package org.apache.hadoop.hbase.security.access;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.CoprocessorEnvironment;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
import org.apache.hadoop.hbase.coprocessor.SingletonCoprocessorService;
import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProtos;
import org.apache.hadoop.hbase.ipc.protobuf.generated.TestRpcServiceProtos;
import org.apache.hadoop.hbase.procedure.flush.MasterFlushTableProcedureManager;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.Service;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.ServiceException;
import org.apache.hadoop.hbase.shaded.org.junit.Assert;
import org.apache.hadoop.hbase.shaded.org.junit.BeforeClass;
import org.apache.hadoop.hbase.shaded.org.junit.Test;
import org.apache.hadoop.hbase.shaded.org.junit.experimental.categories.Category;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.mockito.Mockito;

@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestAdminOnlyOperations.class */
public class TestAdminOnlyOperations {
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static Configuration conf;
    private static User USER_ADMIN;
    private static User USER_NON_ADMIN;
    private static final String GROUP_ADMIN = "admin_group";
    private static User USER_GROUP_ADMIN;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestAdminOnlyOperations$Action.class */
    public interface Action {
        void run(Admin admin) throws Exception;
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestAdminOnlyOperations$DummyCpService.class */
    public static class DummyCpService implements Coprocessor, CoprocessorService, SingletonCoprocessorService {
        @Override // org.apache.hadoop.hbase.Coprocessor
        public void start(CoprocessorEnvironment coprocessorEnvironment) {
        }

        @Override // org.apache.hadoop.hbase.Coprocessor
        public void stop(CoprocessorEnvironment coprocessorEnvironment) {
        }

        @Override // org.apache.hadoop.hbase.coprocessor.CoprocessorService
        public Service getService() {
            return (Service) Mockito.mock(TestRpcServiceProtos.TestProtobufRpcProto.class);
        }
    }

    private static void enableSecurity(Configuration configuration) throws IOException {
        configuration.set("hadoop.security.authorization", "false");
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "simple");
        configuration.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName() + "," + DummyCpService.class.getName());
        configuration.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName());
        configuration.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, AccessController.class.getName() + "," + DummyCpService.class.getName());
        configuration.set(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, "true");
        SecureTestUtil.configureSuperuser(configuration);
    }

    @BeforeClass
    public static void setup() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        enableSecurity(conf);
        TEST_UTIL.startMiniCluster();
        TEST_UTIL.waitUntilAllRegionsAssigned(AccessControlLists.ACL_TABLE_NAME);
        USER_ADMIN = User.createUserForTesting(conf, "admin", new String[0]);
        USER_NON_ADMIN = User.createUserForTesting(conf, "non_admin", new String[0]);
        USER_GROUP_ADMIN = User.createUserForTesting(conf, "user_group_admin", new String[]{GROUP_ADMIN});
        SecureTestUtil.grantGlobal(TEST_UTIL, USER_ADMIN.getShortName(), Permission.Action.ADMIN);
        SecureTestUtil.grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN);
    }

    private void verifyAllowed(User user, final Action action) throws Exception {
        user.runAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    Connection createConnection = ConnectionFactory.createConnection(TestAdminOnlyOperations.conf);
                    Throwable th = null;
                    try {
                        Admin admin = createConnection.getAdmin();
                        Throwable th2 = null;
                        try {
                            try {
                                action.run(admin);
                                if (admin != null) {
                                    if (0 != 0) {
                                        try {
                                            admin.close();
                                        } catch (Throwable th3) {
                                            th2.addSuppressed(th3);
                                        }
                                    } else {
                                        admin.close();
                                    }
                                }
                                if (createConnection != null) {
                                    if (0 != 0) {
                                        try {
                                            createConnection.close();
                                        } catch (Throwable th4) {
                                            th.addSuppressed(th4);
                                        }
                                    } else {
                                        createConnection.close();
                                    }
                                }
                                return null;
                            } catch (Throwable th5) {
                                th2 = th5;
                                throw th5;
                            }
                        } catch (Throwable th6) {
                            if (admin != null) {
                                if (th2 != null) {
                                    try {
                                        admin.close();
                                    } catch (Throwable th7) {
                                        th2.addSuppressed(th7);
                                    }
                                } else {
                                    admin.close();
                                }
                            }
                            throw th6;
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    Assert.fail(e.toString());
                    return null;
                }
            }
        });
    }

    private void verifyDenied(User user, final Action action) throws Exception {
        user.runAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.2
            /* JADX WARN: Failed to calculate best type for var: r5v0 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Failed to calculate best type for var: r6v0 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
             */
            /* JADX WARN: Not initialized variable reg: 5, insn: 0x00af: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r5 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:55:0x00af */
            /* JADX WARN: Not initialized variable reg: 6, insn: 0x00b3: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r6 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:57:0x00b3 */
            /* JADX WARN: Type inference failed for: r5v0, types: [org.apache.hadoop.hbase.client.Connection] */
            /* JADX WARN: Type inference failed for: r6v0, types: [java.lang.Throwable] */
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection;
                Throwable th;
                Admin admin;
                Throwable th2;
                boolean z = false;
                try {
                    try {
                        createConnection = ConnectionFactory.createConnection(TestAdminOnlyOperations.conf);
                        th = null;
                        admin = createConnection.getAdmin();
                        th2 = null;
                    } catch (AccessDeniedException e) {
                        z = true;
                    }
                    try {
                        try {
                            action.run(admin);
                            if (admin != null) {
                                if (0 != 0) {
                                    try {
                                        admin.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    admin.close();
                                }
                            }
                            if (createConnection != null) {
                                if (0 != 0) {
                                    try {
                                        createConnection.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    createConnection.close();
                                }
                            }
                            Assert.assertTrue("Expected access to be denied", z);
                            return null;
                        } finally {
                        }
                    } catch (Throwable th5) {
                        if (admin != null) {
                            if (th2 != null) {
                                try {
                                    admin.close();
                                } catch (Throwable th6) {
                                    th2.addSuppressed(th6);
                                }
                            } else {
                                admin.close();
                            }
                        }
                        throw th5;
                    }
                } finally {
                }
            }
        });
    }

