package org.apache.hadoop.hbase.security.access;

import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.CoprocessorEnvironment;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.RegionInfo;
import org.apache.hadoop.hbase.client.TableDescriptor;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.ObserverContextImpl;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.quotas.SpaceQuotaHelperForTests;
import org.apache.hadoop.hbase.regionserver.HRegionServer;
import org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.JVMClusterUtil;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;

@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestAccessController3.class */
public class TestAccessController3 extends SecureTestUtil {
    private static final Log LOG = LogFactory.getLog(TestAccessController.class);
    private static TableName TEST_TABLE;
    private static final HBaseTestingUtility TEST_UTIL;
    private static Configuration conf;
    private static Connection systemUserConnection;
    private static User SUPERUSER;
    private static User USER_ADMIN;
    private static User USER_RW;
    private static User USER_RO;
    private static User USER_OWNER;
    private static User USER_CREATE;
    private static User USER_NONE;
    private static User USER_ADMIN_CF;
    private static final String GROUP_ADMIN = "group_admin";
    private static final String GROUP_CREATE = "group_create";
    private static final String GROUP_READ = "group_read";
    private static final String GROUP_WRITE = "group_write";
    private static User USER_GROUP_ADMIN;
    private static User USER_GROUP_CREATE;
    private static User USER_GROUP_READ;
    private static User USER_GROUP_WRITE;
    private static byte[] TEST_FAMILY;
    private static MasterCoprocessorEnvironment CP_ENV;
    private static AccessController ACCESS_CONTROLLER;
    private static RegionServerCoprocessorEnvironment RSCP_ENV;
    private static RegionCoprocessorEnvironment RCP_ENV;
    private static boolean callSuperTwice;

    @Rule
    public TestName name = new TestName();

    /* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestAccessController3$FaultyAccessController.class */
    public static class FaultyAccessController extends AccessController {
        public void stop(CoprocessorEnvironment coprocessorEnvironment) {
            super.stop(coprocessorEnvironment);
            if (TestAccessController3.callSuperTwice) {
                super.stop(coprocessorEnvironment);
            }
        }
    }

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        RegionServerCoprocessorHost regionServerCoprocessorHost;
        conf = TEST_UTIL.getConfiguration();
        enableSecurity(conf);
        String name = FaultyAccessController.class.getName();
        conf.set("hbase.coprocessor.region.classes", name);
        verifyConfiguration(conf);
        conf.setBoolean("hbase.security.exec.permission.checks", true);
        TEST_UTIL.startMiniCluster();
        MasterCoprocessorHost masterCoprocessorHost = TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost();
        masterCoprocessorHost.load(FaultyAccessController.class, 0, conf);
        ACCESS_CONTROLLER = masterCoprocessorHost.findCoprocessor(name);
        CP_ENV = masterCoprocessorHost.createEnvironment(ACCESS_CONTROLLER, 0, 1, conf);
        do {
            regionServerCoprocessorHost = TEST_UTIL.getMiniHBaseCluster().getRegionServer(0).getRegionServerCoprocessorHost();
        } while (regionServerCoprocessorHost == null);
        RSCP_ENV = regionServerCoprocessorHost.createEnvironment(ACCESS_CONTROLLER, 0, 1, conf);
        TEST_UTIL.waitUntilAllRegionsAssigned(AccessControlLists.ACL_TABLE_NAME);
        SUPERUSER = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
        USER_ADMIN = User.createUserForTesting(conf, "admin2", new String[0]);
        USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);
        USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);
        USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
        USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
        USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
        USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);
        USER_GROUP_ADMIN = User.createUserForTesting(conf, "user_group_admin", new String[]{GROUP_ADMIN});
        USER_GROUP_CREATE = User.createUserForTesting(conf, "user_group_create", new String[]{GROUP_CREATE});
        USER_GROUP_READ = User.createUserForTesting(conf, "user_group_read", new String[]{GROUP_READ});
        USER_GROUP_WRITE = User.createUserForTesting(conf, "user_group_write", new String[]{GROUP_WRITE});
        systemUserConnection = TEST_UTIL.getConnection();
        setUpTableAndUserPermissions();
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        HRegionServer hRegionServer = null;
        Iterator<JVMClusterUtil.RegionServerThread> it = TEST_UTIL.getMiniHBaseCluster().getRegionServerThreads().iterator();
        while (it.hasNext()) {
            hRegionServer = it.next().getRegionServer();
        }
        TEST_UTIL.shutdownMiniCluster();
        Assert.assertTrue("region server should have aborted due to FaultyAccessController", hRegionServer.isAborted());
    }

