package org.apache.accumulo.test.functional;

import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.accumulo.cluster.ClusterUser;
import org.apache.accumulo.core.client.AccumuloClient;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.BatchScanner;
import org.apache.accumulo.core.client.BatchWriter;
import org.apache.accumulo.core.client.Scanner;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.admin.CompactionConfig;
import org.apache.accumulo.core.client.admin.DelegationTokenConfig;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.DelegationToken;
import org.apache.accumulo.core.client.security.tokens.KerberosToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier;
import org.apache.accumulo.core.clientImpl.DelegationTokenImpl;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.data.Key;
import org.apache.accumulo.core.data.Mutation;
import org.apache.accumulo.core.data.Range;
import org.apache.accumulo.core.data.Value;
import org.apache.accumulo.core.metadata.MetadataTable;
import org.apache.accumulo.core.metadata.RootTable;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.ColumnVisibility;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.harness.AccumuloITBase;
import org.apache.accumulo.harness.MiniClusterConfigurationCallback;
import org.apache.accumulo.harness.MiniClusterHarness;
import org.apache.accumulo.harness.TestingKdc;
import org.apache.accumulo.minicluster.ServerType;
import org.apache.accumulo.miniclusterImpl.MiniAccumuloClusterImpl;
import org.apache.accumulo.miniclusterImpl.MiniAccumuloConfigImpl;
import org.apache.accumulo.test.categories.MiniClusterOnlyTests;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({MiniClusterOnlyTests.class})
/* loaded from: input_file:org/apache/accumulo/test/functional/KerberosIT.class */
public class KerberosIT extends AccumuloITBase {
    private static TestingKdc kdc;
    private static ClusterUser rootUser;
    private MiniAccumuloClusterImpl mac;
    private static final Logger log = LoggerFactory.getLogger(KerberosIT.class);
    private static String krbEnabledForITs = null;

    @BeforeClass
    public static void startKdc() throws Exception {
        kdc = new TestingKdc();
        kdc.start();
        krbEnabledForITs = System.getProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION);
        if (krbEnabledForITs == null || !Boolean.parseBoolean(krbEnabledForITs)) {
            System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, "true");
        }
        rootUser = kdc.getRootUser();
    }

    @AfterClass
    public static void stopKdc() {
        if (kdc != null) {
            kdc.stop();
        }
        if (krbEnabledForITs != null) {
            System.setProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION, krbEnabledForITs);
        }
        UserGroupInformation.setConfiguration(new Configuration(false));
    }

    @Override // org.apache.accumulo.harness.AccumuloITBase
    public int defaultTimeoutSeconds() {
        return 300;
    }

    @Before
    public void startMac() throws Exception {
        this.mac = new MiniClusterHarness().create((AccumuloITBase) this, (AuthenticationToken) new PasswordToken("unused"), kdc, new MiniClusterConfigurationCallback() { // from class: org.apache.accumulo.test.functional.KerberosIT.1
            @Override // org.apache.accumulo.harness.MiniClusterConfigurationCallback
            public void configureMiniCluster(MiniAccumuloConfigImpl miniAccumuloConfigImpl, Configuration configuration) {
                Map siteConfig = miniAccumuloConfigImpl.getSiteConfig();
                siteConfig.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "15s");
                miniAccumuloConfigImpl.setSiteConfig(siteConfig);
            }
        });
        this.mac.getConfig().setNumTservers(1);
        this.mac.start();
        Configuration configuration = new Configuration(false);
        configuration.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(configuration);
    }

    @After
    public void stopMac() throws Exception {
        if (this.mac != null) {
            this.mac.stop();
        }
    }