    private void verifiedDeniedServiceException(User user, final Action action) throws Exception {
        user.runAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.3
            /* JADX WARN: Failed to calculate best type for var: r5v0 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Failed to calculate best type for var: r6v0 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
             */
            /* JADX WARN: Not initialized variable reg: 5, insn: 0x00af: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r5 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:57:0x00af */
            /* JADX WARN: Not initialized variable reg: 6, insn: 0x00b3: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r6 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:59:0x00b3 */
            /* JADX WARN: Type inference failed for: r5v0, types: [org.apache.hadoop.hbase.client.Connection] */
            /* JADX WARN: Type inference failed for: r6v0, types: [java.lang.Throwable] */
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                boolean z = false;
                try {
                    try {
                        Connection createConnection = ConnectionFactory.createConnection(TestAdminOnlyOperations.conf);
                        Throwable th = null;
                        Admin admin = createConnection.getAdmin();
                        Throwable th2 = null;
                        try {
                            try {
                                action.run(admin);
                                if (admin != null) {
                                    if (0 != 0) {
                                        try {
                                            admin.close();
                                        } catch (Throwable th3) {
                                            th2.addSuppressed(th3);
                                        }
                                    } else {
                                        admin.close();
                                    }
                                }
                                if (createConnection != null) {
                                    if (0 != 0) {
                                        try {
                                            createConnection.close();
                                        } catch (Throwable th4) {
                                            th.addSuppressed(th4);
                                        }
                                    } else {
                                        createConnection.close();
                                    }
                                }
                            } finally {
                            }
                        } catch (Throwable th5) {
                            if (admin != null) {
                                if (th2 != null) {
                                    try {
                                        admin.close();
                                    } catch (Throwable th6) {
                                        th2.addSuppressed(th6);
                                    }
                                } else {
                                    admin.close();
                                }
                            }
                            throw th5;
                        }
                    } finally {
                    }
                } catch (ServiceException e) {
                    if (e.getCause() instanceof AccessDeniedException) {
                        z = true;
                    }
                }
                Assert.assertTrue("Expected access to be denied", z);
                return null;
            }
        });
    }

    private void verifyAdminCheckForAction(Action action) throws Exception {
        verifyAllowed(USER_ADMIN, action);
        verifyAllowed(USER_GROUP_ADMIN, action);
        verifyDenied(USER_NON_ADMIN, action);
    }

    @Test
    public void testEnableCatalogJanitor() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.4
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.enableCatalogJanitor(true);
            }
        });
    }

    @Test
    public void testRunCatalogScan() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.5
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.runCatalogScan();
            }
        });
    }

    @Test
    public void testRunCleanerChore() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.6
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.runCleanerChore();
            }
        });
    }

    @Test
    public void testSetCleanerChoreRunning() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.7
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.setCleanerChoreRunning(true);
            }
        });
    }

    @Test
    public void testExecProcedure() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.8
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.execProcedure(MasterFlushTableProcedureManager.FLUSH_TABLE_PROCEDURE_SIGNATURE, TableName.META_TABLE_NAME.getNameAsString(), new HashMap());
            }
        });
    }

    @Test
    public void testExecService() throws Exception {
        Action action = new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.9
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                TestRpcServiceProtos.TestProtobufRpcProto.newBlockingStub(admin.coprocessorService()).ping(null, TestProtos.EmptyRequestProto.getDefaultInstance());
            }
        };
        verifyAllowed(USER_ADMIN, action);
        verifyAllowed(USER_GROUP_ADMIN, action);
        verifiedDeniedServiceException(USER_NON_ADMIN, action);
    }

    @Test
    public void testExecProcedureWithRet() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.10
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.execProcedureWithRet(MasterFlushTableProcedureManager.FLUSH_TABLE_PROCEDURE_SIGNATURE, TableName.META_TABLE_NAME.getNameAsString(), new HashMap());
            }
        });
    }

    @Test
    public void testNormalize() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.11
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.normalize();
            }
        });
    }

    @Test
    public void testSetNormalizerRunning() throws Exception {
        verifyAdminCheckForAction(new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.12
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                admin.setNormalizerRunning(true);
            }
        });
    }

    @Test
    public void testExecRegionServerService() throws Exception {
        Action action = new Action() { // from class: org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.13
            @Override // org.apache.hadoop.hbase.security.access.TestAdminOnlyOperations.Action
            public void run(Admin admin) throws Exception {
                TestRpcServiceProtos.TestProtobufRpcProto.newBlockingStub(admin.coprocessorService(TestAdminOnlyOperations.TEST_UTIL.getHBaseCluster().getRegionServer(0).getServerName())).ping(null, TestProtos.EmptyRequestProto.getDefaultInstance());
            }
        };
        verifyAllowed(USER_ADMIN, action);
        verifyAllowed(USER_GROUP_ADMIN, action);
        verifiedDeniedServiceException(USER_NON_ADMIN, action);
    }
}
