package org.apache.hadoop.hbase.security.access;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.Cell;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.TableNotFoundException;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.TestTableName;
import org.apache.hadoop.hbase.util.Threads;
import org.apache.hive.com.google.common.collect.Lists;
import org.apache.hive.org.apache.commons.logging.Log;
import org.apache.hive.org.apache.commons.logging.LogFactory;
import org.apache.hive.org.apache.log4j.Level;
import org.apache.hive.org.apache.log4j.Logger;
import org.apache.xalan.templates.Constants;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestCellACLs.class */
public class TestCellACLs extends SecureTestUtil {
    private static final Log LOG = LogFactory.getLog(TestCellACLs.class);

    @Rule
    public TestTableName TEST_TABLE = new TestTableName();
    private static final HBaseTestingUtility TEST_UTIL;
    private static final byte[] TEST_FAMILY;
    private static final byte[] TEST_ROW;
    private static final byte[] TEST_Q1;
    private static final byte[] TEST_Q2;
    private static final byte[] TEST_Q3;
    private static final byte[] TEST_Q4;
    private static final byte[] ZERO;
    private static final byte[] ONE;
    private static Configuration conf;
    private static final String GROUP = "group";
    private static User GROUP_USER;
    private static User USER_OWNER;
    private static User USER_OTHER;
    private static String[] usersAndGroups;

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        enableSecurity(conf);
        verifyConfiguration(conf);
        conf.setBoolean(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT, false);
        TEST_UTIL.startMiniCluster();
        MasterCoprocessorHost masterCoprocessorHost = TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost();
        masterCoprocessorHost.load(AccessController.class, 0, conf);
        AccessController accessController = (AccessController) masterCoprocessorHost.findCoprocessor(AccessController.class.getName());
        masterCoprocessorHost.createEnvironment(AccessController.class, (Coprocessor) accessController, 0, 1, conf);
        TEST_UTIL.getMiniHBaseCluster().getRegionServer(0).getRegionServerCoprocessorHost().createEnvironment(AccessController.class, (Coprocessor) accessController, 0, 1, conf);
        TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME);
        USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
        USER_OTHER = User.createUserForTesting(conf, Constants.ATTRVAL_OTHER, new String[0]);
        GROUP_USER = User.createUserForTesting(conf, "group_user", new String[]{GROUP});
        usersAndGroups = new String[]{USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP)};
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v5, types: [byte[], byte[][]] */
    @Before
    public void setUp() throws Exception {
        HBaseAdmin hBaseAdmin = TEST_UTIL.getHBaseAdmin();
        HTableDescriptor hTableDescriptor = new HTableDescriptor(this.TEST_TABLE.getTableName());
        HColumnDescriptor hColumnDescriptor = new HColumnDescriptor(TEST_FAMILY);
        hColumnDescriptor.setMaxVersions(4);
        hTableDescriptor.setOwner(USER_OWNER);
        hTableDescriptor.addFamily(hColumnDescriptor);
        hBaseAdmin.createTable(hTableDescriptor, new byte[]{Bytes.toBytes("s")});
        TEST_UTIL.waitTableEnabled(this.TEST_TABLE.getTableName());
        LOG.info("Sleeping a second because of HBASE-12581");
        Threads.sleep(1000L);
    }

