package org.apache.hadoop.hbase.security.access;

import com.facebook.presto.phoenix.shaded.com.google.common.collect.ListMultimap;
import com.facebook.presto.phoenix.shaded.com.google.protobuf.RpcController;
import com.facebook.presto.phoenix.shaded.org.junit.AfterClass;
import com.facebook.presto.phoenix.shaded.org.junit.Assert;
import com.facebook.presto.phoenix.shaded.org.junit.BeforeClass;
import com.facebook.presto.phoenix.shaded.org.junit.Test;
import com.facebook.presto.phoenix.shaded.org.junit.experimental.categories.Category;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.qjournal.MiniQJMHACluster;

@Category({MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestNamespaceCommands.class */
public class TestNamespaceCommands extends SecureTestUtil {
    private static Configuration conf;
    private static MasterCoprocessorEnvironment CP_ENV;
    private static AccessController ACCESS_CONTROLLER;
    private static User SUPERUSER;
    private static User USER_GLOBAL_ADMIN;
    private static User USER_GLOBAL_CREATE;
    private static User USER_GLOBAL_WRITE;
    private static User USER_GLOBAL_READ;
    private static User USER_GLOBAL_EXEC;
    private static User USER_NS_ADMIN;
    private static User USER_NS_CREATE;
    private static User USER_NS_WRITE;
    private static User USER_NS_READ;
    private static User USER_NS_EXEC;
    private static User USER_TABLE_WRITE;
    private static User USER_TABLE_CREATE;
    private static final String GROUP_ADMIN = "group_admin";
    private static final String GROUP_NS_ADMIN = "group_ns_admin";
    private static final String GROUP_CREATE = "group_create";
    private static final String GROUP_READ = "group_read";
    private static final String GROUP_WRITE = "group_write";
    private static User USER_GROUP_ADMIN;
    private static User USER_GROUP_NS_ADMIN;
    private static User USER_GROUP_CREATE;
    private static User USER_GROUP_READ;
    private static User USER_GROUP_WRITE;
    private static HBaseTestingUtility UTIL = new HBaseTestingUtility();
    private static final Log LOG = LogFactory.getLog(TestNamespaceCommands.class);
    private static String TEST_NAMESPACE = MiniQJMHACluster.NAMESERVICE;
    private static String TEST_NAMESPACE2 = "ns2";
    private static String TEST_TABLE = TEST_NAMESPACE + ":testtable";
    private static byte[] TEST_FAMILY = Bytes.toBytes("f1");

