package co.cask.cdap.data2.dataset2;

import co.cask.cdap.api.Predicate;
import co.cask.cdap.api.annotation.ReadOnly;
import co.cask.cdap.api.annotation.ReadWrite;
import co.cask.cdap.api.annotation.WriteOnly;
import co.cask.cdap.api.dataset.DataSetException;
import co.cask.cdap.api.dataset.Dataset;
import co.cask.cdap.common.dataset.DatasetClassRewriter;
import co.cask.cdap.data2.dataset2.DefaultDatasetRuntimeContext;
import co.cask.cdap.data2.dataset2.customds.CustomDatasetApp;
import co.cask.cdap.data2.dataset2.customds.CustomOperations;
import co.cask.cdap.data2.dataset2.customds.DefaultTopLevelExtendsDataset;
import co.cask.cdap.data2.dataset2.customds.DelegatingDataset;
import co.cask.cdap.data2.dataset2.customds.TopLevelDataset;
import co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset;
import co.cask.cdap.data2.dataset2.customds.TopLevelExtendsDataset;
import co.cask.cdap.data2.metadata.lineage.AccessType;
import co.cask.cdap.internal.asm.ByteCodeClassLoader;
import co.cask.cdap.internal.asm.ClassDefinition;
import co.cask.cdap.proto.id.DatasetId;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.proto.security.Privilege;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import co.cask.cdap.security.spi.authorization.UnauthorizedException;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.io.InputStream;
import java.lang.annotation.Annotation;
import java.net.URL;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Callable;
import javax.annotation.Nullable;
import org.junit.Assert;
import org.junit.Test;
import org.objectweb.asm.Type;

/* loaded from: input_file:co/cask/cdap/data2/dataset2/DatasetClassRewriterTest.class */
public class DatasetClassRewriterTest {
    private static final DatasetId DATASET_ID = NamespaceId.DEFAULT.dataset("custom");

    /* loaded from: input_file:co/cask/cdap/data2/dataset2/DatasetClassRewriterTest$AuthorizationRecorder.class */
    private static final class AuthorizationRecorder implements AuthorizationEnforcer {
        private final List<Privilege> privileges;

        private AuthorizationRecorder() {
            this.privileges = new ArrayList();
        }

        public void enforce(EntityId entityId, Principal principal, Action action) throws Exception {
            enforce(entityId, principal, EnumSet.of(action));
        }

        public void enforce(EntityId entityId, Principal principal, Set<Action> set) throws Exception {
            if (set.isEmpty()) {
                this.privileges.add(null);
                return;
            }
            Iterator<Action> it = set.iterator();
            while (it.hasNext()) {
                this.privileges.add(new Privilege(entityId, it.next()));
            }
        }

        public Set<? extends EntityId> isVisible(Set<? extends EntityId> set, Principal principal) throws Exception {
            return set;
        }

        public Predicate<EntityId> createFilter(Principal principal) throws Exception {
            return new Predicate<EntityId>() { // from class: co.cask.cdap.data2.dataset2.DatasetClassRewriterTest.AuthorizationRecorder.1
                public boolean apply(EntityId entityId) {
                    return true;
                }
            };
        }

        List<Privilege> getPrivileges() {
            return this.privileges;
        }

        void clear() {
            this.privileges.clear();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:co/cask/cdap/data2/dataset2/DatasetClassRewriterTest$InMemoryAccessRecorder.class */
    public static final class InMemoryAccessRecorder implements DefaultDatasetRuntimeContext.DatasetAccessRecorder {
        private final List<AccessType> lineageRecorded;
        private final List<AccessType> auditRecorded;

        private InMemoryAccessRecorder() {
            this.lineageRecorded = new ArrayList();
            this.auditRecorded = new ArrayList();
        }

        void clear() {
            this.lineageRecorded.clear();
            this.auditRecorded.clear();
        }

        List<AccessType> getLineageRecorded() {
            return this.lineageRecorded;
        }

        List<AccessType> getAuditRecorded() {
            return this.auditRecorded;
        }

        public void recordLineage(AccessType accessType) {
            this.lineageRecorded.add(accessType);
        }

        public void emitAudit(AccessType accessType) {
            this.auditRecorded.add(accessType);
        }
    }

