package org.apache.accumulo.test;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Scanner;
import org.apache.accumulo.core.client.Accumulo;
import org.apache.accumulo.core.client.AccumuloClient;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.BatchScanner;
import org.apache.accumulo.core.client.BatchWriter;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.admin.TableOperations;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.data.Mutation;
import org.apache.accumulo.core.data.Range;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.miniclusterImpl.MiniAccumuloConfigImpl;
import org.apache.accumulo.test.functional.ConfigurableMacBase;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.io.Text;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/accumulo/test/AuditMessageIT.class */
public class AuditMessageIT extends ConfigurableMacBase {
    private static final String AUDIT_USER_1 = "AuditUser1";
    private static final String AUDIT_USER_2 = "AuditUser2";
    private static final String PASSWORD = "password";
    private static final String OLD_TEST_TABLE_NAME = "apples";
    private static final String NEW_TEST_TABLE_NAME = "oranges";
    private static final String THIRD_TEST_TABLE_NAME = "pears";
    private static final Authorizations auths = new Authorizations(new String[]{"private", "public"});
    private static String lastAuditTimestamp;
    private AccumuloClient auditAccumuloClient;
    private AccumuloClient client;

    @Override // org.apache.accumulo.harness.AccumuloITBase
    public int defaultTimeoutSeconds() {
        return 60;
    }

    @Override // org.apache.accumulo.test.functional.ConfigurableMacBase
    public void beforeClusterStart(MiniAccumuloConfigImpl miniAccumuloConfigImpl) {
        miniAccumuloConfigImpl.setNumTservers(1);
    }

    private static long findAuditMessage(ArrayList<String> arrayList, String str) {
        return arrayList.stream().filter(str2 -> {
            return str2.matches(".*" + str + ".*");
        }).count();
    }

    private ArrayList<String> getAuditMessages(String str) throws IOException {
        try {
            Thread.sleep(2000L);
            System.out.println("Start of captured audit messages for step " + str);
            ArrayList<String> arrayList = new ArrayList<>();
            File[] listFiles = getCluster().getConfig().getLogDir().listFiles();
            Assert.assertNotNull(listFiles);
            for (File file : listFiles) {
                if (file.getName().contains(".out") && file.isFile() && file.canRead()) {
                    Scanner scanner = new Scanner(file, StandardCharsets.UTF_8.name());
                    while (scanner.hasNext()) {
                        try {
                            String nextLine = scanner.nextLine();
                            if (nextLine.matches(".* \\[" + "org.apache.accumulo.audit".replace("org.apache.", "").replace(".", "[.]") + "\\] .*") && (lastAuditTimestamp == null || nextLine.substring(0, 23).compareTo(lastAuditTimestamp) > 0)) {
                                arrayList.add(nextLine);
                            }
                        } catch (Throwable th) {
                            try {
                                scanner.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    }
                    scanner.close();
                }
            }
            Collections.sort(arrayList);
            Iterator<String> it = arrayList.iterator();
            while (it.hasNext()) {
                System.out.println(it.next());
            }
            System.out.println("End of captured audit messages for step " + str);
            if (arrayList.size() > 0) {
                lastAuditTimestamp = arrayList.get(arrayList.size() - 1).substring(0, 23);
            }
            return arrayList;
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IOException("Interrupted waiting for data to be flushed to output streams");
        }
    }

    private void grantEverySystemPriv(AccumuloClient accumuloClient, String str) throws AccumuloSecurityException, AccumuloException {
        for (SystemPermission systemPermission : new SystemPermission[]{SystemPermission.SYSTEM, SystemPermission.ALTER_TABLE, SystemPermission.ALTER_USER, SystemPermission.CREATE_TABLE, SystemPermission.CREATE_USER, SystemPermission.DROP_TABLE, SystemPermission.DROP_USER}) {
            accumuloClient.securityOperations().grantSystemPermission(str, systemPermission);
        }
    }

    @Before
    public void resetInstance() throws Exception {
        this.client = (AccumuloClient) Accumulo.newClient().from(getClientProperties()).build();
        removeUsersAndTables();
        getAuditMessages("setup");
    }

