package org.apache.hadoop.hbase.security.access;

import com.google.protobuf.RpcController;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.RegionInfo;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.ObserverContextImpl;
import org.apache.hadoop.hbase.ipc.NettyRpcClientConfigHelper;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
import org.apache.hadoop.hbase.quotas.SpaceQuotaHelperForTests;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.JVMClusterUtil;
import org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestNamespaceCommands.class */
public class TestNamespaceCommands extends SecureTestUtil {
    private static Configuration conf;
    private static MasterCoprocessorEnvironment CP_ENV;
    private static AccessController ACCESS_CONTROLLER;
    private static User SUPERUSER;
    private static User USER_GLOBAL_ADMIN;
    private static User USER_GLOBAL_CREATE;
    private static User USER_GLOBAL_WRITE;
    private static User USER_GLOBAL_READ;
    private static User USER_GLOBAL_EXEC;
    private static User USER_NS_ADMIN;
    private static User USER_NS_CREATE;
    private static User USER_NS_WRITE;
    private static User USER_NS_READ;
    private static User USER_NS_EXEC;
    private static User USER_TABLE_WRITE;
    private static User USER_TABLE_CREATE;
    private static final String GROUP_ADMIN = "group_admin";
    private static final String GROUP_NS_ADMIN = "group_ns_admin";
    private static final String GROUP_CREATE = "group_create";
    private static final String GROUP_READ = "group_read";
    private static final String GROUP_WRITE = "group_write";
    private static User USER_GROUP_ADMIN;
    private static User USER_GROUP_NS_ADMIN;
    private static User USER_GROUP_CREATE;
    private static User USER_GROUP_READ;
    private static User USER_GROUP_WRITE;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestNamespaceCommands.class);
    private static HBaseTestingUtility UTIL = new HBaseTestingUtility();
    private static final Logger LOG = LoggerFactory.getLogger(TestNamespaceCommands.class);
    private static String TEST_NAMESPACE = "ns1";
    private static String TEST_NAMESPACE2 = "ns2";
    private static String TEST_TABLE = TEST_NAMESPACE + ":testtable";
    private static byte[] TEST_FAMILY = Bytes.toBytes(SpaceQuotaHelperForTests.F1);

    @BeforeClass
    public static void beforeClass() throws Exception {
        conf = UTIL.getConfiguration();
        enableSecurity(conf);
        SUPERUSER = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
        USER_GLOBAL_ADMIN = User.createUserForTesting(conf, "global_admin", new String[0]);
        USER_GLOBAL_CREATE = User.createUserForTesting(conf, "global_create", new String[0]);
        USER_GLOBAL_WRITE = User.createUserForTesting(conf, "global_write", new String[0]);
        USER_GLOBAL_READ = User.createUserForTesting(conf, "global_read", new String[0]);
        USER_GLOBAL_EXEC = User.createUserForTesting(conf, "global_exec", new String[0]);
        USER_NS_ADMIN = User.createUserForTesting(conf, "namespace_admin", new String[0]);
        USER_NS_CREATE = User.createUserForTesting(conf, "namespace_create", new String[0]);
        USER_NS_WRITE = User.createUserForTesting(conf, "namespace_write", new String[0]);
        USER_NS_READ = User.createUserForTesting(conf, "namespace_read", new String[0]);
        USER_NS_EXEC = User.createUserForTesting(conf, "namespace_exec", new String[0]);
        USER_TABLE_CREATE = User.createUserForTesting(conf, "table_create", new String[0]);
        USER_TABLE_WRITE = User.createUserForTesting(conf, "table_write", new String[0]);
        USER_GROUP_ADMIN = User.createUserForTesting(conf, "user_group_admin", new String[]{GROUP_ADMIN});
        USER_GROUP_NS_ADMIN = User.createUserForTesting(conf, "user_group_ns_admin", new String[]{GROUP_NS_ADMIN});
        USER_GROUP_CREATE = User.createUserForTesting(conf, "user_group_create", new String[]{GROUP_CREATE});
        USER_GROUP_READ = User.createUserForTesting(conf, "user_group_read", new String[]{GROUP_READ});
        USER_GROUP_WRITE = User.createUserForTesting(conf, "user_group_write", new String[]{GROUP_WRITE});
        UTIL.getConfiguration().setInt("hbase.client.retries.number", 2);
        UTIL.startMiniCluster();
        UTIL.waitTableAvailable(PermissionStorage.ACL_TABLE_NAME.getName(), 30000L);
        Iterator<JVMClusterUtil.RegionServerThread> it = UTIL.getMiniHBaseCluster().getLiveRegionServerThreads().iterator();
        while (it.hasNext()) {
            ACCESS_CONTROLLER = it.next().getRegionServer().getRegionServerCoprocessorHost().findCoprocessor(AccessController.class);
            if (ACCESS_CONTROLLER != null) {
                break;
            }
        }
        if (ACCESS_CONTROLLER == null) {
            throw new NullPointerException();
        }
        UTIL.getAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE).build());
        UTIL.getAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE2).build());
        grantGlobal(UTIL, USER_GLOBAL_ADMIN.getShortName(), Permission.Action.ADMIN);
        grantGlobal(UTIL, USER_GLOBAL_CREATE.getShortName(), Permission.Action.CREATE);
        grantGlobal(UTIL, USER_GLOBAL_WRITE.getShortName(), Permission.Action.WRITE);
        grantGlobal(UTIL, USER_GLOBAL_READ.getShortName(), Permission.Action.READ);
