package org.apache.hadoop.hbase.security.access;

import com.sun.jersey.core.header.QualityFactor;
import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.activemq.security.SecurityAdminMBean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HRegionInfo;
import org.apache.hadoop.hbase.HServerAddress;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.ServerName;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.coprocessor.CoprocessorException;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:lib/hbase-0.92.1-cdh4.0.1-tests.jar:org/apache/hadoop/hbase/security/access/TestAccessController.class */
public class TestAccessController {
    private static Configuration conf;
    private static User SUPERUSER;
    private static User USER_ADMIN;
    private static User USER_OWNER;
    private static User USER_RW;
    private static User USER_RO;
    private static User USER_NONE;
    private static MasterCoprocessorEnvironment CP_ENV;
    private static AccessController ACCESS_CONTROLLER;
    private static Log LOG = LogFactory.getLog(TestAccessController.class);
    private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static byte[] TEST_TABLE = Bytes.toBytes("testtable");
    private static byte[] TEST_FAMILY = Bytes.toBytes("f1");

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        SecureTestUtil.enableSecurity(conf);
        TEST_UTIL.startMiniCluster();
        MasterCoprocessorHost coprocessorHost = TEST_UTIL.getMiniHBaseCluster().getMaster().getCoprocessorHost();
        coprocessorHost.load(AccessController.class, 0, conf);
        ACCESS_CONTROLLER = (AccessController) coprocessorHost.findCoprocessor(AccessController.class.getName());
        CP_ENV = coprocessorHost.createEnvironment(AccessController.class, (Coprocessor) ACCESS_CONTROLLER, 0, 1, conf);
        SUPERUSER = User.createUserForTesting(conf, SecurityAdminMBean.OPERATION_ADMIN, new String[]{"supergroup"});
        USER_ADMIN = User.createUserForTesting(conf, "admin2", new String[0]);
        USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
        USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);
        USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);
        USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
        HBaseAdmin hBaseAdmin = TEST_UTIL.getHBaseAdmin();
        HTableDescriptor hTableDescriptor = new HTableDescriptor(TEST_TABLE);
        hTableDescriptor.addFamily(new HColumnDescriptor(TEST_FAMILY));
        hTableDescriptor.setOwnerString(USER_OWNER.getShortName());
        hBaseAdmin.createTable(hTableDescriptor);
        AccessControllerProtocol accessControllerProtocol = (AccessControllerProtocol) new HTable(conf, AccessControlLists.ACL_TABLE_NAME).coprocessorProxy(AccessControllerProtocol.class, TEST_TABLE);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ, Permission.Action.WRITE));
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(USER_RW.getShortName()), TEST_TABLE, TEST_FAMILY, Permission.Action.READ, Permission.Action.WRITE));
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(USER_RO.getShortName()), TEST_TABLE, TEST_FAMILY, Permission.Action.READ));
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    public void verifyAllowed(User user, PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        try {
            user.runAs(privilegedExceptionAction);
        } catch (AccessDeniedException e) {
            Assert.fail("Expected action to pass for user '" + user.getShortName() + "' but was denied");
        }
    }

    public void verifyAllowed(PrivilegedExceptionAction privilegedExceptionAction, User... userArr) throws Exception {
        for (User user : userArr) {
            verifyAllowed(user, privilegedExceptionAction);
        }
    }

    public void verifyDenied(User user, PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        try {
            user.runAs(privilegedExceptionAction);
            Assert.fail("Expected AccessDeniedException for user '" + user.getShortName() + "'");
        } catch (RetriesExhaustedWithDetailsException e) {
            boolean z = false;
            Iterator<Throwable> it = e.getCauses().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (it.next() instanceof AccessDeniedException) {
                    z = true;
                    break;
                }
            }
            if (z) {
                return;
            }
            Assert.fail("Not receiving AccessDeniedException for user '" + user.getShortName() + "'");
        } catch (AccessDeniedException e2) {
        }
    }

    public void verifyDenied(PrivilegedExceptionAction privilegedExceptionAction, User... userArr) throws Exception {
        for (User user : userArr) {
            verifyDenied(user, privilegedExceptionAction);
        }
    }

