package org.apache.hadoop.hbase.security.access;

import java.util.List;
import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Cell;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.TableNotFoundException;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.TestTableName;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.xalan.templates.Constants;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestScanEarlyTermination.class */
public class TestScanEarlyTermination extends SecureTestUtil {
    private static final Log LOG = LogFactory.getLog(TestScanEarlyTermination.class);

    @Rule
    public TestTableName TEST_TABLE = new TestTableName();
    private static final HBaseTestingUtility TEST_UTIL;
    private static final byte[] TEST_FAMILY1;
    private static final byte[] TEST_FAMILY2;
    private static final byte[] TEST_ROW;
    private static final byte[] TEST_Q1;
    private static final byte[] TEST_Q2;
    private static final byte[] ZERO;
    private static Configuration conf;
    private static User USER_OWNER;
    private static User USER_OTHER;

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        enableSecurity(conf);
        verifyConfiguration(conf);
        TEST_UTIL.startMiniCluster();
        MasterCoprocessorHost masterCoprocessorHost = TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost();
        masterCoprocessorHost.load(AccessController.class, 0, conf);
        AccessController accessController = (AccessController) masterCoprocessorHost.findCoprocessor(AccessController.class.getName());
        masterCoprocessorHost.createEnvironment(AccessController.class, (Coprocessor) accessController, 0, 1, conf);
        TEST_UTIL.getMiniHBaseCluster().getRegionServer(0).getRegionServerCoprocessorHost().createEnvironment(AccessController.class, (Coprocessor) accessController, 0, 1, conf);
        TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME);
        USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
        USER_OTHER = User.createUserForTesting(conf, Constants.ATTRVAL_OTHER, new String[0]);
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    @Before
    public void setUp() throws Exception {
        HBaseAdmin hBaseAdmin = TEST_UTIL.getHBaseAdmin();
        HTableDescriptor hTableDescriptor = new HTableDescriptor(this.TEST_TABLE.getTableName());
        hTableDescriptor.setOwner(USER_OWNER);
        HColumnDescriptor hColumnDescriptor = new HColumnDescriptor(TEST_FAMILY1);
        hColumnDescriptor.setMaxVersions(10);
        hTableDescriptor.addFamily(hColumnDescriptor);
        HColumnDescriptor hColumnDescriptor2 = new HColumnDescriptor(TEST_FAMILY2);
        hColumnDescriptor2.setMaxVersions(10);
        hTableDescriptor.addFamily(hColumnDescriptor2);
        hTableDescriptor.setConfiguration(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT, "true");
        hBaseAdmin.createTable(hTableDescriptor);
        TEST_UTIL.waitUntilAllRegionsAssigned(this.TEST_TABLE.getTableName());
    }

    @After
    public void tearDown() throws Exception {
        try {
            TEST_UTIL.deleteTable(this.TEST_TABLE.getTableName());
        } catch (TableNotFoundException e) {
            LOG.info("Test deleted table " + this.TEST_TABLE.getTableName());
        }
        Assert.assertEquals(0L, AccessControlLists.getTablePermissions(conf, this.TEST_TABLE.getTableName()).size());
    }