    @Test
    public void testCellPermissions() throws Exception {
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    Put add = new Put(TestCellACLs.TEST_ROW).add(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q1, TestCellACLs.ZERO);
                    add.setACL(TestCellACLs.this.prepareCellPermissions(TestCellACLs.usersAndGroups, Permission.Action.READ));
                    hTable.put(add);
                    Put add2 = new Put(TestCellACLs.TEST_ROW).add(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q2, TestCellACLs.ZERO);
                    add2.setACL(TestCellACLs.this.prepareCellPermissions(TestCellACLs.usersAndGroups, Permission.Action.READ, Permission.Action.WRITE));
                    hTable.put(add2);
                    hTable.put(new Put(TestCellACLs.TEST_ROW).add(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q3, TestCellACLs.ZERO).add(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q4, TestCellACLs.ZERO));
                    return null;
                } finally {
                    hTable.close();
                }
            }
        }, USER_OWNER);
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get addColumn = new Get(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q1);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    List<Cell> listCells = hTable.get(addColumn).listCells();
                    hTable.close();
                    return listCells;
                } catch (Throwable th) {
                    hTable.close();
                    throw th;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction2 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get addColumn = new Get(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q2);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    List<Cell> listCells = hTable.get(addColumn).listCells();
                    hTable.close();
                    return listCells;
                } catch (Throwable th) {
                    hTable.close();
                    throw th;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction3 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get addColumn = new Get(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q3);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    List<Cell> listCells = hTable.get(addColumn).listCells();
                    hTable.close();
                    return listCells;
                } catch (Throwable th) {
                    hTable.close();
                    throw th;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction4 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get addColumn = new Get(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q4);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    List<Cell> listCells = hTable.get(addColumn).listCells();
                    hTable.close();
                    return listCells;
                } catch (Throwable th) {
                    hTable.close();
                    throw th;
                }
            }
        };
        verifyAllowed(accessTestAction, USER_OTHER, GROUP_USER);
        verifyAllowed(accessTestAction2, USER_OTHER, GROUP_USER);
        verifyIfNull(accessTestAction3, USER_OTHER, GROUP_USER);
        verifyIfNull(accessTestAction4, USER_OTHER, GROUP_USER);
        final ArrayList newArrayList = Lists.newArrayList();
        SecureTestUtil.AccessTestAction accessTestAction5 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.6
            @Override // java.security.PrivilegedExceptionAction
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Object run2() throws Exception {
                Result next;
                Scan scan = new Scan();
                scan.setStartRow(TestCellACLs.TEST_ROW);
                scan.setStopRow(Bytes.add(TestCellACLs.TEST_ROW, new byte[]{0}));
                scan.addFamily(TestCellACLs.TEST_FAMILY);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    ResultScanner scanner = hTable.getScanner(scan);
                    do {
                        next = scanner.next();
                        if (next != null) {
                            newArrayList.addAll(next.listCells());
                        }
                    } while (next != null);
                    return newArrayList;
                } finally {
                    hTable.close();
                }
            }
        };
        newArrayList.clear();
        verifyAllowed(accessTestAction5, USER_OWNER);
        Assert.assertEquals(4L, newArrayList.size());
        newArrayList.clear();
        verifyAllowed(accessTestAction5, USER_OTHER);
        Assert.assertEquals(2L, newArrayList.size());
        newArrayList.clear();
        verifyAllowed(accessTestAction5, GROUP_USER);
        Assert.assertEquals(2L, newArrayList.size());
        SecureTestUtil.AccessTestAction accessTestAction6 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.7
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Increment addColumn = new Increment(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q1, 1L);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    hTable.increment(addColumn);
                    return null;
                } finally {
                    hTable.close();
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction7 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.8
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Increment addColumn = new Increment(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q2, 1L);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    hTable.increment(addColumn);
                    return null;
                } finally {
                    hTable.close();
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction8 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.9
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Increment addColumn = new Increment(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q2, 1L);
                addColumn.setACL(TestCellACLs.USER_OTHER.getShortName(), new Permission(Permission.Action.READ));
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    hTable.increment(addColumn);
                    return null;
                } finally {
                    hTable.close();
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction9 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.10
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Increment addColumn = new Increment(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q3, 1L);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    hTable.increment(addColumn);
                    return null;
                } finally {
                    hTable.close();
                }
            }
        };
        verifyDenied(accessTestAction6, USER_OTHER, GROUP_USER);
        verifyDenied(accessTestAction9, USER_OTHER, GROUP_USER);
        verifyAllowed(accessTestAction7, USER_OTHER, GROUP_USER);
        verifyAllowed(accessTestAction8, USER_OTHER);
        verifyDenied(accessTestAction7, USER_OTHER, GROUP_USER);
        SecureTestUtil.AccessTestAction accessTestAction10 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.11
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete deleteFamily = new Delete(TestCellACLs.TEST_ROW).deleteFamily(TestCellACLs.TEST_FAMILY);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    hTable.delete(deleteFamily);
                    return null;
                } finally {
                    hTable.close();
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction11 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.12
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete deleteColumn = new Delete(TestCellACLs.TEST_ROW).deleteColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q1);
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    hTable.delete(deleteColumn);
                    return null;
                } finally {
                    hTable.close();
                }
            }
        };
        verifyDenied(accessTestAction10, USER_OTHER, GROUP_USER);
        verifyDenied(accessTestAction11, USER_OTHER, GROUP_USER);
        verifyAllowed(accessTestAction11, USER_OWNER);
    }