    @Test
    public void testAdminUser() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()).doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
            for (SystemPermission systemPermission : SystemPermission.values()) {
                Assert.assertTrue("Expected user to have permission: " + systemPermission, createAccumuloClient.securityOperations().hasSystemPermission(createAccumuloClient.whoami(), systemPermission));
            }
            Iterator it = Arrays.asList(RootTable.NAME, MetadataTable.NAME).iterator();
            while (it.hasNext()) {
                Assert.assertTrue(createAccumuloClient.securityOperations().hasTablePermission(createAccumuloClient.whoami(), (String) it.next(), TablePermission.ALTER_TABLE));
            }
            return null;
        });
    }

    @Test
    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "path provided by test")
    public void testNewUser() throws Exception {
        String methodName = this.testName.getMethodName();
        File file = new File(kdc.getKeytabDir(), methodName + ".keytab");
        if (file.exists() && !file.delete()) {
            log.warn("Unable to delete {}", file);
        }
        kdc.createPrincipal(file, methodName);
        String qualifyUser = kdc.qualifyUser(methodName);
        HashSet newHashSet = Sets.newHashSet(new String[]{rootUser.getPrincipal()});
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        log.info("Logged in as {}", rootUser.getPrincipal());
        loginUserFromKeytabAndReturnUGI.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
            log.info("Created client as {}", rootUser.getPrincipal());
            Assert.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
            createTableWithDataAndCompact(createAccumuloClient);
            Assert.assertEquals(newHashSet, createAccumuloClient.securityOperations().listLocalUsers());
            return null;
        });
        UserGroupInformation loginUserFromKeytabAndReturnUGI2 = UserGroupInformation.loginUserFromKeytabAndReturnUGI(qualifyUser, file.getAbsolutePath());
        log.info("Logged in as {}", qualifyUser);
        loginUserFromKeytabAndReturnUGI2.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(qualifyUser, new KerberosToken());
            log.info("Created client as {}", qualifyUser);
            Assert.assertEquals(qualifyUser, createAccumuloClient.whoami());
            for (SystemPermission systemPermission : SystemPermission.values()) {
                Assert.assertFalse(createAccumuloClient.securityOperations().hasSystemPermission(qualifyUser, systemPermission));
            }
            newHashSet.add(qualifyUser);
            Assert.assertEquals(newHashSet, createAccumuloClient.securityOperations().listLocalUsers());
            return null;
        });
    }

    @Test
    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "path provided by test")
    public void testUserPrivilegesThroughGrant() throws Exception {
        String methodName = this.testName.getMethodName();
        File file = new File(kdc.getKeytabDir(), methodName + ".keytab");
        if (file.exists() && !file.delete()) {
            log.warn("Unable to delete {}", file);
        }
        kdc.createPrincipal(file, methodName);
        String qualifyUser = kdc.qualifyUser(methodName);
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(methodName, file.getAbsolutePath());
        log.info("Logged in as {}", methodName);
        loginUserFromKeytabAndReturnUGI.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(qualifyUser, new KerberosToken());
            log.info("Created client as {}", qualifyUser);
            for (SystemPermission systemPermission : SystemPermission.values()) {
                Assert.assertFalse(createAccumuloClient.securityOperations().hasSystemPermission(qualifyUser, systemPermission));
            }
            return null;
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()).doAs(() -> {
            this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken()).securityOperations().grantSystemPermission(qualifyUser, SystemPermission.CREATE_TABLE);
            return null;
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(methodName, file.getAbsolutePath()).doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(qualifyUser, new KerberosToken());
            String str = this.testName.getMethodName() + "_user_table";
            createAccumuloClient.tableOperations().create(str);
            BatchWriter createBatchWriter = createAccumuloClient.createBatchWriter(str);
            try {
                Mutation mutation = new Mutation("a");
                mutation.put("b", "c", "d");
                createBatchWriter.addMutation(mutation);
                if (createBatchWriter != null) {
                    createBatchWriter.close();
                }
                createAccumuloClient.tableOperations().compact(str, new CompactionConfig().setWait(true).setFlush(true));
                return null;
            } catch (Throwable th) {
                if (createBatchWriter != null) {
                    try {
                        createBatchWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        });
    }