    @Test
    public void testTableCreate() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HTableDescriptor hTableDescriptor = new HTableDescriptor("testnewtable");
                hTableDescriptor.addFamily(new HColumnDescriptor(TestAccessController.TEST_FAMILY));
                TestAccessController.ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), hTableDescriptor, null);
                return null;
            }
        };
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
    }

    @Test
    public void testTableModify() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HTableDescriptor hTableDescriptor = new HTableDescriptor(TestAccessController.TEST_TABLE);
                hTableDescriptor.addFamily(new HColumnDescriptor(TestAccessController.TEST_FAMILY));
                hTableDescriptor.addFamily(new HColumnDescriptor("fam_" + User.getCurrent().getShortName()));
                TestAccessController.ACCESS_CONTROLLER.preModifyTable(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), TestAccessController.TEST_TABLE, hTableDescriptor);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testTableDelete() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preDeleteTable(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), TestAccessController.TEST_TABLE);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testAddColumn() throws Exception {
        final HColumnDescriptor hColumnDescriptor = new HColumnDescriptor("fam_new");
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preAddColumn(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), TestAccessController.TEST_TABLE, hColumnDescriptor);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testModifyColumn() throws Exception {
        final HColumnDescriptor hColumnDescriptor = new HColumnDescriptor(TEST_FAMILY);
        hColumnDescriptor.setMaxVersions(10);
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preModifyColumn(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), TestAccessController.TEST_TABLE, hColumnDescriptor);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testDeleteColumn() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.6
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preDeleteColumn(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), TestAccessController.TEST_TABLE, TestAccessController.TEST_FAMILY);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testTableDisable() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.7
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), TestAccessController.TEST_TABLE);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testTableEnable() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.8
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preEnableTable(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), TestAccessController.TEST_TABLE);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testMove() throws Exception {
        final Map.Entry<HRegionInfo, HServerAddress> next = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE).getRegionsInfo().entrySet().iterator().next();
        final ServerName serverName = TEST_UTIL.getHBaseCluster().getRegionServer(0).getServerName();
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.9
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preMove(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), (HRegionInfo) next.getKey(), serverName, serverName);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testAssign() throws Exception {
        final Map.Entry<HRegionInfo, HServerAddress> next = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE).getRegionsInfo().entrySet().iterator().next();
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.10
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preAssign(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), (HRegionInfo) next.getKey());
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testUnassign() throws Exception {
        final Map.Entry<HRegionInfo, HServerAddress> next = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE).getRegionsInfo().entrySet().iterator().next();
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.11
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preUnassign(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), (HRegionInfo) next.getKey(), false);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testBalance() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.12
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preBalance(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null));
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testBalanceSwitch() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.13
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preBalanceSwitch(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null), true);
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testShutdown() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.14
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preShutdown(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null));
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    @Test
    public void testStopMaster() throws Exception {
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.15
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestAccessController.ACCESS_CONTROLLER.preStopMaster(ObserverContext.createAndPrepare(TestAccessController.CP_ENV, null));
                return null;
            }
        };
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
    }

    private void verifyWrite(PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
        verifyAllowed(USER_OWNER, privilegedExceptionAction);
        verifyAllowed(USER_RW, privilegedExceptionAction);
    }

    private void verifyRead(PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
        verifyAllowed(USER_OWNER, privilegedExceptionAction);
        verifyAllowed(USER_RW, privilegedExceptionAction);
        verifyAllowed(USER_RO, privilegedExceptionAction);
    }

    private void verifyReadWrite(PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyAllowed(USER_ADMIN, privilegedExceptionAction);
        verifyAllowed(USER_OWNER, privilegedExceptionAction);
        verifyAllowed(USER_RW, privilegedExceptionAction);
    }

