package org.apache.accumulo.test;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Scanner;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.BatchScanner;
import org.apache.accumulo.core.client.BatchWriter;
import org.apache.accumulo.core.client.BatchWriterConfig;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.admin.TableOperations;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.data.Mutation;
import org.apache.accumulo.core.data.Range;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.harness.conf.StandaloneAccumuloClusterConfiguration;
import org.apache.accumulo.minicluster.impl.MiniAccumuloClusterImpl;
import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
import org.apache.accumulo.test.functional.ConfigurableMacBase;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.io.Text;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/accumulo/test/AuditMessageIT.class */
public class AuditMessageIT extends ConfigurableMacBase {
    private static final String AUDIT_USER_1 = "AuditUser1";
    private static final String AUDIT_USER_2 = "AuditUser2";
    private static final String PASSWORD = "password";
    private static final String OLD_TEST_TABLE_NAME = "apples";
    private static final String NEW_TEST_TABLE_NAME = "oranges";
    private static final String THIRD_TEST_TABLE_NAME = "pears";
    private static final Authorizations auths = new Authorizations(new String[]{"private", "public"});
    private static String lastAuditTimestamp;
    private Connector auditConnector;
    private Connector conn;

    @Override // org.apache.accumulo.harness.AccumuloITBase
    public int defaultTimeoutSeconds() {
        return 60;
    }

    @Override // org.apache.accumulo.test.functional.ConfigurableMacBase
    public void beforeClusterStart(MiniAccumuloConfigImpl miniAccumuloConfigImpl) throws Exception {
        File file = new File(miniAccumuloConfigImpl.getConfDir(), "auditLog.xml");
        if (file.delete()) {
            log.debug("Deleted " + file);
        }
        miniAccumuloConfigImpl.setNumTservers(1);
    }

    private static ArrayList<String> findAuditMessage(ArrayList<String> arrayList, String str) {
        ArrayList<String> arrayList2 = new ArrayList<>();
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next.matches(".*" + str + ".*")) {
                arrayList2.add(next);
            }
        }
        return arrayList2;
    }

    private ArrayList<String> getAuditMessages(String str) throws IOException {
        try {
            Thread.sleep(2000L);
            Iterator it = getCluster().getLogWriters().iterator();
            while (it.hasNext()) {
                ((MiniAccumuloClusterImpl.LogWriter) it.next()).flush();
            }
            System.out.println("Start of captured audit messages for step " + str);
            ArrayList<String> arrayList = new ArrayList<>();
            File[] listFiles = getCluster().getConfig().getLogDir().listFiles();
            Assert.assertNotNull(listFiles);
            for (File file : listFiles) {
                if (file.getName().contains(".out") && file.isFile() && file.canRead()) {
                    Scanner scanner = new Scanner(file, StandardCharsets.UTF_8.name());
                    while (scanner.hasNext()) {
                        try {
                            String nextLine = scanner.nextLine();
                            if (nextLine.matches(".* \\[Audit\\s*\\].*") && (lastAuditTimestamp == null || nextLine.substring(0, 23).compareTo(lastAuditTimestamp) > 0)) {
                                arrayList.add(nextLine);
                            }
                        } catch (Throwable th) {
                            try {
                                scanner.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    }
                    scanner.close();
                }
            }
            Collections.sort(arrayList);
            Iterator<String> it2 = arrayList.iterator();
            while (it2.hasNext()) {
                System.out.println(it2.next());
            }
            System.out.println("End of captured audit messages for step " + str);
            if (arrayList.size() > 0) {
                lastAuditTimestamp = arrayList.get(arrayList.size() - 1).substring(0, 23);
            }
            return arrayList;
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IOException("Interrupted waiting for data to be flushed to output streams");
        }
    }

    private void grantEverySystemPriv(Connector connector, String str) throws AccumuloSecurityException, AccumuloException {
        for (SystemPermission systemPermission : new SystemPermission[]{SystemPermission.SYSTEM, SystemPermission.ALTER_TABLE, SystemPermission.ALTER_USER, SystemPermission.CREATE_TABLE, SystemPermission.CREATE_USER, SystemPermission.DROP_TABLE, SystemPermission.DROP_USER}) {
            connector.securityOperations().grantSystemPermission(str, systemPermission);
        }
    }

    @Before
    public void resetInstance() throws Exception {
        this.conn = getConnector();
        removeUsersAndTables();
        getAuditMessages("setup");
    }

    @After
    public void removeUsersAndTables() throws Exception {
        for (String str : Arrays.asList(AUDIT_USER_1, AUDIT_USER_2)) {
            if (this.conn.securityOperations().listLocalUsers().contains(str)) {
                this.conn.securityOperations().dropLocalUser(str);
            }
        }
        TableOperations tableOperations = this.conn.tableOperations();
        for (String str2 : Arrays.asList(THIRD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME, OLD_TEST_TABLE_NAME)) {
            if (tableOperations.exists(str2)) {
                tableOperations.delete(str2);
            }
        }
    }