    /* loaded from: input_file:co/cask/cdap/data2/dataset2/DatasetClassRewriterTest$TestAuthorizationEnforcer.class */
    private static final class TestAuthorizationEnforcer implements AuthorizationEnforcer {
        private final Set<Action> allowedActions;

        private TestAuthorizationEnforcer(Set<Action> set) {
            this.allowedActions = set;
        }

        public void enforce(EntityId entityId, Principal principal, Action action) throws Exception {
            if (!this.allowedActions.contains(action)) {
                throw new UnauthorizedException("Not allow to perform " + action + " " + entityId + " by " + principal);
            }
        }

        public void enforce(EntityId entityId, Principal principal, Set<Action> set) throws Exception {
            if (!this.allowedActions.containsAll(set)) {
                throw new UnauthorizedException("Not allow to perform " + set + " " + entityId + " by " + principal);
            }
        }

        public Set<? extends EntityId> isVisible(Set<? extends EntityId> set, Principal principal) throws Exception {
            return set;
        }

        public Predicate<EntityId> createFilter(Principal principal) throws Exception {
            return new Predicate<EntityId>() { // from class: co.cask.cdap.data2.dataset2.DatasetClassRewriterTest.TestAuthorizationEnforcer.1
                public boolean apply(@Nullable EntityId entityId) {
                    return true;
                }
            };
        }
    }

    @Test
    public void testDatasetAccessRecorder() throws Exception {
        ByteCodeClassLoader byteCodeClassLoader = new ByteCodeClassLoader(getClass().getClassLoader());
        byteCodeClassLoader.addClass(rewrite(TopLevelExtendsDataset.class));
        byteCodeClassLoader.addClass(rewrite(TopLevelDirectDataset.class));
        byteCodeClassLoader.addClass(rewrite(TopLevelDataset.class));
        byteCodeClassLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
        byteCodeClassLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
        byteCodeClassLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
        InMemoryAccessRecorder inMemoryAccessRecorder = new InMemoryAccessRecorder();
        TestAuthorizationEnforcer testAuthorizationEnforcer = new TestAuthorizationEnforcer(EnumSet.allOf(Action.class));
        testDatasetAccessRecord(inMemoryAccessRecorder, createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, TopLevelDataset.class.getName(), byteCodeClassLoader));
        inMemoryAccessRecorder.clear();
        testDatasetAccessRecord(inMemoryAccessRecorder, createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, DefaultTopLevelExtendsDataset.class.getName(), byteCodeClassLoader));
        inMemoryAccessRecorder.clear();
        testDatasetAccessRecord(inMemoryAccessRecorder, createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, DelegatingDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomOperations.class}, new Object[]{createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, TopLevelDataset.class.getName(), byteCodeClassLoader)}));
        inMemoryAccessRecorder.clear();
        testDatasetAccessRecord(inMemoryAccessRecorder, createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), byteCodeClassLoader));
        inMemoryAccessRecorder.clear();
        testDatasetAccessRecord(inMemoryAccessRecorder, createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, CustomDatasetApp.InnerDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomDatasetApp.class}, new Object[]{new CustomDatasetApp()}));
    }

    @Test
    public void testDatasetAuthorization() throws Exception {
        ByteCodeClassLoader byteCodeClassLoader = new ByteCodeClassLoader(getClass().getClassLoader());
        byteCodeClassLoader.addClass(rewrite(TopLevelExtendsDataset.class));
        byteCodeClassLoader.addClass(rewrite(TopLevelDirectDataset.class));
        byteCodeClassLoader.addClass(rewrite(TopLevelDataset.class));
        byteCodeClassLoader.addClass(rewrite(DefaultTopLevelExtendsDataset.class));
        byteCodeClassLoader.addClass(rewrite(CustomDatasetApp.InnerStaticInheritDataset.class));
        byteCodeClassLoader.addClass(rewrite(CustomDatasetApp.InnerDataset.class));
        InMemoryAccessRecorder inMemoryAccessRecorder = new InMemoryAccessRecorder();
        TestAuthorizationEnforcer testAuthorizationEnforcer = new TestAuthorizationEnforcer(EnumSet.noneOf(Action.class));
        testNoAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, TopLevelDataset.class.getName(), byteCodeClassLoader));
        testNoAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, DefaultTopLevelExtendsDataset.class.getName(), byteCodeClassLoader));
        testNoAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, DelegatingDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomOperations.class}, new Object[]{createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, TopLevelDataset.class.getName(), byteCodeClassLoader)}));
        testNoAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), byteCodeClassLoader));
        testNoAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer, CustomDatasetApp.InnerDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomDatasetApp.class}, new Object[]{new CustomDatasetApp()}));
        TestAuthorizationEnforcer testAuthorizationEnforcer2 = new TestAuthorizationEnforcer(EnumSet.of(Action.READ));
        testReadOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer2, TopLevelDataset.class.getName(), byteCodeClassLoader));
        testReadOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer2, DefaultTopLevelExtendsDataset.class.getName(), byteCodeClassLoader));
        testReadOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer2, DelegatingDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomOperations.class}, new Object[]{createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer2, TopLevelDataset.class.getName(), byteCodeClassLoader)}));
        testReadOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer2, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), byteCodeClassLoader));
        testReadOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer2, CustomDatasetApp.InnerDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomDatasetApp.class}, new Object[]{new CustomDatasetApp()}));
        TestAuthorizationEnforcer testAuthorizationEnforcer3 = new TestAuthorizationEnforcer(EnumSet.of(Action.WRITE));
        testWriteOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer3, TopLevelDataset.class.getName(), byteCodeClassLoader));
        testWriteOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer3, DefaultTopLevelExtendsDataset.class.getName(), byteCodeClassLoader));
        testWriteOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer3, DelegatingDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomOperations.class}, new Object[]{createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer3, TopLevelDataset.class.getName(), byteCodeClassLoader)}));
        testWriteOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer3, CustomDatasetApp.InnerStaticInheritDataset.class.getName(), byteCodeClassLoader));
        testWriteOnlyAccess(createDataset(inMemoryAccessRecorder, testAuthorizationEnforcer3, CustomDatasetApp.InnerDataset.class.getName(), byteCodeClassLoader, new Class[]{CustomDatasetApp.class}, new Object[]{new CustomDatasetApp()}));
    }