    @Test
    public void testRead() throws Exception {
        verifyRead(new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.16
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get get = new Get(Bytes.toBytes("random_row"));
                get.addFamily(TestAccessController.TEST_FAMILY);
                new HTable(TestAccessController.conf, TestAccessController.TEST_TABLE).get(get);
                return null;
            }
        });
        verifyRead(new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.17
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Scan scan = new Scan();
                scan.addFamily(TestAccessController.TEST_FAMILY);
                ResultScanner scanner = new HTable(TestAccessController.conf, TestAccessController.TEST_TABLE).getScanner(scan);
                try {
                    for (Result next = scanner.next(); next != null; next = scanner.next()) {
                    }
                    scanner.close();
                    return null;
                } catch (IOException e) {
                    scanner.close();
                    return null;
                } catch (Throwable th) {
                    scanner.close();
                    throw th;
                }
            }
        });
    }

    @Test
    public void testWrite() throws Exception {
        verifyWrite(new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.18
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Put put = new Put(Bytes.toBytes("random_row"));
                put.add(TestAccessController.TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
                new HTable(TestAccessController.conf, TestAccessController.TEST_TABLE).put(put);
                return null;
            }
        });
        verifyWrite(new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.19
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete delete = new Delete(Bytes.toBytes("random_row"));
                delete.deleteFamily(TestAccessController.TEST_FAMILY);
                new HTable(TestAccessController.conf, TestAccessController.TEST_TABLE).delete(delete);
                return null;
            }
        });
        verifyWrite(new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.20
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Increment increment = new Increment(Bytes.toBytes("random_row"));
                increment.addColumn(TestAccessController.TEST_FAMILY, Bytes.toBytes("Qualifier"), 1L);
                new HTable(TestAccessController.conf, TestAccessController.TEST_TABLE).increment(increment);
                return null;
            }
        });
    }

    @Test
    public void testReadWrite() throws Exception {
        verifyReadWrite(new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.21
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete delete = new Delete(Bytes.toBytes("random_row"));
                delete.deleteFamily(TestAccessController.TEST_FAMILY);
                new HTable(TestAccessController.conf, TestAccessController.TEST_TABLE).checkAndDelete(Bytes.toBytes("random_row"), TestAccessController.TEST_FAMILY, Bytes.toBytes(QualityFactor.QUALITY_FACTOR), Bytes.toBytes("test_value"), delete);
                return null;
            }
        });
        verifyReadWrite(new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.22
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Put put = new Put(Bytes.toBytes("random_row"));
                put.add(TestAccessController.TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
                new HTable(TestAccessController.conf, TestAccessController.TEST_TABLE).checkAndPut(Bytes.toBytes("random_row"), TestAccessController.TEST_FAMILY, Bytes.toBytes(QualityFactor.QUALITY_FACTOR), Bytes.toBytes("test_value"), put);
                return null;
            }
        });
    }