    @Test
    public void testTableOperationsAudits() throws AccumuloException, AccumuloSecurityException, TableExistsException, TableNotFoundException, IOException, InterruptedException {
        this.conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_TABLE);
        this.auditConnector = getCluster().getConnector(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
        this.auditConnector.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
        this.auditConnector.tableOperations().clone(NEW_TEST_TABLE_NAME, OLD_TEST_TABLE_NAME, true, Collections.emptyMap(), Collections.emptySet());
        this.auditConnector.tableOperations().delete(OLD_TEST_TABLE_NAME);
        this.auditConnector.tableOperations().offline(NEW_TEST_TABLE_NAME);
        this.auditConnector.tableOperations().delete(NEW_TEST_TABLE_NAME);
        ArrayList<String> auditMessages = getAuditMessages("testTableOperationsAudits");
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: createTable; targetTable: apples").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: renameTable; targetTable: apples").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: cloneTable; targetTable: oranges").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: deleteTable; targetTable: apples").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: offlineTable; targetTable: oranges").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: deleteTable; targetTable: oranges").size());
    }

    @Test
    public void testUserOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, InterruptedException, IOException {
        this.conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_USER);
        grantEverySystemPriv(this.conn, AUDIT_USER_1);
        this.auditConnector = getCluster().getConnector(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditConnector.securityOperations().createLocalUser(AUDIT_USER_2, new PasswordToken(PASSWORD));
        this.conn.securityOperations().grantSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
        this.conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
        this.auditConnector.tableOperations().create(NEW_TEST_TABLE_NAME);
        this.conn.securityOperations().grantTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
        this.conn.securityOperations().revokeTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
        this.auditConnector.securityOperations().changeLocalUserPassword(AUDIT_USER_2, new PasswordToken("anything"));
        this.auditConnector.securityOperations().changeUserAuthorizations(AUDIT_USER_2, auths);
        this.auditConnector.securityOperations().dropLocalUser(AUDIT_USER_2);
        ArrayList<String> auditMessages = getAuditMessages("testUserOperationsAudits");
        Assert.assertEquals(2L, findAuditMessage(auditMessages, "action: createUser; targetUser: AuditUser2").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: grantSystemPermission; permission: " + SystemPermission.ALTER_TABLE.toString() + "; targetUser: " + AUDIT_USER_2).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: revokeSystemPermission; permission: " + SystemPermission.ALTER_TABLE.toString() + "; targetUser: " + AUDIT_USER_2).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: grantTablePermission; permission: " + TablePermission.READ.toString() + "; targetTable: " + NEW_TEST_TABLE_NAME).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: revokeTablePermission; permission: " + TablePermission.READ.toString() + "; targetTable: " + NEW_TEST_TABLE_NAME).size());
        Assert.assertEquals(2L, findAuditMessage(auditMessages, "action: changePassword; targetUser: AuditUser2").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: changeAuthorizations; targetUser: AuditUser2; authorizations: " + auths.toString()).size());
        Assert.assertEquals(2L, findAuditMessage(auditMessages, "action: dropUser; targetUser: AuditUser2").size());
    }

    @Test
    public void testImportExportOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException, InterruptedException {
        this.conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
        grantEverySystemPriv(this.conn, AUDIT_USER_1);
        this.auditConnector = getCluster().getConnector(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
        BatchWriter createBatchWriter = this.auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
        Mutation mutation = new Mutation("myRow");
        mutation.put("cf1", "cq1", "v1");
        mutation.put("cf1", "cq2", "v3");
        createBatchWriter.addMutation(mutation);
        createBatchWriter.close();
        File file = new File(getCluster().getConfig().getDir().toString() + "/export");
        this.auditConnector.tableOperations().offline(OLD_TEST_TABLE_NAME);
        this.auditConnector.tableOperations().exportTable(OLD_TEST_TABLE_NAME, file.toString());
        File file2 = null;
        Scanner scanner = new Scanner(new File(file.toString() + "/distcp.txt"), StandardCharsets.UTF_8.name());
        while (scanner.hasNext() && file2 == null) {
            try {
                String nextLine = scanner.nextLine();
                if (nextLine.matches(".*\\.rf")) {
                    file2 = new File(nextLine.replaceFirst("file:", ""));
                }
            } catch (Throwable th) {
                try {
                    scanner.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        scanner.close();
        FileUtils.copyFileToDirectory(file2, file);
        this.auditConnector.tableOperations().importTable(NEW_TEST_TABLE_NAME, file.toString());
        this.auditConnector.tableOperations().create(THIRD_TEST_TABLE_NAME);
        File file3 = new File(file + StandaloneAccumuloClusterConfiguration.ACCUMULO_STANDALONE_TMP_DIR_DEFAULT);
        Assert.assertTrue(file3.mkdirs() || file3.isDirectory());
        this.auditConnector.tableOperations().importDirectory(THIRD_TEST_TABLE_NAME, file.toString(), file3.toString(), false);
        this.auditConnector.tableOperations().online(OLD_TEST_TABLE_NAME);
        ArrayList<String> auditMessages = getAuditMessages("testImportExportOperationsAudits");
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: createTable; targetTable: %s;", OLD_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: %s; targetTable: %s;", "offlineTable", OLD_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: export; targetTable: %s; dataDir: %s;", OLD_TEST_TABLE_NAME, file.toString())).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: import; targetTable: %s; dataDir: %s;", NEW_TEST_TABLE_NAME, "file:" + file.toString())).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: createTable; targetTable: %s;", THIRD_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;", THIRD_TEST_TABLE_NAME, "file:" + file.toString(), "file:" + file3.toString())).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: %s; targetTable: %s;", "onlineTable", OLD_TEST_TABLE_NAME)).size());
    }

