package org.apache.phoenix.end2end;

import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.util.Collections;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.access.AccessControlClient;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.phoenix.util.SchemaUtil;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({NeedsOwnMiniClusterTest.class})
/* loaded from: input_file:org/apache/phoenix/end2end/TableDDLPermissionsIT.class */
public class TableDDLPermissionsIT extends BasePermissionsIT {
    public TableDDLPermissionsIT(boolean z) throws Exception {
        super(z);
    }

    /* JADX WARN: Finally extract failed */
    private void grantSystemTableAccess() throws Exception {
        try {
            Connection connection = getConnection();
            Throwable th = null;
            try {
                if (this.isNamespaceMapped) {
                    grantPermissions(this.regularUser1.getShortName(), PHOENIX_NAMESPACE_MAPPED_SYSTEM_TABLES, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(this.unprivilegedUser.getShortName(), PHOENIX_NAMESPACE_MAPPED_SYSTEM_TABLES, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(AuthUtil.toGroupEntry("group_system_access"), PHOENIX_NAMESPACE_MAPPED_SYSTEM_TABLES, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(this.regularUser1.getShortName(), Collections.singleton("SYSTEM:SEQUENCE"), Permission.Action.WRITE, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(this.unprivilegedUser.getShortName(), Collections.singleton("SYSTEM:SEQUENCE"), Permission.Action.WRITE, Permission.Action.READ, Permission.Action.EXEC);
                } else {
                    grantPermissions(this.regularUser1.getShortName(), PHOENIX_SYSTEM_TABLES, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(this.unprivilegedUser.getShortName(), PHOENIX_SYSTEM_TABLES, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(AuthUtil.toGroupEntry("group_system_access"), PHOENIX_SYSTEM_TABLES, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(this.regularUser1.getShortName(), Collections.singleton("SYSTEM.SEQUENCE"), Permission.Action.WRITE, Permission.Action.READ, Permission.Action.EXEC);
                    grantPermissions(this.unprivilegedUser.getShortName(), Collections.singleton("SYSTEM:SEQUENCE"), Permission.Action.WRITE, Permission.Action.READ, Permission.Action.EXEC);
                }
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } catch (Throwable th3) {
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        connection.close();
                    }
                }
                throw th3;
            }
        } catch (Throwable th5) {
            if (!(th5 instanceof Exception)) {
                throw new Exception(th5);
            }
            throw ((Exception) th5);
        }
    }

    @Test
    public void testSchemaPermissions() throws Throwable {
        if (this.isNamespaceMapped) {
            try {
                startNewMiniCluster();
                grantSystemTableAccess();
                this.superUser1.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.phoenix.end2end.TableDDLPermissionsIT.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Void run() throws Exception {
                        try {
                            AccessControlClient.grant(BasePermissionsIT.getUtility().getConnection(), TableDDLPermissionsIT.this.regularUser1.getShortName(), new Permission.Action[]{Permission.Action.ADMIN});
                            return null;
                        } catch (Throwable th) {
                            if (th instanceof Exception) {
                                throw ((Exception) th);
                            }
                            throw new Exception(th);
                        }
                    }
                });
                verifyAllowed(createSchema("TEST_SCHEMA_PERMISSION"), this.regularUser1);
                verifyDenied(dropSchema("TEST_SCHEMA_PERMISSION"), AccessDeniedException.class, this.unprivilegedUser);
                verifyDenied(createSchema("TEST_SCHEMA_PERMISSION"), AccessDeniedException.class, this.unprivilegedUser);
                verifyAllowed(dropSchema("TEST_SCHEMA_PERMISSION"), this.regularUser1);
            } finally {
                revokeAll();
            }
        }
    }