    @BeforeClass
    public static void beforeClass() throws Exception {
        conf = UTIL.getConfiguration();
        conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10);
        enableSecurity(conf);
        SUPERUSER = User.createUserForTesting(conf, "admin", new String[]{DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT});
        USER_GLOBAL_ADMIN = User.createUserForTesting(conf, "global_admin", new String[0]);
        USER_GLOBAL_CREATE = User.createUserForTesting(conf, "global_create", new String[0]);
        USER_GLOBAL_WRITE = User.createUserForTesting(conf, "global_write", new String[0]);
        USER_GLOBAL_READ = User.createUserForTesting(conf, "global_read", new String[0]);
        USER_GLOBAL_EXEC = User.createUserForTesting(conf, "global_exec", new String[0]);
        USER_NS_ADMIN = User.createUserForTesting(conf, "namespace_admin", new String[0]);
        USER_NS_CREATE = User.createUserForTesting(conf, "namespace_create", new String[0]);
        USER_NS_WRITE = User.createUserForTesting(conf, "namespace_write", new String[0]);
        USER_NS_READ = User.createUserForTesting(conf, "namespace_read", new String[0]);
        USER_NS_EXEC = User.createUserForTesting(conf, "namespace_exec", new String[0]);
        USER_TABLE_CREATE = User.createUserForTesting(conf, "table_create", new String[0]);
        USER_TABLE_WRITE = User.createUserForTesting(conf, "table_write", new String[0]);
        USER_GROUP_ADMIN = User.createUserForTesting(conf, "user_group_admin", new String[]{GROUP_ADMIN});
        USER_GROUP_NS_ADMIN = User.createUserForTesting(conf, "user_group_ns_admin", new String[]{GROUP_NS_ADMIN});
        USER_GROUP_CREATE = User.createUserForTesting(conf, "user_group_create", new String[]{GROUP_CREATE});
        USER_GROUP_READ = User.createUserForTesting(conf, "user_group_read", new String[]{GROUP_READ});
        USER_GROUP_WRITE = User.createUserForTesting(conf, "user_group_write", new String[]{GROUP_WRITE});
        UTIL.startMiniCluster();
        UTIL.waitTableAvailable(AccessControlLists.ACL_TABLE_NAME.getName(), 30000L);
        ACCESS_CONTROLLER = (AccessController) UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost().findCoprocessor(AccessController.class.getName());
        UTIL.getHBaseAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE).build());
        UTIL.getHBaseAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE2).build());
        grantGlobal(UTIL, USER_GLOBAL_ADMIN.getShortName(), Permission.Action.ADMIN);
        grantGlobal(UTIL, USER_GLOBAL_CREATE.getShortName(), Permission.Action.CREATE);
        grantGlobal(UTIL, USER_GLOBAL_WRITE.getShortName(), Permission.Action.WRITE);
        grantGlobal(UTIL, USER_GLOBAL_READ.getShortName(), Permission.Action.READ);
        grantGlobal(UTIL, USER_GLOBAL_EXEC.getShortName(), Permission.Action.EXEC);
        grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE, Permission.Action.ADMIN);
        grantOnNamespace(UTIL, USER_NS_CREATE.getShortName(), TEST_NAMESPACE, Permission.Action.CREATE);
        grantOnNamespace(UTIL, USER_NS_WRITE.getShortName(), TEST_NAMESPACE, Permission.Action.WRITE);
        grantOnNamespace(UTIL, USER_NS_READ.getShortName(), TEST_NAMESPACE, Permission.Action.READ);
        grantOnNamespace(UTIL, USER_NS_EXEC.getShortName(), TEST_NAMESPACE, Permission.Action.EXEC);
        grantOnNamespace(UTIL, AuthUtil.toGroupEntry(GROUP_NS_ADMIN), TEST_NAMESPACE, Permission.Action.ADMIN);
        grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE2, Permission.Action.ADMIN);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_CREATE), Permission.Action.CREATE);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_READ), Permission.Action.READ);
        grantGlobal(UTIL, AuthUtil.toGroupEntry(GROUP_WRITE), Permission.Action.WRITE);
    }

    @AfterClass
    public static void afterClass() throws Exception {
        UTIL.getHBaseAdmin().deleteNamespace(TEST_NAMESPACE);
        UTIL.getHBaseAdmin().deleteNamespace(TEST_NAMESPACE2);
        UTIL.shutdownMiniCluster();
    }