    /* JADX WARN: Type inference failed for: r2v3, types: [byte[], byte[][]] */
    private static void setUpTableAndUserPermissions() throws Exception {
        HTableDescriptor hTableDescriptor = new HTableDescriptor(TEST_TABLE);
        HColumnDescriptor hColumnDescriptor = new HColumnDescriptor(TEST_FAMILY);
        hColumnDescriptor.setMaxVersions(100);
        hTableDescriptor.addFamily(hColumnDescriptor);
        hTableDescriptor.setOwner(USER_OWNER);
        createTable(TEST_UTIL, (TableDescriptor) hTableDescriptor, (byte[][]) new byte[]{Bytes.toBytes("s")});
        RCP_ENV = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE).get(0).getCoprocessorHost().createEnvironment(ACCESS_CONTROLLER, 0, 1, conf);
        grantGlobal(TEST_UTIL, USER_ADMIN.getShortName(), Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ, Permission.Action.WRITE);
        grantOnTable(TEST_UTIL, USER_RW.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ, Permission.Action.WRITE);
        grantOnTable(TEST_UTIL, USER_CREATE.getShortName(), TEST_TABLE, null, null, Permission.Action.CREATE, Permission.Action.READ, Permission.Action.WRITE);
        grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
        grantOnTable(TEST_UTIL, USER_ADMIN_CF.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.ADMIN, Permission.Action.CREATE);
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN);
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_CREATE), Permission.Action.CREATE);
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_READ), Permission.Action.READ);
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_WRITE), Permission.Action.WRITE);
        Assert.assertEquals(5L, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size());
        try {
            Assert.assertEquals(5L, AccessControlClient.getUserPermissions(systemUserConnection, TEST_TABLE.toString()).size());
        } catch (Throwable th) {
            LOG.error("error during call of AccessControlClient.getUserPermissions. ", th);
        }
    }

    private static void cleanUp() throws Exception {
        Assert.assertEquals(0L, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size());
        Assert.assertEquals(0L, AccessControlLists.getNamespacePermissions(conf, TEST_TABLE.getNamespaceAsString()).size());
    }

    @Test
    public void testTableCreate() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController3.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HTableDescriptor hTableDescriptor = new HTableDescriptor(TableName.valueOf(TestAccessController3.this.name.getMethodName()));
                hTableDescriptor.addFamily(new HColumnDescriptor(TestAccessController3.TEST_FAMILY));
                TestAccessController3.ACCESS_CONTROLLER.preCreateTable(ObserverContextImpl.createAndPrepare(TestAccessController3.CP_ENV), hTableDescriptor, (RegionInfo[]) null);
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_ADMIN, USER_GROUP_CREATE);
        verifyDenied(accessTestAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_ADMIN, USER_GROUP_READ, USER_GROUP_WRITE);
    }

    static {
        Logger.getLogger(AccessController.class).setLevel(Level.TRACE);
        Logger.getLogger(AccessControlFilter.class).setLevel(Level.TRACE);
        Logger.getLogger(TableAuthManager.class).setLevel(Level.TRACE);
        TEST_TABLE = TableName.valueOf("testtable1");
        TEST_UTIL = new HBaseTestingUtility();
        TEST_FAMILY = Bytes.toBytes(SpaceQuotaHelperForTests.F1);
        callSuperTwice = true;
    }
}