    @Test
    public void testCoveringCheck() throws Exception {
        grantOnTable(TEST_UTIL, USER_OTHER.getShortName(), this.TEST_TABLE.getTableName(), TEST_FAMILY, null, Permission.Action.READ);
        grantOnTable(TEST_UTIL, AuthUtil.toGroupEntry(GROUP), this.TEST_TABLE.getTableName(), TEST_FAMILY, null, Permission.Action.READ);
        verfifyUserDeniedForWrite(USER_OTHER, ZERO);
        verfifyUserDeniedForWrite(GROUP_USER, ZERO);
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.13
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HTable hTable = new HTable(TestCellACLs.conf, TestCellACLs.this.TEST_TABLE.getTableName());
                try {
                    hTable.put(new Put(TestCellACLs.TEST_ROW).add(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q1, TestCellACLs.ZERO));
                    return null;
                } finally {
                    hTable.close();
                }
            }
        }, USER_OWNER);
        verfifyUserDeniedForWrite(USER_OTHER, ONE);
        verfifyUserDeniedForWrite(GROUP_USER, ONE);
        verifyUserAllowedForRead(USER_OTHER);
        verifyUserAllowedForRead(GROUP_USER);
    }

    private void verfifyUserDeniedForWrite(User user, final byte[] bArr) throws Exception {
        verifyDenied(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.14
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestCellACLs.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(TestCellACLs.this.TEST_TABLE.getTableName());
                    Throwable th2 = null;
                    try {
                        try {
                            table.put(new Put(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q1, bArr));
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            if (createConnection == null) {
                                return null;
                            }
                            if (0 == 0) {
                                createConnection.close();
                                return null;
                            }
                            try {
                                createConnection.close();
                                return null;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return null;
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th8;
                }
            }
        }, user);
    }

    private void verifyUserAllowedForRead(User user) throws Exception {
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestCellACLs.15
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestCellACLs.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(TestCellACLs.this.TEST_TABLE.getTableName());
                    Throwable th2 = null;
                    try {
                        try {
                            Result result = table.get(new Get(TestCellACLs.TEST_ROW).addColumn(TestCellACLs.TEST_FAMILY, TestCellACLs.TEST_Q1));
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            return result;
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th4;
                    }
                } finally {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                }
            }
        }, user);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Permission> prepareCellPermissions(String[] strArr, Permission.Action... actionArr) {
        HashMap hashMap = new HashMap(2);
        for (String str : strArr) {
            hashMap.put(str, new Permission(actionArr));
        }
        return hashMap;
    }

    @After
    public void tearDown() throws Exception {
        try {
            TEST_UTIL.deleteTable(this.TEST_TABLE.getTableName());
        } catch (TableNotFoundException e) {
            LOG.info("Test deleted table " + this.TEST_TABLE.getTableName());
        }
        Assert.assertEquals(0L, AccessControlLists.getTablePermissions(conf, this.TEST_TABLE.getTableName()).size());
    }

    static {
        Logger.getLogger((Class<?>) AccessController.class).setLevel(Level.TRACE);
        Logger.getLogger((Class<?>) AccessControlFilter.class).setLevel(Level.TRACE);
        Logger.getLogger((Class<?>) TableAuthManager.class).setLevel(Level.TRACE);
        TEST_UTIL = new HBaseTestingUtility();
        TEST_FAMILY = Bytes.toBytes("f1");
        TEST_ROW = Bytes.toBytes("cellpermtest");
        TEST_Q1 = Bytes.toBytes("q1");
        TEST_Q2 = Bytes.toBytes("q2");
        TEST_Q3 = Bytes.toBytes("q3");
        TEST_Q4 = Bytes.toBytes("q4");
        ZERO = Bytes.toBytes(0L);
        ONE = Bytes.toBytes(1L);
    }
}