    @Test
    public void testGrantRevoke() throws Exception {
        final byte[] bytes = Bytes.toBytes("TempTable");
        final byte[] bytes2 = Bytes.toBytes("f1");
        final byte[] bytes3 = Bytes.toBytes("f2");
        final byte[] bytes4 = Bytes.toBytes(QualityFactor.QUALITY_FACTOR);
        HBaseAdmin hBaseAdmin = TEST_UTIL.getHBaseAdmin();
        if (hBaseAdmin.tableExists(bytes)) {
            hBaseAdmin.disableTable(bytes);
            hBaseAdmin.deleteTable(bytes);
        }
        HTableDescriptor hTableDescriptor = new HTableDescriptor(bytes);
        hTableDescriptor.addFamily(new HColumnDescriptor(bytes2));
        hTableDescriptor.addFamily(new HColumnDescriptor(bytes3));
        hTableDescriptor.setOwnerString(USER_OWNER.getShortName());
        hBaseAdmin.createTable(hTableDescriptor);
        User createUserForTesting = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
        AccessControllerProtocol accessControllerProtocol = (AccessControllerProtocol) new HTable(conf, AccessControlLists.ACL_TABLE_NAME).coprocessorProxy(AccessControllerProtocol.class, bytes);
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.23
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Put put = new Put(Bytes.toBytes("a"));
                put.add(bytes2, bytes4, Bytes.toBytes("v1"));
                put.add(bytes3, bytes4, Bytes.toBytes("v2"));
                new HTable(TestAccessController.conf, bytes).put(put);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction2 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.24
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Put put = new Put(Bytes.toBytes("a"));
                put.add(bytes2, bytes4, Bytes.toBytes("v1"));
                new HTable(TestAccessController.conf, bytes).put(put);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction3 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.25
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Put put = new Put(Bytes.toBytes("a"));
                put.add(bytes3, bytes4, Bytes.toBytes("v2"));
                new HTable(TestAccessController.conf, bytes).put(put);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction4 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.26
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get get = new Get(Bytes.toBytes("random_row"));
                get.addFamily(bytes2);
                get.addFamily(bytes3);
                new HTable(TestAccessController.conf, bytes).get(get);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction5 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.27
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get get = new Get(Bytes.toBytes("random_row"));
                get.addFamily(bytes2);
                new HTable(TestAccessController.conf, bytes).get(get);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction6 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.28
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get get = new Get(Bytes.toBytes("random_row"));
                get.addFamily(bytes3);
                new HTable(TestAccessController.conf, bytes).get(get);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction7 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.29
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete delete = new Delete(Bytes.toBytes("random_row"));
                delete.deleteFamily(bytes2);
                delete.deleteFamily(bytes3);
                new HTable(TestAccessController.conf, bytes).delete(delete);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction8 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.30
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete delete = new Delete(Bytes.toBytes("random_row"));
                delete.deleteFamily(bytes2);
                new HTable(TestAccessController.conf, bytes).delete(delete);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction9 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.31
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete delete = new Delete(Bytes.toBytes("random_row"));
                delete.deleteFamily(bytes3);
                new HTable(TestAccessController.conf, bytes).delete(delete);
                return null;
            }
        };
        verifyDenied(createUserForTesting, privilegedExceptionAction4);
        verifyDenied(createUserForTesting, privilegedExceptionAction5);
        verifyDenied(createUserForTesting, privilegedExceptionAction6);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        verifyDenied(createUserForTesting, privilegedExceptionAction7);
        verifyDenied(createUserForTesting, privilegedExceptionAction8);
        verifyDenied(createUserForTesting, privilegedExceptionAction9);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, null, Permission.Action.READ));
        Thread.sleep(100L);
        verifyAllowed(createUserForTesting, privilegedExceptionAction4);
        verifyAllowed(createUserForTesting, privilegedExceptionAction5);
        verifyAllowed(createUserForTesting, privilegedExceptionAction6);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        verifyDenied(createUserForTesting, privilegedExceptionAction7);
        verifyDenied(createUserForTesting, privilegedExceptionAction8);
        verifyDenied(createUserForTesting, privilegedExceptionAction9);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, null, Permission.Action.WRITE));
        Thread.sleep(100L);
        verifyDenied(createUserForTesting, privilegedExceptionAction4);
        verifyDenied(createUserForTesting, privilegedExceptionAction5);
        verifyDenied(createUserForTesting, privilegedExceptionAction6);
        verifyAllowed(createUserForTesting, privilegedExceptionAction);
        verifyAllowed(createUserForTesting, privilegedExceptionAction2);
        verifyAllowed(createUserForTesting, privilegedExceptionAction3);
        verifyAllowed(createUserForTesting, privilegedExceptionAction7);
        verifyAllowed(createUserForTesting, privilegedExceptionAction8);
        verifyAllowed(createUserForTesting, privilegedExceptionAction9);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, null, Permission.Action.READ, Permission.Action.WRITE));
        accessControllerProtocol.revoke(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, null, new Permission.Action[0]));
        Thread.sleep(100L);
        verifyDenied(createUserForTesting, privilegedExceptionAction4);
        verifyDenied(createUserForTesting, privilegedExceptionAction5);
        verifyDenied(createUserForTesting, privilegedExceptionAction6);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        verifyDenied(createUserForTesting, privilegedExceptionAction7);
        verifyDenied(createUserForTesting, privilegedExceptionAction8);
        verifyDenied(createUserForTesting, privilegedExceptionAction9);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes2, Permission.Action.READ));
        Thread.sleep(100L);
        verifyAllowed(createUserForTesting, privilegedExceptionAction4);
        verifyAllowed(createUserForTesting, privilegedExceptionAction5);
        verifyDenied(createUserForTesting, privilegedExceptionAction6);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        verifyDenied(createUserForTesting, privilegedExceptionAction7);
        verifyDenied(createUserForTesting, privilegedExceptionAction8);
        verifyDenied(createUserForTesting, privilegedExceptionAction9);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes3, Permission.Action.WRITE));
        Thread.sleep(100L);
        verifyAllowed(createUserForTesting, privilegedExceptionAction4);
        verifyAllowed(createUserForTesting, privilegedExceptionAction5);
        verifyDenied(createUserForTesting, privilegedExceptionAction6);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyAllowed(createUserForTesting, privilegedExceptionAction3);
        verifyDenied(createUserForTesting, privilegedExceptionAction7);
        verifyDenied(createUserForTesting, privilegedExceptionAction8);
        verifyAllowed(createUserForTesting, privilegedExceptionAction9);
        accessControllerProtocol.revoke(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes3, new Permission.Action[0]));
        Thread.sleep(100L);
        verifyAllowed(createUserForTesting, privilegedExceptionAction4);
        verifyAllowed(createUserForTesting, privilegedExceptionAction5);
        verifyDenied(createUserForTesting, privilegedExceptionAction6);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        verifyDenied(createUserForTesting, privilegedExceptionAction7);
        verifyDenied(createUserForTesting, privilegedExceptionAction8);
        verifyDenied(createUserForTesting, privilegedExceptionAction9);
        hBaseAdmin.disableTable(bytes);
        hBaseAdmin.deleteTable(bytes);
    }

