package org.apache.hadoop.hbase.security.visibility;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;

@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.class */
public class TestEnforcingScanLabelGenerator {
    public static final String CONFIDENTIAL = "confidential";
    private static final String SECRET = "secret";
    public static Configuration conf;

    @Rule
    public final TestName TEST_NAME = new TestName();
    public static User SUPERUSER;
    public static User TESTUSER;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestEnforcingScanLabelGenerator.class);
    public static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static final byte[] ROW_1 = Bytes.toBytes("row1");
    private static final byte[] CF = Bytes.toBytes("f");
    private static final byte[] Q1 = Bytes.toBytes("q1");
    private static final byte[] Q2 = Bytes.toBytes("q2");
    private static final byte[] Q3 = Bytes.toBytes("q3");
    private static final byte[] value = Bytes.toBytes("value");

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        VisibilityTestUtil.enableVisiblityLabels(conf);
        conf.setStrings("hbase.regionserver.scan.visibility.label.generator.class", new String[]{DefinedSetFilterScanLabelGenerator.class.getCanonicalName() + " , " + EnforcingScanLabelGenerator.class.getCanonicalName()});
        conf.set("hbase.superuser", "admin");
        TEST_UTIL.startMiniCluster(1);
        SUPERUSER = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
        TESTUSER = User.createUserForTesting(conf, "test", new String[0]);
        TEST_UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000L);
        SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestEnforcingScanLabelGenerator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                try {
                    Connection createConnection = ConnectionFactory.createConnection(TestEnforcingScanLabelGenerator.conf);
                    try {
                        VisibilityClient.addLabels(createConnection, new String[]{"secret", "confidential"});
                        VisibilityClient.setAuths(createConnection, new String[]{"confidential"}, TestEnforcingScanLabelGenerator.TESTUSER.getShortName());
                        if (createConnection != null) {
                            createConnection.close();
                        }
                        return null;
                    } finally {
                    }
                } catch (Throwable th) {
                    throw new IOException(th);
                }
            }
        });
    }

    @Test
    public void testEnforcingScanLabelGenerator() throws Exception {
        final TableName valueOf = TableName.valueOf(this.TEST_NAME.getMethodName());
        SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestEnforcingScanLabelGenerator.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestEnforcingScanLabelGenerator.conf);
                try {
                    Table createTable = TestEnforcingScanLabelGenerator.TEST_UTIL.createTable(valueOf, TestEnforcingScanLabelGenerator.CF);
                    try {
                        Put put = new Put(TestEnforcingScanLabelGenerator.ROW_1);
                        put.addColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q1, Long.MAX_VALUE, TestEnforcingScanLabelGenerator.value);
                        put.setCellVisibility(new CellVisibility("secret"));
                        createTable.put(put);
                        Put put2 = new Put(TestEnforcingScanLabelGenerator.ROW_1);
                        put2.addColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q2, Long.MAX_VALUE, TestEnforcingScanLabelGenerator.value);
                        put2.setCellVisibility(new CellVisibility("confidential"));
                        createTable.put(put2);
                        Put put3 = new Put(TestEnforcingScanLabelGenerator.ROW_1);
                        put3.addColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q3, Long.MAX_VALUE, TestEnforcingScanLabelGenerator.value);
                        createTable.put(put3);
                        if (createTable != null) {
                            createTable.close();
                        }
                        if (createConnection != null) {
                            createConnection.close();
                        }
                        return null;
                    } finally {
                    }
                } catch (Throwable th) {
                    if (createConnection != null) {
                        try {
                            createConnection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        });
        SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestEnforcingScanLabelGenerator.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestEnforcingScanLabelGenerator.conf);
                try {
                    Table table = createConnection.getTable(valueOf);
                    try {
                        Result result = table.get(new Get(TestEnforcingScanLabelGenerator.ROW_1));
                        Assert.assertTrue("Missing authorization", result.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q1));
                        Assert.assertTrue("Missing authorization", result.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q2));
                        Assert.assertTrue("Missing authorization", result.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q3));
                        if (table != null) {
                            table.close();
                        }
                        if (createConnection != null) {
                            createConnection.close();
                        }
                        return null;
                    } finally {
                    }
                } catch (Throwable th) {
                    if (createConnection != null) {
                        try {
                            createConnection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        });
        TESTUSER.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.visibility.TestEnforcingScanLabelGenerator.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestEnforcingScanLabelGenerator.conf);
                try {
                    Table table = createConnection.getTable(valueOf);
                    try {
                        Get get = new Get(TestEnforcingScanLabelGenerator.ROW_1);
                        get.setAuthorizations(new Authorizations(new String[]{"secret", "confidential"}));
                        Result result = table.get(get);
                        Assert.assertFalse("Inappropriate authorization", result.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q1));
                        Assert.assertTrue("Missing authorization", result.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q2));
                        Assert.assertTrue("Inappropriate filtering", result.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q3));
                        Result result2 = table.get(new Get(TestEnforcingScanLabelGenerator.ROW_1));
                        Assert.assertFalse("Inappropriate authorization", result2.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q1));
                        Assert.assertTrue("Missing authorization", result2.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q2));
                        Assert.assertTrue("Inappropriate filtering", result2.containsColumn(TestEnforcingScanLabelGenerator.CF, TestEnforcingScanLabelGenerator.Q3));
                        if (table != null) {
                            table.close();
                        }
                        if (createConnection != null) {
                            createConnection.close();
                        }
                        return null;
                    } finally {
                    }
                } catch (Throwable th) {
                    if (createConnection != null) {
                        try {
                            createConnection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        });
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }
}
