package org.apache.hadoop.hbase.security.access;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ListMultimap;
import java.io.ByteArrayOutputStream;
import java.io.DataOutput;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Abortable;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.exceptions.DeserializationException;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
import org.apache.hadoop.io.Text;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({LargeTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestTablePermissions.class */
public class TestTablePermissions {
    private static ZooKeeperWatcher ZKW;
    private static final Log LOG = LogFactory.getLog(TestTablePermissions.class);
    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
    private static final Abortable ABORTABLE = new Abortable() { // from class: org.apache.hadoop.hbase.security.access.TestTablePermissions.1
        private final AtomicBoolean abort = new AtomicBoolean(false);

        public void abort(String str, Throwable th) {
            TestTablePermissions.LOG.info(str, th);
            this.abort.set(true);
        }

        public boolean isAborted() {
            return this.abort.get();
        }
    };
    private static TableName TEST_TABLE = TableName.valueOf("perms_test");
    private static TableName TEST_TABLE2 = TableName.valueOf("perms_test2");
    private static byte[] TEST_FAMILY = Bytes.toBytes("f1");
    private static byte[] TEST_QUALIFIER = Bytes.toBytes("col1");

    @BeforeClass
    public static void beforeClass() throws Exception {
        SecureTestUtil.enableSecurity(UTIL.getConfiguration());
        UTIL.startMiniCluster();
        UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName());
        ZKW = new ZooKeeperWatcher(UTIL.getConfiguration(), "TestTablePermissions", ABORTABLE);
        UTIL.createTable(TEST_TABLE, TEST_FAMILY);
        UTIL.createTable(TEST_TABLE2, TEST_FAMILY);
    }

    @AfterClass
    public static void afterClass() throws Exception {
        UTIL.shutdownMiniCluster();
    }

    @After
    public void tearDown() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        AccessControlLists.removeTablePermissions(configuration, TEST_TABLE);
        AccessControlLists.removeTablePermissions(configuration, TEST_TABLE2);
        AccessControlLists.removeTablePermissions(configuration, AccessControlLists.ACL_TABLE_NAME);
    }

    @Test
    public void testMigration() throws DeserializationException {
        Configuration configuration = new Configuration(UTIL.getConfiguration());
        configuration.setBoolean("hbase.allow.legacy.object.serialization", true);
        AccessControlLists.readPermissions(writePermissionsAsLegacyBytes(createPermissions(), configuration), configuration);
    }

    public static byte[] writePermissionsAsLegacyBytes(ListMultimap<String, ? extends Permission> listMultimap, Configuration configuration) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            writeLegacyPermissions(new DataOutputStream(byteArrayOutputStream), listMultimap, configuration);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException("Error serializing permissions", e);
        }
    }

    public static void writeLegacyPermissions(DataOutput dataOutput, ListMultimap<String, ? extends Permission> listMultimap, Configuration configuration) throws IOException {
        Set<String> keySet = listMultimap.keySet();
        dataOutput.writeInt(keySet.size());
        for (String str : keySet) {
            Text.writeString(dataOutput, str);
            HbaseObjectWritableFor96Migration.writeObject(dataOutput, listMultimap.get(str), List.class, configuration);
        }
    }