    @Test
    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "path provided by test")
    public void testUserPrivilegesForTable() throws Exception {
        String methodName = this.testName.getMethodName();
        File file = new File(kdc.getKeytabDir(), methodName + ".keytab");
        if (file.exists() && !file.delete()) {
            log.warn("Unable to delete {}", file);
        }
        kdc.createPrincipal(file, methodName);
        String qualifyUser = kdc.qualifyUser(methodName);
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(qualifyUser, file.getAbsolutePath());
        log.info("Logged in as {}", methodName);
        loginUserFromKeytabAndReturnUGI.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(qualifyUser, new KerberosToken());
            log.info("Created client as {}", qualifyUser);
            for (SystemPermission systemPermission : SystemPermission.values()) {
                Assert.assertFalse(createAccumuloClient.securityOperations().hasSystemPermission(qualifyUser, systemPermission));
            }
            return null;
        });
        String str = this.testName.getMethodName() + "_user_table";
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()).doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
            createAccumuloClient.tableOperations().create(str);
            createAccumuloClient.securityOperations().grantTablePermission(qualifyUser, str, TablePermission.READ);
            createAccumuloClient.securityOperations().grantTablePermission(qualifyUser, str, TablePermission.WRITE);
            createAccumuloClient.securityOperations().grantTablePermission(qualifyUser, str, TablePermission.ALTER_TABLE);
            createAccumuloClient.securityOperations().grantTablePermission(qualifyUser, str, TablePermission.DROP_TABLE);
            createAccumuloClient.securityOperations().changeUserAuthorizations(qualifyUser, new Authorizations(new String[]{"viz"}));
            return null;
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(qualifyUser, file.getAbsolutePath()).doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(qualifyUser, new KerberosToken());
            BatchWriter createBatchWriter = createAccumuloClient.createBatchWriter(str);
            try {
                Mutation mutation = new Mutation("a");
                mutation.put("b", "c", new ColumnVisibility("viz".getBytes()), 1000L, "d");
                createBatchWriter.addMutation(mutation);
                if (createBatchWriter != null) {
                    createBatchWriter.close();
                }
                createAccumuloClient.tableOperations().compact(str, new CompactionConfig().setWait(true).setFlush(true));
                createAccumuloClient.tableOperations().setProperty(str, Property.TABLE_BLOOM_ENABLED.getKey(), "true");
                Scanner createScanner = createAccumuloClient.createScanner(str, new Authorizations(new String[]{"viz"}));
                try {
                    Iterator it = createScanner.iterator();
                    Assert.assertTrue("No results from iterator", it.hasNext());
                    Map.Entry entry = (Map.Entry) it.next();
                    Assert.assertEquals(new Key("a", "b", "c", "viz", 1000L), entry.getKey());
                    Assert.assertEquals(new Value("d".getBytes()), entry.getValue());
                    Assert.assertFalse("Had more results from iterator", it.hasNext());
                    if (createScanner != null) {
                        createScanner.close();
                    }
                    return null;
                } catch (Throwable th) {
                    if (createScanner != null) {
                        try {
                            createScanner.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (createBatchWriter != null) {
                    try {
                        createBatchWriter.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        });
    }