    @Test
    public void testAclTableEntries() throws Exception {
        Connection createConnection = ConnectionFactory.createConnection(conf);
        Throwable th = null;
        try {
            Table table = createConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
            Throwable th2 = null;
            try {
                AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE);
                Iterator<Map.Entry<String, TablePermission>> it = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE).entries().iterator();
                while (it.hasNext()) {
                    LOG.debug(it.next());
                }
                Assert.assertEquals(6L, r0.size());
                grantOnNamespace(UTIL, "userTestNsp", TEST_NAMESPACE, Permission.Action.WRITE);
                Assert.assertTrue(table.get(new Get(Bytes.toBytes("userTestNsp"))) != null);
                ListMultimap<String, TablePermission> namespacePermissions = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE);
                Assert.assertEquals(7L, namespacePermissions.size());
                List<TablePermission> list = namespacePermissions.get((ListMultimap<String, TablePermission>) "userTestNsp");
                Assert.assertTrue(namespacePermissions.containsKey("userTestNsp"));
                Assert.assertEquals(1L, list.size());
                Assert.assertEquals(TEST_NAMESPACE, list.get(0).getNamespace());
                Assert.assertEquals((Object) null, list.get(0).getFamily());
                Assert.assertEquals((Object) null, list.get(0).getQualifier());
                Assert.assertEquals(1L, list.get(0).getActions().length);
                Assert.assertEquals(Permission.Action.WRITE, list.get(0).getActions()[0]);
                revokeFromNamespace(UTIL, "userTestNsp", TEST_NAMESPACE, Permission.Action.WRITE);
                Assert.assertEquals(6L, AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE).size());
                if (table != null) {
                    if (0 != 0) {
                        try {
                            table.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        table.close();
                    }
                }
                if (createConnection != null) {
                    if (0 == 0) {
                        createConnection.close();
                        return;
                    }
                    try {
                        createConnection.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (table != null) {
                    if (0 != 0) {
                        try {
                            table.close();
                        } catch (Throwable th6) {
                            th2.addSuppressed(th6);
                        }
                    } else {
                        table.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (createConnection != null) {
                if (0 != 0) {
                    try {
                        createConnection.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    createConnection.close();
                }
            }
            throw th7;
        }
    }

    @Test
    public void testModifyNamespace() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preModifyNamespace(ObserverContext.createAndPrepare(TestNamespaceCommands.CP_ENV, null), NamespaceDescriptor.create(TestNamespaceCommands.TEST_NAMESPACE).addConfiguration("abc", "156").build());
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testCreateAndDeleteNamespace() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preCreateNamespace(ObserverContext.createAndPrepare(TestNamespaceCommands.CP_ENV, null), NamespaceDescriptor.create(TestNamespaceCommands.TEST_NAMESPACE2).build());
                return null;
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction2 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preDeleteNamespace(ObserverContext.createAndPrepare(TestNamespaceCommands.CP_ENV, null), TestNamespaceCommands.TEST_NAMESPACE2);
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction2, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction2, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testGetNamespaceDescriptor() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                TestNamespaceCommands.ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContext.createAndPrepare(TestNamespaceCommands.CP_ENV, null), TestNamespaceCommands.TEST_NAMESPACE);
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testListNamespaces() throws Exception {
        verifyAllowed(new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.UTIL.getConfiguration());
                Admin admin = createConnection.getAdmin();
                try {
                    List asList = Arrays.asList(admin.listNamespaceDescriptors());
                    admin.close();
                    createConnection.close();
                    return asList;
                } catch (Throwable th) {
                    admin.close();
                    createConnection.close();
                    throw th;
                }
            }
        }, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
        Assert.assertEquals(4L, ((List) SUPERUSER.runAs(r0)).size());
        Assert.assertEquals(4L, ((List) USER_GLOBAL_ADMIN.runAs(r0)).size());
        Assert.assertEquals(4L, ((List) USER_GROUP_ADMIN.runAs(r0)).size());
        Assert.assertEquals(2L, ((List) USER_NS_ADMIN.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_WRITE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_READ.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GLOBAL_EXEC.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_WRITE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_READ.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_NS_EXEC.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_TABLE_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_TABLE_WRITE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GROUP_CREATE.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GROUP_READ.runAs(r0)).size());
        Assert.assertEquals(0L, ((List) USER_GROUP_WRITE.runAs(r0)).size());
    }