    @Test
    public void testConstructorDefaultAnnotation() throws Exception {
        ClassLoader byteCodeClassLoader = new ByteCodeClassLoader(getClass().getClassLoader());
        byteCodeClassLoader.addClass(rewrite(TopLevelDirectDataset.class));
        InMemoryAccessRecorder inMemoryAccessRecorder = new InMemoryAccessRecorder();
        AuthorizationRecorder authorizationRecorder = new AuthorizationRecorder();
        createDataset(inMemoryAccessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), byteCodeClassLoader, new Class[0], new Object[0], null);
        Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), inMemoryAccessRecorder.getLineageRecorded());
        Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), inMemoryAccessRecorder.getAuditRecorded());
        Assert.assertEquals(1L, authorizationRecorder.getPrivileges().size());
        Assert.assertNull(authorizationRecorder.getPrivileges().get(0));
        inMemoryAccessRecorder.clear();
        authorizationRecorder.clear();
        createDataset(inMemoryAccessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), byteCodeClassLoader, new Class[0], new Object[0], ReadOnly.class);
        Assert.assertEquals(ImmutableList.of(AccessType.READ), inMemoryAccessRecorder.getLineageRecorded());
        Assert.assertEquals(ImmutableList.of(AccessType.READ), inMemoryAccessRecorder.getAuditRecorded());
        Assert.assertEquals(ImmutableList.of(new Privilege(DATASET_ID, Action.READ)), authorizationRecorder.getPrivileges());
        inMemoryAccessRecorder.clear();
        authorizationRecorder.clear();
        createDataset(inMemoryAccessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), byteCodeClassLoader, new Class[0], new Object[0], WriteOnly.class);
        Assert.assertEquals(ImmutableList.of(AccessType.WRITE), inMemoryAccessRecorder.getLineageRecorded());
        Assert.assertEquals(ImmutableList.of(AccessType.WRITE), inMemoryAccessRecorder.getAuditRecorded());
        Assert.assertEquals(ImmutableList.of(new Privilege(DATASET_ID, Action.WRITE)), authorizationRecorder.getPrivileges());
        inMemoryAccessRecorder.clear();
        authorizationRecorder.clear();
        createDataset(inMemoryAccessRecorder, authorizationRecorder, TopLevelDirectDataset.class.getName(), byteCodeClassLoader, new Class[0], new Object[0], ReadWrite.class);
        Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), inMemoryAccessRecorder.getLineageRecorded());
        Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), inMemoryAccessRecorder.getAuditRecorded());
        Assert.assertTrue(ImmutableSet.of(new Privilege(DATASET_ID, Action.READ), new Privilege(DATASET_ID, Action.WRITE)).containsAll(authorizationRecorder.getPrivileges()));
    }

    private <T extends Dataset & CustomOperations> T createDataset(InMemoryAccessRecorder inMemoryAccessRecorder, AuthorizationEnforcer authorizationEnforcer, String str, ClassLoader classLoader) throws Exception {
        return (T) createDataset(inMemoryAccessRecorder, authorizationEnforcer, str, classLoader, new Class[0], new Object[0]);
    }

    private <T extends Dataset & CustomOperations> T createDataset(InMemoryAccessRecorder inMemoryAccessRecorder, AuthorizationEnforcer authorizationEnforcer, String str, ClassLoader classLoader, Class<?>[] clsArr, Object[] objArr) throws Exception {
        return (T) createDataset(inMemoryAccessRecorder, authorizationEnforcer, str, classLoader, clsArr, objArr, null);
    }