        grantGlobal(UTIL, USER_GLOBAL_EXEC.getShortName(), Permission.Action.EXEC);
        grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE, Permission.Action.ADMIN);
        grantOnNamespace(UTIL, USER_NS_CREATE.getShortName(), TEST_NAMESPACE, Permission.Action.CREATE);
        grantOnNamespace(UTIL, USER_NS_WRITE.getShortName(), TEST_NAMESPACE, Permission.Action.WRITE);
        grantOnNamespace(UTIL, USER_NS_READ.getShortName(), TEST_NAMESPACE, Permission.Action.READ);
        grantOnNamespace(UTIL, USER_NS_EXEC.getShortName(), TEST_NAMESPACE, Permission.Action.EXEC);
        grantOnNamespace(UTIL, AuthUtil.toGroupEntry(GROUP_NS_ADMIN), TEST_NAMESPACE, Permission.Action.ADMIN);
        grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE2, Permission.Action.ADMIN);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_CREATE), Permission.Action.CREATE);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_READ), Permission.Action.READ);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_WRITE), Permission.Action.WRITE);
    }

    @AfterClass
    public static void afterClass() throws Exception {
        UTIL.getAdmin().deleteNamespace(TEST_NAMESPACE);
        UTIL.getAdmin().deleteNamespace(TEST_NAMESPACE2);
        UTIL.shutdownMiniCluster();
    }

    @Test
    public void testAclTableEntries() throws Exception {
        Table table = UTIL.getConnection().getTable(PermissionStorage.ACL_TABLE_NAME);
        try {
            Iterator it = PermissionStorage.getNamespacePermissions(conf, TEST_NAMESPACE).entries().iterator();
            while (it.hasNext()) {
                LOG.debug(Objects.toString((Map.Entry) it.next()));
            }
            Assert.assertEquals(6L, r0.size());
            grantOnNamespace(UTIL, "userTestNsp", TEST_NAMESPACE, Permission.Action.WRITE);
            Assert.assertTrue(table.get(new Get(Bytes.toBytes("userTestNsp"))) != null);
            ListMultimap namespacePermissions = PermissionStorage.getNamespacePermissions(conf, TEST_NAMESPACE);
            Assert.assertEquals(7L, namespacePermissions.size());
            List list = namespacePermissions.get("userTestNsp");
            Assert.assertTrue(namespacePermissions.containsKey("userTestNsp"));
            Assert.assertEquals(1L, list.size());
            Assert.assertEquals(TEST_NAMESPACE, ((UserPermission) list.get(0)).getPermission().getNamespace());
            Assert.assertEquals(1L, ((UserPermission) list.get(0)).getPermission().getActions().length);
            Assert.assertEquals(Permission.Action.WRITE, ((UserPermission) list.get(0)).getPermission().getActions()[0]);
            revokeFromNamespace(UTIL, "userTestNsp", TEST_NAMESPACE, Permission.Action.WRITE);
            Assert.assertEquals(6L, PermissionStorage.getNamespacePermissions(conf, TEST_NAMESPACE).size());
            table.close();
        } catch (Throwable th) {
            table.close();
            throw th;
        }
    }

    @Test
    public void testModifyNamespace() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preModifyNamespace(ObserverContextImpl.createAndPrepare(TestNamespaceCommands.CP_ENV), NamespaceDescriptor.create(TestNamespaceCommands.TEST_NAMESPACE).addConfiguration("abc", "156").build());
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testCreateAndDeleteNamespace() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preCreateNamespace(ObserverContextImpl.createAndPrepare(TestNamespaceCommands.CP_ENV), NamespaceDescriptor.create(TestNamespaceCommands.TEST_NAMESPACE2).build());
                return null;
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction2 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preDeleteNamespace(ObserverContextImpl.createAndPrepare(TestNamespaceCommands.CP_ENV), TestNamespaceCommands.TEST_NAMESPACE2);
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction2, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction2, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testGetNamespaceDescriptor() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContextImpl.createAndPrepare(TestNamespaceCommands.CP_ENV), TestNamespaceCommands.TEST_NAMESPACE);
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testListNamespaces() throws Exception {
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.UTIL.getConfiguration());
                Admin admin = createConnection.getAdmin();
                try {
                    List asList = Arrays.asList(admin.listNamespaceDescriptors());
                    admin.close();
                    createConnection.close();
                    return asList;
                } catch (Throwable th) {
                    admin.close();
                    createConnection.close();
                    throw th;
                }
            }
        }, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
        Assert.assertEquals(4L, ((List) SUPERUSER.runAs(r0)).size());
        Assert.assertEquals(4L, ((List) USER_GLOBAL_ADMIN.runAs(r0)).size());
        Assert.assertEquals(4L, ((List) USER_GROUP_ADMIN.runAs(r0)).size());