    @Test
    public void testBasicWrite() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("george"), TEST_TABLE, (byte[]) null, (byte[]) null, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE}));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("hubert"), TEST_TABLE, (byte[]) null, (byte[]) null, new Permission.Action[]{Permission.Action.READ}));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("humphrey"), TEST_TABLE, TEST_FAMILY, TEST_QUALIFIER, new Permission.Action[]{Permission.Action.READ}));
        ListMultimap tablePermissions = AccessControlLists.getTablePermissions(configuration, TEST_TABLE);
        List list = tablePermissions.get("george");
        Assert.assertNotNull("Should have permissions for george", list);
        Assert.assertEquals("Should have 1 permission for george", 1L, list.size());
        TablePermission tablePermission = (TablePermission) list.get(0);
        Assert.assertEquals("Permission should be for " + TEST_TABLE, TEST_TABLE, tablePermission.getTableName());
        Assert.assertNull("Column family should be empty", tablePermission.getFamily());
        Assert.assertNotNull(tablePermission.getActions());
        Assert.assertEquals(2L, tablePermission.getActions().length);
        List asList = Arrays.asList(tablePermission.getActions());
        Assert.assertTrue(asList.contains(Permission.Action.READ));
        Assert.assertTrue(asList.contains(Permission.Action.WRITE));
        List list2 = tablePermissions.get("hubert");
        Assert.assertNotNull("Should have permissions for hubert", list2);
        Assert.assertEquals("Should have 1 permission for hubert", 1L, list2.size());
        TablePermission tablePermission2 = (TablePermission) list2.get(0);
        Assert.assertEquals("Permission should be for " + TEST_TABLE, TEST_TABLE, tablePermission2.getTableName());
        Assert.assertNull("Column family should be empty", tablePermission2.getFamily());
        Assert.assertNotNull(tablePermission2.getActions());
        Assert.assertEquals(1L, tablePermission2.getActions().length);
        List asList2 = Arrays.asList(tablePermission2.getActions());
        Assert.assertTrue(asList2.contains(Permission.Action.READ));
        Assert.assertFalse(asList2.contains(Permission.Action.WRITE));
        List list3 = tablePermissions.get("humphrey");
        Assert.assertNotNull("Should have permissions for humphrey", list3);
        Assert.assertEquals("Should have 1 permission for humphrey", 1L, list3.size());
        TablePermission tablePermission3 = (TablePermission) list3.get(0);
        Assert.assertEquals("Permission should be for " + TEST_TABLE, TEST_TABLE, tablePermission3.getTableName());
        Assert.assertTrue("Permission should be for family " + TEST_FAMILY, Bytes.equals(TEST_FAMILY, tablePermission3.getFamily()));
        Assert.assertTrue("Permission should be for qualifier " + TEST_QUALIFIER, Bytes.equals(TEST_QUALIFIER, tablePermission3.getQualifier()));
        Assert.assertNotNull(tablePermission3.getActions());
        Assert.assertEquals(1L, tablePermission3.getActions().length);
        List asList3 = Arrays.asList(tablePermission3.getActions());
        Assert.assertTrue(asList3.contains(Permission.Action.READ));
        Assert.assertFalse(asList3.contains(Permission.Action.WRITE));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("hubert"), TEST_TABLE2, (byte[]) null, (byte[]) null, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE}));
        Map loadAll = AccessControlLists.loadAll(configuration);
        Assert.assertEquals("Full permission map should have entries for both test tables", 2L, loadAll.size());
        List list4 = ((ListMultimap) loadAll.get(TEST_TABLE.getName())).get("hubert");
        Assert.assertNotNull(list4);
        Assert.assertEquals(1L, list4.size());
        TablePermission tablePermission4 = (TablePermission) list4.get(0);
        Assert.assertEquals(TEST_TABLE, tablePermission4.getTableName());
        Assert.assertEquals(1L, tablePermission4.getActions().length);
        Assert.assertEquals(Permission.Action.READ, tablePermission4.getActions()[0]);
        List list5 = ((ListMultimap) loadAll.get(TEST_TABLE2.getName())).get("hubert");
        Assert.assertNotNull(list5);
        Assert.assertEquals(1L, list5.size());
        TablePermission tablePermission5 = (TablePermission) list5.get(0);
        Assert.assertEquals(TEST_TABLE2, tablePermission5.getTableName());
        Assert.assertEquals(2L, tablePermission5.getActions().length);
        List asList4 = Arrays.asList(tablePermission5.getActions());
        Assert.assertTrue(asList4.contains(Permission.Action.READ));
        Assert.assertTrue(asList4.contains(Permission.Action.WRITE));
    }

    @Test
    public void testPersistence() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("albert"), TEST_TABLE, (byte[]) null, (byte[]) null, new Permission.Action[]{Permission.Action.READ}));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("betty"), TEST_TABLE, (byte[]) null, (byte[]) null, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE}));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("clark"), TEST_TABLE, TEST_FAMILY, new Permission.Action[]{Permission.Action.READ}));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("dwight"), TEST_TABLE, TEST_FAMILY, TEST_QUALIFIER, new Permission.Action[]{Permission.Action.WRITE}));
        ListMultimap<String, TablePermission> tablePermissions = AccessControlLists.getTablePermissions(configuration, TEST_TABLE);
        HTable hTable = new HTable(configuration, TEST_TABLE);
        hTable.put(new Put(Bytes.toBytes("row1")).add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes("v1")));
        hTable.put(new Put(Bytes.toBytes("row2")).add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes("v2")));
        UTIL.getHBaseAdmin().split(TEST_TABLE.getName());
        Thread.sleep(10000L);
        checkMultimapEqual(tablePermissions, AccessControlLists.getTablePermissions(configuration, TEST_TABLE));
    }

    @Test
    public void testSerialization() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        ListMultimap<String, TablePermission> createPermissions = createPermissions();
        checkMultimapEqual(createPermissions, AccessControlLists.readPermissions(AccessControlLists.writePermissionsAsBytes(createPermissions, configuration), configuration));
    }

    private ListMultimap<String, TablePermission> createPermissions() {
        ArrayListMultimap create = ArrayListMultimap.create();
        create.put("george", new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ}));
        create.put("george", new TablePermission(TEST_TABLE, TEST_FAMILY, new Permission.Action[]{Permission.Action.WRITE}));
        create.put("george", new TablePermission(TEST_TABLE2, (byte[]) null, new Permission.Action[]{Permission.Action.READ}));
        create.put("hubert", new TablePermission(TEST_TABLE2, (byte[]) null, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE}));
        return create;
    }

    public void checkMultimapEqual(ListMultimap<String, TablePermission> listMultimap, ListMultimap<String, TablePermission> listMultimap2) {
        Assert.assertEquals(listMultimap.size(), listMultimap2.size());
        for (String str : listMultimap.keySet()) {
            List<TablePermission> list = listMultimap.get(str);
            List list2 = listMultimap2.get(str);
            Assert.assertNotNull(list2);
            Assert.assertEquals(list.size(), list2.size());
            LOG.info("First permissions: " + list.toString());
            LOG.info("Second permissions: " + list2.toString());
            for (TablePermission tablePermission : list) {
                Assert.assertTrue("Permission " + tablePermission.toString() + " not found", list2.contains(tablePermission));
            }
        }
    }

