package org.apache.phoenix.end2end;

import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Collections;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.phoenix.end2end.BasePermissionsIT;
import org.apache.phoenix.exception.SQLExceptionCode;
import org.apache.phoenix.hbase.index.covered.CoveredColumn;
import org.apache.phoenix.util.SchemaUtil;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({NeedsOwnMiniClusterTest.class})
/* loaded from: input_file:org/apache/phoenix/end2end/PermissionNSEnabledIT.class */
public class PermissionNSEnabledIT extends BasePermissionsIT {
    public PermissionNSEnabledIT() throws Exception {
        super(true);
    }

    @BeforeClass
    public static synchronized void doSetup() throws Exception {
        BasePermissionsIT.initCluster(true);
    }

    private BasePermissionsIT.AccessTestAction createMappedView(final String str, final String str2) throws SQLException {
        return new BasePermissionsIT.AccessTestAction() { // from class: org.apache.phoenix.end2end.PermissionNSEnabledIT.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection connection = PermissionNSEnabledIT.this.getConnection();
                Throwable th = null;
                try {
                    Statement createStatement = connection.createStatement();
                    Throwable th2 = null;
                    try {
                        try {
                            Assert.assertFalse(createStatement.execute("CREATE VIEW \"" + str + "\".\"" + str2 + "\" ( PK varchar primary key)"));
                            if (createStatement != null) {
                                if (0 != 0) {
                                    try {
                                        createStatement.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    createStatement.close();
                                }
                            }
                            if (connection == null) {
                                return null;
                            }
                            if (0 == 0) {
                                connection.close();
                                return null;
                            }
                            try {
                                connection.close();
                                return null;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return null;
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (createStatement != null) {
                            if (th2 != null) {
                                try {
                                    createStatement.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                createStatement.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            connection.close();
                        }
                    }
                    throw th8;
                }
            }
        };
    }

    @Test
    public void testCreateMappedView() throws Throwable {
        final String generateUniqueName = generateUniqueName();
        final String generateUniqueName2 = generateUniqueName();
        verifyAllowed(createSchema(generateUniqueName), superUser1);
        grantPermissions(this.regularUser1.getShortName(), generateUniqueName, Permission.Action.WRITE, Permission.Action.READ, Permission.Action.EXEC, Permission.Action.ADMIN);
        grantPermissions(this.regularUser1.getShortName(), "SYSTEM", Permission.Action.WRITE, Permission.Action.READ, Permission.Action.EXEC);
        superUser1.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.phoenix.end2end.PermissionNSEnabledIT.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Admin admin = BasePermissionsIT.testUtil.getAdmin();
                TableDescriptorBuilder newBuilder = TableDescriptorBuilder.newBuilder(TableName.valueOf(generateUniqueName + CoveredColumn.SEPARATOR + generateUniqueName2));
                newBuilder.setColumnFamily(ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes("0")).build());
                admin.createTable(newBuilder.build());
                return null;
            }
        });
        verifyAllowed(createMappedView(generateUniqueName, generateUniqueName2), this.regularUser1);
    }

    @Test
    public void testSchemaPermissions() throws Throwable {
        grantSystemTableAccess();
        String str = "S_" + generateUniqueName();
        superUser1.runAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.phoenix.end2end.PermissionNSEnabledIT.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                try {
                    PermissionNSEnabledIT.this.grantPermissions(PermissionNSEnabledIT.this.regularUser1.getShortName(), Permission.Action.ADMIN);
                    return null;
                } catch (Throwable th) {
                    if (th instanceof Exception) {
                        throw ((Exception) th);
                    }
                    throw new Exception(th);
                }
            }
        });
        verifyAllowed(createSchema(str), this.regularUser1);
        verifyDenied(dropSchema(str), AccessDeniedException.class, this.unprivilegedUser);
        verifyDenied(createSchema(str), AccessDeniedException.class, this.unprivilegedUser);
        verifyAllowed(dropSchema(str), this.regularUser1);
    }

    @Test
    public void testConnectionCreationFailsWhenNoExecPermsOnSystemCatalog() throws Throwable {
        grantSystemTableAccess();
        superUser1.runAs(() -> {
            try {
                revokePermissions(this.unprivilegedUser.getShortName(), Collections.singleton(TableName.valueOf(SchemaUtil.getPhysicalHBaseTableName("SYSTEM", "CATALOG", true).getString()).getNameAsString()), Permission.Action.EXEC);
                return null;
            } catch (Throwable th) {
                if (th instanceof Exception) {
                    throw ((Exception) th);
                }
                throw new Exception(th);
            }
        });
        this.unprivilegedUser.runAs(() -> {
            try {
                Connection connection = getConnection();
                Throwable th = null;
                try {
                    Assert.fail("Should have failed with a wrapped AccessDeniedException");
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connection.close();
                        }
                    }
                    return null;
                } finally {
                }
            } catch (Throwable th3) {
                Assert.assertTrue("Should not get an incompatible jars exception", (th3 instanceof SQLException) && ((SQLException) th3).getErrorCode() != SQLExceptionCode.INCOMPATIBLE_CLIENT_SERVER_JAR.getErrorCode());
                Assert.assertTrue("Expected a wrapped AccessDeniedException", th3.getCause() instanceof AccessDeniedException);
                return null;
            }
        });
    }

    @Test
    public void testViewCreationFailsWhenNoExecPermsOnSystemChildLink() throws Throwable {
        grantSystemTableAccess();
        final TableName valueOf = TableName.valueOf(SchemaUtil.getPhysicalHBaseTableName("SYSTEM", "CHILD_LINK", true).getString());
        final String str = "S_" + generateUniqueName();
        final String str2 = "T_" + generateUniqueName();
        String str3 = str + "." + str2;
        String str4 = "V_" + generateUniqueName();
        verifyAllowed(createSchema(str), superUser1);
        verifyAllowed(createTable(str3), superUser1);
        superUser1.runAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.phoenix.end2end.PermissionNSEnabledIT.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    PermissionNSEnabledIT.this.revokePermissions(PermissionNSEnabledIT.this.unprivilegedUser.getShortName(), Collections.singleton(valueOf.getNameAsString()), Permission.Action.EXEC);
                    PermissionNSEnabledIT.this.grantPermissions(PermissionNSEnabledIT.this.unprivilegedUser.getShortName(), Collections.singleton(SchemaUtil.getPhysicalHBaseTableName(str, str2, true).getString()), Permission.Action.READ, Permission.Action.EXEC);
                    return null;
                } catch (Throwable th) {
                    if (th instanceof Exception) {
                        throw ((Exception) th);
                    }
                    throw new Exception(th);
                }
            }
        });
        verifyDenied(createView(str4, str3), AccessDeniedException.class, this.unprivilegedUser);
        superUser1.runAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.phoenix.end2end.PermissionNSEnabledIT.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    PermissionNSEnabledIT.this.grantPermissions(PermissionNSEnabledIT.this.unprivilegedUser.getShortName(), Collections.singleton(valueOf.getNameAsString()), Permission.Action.EXEC);
                    return null;
                } catch (Throwable th) {
                    if (th instanceof Exception) {
                        throw ((Exception) th);
                    }
                    throw new Exception(th);
                }
            }
        });
        verifyAllowed(createView(str4, str3), this.unprivilegedUser);
    }
}