    @Test
    public void testDelegationToken() throws Exception {
        String str = getUniqueNames(1)[0];
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        log.info("Logged in as {}", rootUser.getPrincipal());
        AuthenticationToken authenticationToken = (AuthenticationToken) loginUserFromKeytabAndReturnUGI.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
            log.info("Created client as {}", rootUser.getPrincipal());
            Assert.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
            createAccumuloClient.tableOperations().create(str);
            BatchWriter createBatchWriter = createAccumuloClient.createBatchWriter(str);
            for (int i = 0; i < 100; i++) {
                try {
                    Mutation mutation = new Mutation(Integer.toString(i));
                    for (int i2 = 0; i2 < 10; i2++) {
                        String num = Integer.toString(i2);
                        mutation.put(num, num, num);
                    }
                    createBatchWriter.addMutation(mutation);
                } catch (Throwable th) {
                    if (createBatchWriter != null) {
                        try {
                            createBatchWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            if (createBatchWriter != null) {
                createBatchWriter.close();
            }
            return createAccumuloClient.securityOperations().getDelegationToken(new DelegationTokenConfig());
        });
        Assert.assertEquals(1000L, ((Integer) UserGroupInformation.createUserForTesting("fake_user", new String[0]).doAs(() -> {
            BatchScanner createBatchScanner = this.mac.createAccumuloClient(rootUser.getPrincipal(), authenticationToken).createBatchScanner(str);
            try {
                createBatchScanner.setRanges(Collections.singleton(new Range()));
                Integer valueOf = Integer.valueOf(Iterables.size(createBatchScanner));
                if (createBatchScanner != null) {
                    createBatchScanner.close();
                }
                return valueOf;
            } catch (Throwable th) {
                if (createBatchScanner != null) {
                    try {
                        createBatchScanner.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        })).intValue());
    }

    @Test
    public void testDelegationTokenAsDifferentUser() throws Exception {
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        log.info("Logged in as {}", rootUser.getPrincipal());
        try {
            AuthenticationToken authenticationToken = (AuthenticationToken) loginUserFromKeytabAndReturnUGI.doAs(() -> {
                AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
                log.info("Created client as {}", rootUser.getPrincipal());
                Assert.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
                return createAccumuloClient.securityOperations().getDelegationToken(new DelegationTokenConfig());
            });
            try {
                UserGroupInformation.createUserForTesting("fake_user", new String[0]).doAs(() -> {
                    this.mac.createAccumuloClient("some_other_user", authenticationToken).securityOperations().authenticateUser("some_other_user", authenticationToken);
                    return null;
                });
                Assert.fail("Using a delegation token as a different user should throw an exception");
            } catch (UndeclaredThrowableException e) {
                Throwable cause = e.getCause();
                Assert.assertNotNull(cause);
                Assert.assertTrue("Expected cause to be AccumuloSecurityException, but was " + cause.getClass(), cause instanceof AccumuloSecurityException);
            }
        } catch (UndeclaredThrowableException e2) {
            throw e2;
        }
    }

    @Test
    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "path provided by test")
    public void testGetDelegationTokenDenied() throws Exception {
        String methodName = this.testName.getMethodName();
        File file = new File(kdc.getKeytabDir(), methodName + ".keytab");
        if (file.exists() && !file.delete()) {
            log.warn("Unable to delete {}", file);
        }
        kdc.createPrincipal(file, methodName);
        String qualifyUser = kdc.qualifyUser(methodName);
        try {
            UserGroupInformation.loginUserFromKeytabAndReturnUGI(qualifyUser, file.getAbsolutePath()).doAs(() -> {
                AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(qualifyUser, new KerberosToken());
                log.info("Created client as {}", qualifyUser);
                Assert.assertEquals(qualifyUser, createAccumuloClient.whoami());
                createAccumuloClient.securityOperations().getDelegationToken(new DelegationTokenConfig());
                return null;
            });
        } catch (UndeclaredThrowableException e) {
            Assert.assertTrue(e.getCause() instanceof AccumuloSecurityException);
        }
    }

