package org.apache.hadoop.hbase.security.access;

import com.google.protobuf.RpcController;
import com.google.protobuf.ServiceException;
import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.junit.Assert;

/* loaded from: input_file:org/apache/hadoop/hbase/security/access/SecureTestUtil.class */
public class SecureTestUtil {
    public static void enableSecurity(Configuration configuration) throws IOException {
        configuration.set("hadoop.security.authorization", "false");
        configuration.set("hadoop.security.authentication", "simple");
        configuration.set("hbase.coprocessor.master.classes", AccessController.class.getName());
        configuration.set("hbase.coprocessor.region.classes", AccessController.class.getName() + "," + SecureBulkLoadEndpoint.class.getName());
        configuration.set("hbase.superuser", "admin," + User.getCurrent().getName());
    }

    public void verifyAllowed(User user, PrivilegedExceptionAction... privilegedExceptionActionArr) throws Exception {
        for (PrivilegedExceptionAction privilegedExceptionAction : privilegedExceptionActionArr) {
            try {
                user.runAs(privilegedExceptionAction);
            } catch (AccessDeniedException e) {
                Assert.fail("Expected action to pass for user '" + user.getShortName() + "' but was denied");
            }
        }
    }

    public void verifyAllowed(PrivilegedExceptionAction privilegedExceptionAction, User... userArr) throws Exception {
        for (User user : userArr) {
            verifyAllowed(user, privilegedExceptionAction);
        }
    }

    public void verifyDenied(User user, PrivilegedExceptionAction... privilegedExceptionActionArr) throws Exception {
        for (PrivilegedExceptionAction privilegedExceptionAction : privilegedExceptionActionArr) {
            try {
                user.runAs(privilegedExceptionAction);
                Assert.fail("Expected AccessDeniedException for user '" + user.getShortName() + "'");
            } catch (IOException e) {
                boolean z = false;
                if (!(e instanceof RetriesExhaustedWithDetailsException)) {
                    RetriesExhaustedWithDetailsException retriesExhaustedWithDetailsException = e;
                    while (true) {
                        if (retriesExhaustedWithDetailsException instanceof AccessDeniedException) {
                            z = true;
                            break;
                        }
                        RetriesExhaustedWithDetailsException cause = retriesExhaustedWithDetailsException.getCause();
                        retriesExhaustedWithDetailsException = cause;
                        if (cause == null) {
                            break;
                        }
                    }
                } else {
                    Iterator it = e.getCauses().iterator();
                    while (true) {
                        if (it.hasNext()) {
                            if (((Throwable) it.next()) instanceof AccessDeniedException) {
                                z = true;
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                }
                if (!z) {
                    Assert.fail("Not receiving AccessDeniedException for user '" + user.getShortName() + "'");
                }
            } catch (UndeclaredThrowableException e2) {
                ServiceException undeclaredThrowable = e2.getUndeclaredThrowable();
                if (undeclaredThrowable instanceof PrivilegedActionException) {
                    undeclaredThrowable = ((PrivilegedActionException) undeclaredThrowable).getException();
                }
                if (undeclaredThrowable instanceof ServiceException) {
                    ServiceException serviceException = undeclaredThrowable;
                    if (serviceException.getCause() != null && (serviceException.getCause() instanceof AccessDeniedException)) {
                        return;
                    }
                }
                Assert.fail("Not receiving AccessDeniedException for user '" + user.getShortName() + "'");
            }
        }
    }

    public void verifyDenied(PrivilegedExceptionAction privilegedExceptionAction, User... userArr) throws Exception {
        for (User user : userArr) {
            verifyDenied(user, privilegedExceptionAction);
        }
    }

    public void checkTablePerms(Configuration configuration, byte[] bArr, byte[] bArr2, byte[] bArr3, Permission.Action... actionArr) throws IOException {
        Permission[] permissionArr = new Permission[actionArr.length];
        for (int i = 0; i < actionArr.length; i++) {
            permissionArr[i] = new TablePermission(TableName.valueOf(bArr), bArr2, bArr3, new Permission.Action[]{actionArr[i]});
        }
        checkTablePerms(configuration, bArr, permissionArr);
    }

    public void checkTablePerms(Configuration configuration, byte[] bArr, Permission... permissionArr) throws IOException {
        AccessControlProtos.CheckPermissionsRequest.Builder newBuilder = AccessControlProtos.CheckPermissionsRequest.newBuilder();
        for (Permission permission : permissionArr) {
            newBuilder.addPermission(ProtobufUtil.toPermission(permission));
        }
        HTable hTable = new HTable(configuration, bArr);
        try {
            try {
                AccessControlProtos.AccessControlService.newBlockingStub(hTable.coprocessorService(new byte[0])).checkPermissions((RpcController) null, newBuilder.build());
            } catch (ServiceException e) {
                ProtobufUtil.toIOException(e);
            }
        } finally {
            hTable.close();
        }
    }
}