    @After
    public void cleanUp() throws Exception {
        removeUsersAndTables();
        this.client.close();
    }

    private void removeUsersAndTables() throws Exception {
        for (String str : Arrays.asList(AUDIT_USER_1, AUDIT_USER_2)) {
            if (this.client.securityOperations().listLocalUsers().contains(str)) {
                this.client.securityOperations().dropLocalUser(str);
            }
        }
        TableOperations tableOperations = this.client.tableOperations();
        for (String str2 : Arrays.asList(THIRD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME, OLD_TEST_TABLE_NAME)) {
            if (tableOperations.exists(str2)) {
                tableOperations.delete(str2);
            }
        }
    }

    @Test
    public void testTableOperationsAudits() throws AccumuloException, AccumuloSecurityException, TableExistsException, TableNotFoundException, IOException {
        this.client.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.client.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.client.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_TABLE);
        this.auditAccumuloClient = getCluster().createAccumuloClient(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditAccumuloClient.tableOperations().create(OLD_TEST_TABLE_NAME);
        this.auditAccumuloClient.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
        this.auditAccumuloClient.tableOperations().clone(NEW_TEST_TABLE_NAME, OLD_TEST_TABLE_NAME, true, Collections.emptyMap(), Collections.emptySet());
        this.auditAccumuloClient.tableOperations().delete(OLD_TEST_TABLE_NAME);
        this.auditAccumuloClient.tableOperations().offline(NEW_TEST_TABLE_NAME);
        this.auditAccumuloClient.tableOperations().delete(NEW_TEST_TABLE_NAME);
        ArrayList<String> auditMessages = getAuditMessages("testTableOperationsAudits");
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: createTable; targetTable: apples"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: renameTable; targetTable: apples"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: cloneTable; targetTable: oranges"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: deleteTable; targetTable: apples"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: offlineTable; targetTable: oranges"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: deleteTable; targetTable: oranges"));
    }

    @Test
    public void testUserOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, IOException {
        this.client.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.client.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.client.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_USER);
        grantEverySystemPriv(this.client, AUDIT_USER_1);
        this.auditAccumuloClient = getCluster().createAccumuloClient(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditAccumuloClient.securityOperations().createLocalUser(AUDIT_USER_2, new PasswordToken(PASSWORD));
        this.client.securityOperations().grantSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
        this.client.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
        this.auditAccumuloClient.tableOperations().create(NEW_TEST_TABLE_NAME);
        this.client.securityOperations().grantTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
        this.client.securityOperations().revokeTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
        this.auditAccumuloClient.securityOperations().changeLocalUserPassword(AUDIT_USER_2, new PasswordToken("anything"));
        this.auditAccumuloClient.securityOperations().changeUserAuthorizations(AUDIT_USER_2, auths);
        this.auditAccumuloClient.securityOperations().dropLocalUser(AUDIT_USER_2);
        ArrayList<String> auditMessages = getAuditMessages("testUserOperationsAudits");
        Assert.assertEquals(2L, findAuditMessage(auditMessages, "action: createUser; targetUser: AuditUser2"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: grantSystemPermission; permission: " + SystemPermission.ALTER_TABLE + "; targetUser: " + AUDIT_USER_2));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: revokeSystemPermission; permission: " + SystemPermission.ALTER_TABLE + "; targetUser: " + AUDIT_USER_2));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: grantTablePermission; permission: " + TablePermission.READ + "; targetTable: " + NEW_TEST_TABLE_NAME));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: revokeTablePermission; permission: " + TablePermission.READ + "; targetTable: " + NEW_TEST_TABLE_NAME));
        Assert.assertEquals(2L, findAuditMessage(auditMessages, "action: changePassword; targetUser: AuditUser2"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "action: changeAuthorizations; targetUser: AuditUser2; authorizations: " + auths));
        Assert.assertEquals(2L, findAuditMessage(auditMessages, "action: dropUser; targetUser: AuditUser2"));
    }