    @Test
    public void testGrantRevoke() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.6
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
                    Throwable th2 = null;
                    try {
                        try {
                            ProtobufUtil.grant(null, AccessControlProtos.AccessControlService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW)), "testUser", TestNamespaceCommands.TEST_NAMESPACE, Permission.Action.WRITE);
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            if (createConnection == null) {
                                return null;
                            }
                            if (0 == 0) {
                                createConnection.close();
                                return null;
                            }
                            try {
                                createConnection.close();
                                return null;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return null;
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th8;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction2 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.7
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
                    Throwable th2 = null;
                    try {
                        ProtobufUtil.grant(null, AccessControlProtos.AccessControlService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW)), TestNamespaceCommands.USER_GROUP_NS_ADMIN.getShortName(), TestNamespaceCommands.TEST_NAMESPACE, Permission.Action.READ);
                        if (table != null) {
                            if (0 != 0) {
                                try {
                                    table.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                table.close();
                            }
                        }
                        if (createConnection == null) {
                            return null;
                        }
                        if (0 == 0) {
                            createConnection.close();
                            return null;
                        }
                        try {
                            createConnection.close();
                            return null;
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                            return null;
                        }
                    } catch (Throwable th5) {
                        if (table != null) {
                            if (0 != 0) {
                                try {
                                    table.close();
                                } catch (Throwable th6) {
                                    th2.addSuppressed(th6);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th5;
                    }
                } catch (Throwable th7) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th8) {
                                th.addSuppressed(th8);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th7;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction3 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.8
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
                    Throwable th2 = null;
                    try {
                        try {
                            ProtobufUtil.revoke(null, AccessControlProtos.AccessControlService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW)), "testUser", TestNamespaceCommands.TEST_NAMESPACE, Permission.Action.WRITE);
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            if (createConnection == null) {
                                return null;
                            }
                            if (0 == 0) {
                                createConnection.close();
                                return null;
                            }
                            try {
                                createConnection.close();
                                return null;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return null;
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th8;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction4 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.9
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Table table = createConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
                try {
                    ProtobufUtil.revoke(null, AccessControlProtos.AccessControlService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW)), TestNamespaceCommands.USER_GROUP_NS_ADMIN.getShortName(), TestNamespaceCommands.TEST_NAMESPACE, Permission.Action.READ);
                    table.close();
                    createConnection.close();
                    return null;
                } catch (Throwable th) {
                    table.close();
                    createConnection.close();
                    throw th;
                }
            }
        };
        SecureTestUtil.AccessTestAction accessTestAction5 = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.10
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestNamespaceCommands.conf);
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
                    Throwable th2 = null;
                    try {
                        try {
                            ProtobufUtil.getUserPermissions((RpcController) null, AccessControlProtos.AccessControlService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW)), Bytes.toBytes(TestNamespaceCommands.TEST_NAMESPACE));
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            if (createConnection == null) {
                                return null;
                            }
                            if (0 == 0) {
                                createConnection.close();
                                return null;
                            }
                            try {
                                createConnection.close();
                                return null;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return null;
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                    throw th8;
                }
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction2, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
        verifyDenied(accessTestAction2, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction3, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
        verifyDenied(accessTestAction3, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction4, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
        verifyDenied(accessTestAction4, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
        verifyAllowed(accessTestAction5, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
        verifyDenied(accessTestAction5, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    }

    @Test
    public void testCreateTableWithNamespace() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = new SecureTestUtil.AccessTestAction() { // from class: org.apache.hadoop.hbase.security.access.TestNamespaceCommands.11
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                HTableDescriptor hTableDescriptor = new HTableDescriptor(TableName.valueOf(TestNamespaceCommands.TEST_TABLE));
                hTableDescriptor.addFamily(new HColumnDescriptor(TestNamespaceCommands.TEST_FAMILY));
                TestNamespaceCommands.ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(TestNamespaceCommands.CP_ENV, null), hTableDescriptor, null);
                return null;
            }
        };
        verifyAllowed(accessTestAction, SUPERUSER, USER_GLOBAL_CREATE, USER_NS_CREATE, USER_GROUP_CREATE);
        verifyDenied(accessTestAction, USER_GLOBAL_ADMIN, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_ADMIN, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_ADMIN);
    }
}