    private boolean hasFoundUserPermission(UserPermission userPermission, List<UserPermission> list) {
        return list.contains(userPermission);
    }

    @Test
    public void testGrantRevokeAtQualifierLevel() throws Exception {
        final byte[] bytes = Bytes.toBytes("testGrantRevokeAtQualifierLevel");
        final byte[] bytes2 = Bytes.toBytes("f1");
        byte[] bytes3 = Bytes.toBytes("f2");
        final byte[] bytes4 = Bytes.toBytes(QualityFactor.QUALITY_FACTOR);
        HBaseAdmin hBaseAdmin = TEST_UTIL.getHBaseAdmin();
        if (hBaseAdmin.tableExists(bytes)) {
            hBaseAdmin.disableTable(bytes);
            hBaseAdmin.deleteTable(bytes);
        }
        HTableDescriptor hTableDescriptor = new HTableDescriptor(bytes);
        hTableDescriptor.addFamily(new HColumnDescriptor(bytes2));
        hTableDescriptor.addFamily(new HColumnDescriptor(bytes3));
        hTableDescriptor.setOwnerString(USER_OWNER.getShortName());
        hBaseAdmin.createTable(hTableDescriptor);
        User createUserForTesting = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
        AccessControllerProtocol accessControllerProtocol = (AccessControllerProtocol) new HTable(conf, AccessControlLists.ACL_TABLE_NAME).coprocessorProxy(AccessControllerProtocol.class, bytes);
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.32
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Get get = new Get(Bytes.toBytes("random_row"));
                get.addColumn(bytes2, bytes4);
                new HTable(TestAccessController.conf, bytes).get(get);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction2 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.33
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Put put = new Put(Bytes.toBytes("random_row"));
                put.add(bytes2, bytes4, Bytes.toBytes("v1"));
                new HTable(TestAccessController.conf, bytes).put(put);
                return null;
            }
        };
        PrivilegedExceptionAction privilegedExceptionAction3 = new PrivilegedExceptionAction() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.34
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Delete delete = new Delete(Bytes.toBytes("random_row"));
                delete.deleteColumn(bytes2, bytes4);
                new HTable(TestAccessController.conf, bytes).delete(delete);
                return null;
            }
        };
        accessControllerProtocol.revoke(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes2, new Permission.Action[0]));
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes2, bytes4, Permission.Action.READ));
        Thread.sleep(100L);
        verifyAllowed(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes2, bytes4, Permission.Action.WRITE));
        Thread.sleep(100L);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyAllowed(createUserForTesting, privilegedExceptionAction2);
        verifyAllowed(createUserForTesting, privilegedExceptionAction3);
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes2, bytes4, Permission.Action.READ, Permission.Action.WRITE));
        Thread.sleep(100L);
        verifyAllowed(createUserForTesting, privilegedExceptionAction);
        verifyAllowed(createUserForTesting, privilegedExceptionAction2);
        verifyAllowed(createUserForTesting, privilegedExceptionAction3);
        accessControllerProtocol.revoke(new UserPermission(Bytes.toBytes(createUserForTesting.getShortName()), bytes, bytes2, bytes4, new Permission.Action[0]));
        Thread.sleep(100L);
        verifyDenied(createUserForTesting, privilegedExceptionAction);
        verifyDenied(createUserForTesting, privilegedExceptionAction2);
        verifyDenied(createUserForTesting, privilegedExceptionAction3);
        hBaseAdmin.disableTable(bytes);
        hBaseAdmin.deleteTable(bytes);
    }

