package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;

import com.google.common.base.Joiner;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator;
import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.class */
public class TestSQLStdHiveAccessControllerHS2 {
    @Test
    public void testConfigProcessing() throws HiveAuthzPluginException, SecurityException, IllegalArgumentException, NoSuchFieldException, IllegalAccessException {
        HiveConf newAuthEnabledConf = newAuthEnabledConf();
        new SQLStdHiveAccessController((HiveMetastoreClientFactory) null, newAuthEnabledConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx()).applyAuthorizationConfigPolicy(newAuthEnabledConf);
        Assert.assertTrue("Check for transform query disabling hook", newAuthEnabledConf.getVar(HiveConf.ConfVars.PREEXECHOOKS).contains(DisallowTransformHook.class.getName()));
        verifyParamSettability(getSettableParams(), newAuthEnabledConf);
    }

    private HiveConf newAuthEnabledConf() {
        HiveConf hiveConf = new HiveConf();
        hiveConf.set("fs.default.name", "file:///");
        hiveConf.setBoolVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
        return hiveConf;
    }

    private List<String> getSettableParams() throws SecurityException, NoSuchFieldException, IllegalArgumentException, IllegalAccessException {
        Field declaredField = HiveConf.class.getDeclaredField("sqlStdAuthSafeVarNames");
        declaredField.setAccessible(true);
        List asList = Arrays.asList((String[]) declaredField.get(null));
        List asList2 = Arrays.asList("hive.convert.join.bucket.mapjoin.tez", "hive.optimize.index.filter.compact.maxsize", "hive.tez.dummy", "tez.task.dummy", "hive.exec.dynamic.partition", "hive.exec.dynamic.partition.mode", "hive.exec.max.dynamic.partitions", "hive.exec.max.dynamic.partitions.pernode", "oozie.HadoopAccessorService.created", "tez.queue.name");
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(asList);
        arrayList.addAll(asList2);
        return arrayList;
    }

    private HiveAuthzSessionContext getHS2SessionCtx() {
        HiveAuthzSessionContext.Builder builder = new HiveAuthzSessionContext.Builder();
        builder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2);
        return builder.build();
    }

    private void verifyParamSettability(List<String> list, HiveConf hiveConf) {
        for (String str : list) {
            try {
                hiveConf.verifyAndSet(str, "dummy");
            } catch (IllegalArgumentException e) {
                Assert.fail("Unable to set value for parameter in whitelist " + str + " " + e);
            }
        }
        assertConfModificationException(hiveConf, "dummy.param");
        for (HiveConf.ConfVars confVars : HiveConf.metaVars) {
            assertConfModificationException(hiveConf, confVars.varname);
        }
    }

    @Test
    public void testConfigProcessingCustomSetWhitelistAppend() throws HiveAuthzPluginException {
        verifySettability(Arrays.asList("hive.ctest.param", "hive.abc..*"), Arrays.asList("hive.ctest.param", "hive.abc.def"), HiveConf.ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST_APPEND);
    }

    @Test
    public void testConfigProcessingCustomSetWhitelist() throws HiveAuthzPluginException {
        verifySettability(Arrays.asList("hive.ctest.param", "hive.abc..*"), Arrays.asList("hive.ctest.param", "hive.abc.def"), HiveConf.ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST);
    }

    private void verifySettability(List<String> list, List<String> list2, HiveConf.ConfVars confVars) throws HiveAuthzPluginException {
        HiveConf newAuthEnabledConf = newAuthEnabledConf();
        newAuthEnabledConf.setVar(confVars, Joiner.on("|").join(list));
        new SQLStdHiveAccessController((HiveMetastoreClientFactory) null, newAuthEnabledConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx()).applyAuthorizationConfigPolicy(newAuthEnabledConf);
        verifyParamSettability(list2, newAuthEnabledConf);
    }

    private void assertConfModificationException(HiveConf hiveConf, String str) {
        boolean z = false;
        try {
            hiveConf.verifyAndSet(str, "dummy");
        } catch (IllegalArgumentException e) {
            z = true;
        }
        Assert.assertTrue("Exception should be thrown while modifying the param " + str, z);
    }
}