    @Test
    public void testRestartedMasterReusesSecretKey() throws Exception {
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        log.info("Logged in as {}", rootUser.getPrincipal());
        DelegationTokenImpl delegationTokenImpl = (AuthenticationToken) loginUserFromKeytabAndReturnUGI.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
            log.info("Created client as {}", rootUser.getPrincipal());
            Assert.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
            DelegationToken delegationToken = createAccumuloClient.securityOperations().getDelegationToken(new DelegationTokenConfig());
            Assert.assertTrue("Could not get tables with delegation token", this.mac.createAccumuloClient(rootUser.getPrincipal(), delegationToken).tableOperations().list().size() > 0);
            return delegationToken;
        });
        log.info("Stopping master");
        this.mac.getClusterControl().stop(ServerType.MASTER);
        Thread.sleep(5000L);
        log.info("Restarting master");
        this.mac.getClusterControl().start(ServerType.MASTER);
        loginUserFromKeytabAndReturnUGI.doAs(() -> {
            Assert.assertTrue("Could not get tables with delegation token", this.mac.createAccumuloClient(rootUser.getPrincipal(), delegationTokenImpl).tableOperations().list().size() > 0);
            return null;
        });
        DelegationTokenImpl delegationTokenImpl2 = (AuthenticationToken) loginUserFromKeytabAndReturnUGI.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
            log.info("Created client as {}", rootUser.getPrincipal());
            Assert.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
            DelegationToken delegationToken = createAccumuloClient.securityOperations().getDelegationToken(new DelegationTokenConfig());
            Assert.assertTrue("Could not get tables with delegation token", this.mac.createAccumuloClient(rootUser.getPrincipal(), delegationToken).tableOperations().list().size() > 0);
            return delegationToken;
        });
        Assert.assertEquals(delegationTokenImpl.getIdentifier().getKeyId(), delegationTokenImpl2.getIdentifier().getKeyId());
    }

    @Test(expected = AccumuloException.class)
    public void testDelegationTokenWithInvalidLifetime() throws Throwable {
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        log.info("Logged in as {}", rootUser.getPrincipal());
        try {
            loginUserFromKeytabAndReturnUGI.doAs(() -> {
                AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
                log.info("Created client as {}", rootUser.getPrincipal());
                Assert.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
                return createAccumuloClient.securityOperations().getDelegationToken(new DelegationTokenConfig().setTokenLifetime(Long.MAX_VALUE, TimeUnit.MILLISECONDS));
            });
        } catch (UndeclaredThrowableException e) {
            Throwable cause = e.getCause();
            if (cause == null) {
                throw e;
            }
            throw cause;
        }
    }

    @Test
    public void testDelegationTokenWithReducedLifetime() throws Throwable {
        UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        log.info("Logged in as {}", rootUser.getPrincipal());
        AuthenticationTokenIdentifier identifier = ((AuthenticationToken) loginUserFromKeytabAndReturnUGI.doAs(() -> {
            AccumuloClient createAccumuloClient = this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken());
            log.info("Created client as {}", rootUser.getPrincipal());
            Assert.assertEquals(rootUser.getPrincipal(), createAccumuloClient.whoami());
            return createAccumuloClient.securityOperations().getDelegationToken(new DelegationTokenConfig().setTokenLifetime(5L, TimeUnit.MINUTES));
        })).getIdentifier();
        Assert.assertTrue("Expected identifier to expire in no more than 5 minutes: " + identifier, identifier.getExpirationDate() - identifier.getIssueDate() <= 300000);
    }

    @Test(expected = AccumuloSecurityException.class)
    public void testRootUserHasIrrevocablePermissions() throws Exception {
        UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        this.mac.createAccumuloClient(rootUser.getPrincipal(), new KerberosToken()).securityOperations().revokeSystemPermission(rootUser.getPrincipal(), SystemPermission.GRANT);
    }

    private void createTableWithDataAndCompact(AccumuloClient accumuloClient) throws TableNotFoundException, AccumuloSecurityException, AccumuloException, TableExistsException {
        String str = this.testName.getMethodName() + "_table";
        accumuloClient.tableOperations().create(str);
        BatchWriter createBatchWriter = accumuloClient.createBatchWriter(str);
        try {
            Mutation mutation = new Mutation("a");
            mutation.put("b", "c", "d");
            createBatchWriter.addMutation(mutation);
            if (createBatchWriter != null) {
                createBatchWriter.close();
            }
            accumuloClient.tableOperations().compact(str, new CompactionConfig().setFlush(true).setWait(true));
        } catch (Throwable th) {
            if (createBatchWriter != null) {
                try {
                    createBatchWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