    @Test
    public void testPermissionList() throws Exception {
        byte[] bytes = Bytes.toBytes("testPermissionList");
        byte[] bytes2 = Bytes.toBytes("f1");
        byte[] bytes3 = Bytes.toBytes("f2");
        byte[] bytes4 = Bytes.toBytes(QualityFactor.QUALITY_FACTOR);
        byte[] bytes5 = Bytes.toBytes("user");
        HBaseAdmin hBaseAdmin = TEST_UTIL.getHBaseAdmin();
        if (hBaseAdmin.tableExists(bytes)) {
            hBaseAdmin.disableTable(bytes);
            hBaseAdmin.deleteTable(bytes);
        }
        HTableDescriptor hTableDescriptor = new HTableDescriptor(bytes);
        hTableDescriptor.addFamily(new HColumnDescriptor(bytes2));
        hTableDescriptor.addFamily(new HColumnDescriptor(bytes3));
        hTableDescriptor.setOwnerString(USER_OWNER.getShortName());
        hBaseAdmin.createTable(hTableDescriptor);
        AccessControllerProtocol accessControllerProtocol = (AccessControllerProtocol) new HTable(conf, AccessControlLists.ACL_TABLE_NAME).coprocessorProxy(AccessControllerProtocol.class, bytes);
        List<UserPermission> userPermissions = accessControllerProtocol.getUserPermissions(bytes);
        UserPermission userPermission = new UserPermission(bytes5, bytes, bytes2, bytes4, Permission.Action.READ);
        Assert.assertFalse("User should not be granted permission: " + userPermission.toString(), hasFoundUserPermission(userPermission, userPermissions));
        accessControllerProtocol.grant(new UserPermission(bytes5, bytes, bytes2, bytes4, Permission.Action.READ));
        List<UserPermission> userPermissions2 = accessControllerProtocol.getUserPermissions(bytes);
        UserPermission userPermission2 = new UserPermission(bytes5, bytes, bytes2, bytes4, Permission.Action.READ);
        Assert.assertTrue("User should be granted permission: " + userPermission2.toString(), hasFoundUserPermission(userPermission2, userPermissions2));
        UserPermission userPermission3 = new UserPermission(bytes5, bytes, bytes2, bytes4, Permission.Action.WRITE);
        Assert.assertFalse("User should not be granted permission: " + userPermission3.toString(), hasFoundUserPermission(userPermission3, userPermissions2));
        UserPermission userPermission4 = new UserPermission(bytes5, bytes, bytes2, bytes4, Permission.Action.WRITE, Permission.Action.READ);
        accessControllerProtocol.grant(userPermission4);
        List<UserPermission> userPermissions3 = accessControllerProtocol.getUserPermissions(bytes);
        UserPermission userPermission5 = new UserPermission(bytes5, bytes, bytes2, bytes4, Permission.Action.WRITE, Permission.Action.READ);
        Assert.assertTrue("User should be granted permission: " + userPermission5.toString(), hasFoundUserPermission(userPermission5, userPermissions3));
        accessControllerProtocol.revoke(userPermission4);
        Assert.assertFalse("User should not be granted permission: " + userPermission5.toString(), hasFoundUserPermission(userPermission5, accessControllerProtocol.getUserPermissions(bytes)));
        hBaseAdmin.disableTable(bytes);
        hBaseAdmin.deleteTable(bytes);
    }