    @Test
    public void testEarlyScanTermination() throws Exception {
        grantOnTable(TEST_UTIL, USER_OTHER.getShortName(), this.TEST_TABLE.getTableName(), TEST_FAMILY1, null, Permission.Action.READ);
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestScanEarlyTermination.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestScanEarlyTermination.conf.set("testkey", UUID.randomUUID().toString());
                HTable hTable = new HTable(TestScanEarlyTermination.conf, TestScanEarlyTermination.this.TEST_TABLE.getTableName());
                try {
                    hTable.put(new Put(TestScanEarlyTermination.TEST_ROW).add(TestScanEarlyTermination.TEST_FAMILY1, TestScanEarlyTermination.TEST_Q1, TestScanEarlyTermination.ZERO));
                    Put add = new Put(TestScanEarlyTermination.TEST_ROW).add(TestScanEarlyTermination.TEST_FAMILY2, TestScanEarlyTermination.TEST_Q1, TestScanEarlyTermination.ZERO);
                    add.setACL(TestScanEarlyTermination.USER_OTHER.getShortName(), new Permission(Permission.Action.READ));
                    hTable.put(add);
                    Put add2 = new Put(TestScanEarlyTermination.TEST_ROW).add(TestScanEarlyTermination.TEST_FAMILY2, TestScanEarlyTermination.TEST_Q2, TestScanEarlyTermination.ZERO);
                    add2.setACL(TestScanEarlyTermination.USER_OTHER.getShortName(), new Permission());
                    hTable.put(add2);
                    hTable.close();
                    return null;
                } catch (Throwable th) {
                    hTable.close();
                    throw th;
                }
            }
        }, USER_OWNER);
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestScanEarlyTermination.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestScanEarlyTermination.conf.set("testkey", UUID.randomUUID().toString());
                HTable hTable = new HTable(TestScanEarlyTermination.conf, TestScanEarlyTermination.this.TEST_TABLE.getTableName());
                try {
                    Result next = hTable.getScanner(new Scan().addFamily(TestScanEarlyTermination.TEST_FAMILY1)).next();
                    if (next == null) {
                        return null;
                    }
                    Assert.assertTrue("Improper exclusion", next.containsColumn(TestScanEarlyTermination.TEST_FAMILY1, TestScanEarlyTermination.TEST_Q1));
                    Assert.assertFalse("Improper inclusion", next.containsColumn(TestScanEarlyTermination.TEST_FAMILY2, TestScanEarlyTermination.TEST_Q1));
                    List<Cell> listCells = next.listCells();
                    hTable.close();
                    return listCells;
                } finally {
                    hTable.close();
                }
            }
        }, USER_OTHER);
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestScanEarlyTermination.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestScanEarlyTermination.conf.set("testkey", UUID.randomUUID().toString());
                HTable hTable = new HTable(TestScanEarlyTermination.conf, TestScanEarlyTermination.this.TEST_TABLE.getTableName());
                try {
                    Result next = hTable.getScanner(new Scan()).next();
                    if (next == null) {
                        return null;
                    }
                    Assert.assertTrue("Improper exclusion", next.containsColumn(TestScanEarlyTermination.TEST_FAMILY1, TestScanEarlyTermination.TEST_Q1));
                    Assert.assertFalse("Improper inclusion", next.containsColumn(TestScanEarlyTermination.TEST_FAMILY2, TestScanEarlyTermination.TEST_Q1));
                    List<Cell> listCells = next.listCells();
                    hTable.close();
                    return listCells;
                } finally {
                    hTable.close();
                }
            }
        }, USER_OTHER);
        verifyDenied(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestScanEarlyTermination.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestScanEarlyTermination.conf.set("testkey", UUID.randomUUID().toString());
                HTable hTable = new HTable(TestScanEarlyTermination.conf, TestScanEarlyTermination.this.TEST_TABLE.getTableName());
                try {
                    Result next = hTable.getScanner(new Scan().addFamily(TestScanEarlyTermination.TEST_FAMILY2)).next();
                    if (next == null) {
                        return null;
                    }
                    List<Cell> listCells = next.listCells();
                    hTable.close();
                    return listCells;
                } finally {
                    hTable.close();
                }
            }
        }, USER_OTHER);
        grantOnTable(TEST_UTIL, USER_OTHER.getShortName(), this.TEST_TABLE.getTableName(), TEST_FAMILY2, TEST_Q2, Permission.Action.READ);
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestScanEarlyTermination.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestScanEarlyTermination.conf.set("testkey", UUID.randomUUID().toString());
                HTable hTable = new HTable(TestScanEarlyTermination.conf, TestScanEarlyTermination.this.TEST_TABLE.getTableName());
                try {
                    Result next = hTable.getScanner(new Scan()).next();
                    if (next == null) {
                        return null;
                    }
                    Assert.assertTrue("Improper exclusion", next.containsColumn(TestScanEarlyTermination.TEST_FAMILY1, TestScanEarlyTermination.TEST_Q1));
                    Assert.assertFalse("Improper inclusion", next.containsColumn(TestScanEarlyTermination.TEST_FAMILY2, TestScanEarlyTermination.TEST_Q1));
                    Assert.assertTrue("Improper exclusion", next.containsColumn(TestScanEarlyTermination.TEST_FAMILY2, TestScanEarlyTermination.TEST_Q2));
                    List<Cell> listCells = next.listCells();
                    hTable.close();
                    return listCells;
                } finally {
                    hTable.close();
                }
            }
        }, USER_OTHER);
    }

    static {
        Logger.getLogger((Class<?>) AccessController.class).setLevel(Level.TRACE);
        Logger.getLogger((Class<?>) AccessControlFilter.class).setLevel(Level.TRACE);
        Logger.getLogger((Class<?>) TableAuthManager.class).setLevel(Level.TRACE);
        TEST_UTIL = new HBaseTestingUtility();
        TEST_FAMILY1 = Bytes.toBytes("f1");
        TEST_FAMILY2 = Bytes.toBytes("f2");
        TEST_ROW = Bytes.toBytes("testrow");
        TEST_Q1 = Bytes.toBytes("q1");
        TEST_Q2 = Bytes.toBytes("q2");
        ZERO = Bytes.toBytes(0L);
    }
}