        Assert.assertEquals(2L, ((List) USER_NS_ADMIN.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_WRITE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_READ.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_EXEC.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_WRITE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_READ.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_EXEC.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_TABLE_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_TABLE_WRITE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GROUP_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GROUP_READ.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GROUP_WRITE.runAs(r0)).size());
    }

    @Test
    public void testGrantRevoke() throws Exception {
        NettyRpcClientConfigHelper.createEventLoopPerClient(conf);
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.6
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    createConnection.getAdmin().grant(new UserPermission("testUser", Permission.newBuilder(TestNamespaceCommands.TEST_NAMESPACE).withActions(new Permission.Action[]{Permission.Action.WRITE}).build()), false);
                    if (createConnection == null) {
                        return null;
                    }
                    if (0 == 0) {
                        createConnection.close();
                        return null;
                    }
                    try {
                        createConnection.close();
                        return null;
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                        return null;
                    }
                } catch (Throwable th3) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th3;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction2 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.7
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    createConnection.getAdmin().grant(new UserPermission(TestNamespaceCommands.USER_GROUP_NS_ADMIN.getShortName(), Permission.newBuilder(TestNamespaceCommands.TEST_NAMESPACE).withActions(new Permission.Action[]{Permission.Action.READ}).build()), false);
                    if (createConnection == null) {
                        return null;
                    }
                    if (0 == 0) {
                        createConnection.close();
                        return null;
                    }
                    try {
                        createConnection.close();
                        return null;
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                        return null;
                    }
                } catch (Throwable th3) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th3;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction3 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.8
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    createConnection.getAdmin().revoke(new UserPermission("testUser", Permission.newBuilder(TestNamespaceCommands.TEST_NAMESPACE).withActions(new Permission.Action[]{Permission.Action.WRITE}).build()));
                    if (createConnection == null) {
                        return null;
                    }
                    if (0 == 0) {
                        createConnection.close();
                        return null;
                    }
                    try {
                        createConnection.close();
                        return null;
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                        return null;
                    }
                } catch (Throwable th3) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th3;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction4 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.9
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    try {
                        createConnection.getAdmin().revoke(new UserPermission(TestNamespaceCommands.USER_GROUP_NS_ADMIN.getShortName(), Permission.newBuilder(TestNamespaceCommands.TEST_NAMESPACE).withActions(new Permission.Action[]{Permission.Action.READ}).build()));
                        if (createConnection == null) {
                            return null;
                        }
                        if (0 == 0) {
                            createConnection.close();
                            return null;
                        }
                        try {
                            createConnection.close();
                            return null;
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                            return null;
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (createConnection != null) {
                        if (th != null) {
                            try {
                                createConnection.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th4;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction5 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.10
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    createConnection.getAdmin().getUserPermissions(GetUserPermissionsRequest.newBuilder(TestNamespaceCommands.TEST_NAMESPACE).build());
                    if (createConnection == null) {
                        return null;
                    }
                    if (0 == 0) {
                        createConnection.close();
                        return null;
                    }
                    try {