    private void verifyGlobal(PrivilegedExceptionAction<?> privilegedExceptionAction) throws Exception {
        verifyAllowed(SUPERUSER, privilegedExceptionAction);
        verifyDenied(USER_OWNER, privilegedExceptionAction);
        verifyDenied(USER_RW, privilegedExceptionAction);
        verifyDenied(USER_NONE, privilegedExceptionAction);
        verifyDenied(USER_RO, privilegedExceptionAction);
    }

    public void checkGlobalPerms(Permission.Action... actionArr) throws IOException {
        AccessControllerProtocol accessControllerProtocol = (AccessControllerProtocol) new HTable(conf, AccessControlLists.ACL_TABLE_NAME).coprocessorProxy(AccessControllerProtocol.class, new byte[0]);
        Permission[] permissionArr = new Permission[actionArr.length];
        for (int i = 0; i < actionArr.length; i++) {
            permissionArr[i] = new Permission(actionArr[i]);
        }
        accessControllerProtocol.checkPermissions(permissionArr);
    }

    public void checkTablePerms(byte[] bArr, byte[] bArr2, byte[] bArr3, Permission.Action... actionArr) throws IOException {
        Permission[] permissionArr = new Permission[actionArr.length];
        for (int i = 0; i < actionArr.length; i++) {
            permissionArr[i] = new TablePermission(bArr, bArr2, bArr3, actionArr[i]);
        }
        checkTablePerms(bArr, permissionArr);
    }

    public void checkTablePerms(byte[] bArr, Permission... permissionArr) throws IOException {
        ((AccessControllerProtocol) new HTable(conf, bArr).coprocessorProxy(AccessControllerProtocol.class, new byte[0])).checkPermissions(permissionArr);
    }

    public void grant(AccessControllerProtocol accessControllerProtocol, User user, byte[] bArr, byte[] bArr2, byte[] bArr3, Permission.Action... actionArr) throws IOException {
        accessControllerProtocol.grant(new UserPermission(Bytes.toBytes(user.getShortName()), bArr, bArr2, bArr3, actionArr));
    }

