"}");
        _logger.info("Running Tests...");
        colLevelAudit("PolicyAceOnly");
        TestCluster.runCommand("maprcli config save -values {\"cldb.pbs.audit.only.policy.check\":\"0\"}");
    }

    @Test
    public void testColLevelAuditEnforcement() throws Exception {
        colLevelAudit("PolicyAceAuditAndDataAce");
    }

    private void colLevelAudit(String str) throws Exception {
        String str2 = VOLUME_TAGGED_OK_PATH + "/t17-voltaggedok";
        Instant instant = Clock.systemUTC().instant();
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode " + str);
        Thread.sleep(45000L);
        _logger.info("Running command " + ("maprcli table create -path " + str2 + " -tabletype json -securitypolicy " + SECURITY_POLICY_ENFORCE_PUBLIC));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        _logger.info("Running command " + ("maprcli table cf column securitypolicy set -path " + str2 + " -cfname default -name b -securitypolicy " + SECURITY_POLICY_ENFORCE_NOTALLOWED));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
        insertDocumentDefaultContents(str2, "id1", 0, OpType.OP_INSERTORREPLACE);
        Assert.assertTrue(checkAuditLogs(instant));
        Clock.systemUTC().instant();
        JsonTable table = MapRDBImpl.getTable(str2);
        table.findById("id1");
        Clock.systemUTC().instant().minus(50L, (TemporalUnit) ChronoUnit.MILLIS);
        deleteRow(str2, table, "id1", 0);
        table.close();
        deleteTable(str2);
        TestCluster.runCommand("maprcli volume modify -name " + VOLUME_TAGGED_OK + " -enforcementmode PolicyAceAndDataAce");
    }

    private static boolean checkAuditLogs(Instant instant) throws Exception {
        RunCommand runCommand = TestCluster.runCommand("hadoop fs -cat /var/mapr/local/*/audit/*/DBAudit.log*.json | tail -n 10");
        Assert.assertEquals(0L, runCommand.getExitCode());
        for (String str : runCommand.getStdOut().split("\n")) {
            int indexOf = str.indexOf("\"$date\":\"") + 9;
            int indexOf2 = str.indexOf(34, indexOf);
            if (indexOf >= 0 && indexOf2 >= 0 && Instant.parse(str.substring(indexOf, indexOf2)).isAfter(instant) && str.matches(REGEX_AUDIT_MATCH)) {
                return true;
            }
        }
        return false;
    }

    private static UserGroupInformation createUser(String str) throws IOException {
        return UserGroupInformation.createProxyUser(str, UserGroupInformation.getLoginUser());
    }

    private static void deleteTable(String str) throws Exception {
        _logger.info("Running command " + ("maprcli table delete -path " + str));
        Assert.assertEquals(0L, TestCluster.runCommand(r0).getExitCode());
    }

    private void insertDocumentDefaultContents(String str, String str2, int i, OpType opType) {
        JsonTable table = MapRDBImpl.getTable(str);
        Document newDocument = MapRDBImpl.newDocument();
        newDocument.set("a.x", true);
        newDocument.set("b.y", "hello");
        newDocument.set("c.x1", "aaa");
        insertDocumentContents(str, table, str2, newDocument, i, opType);
        table.close();
    }

    private void insertDocumentContents(String str, JsonTable jsonTable, String str2, Document document, int i, OpType opType) {
        int i2 = 0;
        try {
            switch (opType) {
                case OP_INSERT:
                    jsonTable.insert(str2, document);
                    break;
                case OP_REPLACE:
                    jsonTable.replace(str2, document);
                    break;
                case OP_INSERTORREPLACE:
                    jsonTable.insertOrReplace(str2, document);
                    break;
            }
            jsonTable.flush();
        } catch (AccessDeniedException e) {
            _logger.info("Obtained Access Denied Exception when inserting into table " + str);
            i2 = 1;
        } catch (DBException e2) {
            _logger.info("Obtained DB Exception when inserting into table " + str);
            i2 = 2;
        }
        Assert.assertEquals(i, i2);
    }

    private void insertDocumentId(String str, String str2, int i, OpType opType) {
        int i2 = 0;
        JsonTable table = MapRDBImpl.getTable(str);
        Document document = MapRDBImpl.newDocument().set("_id", str2);
        try {
            switch (opType) {
                case OP_INSERT:
                    table.insert(document);
                    break;
                case OP_REPLACE:
                    table.replace(document);
                    break;
                case OP_INSERTORREPLACE:
                    table.insertOrReplace(document);
                    break;
            }
            table.flush();
        } catch (DBException e) {
            _logger.info("Obtained DB Exception when inserting into table " + str);
            i2 = 2;
        } catch (DocumentExistsException e2) {
            _logger.info("Obtained DocumentExistsException when inserting into table " + str);
            i2 = 3;
        } catch (AccessDeniedException e3) {
            _logger.info("Obtained Access Denied Exception when inserting into table " + str);
            i2 = 1;
        }
        table.close();
        Assert.assertEquals(i, i2);
    }