    @Test
    public void testDataOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException, InterruptedException {
        this.conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
        grantEverySystemPriv(this.conn, AUDIT_USER_1);
        this.auditConnector = getCluster().getConnector(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
        BatchWriter createBatchWriter = this.auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
        Mutation mutation = new Mutation("myRow");
        mutation.put("cf1", "cq1", "v1");
        mutation.put("cf1", "cq2", "v3");
        createBatchWriter.addMutation(mutation);
        createBatchWriter.close();
        org.apache.accumulo.core.client.Scanner<Map.Entry> createScanner = this.auditConnector.createScanner(OLD_TEST_TABLE_NAME, auths);
        for (Map.Entry entry : createScanner) {
            System.out.println("Scanner row: " + entry.getKey() + " " + entry.getValue());
        }
        createScanner.close();
        BatchScanner<Map.Entry> createBatchScanner = this.auditConnector.createBatchScanner(OLD_TEST_TABLE_NAME, auths, 1);
        createBatchScanner.fetchColumn(new Text("cf1"), new Text("cq1"));
        createBatchScanner.setRanges(Arrays.asList(new Range("myRow", "myRow~")));
        for (Map.Entry entry2 : createBatchScanner) {
            System.out.println("BatchScanner row: " + entry2.getKey() + " " + entry2.getValue());
        }
        createBatchScanner.close();
        this.auditConnector.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"));
        ArrayList<String> auditMessages = getAuditMessages("testDataOperationsAudits");
        Assert.assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: apples").size());
        Assert.assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: apples").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: deleteData; targetTable: %s; startRange: %s; endRange: %s;", OLD_TEST_TABLE_NAME, "myRow", "myRow~")).size());
    }

    @Test
    public void testDeniedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException, InterruptedException {
        this.conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.conn.tableOperations().create(OLD_TEST_TABLE_NAME);
        this.auditConnector = getCluster().getConnector(AUDIT_USER_1, new PasswordToken(PASSWORD));
        try {
            this.auditConnector.tableOperations().create(NEW_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e) {
        }
        try {
            this.auditConnector.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e2) {
        }
        try {
            this.auditConnector.tableOperations().clone(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME, false, Collections.emptyMap(), Collections.emptySet());
        } catch (AccumuloSecurityException e3) {
        }
        try {
            this.auditConnector.tableOperations().delete(OLD_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e4) {
        }
        try {
            this.auditConnector.tableOperations().offline(OLD_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e5) {
        }
        try {
            ((Map.Entry) this.auditConnector.createScanner(OLD_TEST_TABLE_NAME, auths).iterator().next()).getKey();
        } catch (RuntimeException e6) {
        }
        try {
            this.auditConnector.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"));
        } catch (AccumuloSecurityException e7) {
        }
        try {
            this.auditConnector.tableOperations().flush(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"), false);
        } catch (AccumuloSecurityException e8) {
        }
        ArrayList<String> auditMessages = getAuditMessages("testDeniedAudits");
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: createTable; targetTable: %s;", NEW_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: renameTable; targetTable: %s; newTableName: %s;", OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: cloneTable; targetTable: %s; newTableName: %s", OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: deleteTable; targetTable: %s;", OLD_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: %s; targetTable: %s;", "offlineTable", OLD_TEST_TABLE_NAME)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*action: scan; targetTable: apples").size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: deleteData; targetTable: %s; startRange: %s; endRange: %s;", OLD_TEST_TABLE_NAME, "myRow", "myRow~")).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: flushTable; targetTable: %s; targetNamespace: %s;", "1", "\\+default")).size());
    }

    @Test
    public void testFailedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException, InterruptedException {
        try {
            this.conn.securityOperations().dropLocalUser(AUDIT_USER_2);
        } catch (AccumuloSecurityException e) {
        }
        try {
            this.conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
        } catch (AccumuloSecurityException e2) {
        }
        try {
            this.conn.securityOperations().createLocalUser("root", new PasswordToken("super secret"));
        } catch (AccumuloSecurityException e3) {
        }
        ArrayList<String> auditMessages = getAuditMessages("testFailedAudits");
        Assert.assertEquals(2L, findAuditMessage(auditMessages, String.format("action: dropUser; targetUser: %s;", AUDIT_USER_2)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: revokeSystemPermission; permission: %s; targetUser: %s;", SystemPermission.ALTER_TABLE, AUDIT_USER_2)).size());
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: createUser; targetUser: %s; Authorizations: %s;", "root", "")).size());
    }
}