                        createConnection.close();
                        return null;
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                        return null;
                    }
                } catch (Throwable th3) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th3;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction6 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.11
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preGrant(ObserverContextImpl.createAndPrepare(TestNamespaceCommands.CP_ENV), new UserPermission("testUser", Permission.newBuilder(TestNamespaceCommands.TEST_NAMESPACE).withActions(new Permission.Action[]{Permission.Action.WRITE}).build()), false);
                return null;
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction7 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.12
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preRevoke(ObserverContextImpl.createAndPrepare(TestNamespaceCommands.CP_ENV), new UserPermission("testUser", Permission.newBuilder(TestNamespaceCommands.TEST_NAMESPACE).withActions(new Permission.Action[]{Permission.Action.WRITE}).build()));
                return null;
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction8 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.13
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(PermissionStorage.ACL_TABLE_NAME);
                    Throwable th2 = null;
                    try {
                        try {
                            AccessControlUtil.grant((RpcController) null, AccessControlProtos.AccessControlService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW)), "testUser", TestNamespaceCommands.TEST_NAMESPACE, false, new Permission.Action[]{Permission.Action.WRITE});
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            if (createConnection == null) {
                                return null;
                            }
                            if (0 == 0) {
                                createConnection.close();
                                return null;
                            }
                            try {
                                createConnection.close();
                                return null;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return null;
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th8;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction9 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.14
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(PermissionStorage.ACL_TABLE_NAME);
                    Throwable th2 = null;
                    try {
                        try {
                            AccessControlUtil.revoke((RpcController) null, AccessControlProtos.AccessControlService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW)), "testUser", TestNamespaceCommands.TEST_NAMESPACE, new Permission.Action[]{Permission.Action.WRITE});
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            if (createConnection == null) {
                                return null;
                            }
                            if (0 == 0) {
                                createConnection.close();
                                return null;
                            }
                            try {
                                createConnection.close();
                                return null;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return null;
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th8;
                }
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction2, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
        verifyDenied(accessTestAction2, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction3, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction3, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction4, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
        verifyDenied(accessTestAction4, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction5, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction5, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction6, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction6, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction7, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction7, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction8, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction8, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction9, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction9, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testCreateTableWithNamespace() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.15
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HTableDescriptor hTableDescriptor = new HTableDescriptor(TableName.valueOf(TestNamespaceCommands.TEST_TABLE));
                hTableDescriptor.addFamily(new HColumnDescriptor(TestNamespaceCommands.TEST_FAMILY));
                TestNamespaceCommands.ACCESS_CONTROLLER.preCreateTable(ObserverContextImpl.createAndPrepare(TestNamespaceCommands.CP_ENV), hTableDescriptor, (RegionInfo[]) null);
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_CREATE, USER_NS_CREATE, USER_GROUP_CREATE, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE);
    }
}