    private void deleteRow(String str, String str2, int i) {
        deleteRow(str, MapRDBImpl.getTable(str), str2, i);
    }

    private void deleteRow(String str, JsonTable jsonTable, String str2, int i) {
        int i2 = 0;
        try {
            jsonTable.delete(str2);
            jsonTable.flush();
        } catch (AccessDeniedException e) {
            _logger.info("Obtained Access Denied Exception when deleting row with ID " + str2 + " from table " + str);
            i2 = 1;
        } catch (DBException e2) {
            _logger.info("Obtained DB Exception when deleting row with ID " + str2 + " from table " + str);
            i2 = 2;
        }
        Assert.assertEquals(i, i2);
    }

    private void applyMutation(Table table, String str, String str2) {
        table.update(str, new MutationParser().parseMutation(str2));
        table.flush();
    }

    private static void createUntaggedVolume(String str, String str2) throws Exception {
        createUntaggedVolume(str, str2, new String());
    }

    private static void createUntaggedVolume(String str, String str2, String str3) throws Exception {
        _logger.info("Checking if volume " + str + " exists");
        if (TestCluster.runCommand("maprcli volume info -name " + str).getExitCode() == 0) {
            _logger.info("Volume " + str + " exists, deleting first");
            TestCluster.runCommand("maprcli volume remove -name " + str);
        }
        TestCluster.runCommand("maprcli volume create -name " + str + " -path " + str2 + " " + str3);
    }

    private static void createTaggedVolume(String str, String str2, String str3, String str4) throws Exception {
        _logger.info("Checking if volume " + str + " exists");
        if (TestCluster.runCommand("maprcli volume info -name " + str).getExitCode() == 0) {
            _logger.info("Volume " + str + " exists, deleting first");
            TestCluster.runCommand("maprcli volume remove -name " + str);
        }
        TestCluster.runCommand("maprcli volume create -name " + str + " -path " + str2 + " -securitypolicy " + str3 + " -enforcementmode " + str4 + " -auditenabled true");
        TestCluster.runCommand("hadoop mfs -setaudit on " + str2);
    }

    private static void removeVolume(String str) throws Exception {
        TestCluster.runCommand("maprcli volume remove -name " + str);
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x00b4  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00df  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0111  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0143  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void validateScanOk(com.mapr.db.Table r4, org.ojai.DocumentReader r5) {
        /*
            Method dump skipped, instructions count: 365
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mapr.db.tests.securitypolicy.TestJSONSecurityPolicyEnforcement.validateScanOk(com.mapr.db.Table, org.ojai.DocumentReader):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x00a4  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x00cf  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x0101  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void validateScanCf3Denied(com.mapr.db.Table r4, org.ojai.DocumentReader r5) {
        /*
            r3 = this;
            r0 = r5
            boolean r0 = r0.inMap()
            org.junit.Assert.assertTrue(r0)
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.START_MAP
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.STRING
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            java.lang.String r0 = "_id"
            r1 = r5
            java.lang.String r1 = r1.getFieldName()
            org.junit.Assert.assertEquals(r0, r1)
            r0 = 2
            r6 = r0
        L2f:
            r0 = r6
            if (r0 <= 0) goto L115
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.START_MAP
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            r0 = r5
            java.lang.String r0 = r0.getFieldName()
            r7 = r0
            r0 = -1
            r8 = r0
            r0 = r7
            int r0 = r0.hashCode()
            switch(r0) {
                case 97: goto L68;
                case 98: goto L79;
                default: goto L87;
            }
        L68:
            r0 = r7
            java.lang.String r1 = "a"
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L87
            r0 = 0
            r8 = r0
            goto L87
        L79:
            r0 = r7
            java.lang.String r1 = "b"
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L87
            r0 = 1
            r8 = r0
        L87:
            r0 = r8
            switch(r0) {
                case 0: goto La4;
                case 1: goto Lcf;
                default: goto L101;
            }
        La4:
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.BOOLEAN
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            r0 = 1
            java.lang.Boolean r0 = java.lang.Boolean.valueOf(r0)
            r1 = r5
            boolean r1 = r1.getBoolean()
            java.lang.Boolean r1 = java.lang.Boolean.valueOf(r1)
            org.junit.Assert.assertEquals(r0, r1)
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.END_MAP
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            goto L10f
        Lcf:
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.STRING
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            java.lang.String r0 = "y"
            r1 = r5
            java.lang.String r1 = r1.getFieldName()
            org.junit.Assert.assertEquals(r0, r1)
            java.lang.String r0 = "hello"
            r1 = r5
            java.lang.String r1 = r1.getString()
            org.junit.Assert.assertEquals(r0, r1)
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.END_MAP
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            goto L10f
        L101:
            boolean r0 = com.mapr.db.tests.securitypolicy.TestJSONSecurityPolicyEnforcement.$assertionsDisabled
            if (r0 != 0) goto L10f
            java.lang.AssertionError r0 = new java.lang.AssertionError
            r1 = r0
            r1.<init>()
            throw r0
        L10f:
            int r6 = r6 + (-1)
            goto L2f
        L115:
            org.ojai.DocumentReader$EventType r0 = org.ojai.DocumentReader.EventType.END_MAP
            r1 = r5
            org.ojai.DocumentReader$EventType r1 = r1.next()
            org.junit.Assert.assertEquals(r0, r1)
            r0 = r5
            org.ojai.DocumentReader$EventType r0 = r0.next()
            org.junit.Assert.assertNull(r0)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mapr.db.tests.securitypolicy.TestJSONSecurityPolicyEnforcement.validateScanCf3Denied(com.mapr.db.Table, org.ojai.DocumentReader):void");
    }