    private <T extends Dataset & CustomOperations> T createDataset(InMemoryAccessRecorder inMemoryAccessRecorder, AuthorizationEnforcer authorizationEnforcer, final String str, final ClassLoader classLoader, final Class<?>[] clsArr, final Object[] objArr, @Nullable Class<? extends Annotation> cls) throws Exception {
        return (T) ((Dataset) DefaultDatasetRuntimeContext.execute(authorizationEnforcer, inMemoryAccessRecorder, new Principal("cdap", Principal.PrincipalType.USER), DATASET_ID, cls, new Callable<T>() { // from class: co.cask.cdap.data2.dataset2.DatasetClassRewriterTest.1
            /* JADX WARN: Incorrect return type in method signature: ()TT; */
            @Override // java.util.concurrent.Callable
            public Dataset call() throws Exception {
                Class<?> loadClass = classLoader.loadClass(str);
                return clsArr.length == 0 ? (Dataset) loadClass.newInstance() : (Dataset) loadClass.getConstructor(clsArr).newInstance(objArr);
            }
        }));
    }

    private <T extends Dataset & CustomOperations> void testDatasetAccessRecord(InMemoryAccessRecorder inMemoryAccessRecorder, T t) throws Exception {
        Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), inMemoryAccessRecorder.getLineageRecorded());
        Assert.assertEquals(ImmutableList.of(AccessType.UNKNOWN), inMemoryAccessRecorder.getAuditRecorded());
        inMemoryAccessRecorder.clear();
        t.noDataOp();
        Assert.assertTrue(inMemoryAccessRecorder.getLineageRecorded().isEmpty());
        Assert.assertTrue(inMemoryAccessRecorder.getAuditRecorded().isEmpty());
        inMemoryAccessRecorder.clear();
        t.lineageWriteActualReadWrite();
        Assert.assertEquals(ImmutableList.of(AccessType.WRITE), inMemoryAccessRecorder.getLineageRecorded());
        Assert.assertEquals(ImmutableList.of(AccessType.WRITE, AccessType.READ), inMemoryAccessRecorder.getAuditRecorded());
        inMemoryAccessRecorder.clear();
        t.read();
        t.write();
        t.readWrite();
        Assert.assertEquals(ImmutableList.of(AccessType.READ, AccessType.READ_WRITE), inMemoryAccessRecorder.getLineageRecorded());
        Assert.assertEquals(ImmutableList.of(AccessType.READ_WRITE), inMemoryAccessRecorder.getAuditRecorded());
        t.close();
    }

    private <T extends Dataset & CustomOperations> void testNoAccess(T t) throws Exception {
        t.noDataOp();
        try {
            t.read();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e) {
            Assert.assertTrue(e.getCause() instanceof UnauthorizedException);
        }
        try {
            t.write();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e2) {
            Assert.assertTrue(e2.getCause() instanceof UnauthorizedException);
        }
        try {
            t.readWrite();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e3) {
            Assert.assertTrue(e3.getCause() instanceof UnauthorizedException);
        }
        try {
            t.lineageWriteActualReadWrite();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e4) {
            Assert.assertTrue(e4.getCause() instanceof UnauthorizedException);
        }
    }

    private <T extends Dataset & CustomOperations> void testReadOnlyAccess(T t) throws Exception {
        t.read();
        t.noDataOp();
        try {
            t.write();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e) {
            Assert.assertTrue(e.getCause() instanceof UnauthorizedException);
        }
        try {
            t.readWrite();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e2) {
            Assert.assertTrue(e2.getCause() instanceof UnauthorizedException);
        }
        try {
            t.lineageWriteActualReadWrite();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e3) {
            Assert.assertTrue(e3.getCause() instanceof UnauthorizedException);
        }
    }

    private <T extends Dataset & CustomOperations> void testWriteOnlyAccess(T t) throws Exception {
        t.write();
        t.noDataOp();
        try {
            t.read();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e) {
            Assert.assertTrue(e.getCause() instanceof UnauthorizedException);
        }
        try {
            t.readWrite();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e2) {
            Assert.assertTrue(e2.getCause() instanceof UnauthorizedException);
        }
        try {
            t.lineageWriteActualReadWrite();
            Assert.fail("Expected an DataSetException");
        } catch (DataSetException e3) {
            Assert.assertTrue(e3.getCause() instanceof UnauthorizedException);
        }
    }

    private ClassDefinition rewrite(Class<? extends Dataset> cls) throws Exception {
        DatasetClassRewriter datasetClassRewriter = new DatasetClassRewriter();
        URL resource = cls.getClassLoader().getResource(cls.getName().replace('.', '/') + ".class");
        Assert.assertNotNull(resource);
        InputStream openStream = resource.openStream();
        Throwable th = null;
        try {
            ClassDefinition classDefinition = new ClassDefinition(datasetClassRewriter.rewriteClass(cls.getName(), openStream), Type.getInternalName(cls));
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openStream.close();
                }
            }
            return classDefinition;
        } catch (Throwable th3) {
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }
}