    @Test
    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "paths provided by test")
    public void testImportExportOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException {
        this.client.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.client.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.client.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
        grantEverySystemPriv(this.client, AUDIT_USER_1);
        this.auditAccumuloClient = getCluster().createAccumuloClient(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditAccumuloClient.tableOperations().create(OLD_TEST_TABLE_NAME);
        BatchWriter createBatchWriter = this.auditAccumuloClient.createBatchWriter(OLD_TEST_TABLE_NAME);
        try {
            Mutation mutation = new Mutation("myRow");
            mutation.put("cf1", "cq1", "v1");
            mutation.put("cf1", "cq2", "v3");
            createBatchWriter.addMutation(mutation);
            if (createBatchWriter != null) {
                createBatchWriter.close();
            }
            File file = new File(getCluster().getConfig().getDir() + "/export");
            File file2 = new File(getCluster().getConfig().getDir() + "/export_bulk");
            Assert.assertTrue(file2.mkdir() || file2.isDirectory());
            this.auditAccumuloClient.tableOperations().offline(OLD_TEST_TABLE_NAME, true);
            this.auditAccumuloClient.tableOperations().exportTable(OLD_TEST_TABLE_NAME, file.toString());
            File file3 = null;
            Scanner scanner = new Scanner(new File(file + "/distcp.txt"), StandardCharsets.UTF_8.name());
            while (scanner.hasNext() && file3 == null) {
                try {
                    String nextLine = scanner.nextLine();
                    if (nextLine.matches(".*\\.rf")) {
                        file3 = new File(nextLine.replaceFirst("file:", ""));
                    }
                } catch (Throwable th) {
                    try {
                        scanner.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
            scanner.close();
            FileUtils.copyFileToDirectory(file3, file);
            FileUtils.copyFileToDirectory(file3, file2);
            this.auditAccumuloClient.tableOperations().importTable(NEW_TEST_TABLE_NAME, file.toString());
            this.auditAccumuloClient.tableOperations().create(THIRD_TEST_TABLE_NAME);
            this.auditAccumuloClient.tableOperations().importDirectory(file2.toString()).to(THIRD_TEST_TABLE_NAME).load();
            this.auditAccumuloClient.tableOperations().online(OLD_TEST_TABLE_NAME);
            ArrayList<String> auditMessages = getAuditMessages("testImportExportOperationsAudits");
            Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: createTable; targetTable: %s;", OLD_TEST_TABLE_NAME)));
            Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: %s; targetTable: %s;", "offlineTable", OLD_TEST_TABLE_NAME)));
            Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: export; targetTable: %s; dataDir: %s;", OLD_TEST_TABLE_NAME, file.toString())));
            Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: import; targetTable: %s; dataDir: %s;", NEW_TEST_TABLE_NAME, "file:" + file)));
            Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: createTable; targetTable: %s;", THIRD_TEST_TABLE_NAME)));
            Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;", THIRD_TEST_TABLE_NAME, "file:" + file2, null)));
            Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: %s; targetTable: %s;", "onlineTable", OLD_TEST_TABLE_NAME)));
        } catch (Throwable th3) {
            if (createBatchWriter != null) {
                try {
                    createBatchWriter.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testDataOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException {
        this.client.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.client.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
        this.client.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
        grantEverySystemPriv(this.client, AUDIT_USER_1);
        this.auditAccumuloClient = getCluster().createAccumuloClient(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.auditAccumuloClient.tableOperations().create(OLD_TEST_TABLE_NAME);
        BatchWriter createBatchWriter = this.auditAccumuloClient.createBatchWriter(OLD_TEST_TABLE_NAME);
        try {
            Mutation mutation = new Mutation("myRow");
            mutation.put("cf1", "cq1", "v1");
            mutation.put("cf1", "cq2", "v3");
            createBatchWriter.addMutation(mutation);
            if (createBatchWriter != null) {
                createBatchWriter.close();
            }
            org.apache.accumulo.core.client.Scanner<Map.Entry> createScanner = this.auditAccumuloClient.createScanner(OLD_TEST_TABLE_NAME, auths);
            try {
                for (Map.Entry entry : createScanner) {
                    System.out.println("Scanner row: " + entry.getKey() + " " + entry.getValue());
                }
                if (createScanner != null) {
                    createScanner.close();
                }
                BatchScanner<Map.Entry> createBatchScanner = this.auditAccumuloClient.createBatchScanner(OLD_TEST_TABLE_NAME, auths, 1);
                try {
                    createBatchScanner.fetchColumn(new Text("cf1"), new Text("cq1"));
