package org.apache.hadoop.hbase.security.visibility;

import com.google.protobuf.ByteString;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.AccessControlLists;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;

@Category({MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.class */
public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
    private static final String PRIVATE = "private";
    private static final String CONFIDENTIAL = "confidential";
    private static final String SECRET = "secret";
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static Configuration conf;

    @Rule
    public final TestName TEST_NAME = new TestName();
    private static User SUPERUSER;
    private static User NORMAL_USER;
    private static User NORMAL_USER1;

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        VisibilityTestUtil.enableVisiblityLabels(conf);
        conf.set(AccessControlLists.SUPERUSER_CONF_KEY, "admin," + User.getCurrent().getName());
        TEST_UTIL.startMiniCluster(2);
        TEST_UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000L);
        SUPERUSER = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
        NORMAL_USER = User.createUserForTesting(conf, "user1", new String[0]);
        NORMAL_USER1 = User.createUserForTesting(conf, "user2", new String[0]);
        addLabels();
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    @Test
    public void testLabelsTableOpsWithDifferentUsers() throws Throwable {
        VisibilityLabelsProtos.VisibilityLabelsResponse visibilityLabelsResponse = (VisibilityLabelsProtos.VisibilityLabelsResponse) SUPERUSER.runAs(new PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsOpWithDifferentUsersNoACL.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.VisibilityLabelsResponse run() throws Exception {
                try {
                    return VisibilityClient.setAuths(TestVisibilityLabelsOpWithDifferentUsersNoACL.conf, new String[]{"confidential", "private"}, "user1");
                } catch (Throwable th) {
                    return null;
                }
            }
        });
        Assert.assertTrue(visibilityLabelsResponse.getResult(0).getException().getValue().isEmpty());
        Assert.assertTrue(visibilityLabelsResponse.getResult(1).getException().getValue().isEmpty());
        VisibilityLabelsProtos.VisibilityLabelsResponse visibilityLabelsResponse2 = (VisibilityLabelsProtos.VisibilityLabelsResponse) NORMAL_USER1.runAs(new PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsOpWithDifferentUsersNoACL.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.VisibilityLabelsResponse run() throws Exception {
                try {
                    return VisibilityClient.setAuths(TestVisibilityLabelsOpWithDifferentUsersNoACL.conf, new String[]{"confidential", "private"}, "user3");
                } catch (Throwable th) {
                    return null;
                }
            }
        });
        Assert.assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", visibilityLabelsResponse2.getResult(0).getException().getName());
        Assert.assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", visibilityLabelsResponse2.getResult(1).getException().getName());
        PrivilegedExceptionAction<VisibilityLabelsProtos.GetAuthsResponse> privilegedExceptionAction = new PrivilegedExceptionAction<VisibilityLabelsProtos.GetAuthsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsOpWithDifferentUsersNoACL.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.GetAuthsResponse run() throws Exception {
                try {
                    return VisibilityClient.getAuths(TestVisibilityLabelsOpWithDifferentUsersNoACL.conf, "user1");
                } catch (Throwable th) {
                    return null;
                }
            }
        };
        Assert.assertTrue(((VisibilityLabelsProtos.GetAuthsResponse) NORMAL_USER.runAs(privilegedExceptionAction)).getAuthList().isEmpty());
        Assert.assertTrue(((VisibilityLabelsProtos.GetAuthsResponse) NORMAL_USER1.runAs(privilegedExceptionAction)).getAuthList().isEmpty());
        VisibilityLabelsProtos.GetAuthsResponse getAuthsResponse = (VisibilityLabelsProtos.GetAuthsResponse) SUPERUSER.runAs(privilegedExceptionAction);
        ArrayList arrayList = new ArrayList();
        Iterator<ByteString> it = getAuthsResponse.getAuthList().iterator();
        while (it.hasNext()) {
            arrayList.add(Bytes.toString(it.next().toByteArray()));
        }
        Assert.assertEquals(2L, arrayList.size());
        Assert.assertTrue(arrayList.contains("confidential"));
        Assert.assertTrue(arrayList.contains("private"));
        PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse> privilegedExceptionAction2 = new PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsOpWithDifferentUsersNoACL.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.VisibilityLabelsResponse run() throws Exception {
                try {
                    return VisibilityClient.clearAuths(TestVisibilityLabelsOpWithDifferentUsersNoACL.conf, new String[]{"confidential", "private"}, "user1");
                } catch (Throwable th) {
                    return null;
                }
            }
        };
        VisibilityLabelsProtos.VisibilityLabelsResponse visibilityLabelsResponse3 = (VisibilityLabelsProtos.VisibilityLabelsResponse) NORMAL_USER1.runAs(privilegedExceptionAction2);
        Assert.assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", visibilityLabelsResponse3.getResult(0).getException().getName());
        Assert.assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", visibilityLabelsResponse3.getResult(1).getException().getName());
        VisibilityLabelsProtos.VisibilityLabelsResponse visibilityLabelsResponse4 = (VisibilityLabelsProtos.VisibilityLabelsResponse) SUPERUSER.runAs(privilegedExceptionAction2);
        Assert.assertTrue(visibilityLabelsResponse4.getResult(0).getException().getValue().isEmpty());
        Assert.assertTrue(visibilityLabelsResponse4.getResult(1).getException().getValue().isEmpty());
        Assert.assertTrue(((VisibilityLabelsProtos.GetAuthsResponse) SUPERUSER.runAs(privilegedExceptionAction)).getAuthList().isEmpty());
    }

    private static void addLabels() throws Exception {
        SUPERUSER.runAs(new PrivilegedExceptionAction<VisibilityLabelsProtos.VisibilityLabelsResponse>() { // from class: org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsOpWithDifferentUsersNoACL.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public VisibilityLabelsProtos.VisibilityLabelsResponse run() throws Exception {
                try {
                    VisibilityClient.addLabels(TestVisibilityLabelsOpWithDifferentUsersNoACL.conf, new String[]{"secret", "confidential", "private"});
                    return null;
                } catch (Throwable th) {
                    throw new IOException(th);
                }
            }
        });
    }
}