    @Test
    public void testEquals() throws Exception {
        TablePermission tablePermission = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ});
        TablePermission tablePermission2 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ});
        Assert.assertTrue(tablePermission.equals(tablePermission2));
        Assert.assertTrue(tablePermission2.equals(tablePermission));
        TablePermission tablePermission3 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE});
        TablePermission tablePermission4 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.WRITE, Permission.Action.READ});
        Assert.assertTrue(tablePermission3.equals(tablePermission4));
        Assert.assertTrue(tablePermission4.equals(tablePermission3));
        TablePermission tablePermission5 = new TablePermission(TEST_TABLE, TEST_FAMILY, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE});
        TablePermission tablePermission6 = new TablePermission(TEST_TABLE, TEST_FAMILY, new Permission.Action[]{Permission.Action.WRITE, Permission.Action.READ});
        Assert.assertTrue(tablePermission5.equals(tablePermission6));
        Assert.assertTrue(tablePermission6.equals(tablePermission5));
        TablePermission tablePermission7 = new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_QUALIFIER, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE});
        TablePermission tablePermission8 = new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_QUALIFIER, new Permission.Action[]{Permission.Action.WRITE, Permission.Action.READ});
        Assert.assertTrue(tablePermission7.equals(tablePermission8));
        Assert.assertTrue(tablePermission8.equals(tablePermission7));
        TablePermission tablePermission9 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ});
        TablePermission tablePermission10 = new TablePermission(TEST_TABLE, TEST_FAMILY, new Permission.Action[]{Permission.Action.READ});
        Assert.assertFalse(tablePermission9.equals(tablePermission10));
        Assert.assertFalse(tablePermission10.equals(tablePermission9));
        TablePermission tablePermission11 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ});
        TablePermission tablePermission12 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.WRITE});
        Assert.assertFalse(tablePermission11.equals(tablePermission12));
        Assert.assertFalse(tablePermission12.equals(tablePermission11));
        TablePermission tablePermission13 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE});
        Assert.assertFalse(tablePermission11.equals(tablePermission13));
        Assert.assertFalse(tablePermission13.equals(tablePermission11));
        TablePermission tablePermission14 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[]{Permission.Action.READ});
        TablePermission tablePermission15 = new TablePermission(TEST_TABLE2, (byte[]) null, new Permission.Action[]{Permission.Action.READ});
        Assert.assertFalse(tablePermission14.equals(tablePermission15));
        Assert.assertFalse(tablePermission15.equals(tablePermission14));
        TablePermission tablePermission16 = new TablePermission(TEST_TABLE, (byte[]) null, new Permission.Action[0]);
        Assert.assertFalse(tablePermission14.equals(tablePermission16));
        Assert.assertFalse(tablePermission16.equals(tablePermission14));
    }

    @Test
    public void testGlobalPermission() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("user1"), new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE}));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("user2"), new Permission.Action[]{Permission.Action.CREATE}));
        AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("user3"), new Permission.Action[]{Permission.Action.ADMIN, Permission.Action.READ, Permission.Action.CREATE}));
        ListMultimap tablePermissions = AccessControlLists.getTablePermissions(configuration, (TableName) null);
        List list = tablePermissions.get("user1");
        Assert.assertEquals("Should have 1 permission for user1", 1L, list.size());
        Assert.assertEquals("user1 should have WRITE permission", new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE}, ((TablePermission) list.get(0)).getActions());
        List list2 = tablePermissions.get("user2");
        Assert.assertEquals("Should have 1 permission for user2", 1L, list2.size());
        Assert.assertEquals("user2 should have CREATE permission", new Permission.Action[]{Permission.Action.CREATE}, ((TablePermission) list2.get(0)).getActions());
        List list3 = tablePermissions.get("user3");
        Assert.assertEquals("Should have 1 permission for user3", 1L, list3.size());
        Assert.assertEquals("user3 should have ADMIN, READ, CREATE permission", new Permission.Action[]{Permission.Action.ADMIN, Permission.Action.READ, Permission.Action.CREATE}, ((TablePermission) list3.get(0)).getActions());
    }

    @Test
    public void testAuthManager() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        TableAuthManager tableAuthManager = TableAuthManager.get(ZKW, configuration);
        User current = User.getCurrent();
        Assert.assertTrue(tableAuthManager.authorize(current, Permission.Action.ADMIN));
        for (int i = 1; i <= 50; i++) {
            AccessControlLists.addUserPermission(configuration, new UserPermission(Bytes.toBytes("testauth" + i), new Permission.Action[]{Permission.Action.ADMIN, Permission.Action.READ, Permission.Action.WRITE}));
            Assert.assertTrue("Failed current user auth check on iter " + i, tableAuthManager.authorize(current, Permission.Action.ADMIN));
        }
    }
}