                    createBatchScanner.setRanges(Arrays.asList(new Range("myRow", "myRow~")));
                    for (Map.Entry entry2 : createBatchScanner) {
                        System.out.println("BatchScanner row: " + entry2.getKey() + " " + entry2.getValue());
                    }
                    if (createBatchScanner != null) {
                        createBatchScanner.close();
                    }
                    this.auditAccumuloClient.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"));
                    ArrayList<String> auditMessages = getAuditMessages("testDataOperationsAudits");
                    Assert.assertTrue(findAuditMessage(auditMessages, "action: scan; targetTable: apples") >= 1);
                    Assert.assertTrue(findAuditMessage(auditMessages, "action: scan; targetTable: apples") >= 1);
                    Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: deleteData; targetTable: %s; startRange: %s; endRange: %s;", OLD_TEST_TABLE_NAME, "myRow", "myRow~")));
                } catch (Throwable th) {
                    if (createBatchScanner != null) {
                        try {
                            createBatchScanner.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (createScanner != null) {
                    try {
                        createScanner.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        } catch (Throwable th5) {
            if (createBatchWriter != null) {
                try {
                    createBatchWriter.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    @Test
    public void testDeniedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException {
        this.client.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
        this.client.tableOperations().create(OLD_TEST_TABLE_NAME);
        this.auditAccumuloClient = getCluster().createAccumuloClient(AUDIT_USER_1, new PasswordToken(PASSWORD));
        try {
            this.auditAccumuloClient.tableOperations().create(NEW_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e) {
        }
        try {
            this.auditAccumuloClient.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e2) {
        }
        try {
            this.auditAccumuloClient.tableOperations().clone(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME, true, Collections.emptyMap(), Collections.emptySet());
        } catch (AccumuloSecurityException e3) {
        }
        try {
            this.auditAccumuloClient.tableOperations().delete(OLD_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e4) {
        }
        try {
            this.auditAccumuloClient.tableOperations().offline(OLD_TEST_TABLE_NAME);
        } catch (AccumuloSecurityException e5) {
        }
        try {
            org.apache.accumulo.core.client.Scanner createScanner = this.auditAccumuloClient.createScanner(OLD_TEST_TABLE_NAME, auths);
            try {
                ((Map.Entry) createScanner.iterator().next()).getKey();
                if (createScanner != null) {
                    createScanner.close();
                }
            } finally {
            }
        } catch (RuntimeException e6) {
        }
        try {
            this.auditAccumuloClient.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"));
        } catch (AccumuloSecurityException e7) {
        }
        ArrayList<String> auditMessages = getAuditMessages("testDeniedAudits");
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: createTable; targetTable: %s;", NEW_TEST_TABLE_NAME)));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: renameTable; targetTable: %s; newTableName: %s;", OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: cloneTable; targetTable: %s; newTableName: %s", OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: deleteTable; targetTable: %s;", OLD_TEST_TABLE_NAME)));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: %s; targetTable: %s;", "offlineTable", OLD_TEST_TABLE_NAME)));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*action: scan; targetTable: apples"));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, "operation: denied;.*" + String.format("action: deleteData; targetTable: %s; startRange: %s; endRange: %s;", OLD_TEST_TABLE_NAME, "myRow", "myRow~")));
    }

    @Test
    public void testFailedAudits() throws AccumuloException, IOException {
        try {
            this.client.securityOperations().dropLocalUser(AUDIT_USER_2);
        } catch (AccumuloSecurityException e) {
        }
        try {
            this.client.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
        } catch (AccumuloSecurityException e2) {
        }
        try {
            this.client.securityOperations().createLocalUser("root", new PasswordToken("super secret"));
        } catch (AccumuloSecurityException e3) {
        }
        ArrayList<String> auditMessages = getAuditMessages("testFailedAudits");
        Assert.assertEquals(2L, findAuditMessage(auditMessages, String.format("action: dropUser; targetUser: %s;", AUDIT_USER_2)));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: revokeSystemPermission; permission: %s; targetUser: %s;", SystemPermission.ALTER_TABLE, AUDIT_USER_2)));
        Assert.assertEquals(1L, findAuditMessage(auditMessages, String.format("action: createUser; targetUser: %s; Authorizations: %s;", "root", "")));
    }
}