    private void validateScanTableDenied(String str) {
        try {
            MapRDBImpl.getTable(str);
        } catch (DBException e) {
            Assert.assertTrue(true);
        }
    }

    private JsonTable createTableForIndex(String str, String str2) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("cf1", "a.b");
        hashMap.put("cf2", "x.y");
        hashMap.put("cf3", "x.y.z");
        JsonTable createOrReplaceTable = DBTests.createOrReplaceTable(str, hashMap, new String[]{"user001", "user002", "user003", "user004", "user005"});
        createOrReplaceTable.setOption(Table.TableOption.BUFFERWRITE, false);
        TestCluster.runCommand("maprcli table index add -path " + createOrReplaceTable.getPath() + " -index " + str2 + " -indexedfields name.last:1,name.first:ASC,salary:asc -includedfields age");
        DBTests.waitForSchemaUpdate();
        createOrReplaceTable.insertOrReplace(MapRDBImpl.newDocument("{\"_id\":\"user001\", \"age\":43, \"salary\":43000, \"name\": {\"first\":\"Sam\", \"last\":\"Harris\"}}"));
        createOrReplaceTable.insertOrReplace(MapRDBImpl.newDocument("{\"_id\":\"user002\", \"age\":32, \"salary\":340000, \"name\": {\"first\":\"Leon\", \"last\":\"Russel\"}}"));
        createOrReplaceTable.insertOrReplace(MapRDBImpl.newDocument("{\"_id\":\"user003\", \"age\":47, \"salary\":25000, \"name\": {\"first\":\"David\", \"last\":\"Bowie\"}}"));
        createOrReplaceTable.insertOrReplace(MapRDBImpl.newDocument("{\"_id\":\"user004\", \"age\":56, \"salary\":7500, \"name\": {\"first\":\"Bob\", \"last\":\"Dylan\"}}"));
        createOrReplaceTable.insertOrReplace(MapRDBImpl.newDocument("{\"_id\":\"user005\", \"age\":54, \"salary\":12300, \"name\": {\"first\":\"David\", \"last\":\"Ackert\"}}"));
        createOrReplaceTable.flush();
        try {
            DBTests.waitForIndexFlush(createOrReplaceTable.getPath());
        } catch (Exception e) {
        }
        verifyIndexTableReadOk(createOrReplaceTable.getPath());
        return createOrReplaceTable;
    }

    private void verifyIndexTableReadOk(Path path) throws Exception {
        JsonTable indexTable = MapRDBImpl.getIndexTable((IndexDesc) DBTests.admin().getTableIndexes(path, true).iterator().next());
        try {
            DocumentStream find = indexTable.find();
            try {
                Iterator it = find.iterator();
                Document document = (Document) it.next();
                Assert.assertNotNull(document);
                Assert.assertEquals("user005", document.getIdString());
                Document document2 = (Document) it.next();
                Assert.assertNotNull(document2);
                Assert.assertEquals("user003", document2.getIdString());
                Document document3 = (Document) it.next();
                Assert.assertNotNull(document3);
                Assert.assertEquals("user004", document3.getIdString());
                Document document4 = (Document) it.next();
                Assert.assertNotNull(document4);
                Assert.assertEquals("user001", document4.getIdString());
                Document document5 = (Document) it.next();
                Assert.assertNotNull(document5);
                Assert.assertEquals("user002", document5.getIdString());
                Assert.assertFalse(it.hasNext());
                if (find != null) {
                    find.close();
                }
                if (indexTable != null) {
                    indexTable.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (indexTable != null) {
                try {
                    indexTable.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void verifyIndexTableReadDenied(Collection<IndexDesc> collection) throws Exception {
        JsonTable indexTable = MapRDBImpl.getIndexTable(collection.iterator().next());
        try {
            DocumentStream find = indexTable.find();
            try {
                try {
                    ((Document) find.iterator().next()).getIdString();
                    Assert.assertNotNull((Object) null);
                } catch (AccessDeniedException e) {
                    _logger.debug("SUCCESS: Index scan failed with an exception as expected: " + e.getMessage());
                }
                if (find != null) {
                    find.close();
                }
                if (indexTable != null) {
                    indexTable.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (indexTable != null) {
                try {
                    indexTable.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    static {
        $assertionsDisabled = !TestJSONSecurityPolicyEnforcement.class.desiredAssertionStatus();
        _logger = LoggerFactory.getLogger(TestJSONSecurityPolicyEnforcement.class);
    }
}
