package org.apache.accumulo.test.randomwalk.security;

import java.util.Properties;
import java.util.Random;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.security.Credentials;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.test.randomwalk.State;
import org.apache.accumulo.test.randomwalk.Test;

/* loaded from: input_file:org/apache/accumulo/test/randomwalk/security/AlterTablePerm.class */
public class AlterTablePerm extends Test {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.accumulo.test.randomwalk.security.AlterTablePerm$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/accumulo/test/randomwalk/security/AlterTablePerm$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode = new int[SecurityErrorCode.values().length];

        static {
            try {
                $SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[SecurityErrorCode.USER_DOESNT_EXIST.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[SecurityErrorCode.TABLE_DOESNT_EXIST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[SecurityErrorCode.GRANT_INVALID.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[SecurityErrorCode.PERMISSION_DENIED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[SecurityErrorCode.BAD_CREDENTIALS.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    @Override // org.apache.accumulo.test.randomwalk.Node
    public void visit(State state, Properties properties) throws Exception {
        alter(state, properties);
    }

    public static void alter(State state, Properties properties) throws Exception {
        String userName;
        AuthenticationToken token;
        String property = properties.getProperty("task", "toggle");
        String property2 = properties.getProperty("perm", "random");
        String property3 = properties.getProperty("source", "system");
        String property4 = properties.getProperty("target", "table");
        boolean tableExists = WalkingSecurity.get(state).getTableExists();
        String tabUserName = "table".equals(property4) ? WalkingSecurity.get(state).getTabUserName() : WalkingSecurity.get(state).getSysUserName();
        boolean userExists = WalkingSecurity.get(state).userExists(tabUserName);
        boolean tableExists2 = WalkingSecurity.get(state).getTableExists();
        TablePermission valueOf = property2.equals("random") ? TablePermission.values()[new Random().nextInt(TablePermission.values().length)] : TablePermission.valueOf(property2);
        String tableName = WalkingSecurity.get(state).getTableName();
        boolean hasTablePermission = WalkingSecurity.get(state).hasTablePermission(tabUserName, tableName, valueOf);
        if ("system".equals(property3)) {
            userName = WalkingSecurity.get(state).getSysUserName();
            token = WalkingSecurity.get(state).getSysToken();
        } else if ("table".equals(property3)) {
            userName = WalkingSecurity.get(state).getTabUserName();
            token = WalkingSecurity.get(state).getTabToken();
        } else {
            userName = state.getUserName();
            token = state.getToken();
        }
        Connector connector = state.getInstance().getConnector(userName, token);
        boolean canGrantTable = WalkingSecurity.get(state).canGrantTable(new Credentials(userName, token).toThrift(state.getInstance()), tabUserName, WalkingSecurity.get(state).getTableName(), WalkingSecurity.get(state).getNamespaceName());
        if (!"take".equals(property) && !"give".equals(property)) {
            try {
                boolean hasTablePermission2 = state.getConnector().securityOperations().hasTablePermission(tabUserName, tableName, valueOf);
                if (hasTablePermission != hasTablePermission2) {
                    throw new AccumuloException("Test framework and accumulo are out of sync for user " + connector.whoami() + " for perm " + valueOf.name() + " with local vs. accumulo being " + hasTablePermission + " " + hasTablePermission2);
                }
                property = hasTablePermission ? "take" : "give";
            } catch (AccumuloSecurityException e) {
                switch (AnonymousClass1.$SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[e.getSecurityErrorCode().ordinal()]) {
                    case 1:
                        if (userExists) {
                            throw new AccumuloException("Framework and Accumulo are out of sync, we think user exists", e);
                        }
                        return;
                    case 2:
                        if (tableExists) {
                            throw new AccumuloException(connector.whoami(), e);
                        }
                        return;
                    default:
                        throw e;
                }
            }
        }
        boolean userPassTransient = WalkingSecurity.get(state).userPassTransient(connector.whoami());
        if ("take".equals(property)) {
            try {
                connector.securityOperations().revokeTablePermission(tabUserName, tableName, valueOf);
                WalkingSecurity.get(state).revokeTablePermission(tabUserName, tableName, valueOf);
            } catch (AccumuloSecurityException e2) {
                switch (AnonymousClass1.$SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[e2.getSecurityErrorCode().ordinal()]) {
                    case 1:
                        if (userExists) {
                            throw new AccumuloException("Table user doesn't exist and they SHOULD.", e2);
                        }
                        return;
                    case 2:
                        if (tableExists2) {
                            throw new AccumuloException("Table doesn't exist but it should", e2);
                        }
                        return;
                    case 3:
                        throw new AccumuloException("Got a grant invalid on non-System.GRANT option", e2);
                    case 4:
                        if (canGrantTable) {
                            throw new AccumuloException(connector.whoami() + " failed to revoke permission to " + tabUserName + " when it should have worked", e2);
                        }
                        return;
                    case 5:
                        if (!userPassTransient) {
                            throw new AccumuloException("Bad credentials for user " + connector.whoami());
                        }
                        return;
                    default:
                        throw new AccumuloException("Got unexpected exception", e2);
                }
            }
        } else if ("give".equals(property)) {
            try {
                connector.securityOperations().grantTablePermission(tabUserName, tableName, valueOf);
                WalkingSecurity.get(state).grantTablePermission(tabUserName, tableName, valueOf);
            } catch (AccumuloSecurityException e3) {
                switch (AnonymousClass1.$SwitchMap$org$apache$accumulo$core$client$security$SecurityErrorCode[e3.getSecurityErrorCode().ordinal()]) {
                    case 1:
                        if (userExists) {
                            throw new AccumuloException("Table user doesn't exist and they SHOULD.", e3);
                        }
                        return;
                    case 2:
                        if (tableExists2) {
                            throw new AccumuloException("Table doesn't exist but it should", e3);
                        }
                        return;
                    case 3:
                        throw new AccumuloException("Got a grant invalid on non-System.GRANT option", e3);
                    case 4:
                        if (canGrantTable) {
                            throw new AccumuloException(connector.whoami() + " failed to give permission to " + tabUserName + " when it should have worked", e3);
                        }
                        return;
                    case 5:
                        if (!userPassTransient) {
                            throw new AccumuloException("Bad credentials for user " + connector.whoami());
                        }
                        return;
                    default:
                        throw new AccumuloException("Got unexpected exception", e3);
                }
            }
        }
        if (!userExists) {
            throw new AccumuloException("User shouldn't have existed, but apparantly does");
        }
        if (!tableExists2) {
            throw new AccumuloException("Table shouldn't have existed, but apparantly does");
        }
        if (!canGrantTable) {
            throw new AccumuloException(connector.whoami() + " shouldn't have been able to grant privilege");
        }
    }
}