    @Test
    public void testAutomaticGrantWithIndexAndView() throws Throwable {
        startNewMiniCluster();
        grantSystemTableAccess();
        try {
            this.superUser1.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.phoenix.end2end.TableDDLPermissionsIT.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    try {
                        TableDDLPermissionsIT.this.verifyAllowed(TableDDLPermissionsIT.this.createSchema("TEST_INDEX_VIEW"), TableDDLPermissionsIT.this.superUser1);
                        if (TableDDLPermissionsIT.this.isNamespaceMapped) {
                            TableDDLPermissionsIT.this.grantPermissions(TableDDLPermissionsIT.this.regularUser1.getShortName(), "TEST_INDEX_VIEW", Permission.Action.CREATE);
                            TableDDLPermissionsIT.this.grantPermissions(AuthUtil.toGroupEntry("group_system_access"), "TEST_INDEX_VIEW", Permission.Action.CREATE);
                        } else {
                            TableDDLPermissionsIT.this.grantPermissions(TableDDLPermissionsIT.this.regularUser1.getShortName(), NamespaceDescriptor.DEFAULT_NAMESPACE.getName(), Permission.Action.CREATE);
                            TableDDLPermissionsIT.this.grantPermissions(AuthUtil.toGroupEntry("group_system_access"), NamespaceDescriptor.DEFAULT_NAMESPACE.getName(), Permission.Action.CREATE);
                        }
                        return null;
                    } catch (Throwable th) {
                        if (th instanceof Exception) {
                            throw ((Exception) th);
                        }
                        throw new Exception(th);
                    }
                }
            });
            verifyAllowed(createTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(createIndex("TABLE_DDL_PERMISSION_IT_IDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(createView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(createLocalIndex("TABLE_DDL_PERMISSION_IT_LIDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(createIndex("TABLE_DDL_PERMISSION_IT_VIDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), this.regularUser1);
            verifyAllowed(createIndex("TABLE_DDL_PERMISSION_IT_VIDX2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), this.regularUser1);
            verifyAllowed(createView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V4", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), this.regularUser1);
            verifyAllowed(readTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyDenied(createIndex("TABLE_DDL_PERMISSION_IT_IDX2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(createView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(createView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V3", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(dropView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(dropIndex("TABLE_DDL_PERMISSION_IT_IDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(dropTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(rebuildIndex("TABLE_DDL_PERMISSION_IT_IDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(addColumn("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "val1"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(dropColumn("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "val"), AccessDeniedException.class, this.unprivilegedUser);
            verifyDenied(addProperties("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "GUIDE_POSTS_WIDTH", "100"), AccessDeniedException.class, this.unprivilegedUser);
            grantPermissions(this.unprivilegedUser.getShortName(), Collections.singleton(SchemaUtil.getPhysicalHBaseTableName("TEST_INDEX_VIEW", "TABLE_DDL_PERMISSION_IT", this.isNamespaceMapped).getString()), Permission.Action.READ, Permission.Action.EXEC);
            grantPermissions(AuthUtil.toGroupEntry("group_system_access"), Collections.singleton(SchemaUtil.getPhysicalHBaseTableName("TEST_INDEX_VIEW", "TABLE_DDL_PERMISSION_IT", this.isNamespaceMapped).getString()), Permission.Action.READ, Permission.Action.EXEC);
            verifyDenied(createIndex("TABLE_DDL_PERMISSION_IT_IDX2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), AccessDeniedException.class, this.unprivilegedUser);
            verifyAllowed(createView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.unprivilegedUser);
            verifyAllowed(createView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V3", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), this.unprivilegedUser);
            if (this.isNamespaceMapped) {
                grantPermissions(this.unprivilegedUser.getShortName(), "TEST_INDEX_VIEW", Permission.Action.CREATE);
            } else {
                grantPermissions(this.unprivilegedUser.getShortName(), NamespaceDescriptor.DEFAULT_NAMESPACE.getName(), Permission.Action.CREATE);
            }
            verifyAllowed(createIndex("TABLE_DDL_PERMISSION_IT_IDX2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.unprivilegedUser);
            verifyAllowed(readTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "TABLE_DDL_PERMISSION_IT_IDX1"), this.unprivilegedUser);
            verifyAllowed(readTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "TABLE_DDL_PERMISSION_IT_IDX2"), this.unprivilegedUser);
            verifyAllowed(rebuildIndex("TABLE_DDL_PERMISSION_IT_IDX2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.unprivilegedUser);
            verifyAllowed(rebuildIndex("TABLE_DDL_PERMISSION_IT_IDX2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(readTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "TABLE_DDL_PERMISSION_IT_IDX2"), this.regularUser1);
            verifyAllowed(readTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(rebuildIndex("TABLE_DDL_PERMISSION_IT_IDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(addColumn("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "val1"), this.regularUser1);
            verifyAllowed(addProperties("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "GUIDE_POSTS_WIDTH", "100"), this.regularUser1);
            verifyAllowed(dropView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), this.regularUser1);
            verifyAllowed(dropView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V2"), this.regularUser1);
            verifyAllowed(dropColumn("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT", "val1"), this.regularUser1);
            verifyAllowed(dropIndex("TABLE_DDL_PERMISSION_IT_IDX2", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(dropIndex("TABLE_DDL_PERMISSION_IT_IDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(dropTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.regularUser1);
            verifyAllowed(createTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.superUser2);
            verifyAllowed(createIndex("TABLE_DDL_PERMISSION_IT_IDX1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.superUser2);
            verifyAllowed(createView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1", "TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.superUser2);
            verifyAllowed(readTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.superUser2);
            verifyAllowed(dropView("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT_V1"), this.superUser2);
            verifyAllowed(dropTable("TEST_INDEX_VIEW.TABLE_DDL_PERMISSION_IT"), this.superUser2);
            revokeAll();
        } catch (Throwable th) {
            revokeAll();
            throw th;
        }
    }
}
