package org.apache.hadoop.hbase.security.visibility;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.MediumTests;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Append;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;

@Category({MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.class */
public class TestVisibilityWithCheckAuths {
    private static final String TOPSECRET = "TOPSECRET";
    private static final String PUBLIC = "PUBLIC";
    public static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static final byte[] row1 = Bytes.toBytes("row1");
    private static final byte[] fam = Bytes.toBytes("info");
    private static final byte[] qual = Bytes.toBytes("qual");
    private static final byte[] value = Bytes.toBytes("value");
    public static Configuration conf;

    @Rule
    public final TestName TEST_NAME = new TestName();
    public static User SUPERUSER;
    public static User USER;

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        conf.setBoolean("hbase.master.distributed.log.replay", false);
        VisibilityTestUtil.enableVisiblityLabels(conf);
        conf.setBoolean("hbase.security.visibility.mutations.checkauths", true);
        conf.setClass("hbase.regionserver.scan.visibility.label.generator.class", SimpleScanLabelGenerator.class, ScanLabelGenerator.class);
        conf.set("hbase.superuser", "admin");
        TEST_UTIL.startMiniCluster(2);
        SUPERUSER = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
        USER = User.createUserForTesting(conf, "user", new String[0]);
        TEST_UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000L);
        addLabels();
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    public static void addLabels() throws Exception {
        SUPERUSER.runAs(new PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.VisibilityLabelsResponse run() throws Exception {
                try {
                    VisibilityClient.addLabels(TestVisibilityWithCheckAuths.conf, new String[]{TestVisibilityWithCheckAuths.TOPSECRET});
                    return null;
                } catch (Throwable th) {
                    throw new IOException(th);
                }
            }
        });
    }

    @Test
    public void testVerifyAccessDeniedForInvalidUserAuths() throws Exception {
        SUPERUSER.runAs(new PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.VisibilityLabelsResponse run() throws Exception {
                try {
                    return VisibilityClient.setAuths(TestVisibilityWithCheckAuths.conf, new String[]{TestVisibilityWithCheckAuths.TOPSECRET}, TestVisibilityWithCheckAuths.USER.getShortName());
                } catch (Throwable th) {
                    return null;
                }
            }
        });
        final TableName valueOf = TableName.valueOf(this.TEST_NAME.getMethodName());
        HBaseAdmin hBaseAdmin = TEST_UTIL.getHBaseAdmin();
        HColumnDescriptor hColumnDescriptor = new HColumnDescriptor(fam);
        hColumnDescriptor.setMaxVersions(5);
        HTableDescriptor hTableDescriptor = new HTableDescriptor(valueOf);
        hTableDescriptor.addFamily(hColumnDescriptor);
        hBaseAdmin.createTable(hTableDescriptor);
        try {
            TEST_UTIL.getHBaseAdmin().flush(valueOf);
            USER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Table table = null;
                    try {
                        try {
                            table = new HTable(TestVisibilityWithCheckAuths.conf, valueOf);
                            Put put = new Put(TestVisibilityWithCheckAuths.row1);
                            put.setCellVisibility(new CellVisibility("PUBLIC&TOPSECRET"));
                            put.add(TestVisibilityWithCheckAuths.fam, TestVisibilityWithCheckAuths.qual, 125L, TestVisibilityWithCheckAuths.value);
                            table.put(put);
                            Assert.fail("Testcase should fail with AccesDeniedException");
                            table.close();
                            return null;
                        } catch (Throwable th) {
                            Assert.assertTrue(th.getMessage().contains("AccessDeniedException"));
                            table.close();
                            return null;
                        }
                    } catch (Throwable th2) {
                        table.close();
                        throw th2;
                    }
                }
            });
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    @Test
    public void testLabelsWithAppend() throws Throwable {
        SUPERUSER.runAs(new PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.VisibilityLabelsResponse run() throws Exception {
                try {
                    return VisibilityClient.setAuths(TestVisibilityWithCheckAuths.conf, new String[]{TestVisibilityWithCheckAuths.TOPSECRET}, TestVisibilityWithCheckAuths.USER.getShortName());
                } catch (Throwable th) {
                    return null;
                }
            }
        });
        final TableName valueOf = TableName.valueOf(this.TEST_NAME.getMethodName());
        Table table = null;
        try {
            table = TEST_UTIL.createTable(valueOf, fam);
            final byte[] bytes = Bytes.toBytes("row1");
            final byte[] bytes2 = Bytes.toBytes("a");
            USER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Table table2 = null;
                    try {
                        table2 = new HTable(TestVisibilityWithCheckAuths.conf, valueOf);
                        Put put = new Put(bytes);
                        put.add(TestVisibilityWithCheckAuths.fam, TestVisibilityWithCheckAuths.qual, Long.MAX_VALUE, bytes2);
                        put.setCellVisibility(new CellVisibility(TestVisibilityWithCheckAuths.TOPSECRET));
                        table2.put(put);
                        table2.close();
                        return null;
                    } catch (Throwable th) {
                        table2.close();
                        throw th;
                    }
                }
            });
            USER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Table table2 = null;
                    try {
                        table2 = new HTable(TestVisibilityWithCheckAuths.conf, valueOf);
                        Append append = new Append(bytes);
                        append.add(TestVisibilityWithCheckAuths.fam, TestVisibilityWithCheckAuths.qual, Bytes.toBytes("b"));
                        table2.append(append);
                        table2.close();
                        return null;
                    } catch (Throwable th) {
                        table2.close();
                        throw th;
                    }
                }
            });
            USER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Table table2 = null;
                    try {
                        try {
                            table2 = new HTable(TestVisibilityWithCheckAuths.conf, valueOf);
                            Append append = new Append(bytes);
                            append.add(TestVisibilityWithCheckAuths.fam, TestVisibilityWithCheckAuths.qual, Bytes.toBytes("c"));
                            append.setCellVisibility(new CellVisibility(TestVisibilityWithCheckAuths.PUBLIC));
                            table2.append(append);
                            Assert.fail("Testcase should fail with AccesDeniedException");
                            table2.close();
                            return null;
                        } catch (Throwable th) {
                            Assert.assertTrue(th.getMessage().contains("AccessDeniedException"));
                            table2.close();
                            return null;
                        }
                    } catch (Throwable th2) {
                        table2.close();
                        throw th2;
                    }
                }
            });
            if (table != null) {
                table.close();
            }
        } catch (Throwable th) {
            if (table != null) {
                table.close();
            }
            throw th;
        }
    }
}