    @Test
    public void testCheckPermissions() throws Exception {
        AccessControllerProtocol accessControllerProtocol = (AccessControllerProtocol) new HTable(conf, AccessControlLists.ACL_TABLE_NAME).coprocessorProxy(AccessControllerProtocol.class, TEST_TABLE);
        verifyGlobal(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.35
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkGlobalPerms(Permission.Action.ADMIN);
                return null;
            }
        });
        verifyGlobal(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.36
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkGlobalPerms(Permission.Action.READ, Permission.Action.WRITE);
                return null;
            }
        });
        final byte[] bytes = Bytes.toBytes("q1");
        final byte[] bytes2 = Bytes.toBytes("q2");
        User createUserForTesting = User.createUserForTesting(conf, "user_check_perms_table", new String[0]);
        User createUserForTesting2 = User.createUserForTesting(conf, "user_check_perms_family", new String[0]);
        User createUserForTesting3 = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);
        grant(accessControllerProtocol, createUserForTesting, TEST_TABLE, null, null, Permission.Action.READ);
        grant(accessControllerProtocol, createUserForTesting2, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
        grant(accessControllerProtocol, createUserForTesting3, TEST_TABLE, TEST_FAMILY, bytes, Permission.Action.READ);
        PrivilegedExceptionAction<Void> privilegedExceptionAction = new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.37
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkTablePerms(TestAccessController.TEST_TABLE, null, null, Permission.Action.READ);
                return null;
            }
        };
        PrivilegedExceptionAction<Void> privilegedExceptionAction2 = new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.38
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkTablePerms(TestAccessController.TEST_TABLE, TestAccessController.TEST_FAMILY, null, Permission.Action.READ);
                return null;
            }
        };
        PrivilegedExceptionAction<Void> privilegedExceptionAction3 = new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.39
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkTablePerms(TestAccessController.TEST_TABLE, TestAccessController.TEST_FAMILY, bytes, Permission.Action.READ);
                return null;
            }
        };
        PrivilegedExceptionAction<Void> privilegedExceptionAction4 = new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.40
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkTablePerms(TestAccessController.TEST_TABLE, new TablePermission(TestAccessController.TEST_TABLE, TestAccessController.TEST_FAMILY, bytes, Permission.Action.READ), new TablePermission(TestAccessController.TEST_TABLE, TestAccessController.TEST_FAMILY, bytes2, Permission.Action.READ));
                return null;
            }
        };
        PrivilegedExceptionAction<Void> privilegedExceptionAction5 = new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.41
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkTablePerms(TestAccessController.TEST_TABLE, new Permission(Permission.Action.READ), new TablePermission(TestAccessController.TEST_TABLE, (byte[]) null, (byte[]) null, Permission.Action.READ));
                return null;
            }
        };
        PrivilegedExceptionAction<Void> privilegedExceptionAction6 = new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.42
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkTablePerms(TestAccessController.TEST_TABLE, new Permission[0]);
                return null;
            }
        };
        verifyAllowed(privilegedExceptionAction, SUPERUSER, createUserForTesting);
        verifyDenied(privilegedExceptionAction, createUserForTesting2, createUserForTesting3);
        verifyAllowed(privilegedExceptionAction2, SUPERUSER, createUserForTesting, createUserForTesting2);
        verifyDenied(privilegedExceptionAction2, createUserForTesting3);
        verifyAllowed(privilegedExceptionAction3, SUPERUSER, createUserForTesting, createUserForTesting2, createUserForTesting3);
        verifyAllowed(privilegedExceptionAction4, SUPERUSER, createUserForTesting, createUserForTesting2);
        verifyDenied(privilegedExceptionAction4, createUserForTesting3);
        verifyAllowed(privilegedExceptionAction5, SUPERUSER);
        verifyDenied(privilegedExceptionAction5, createUserForTesting, createUserForTesting2, createUserForTesting3);
        verifyAllowed(privilegedExceptionAction6, SUPERUSER, createUserForTesting, createUserForTesting2, createUserForTesting3);
        PrivilegedExceptionAction<Void> privilegedExceptionAction7 = new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.access.TestAccessController.43
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestAccessController.this.checkTablePerms(TestAccessController.TEST_TABLE, TestAccessController.TEST_FAMILY, null, Permission.Action.READ, Permission.Action.WRITE);
                return null;
            }
        };
        verifyAllowed(privilegedExceptionAction7, SUPERUSER, USER_OWNER, USER_RW);
        verifyDenied(privilegedExceptionAction7, USER_NONE, USER_RO);
        try {
            accessControllerProtocol.checkPermissions(new Permission[]{new TablePermission(TEST_TABLE, (byte[]) null, (byte[]) null, Permission.Action.CREATE)});
            Assert.fail("this should have thrown CoprocessorException");
        } catch (CoprocessorException e) {
        }
    }
}
