package org.apache.hadoop.hbase.security.provider;

import java.io.ByteArrayInputStream;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.DataOutput;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.hbase.CellUtil;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.LocalHBaseCluster;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.TableNameTestRule;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.RetriesExhaustedException;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.ipc.BlockingRpcClient;
import org.apache.hadoop.hbase.ipc.NettyRpcClient;
import org.apache.hadoop.hbase.ipc.RpcClientFactory;
import org.apache.hadoop.hbase.ipc.RpcServerFactory;
import org.apache.hadoop.hbase.quotas.SpaceQuotaHelperForTests;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
import org.apache.hadoop.hbase.security.SaslUtil;
import org.apache.hadoop.hbase.security.SecurityInfo;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.token.SecureTestCluster;
import org.apache.hadoop.hbase.security.token.TokenProvider;
import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.CommonFSUtils;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hbase.thirdparty.com.google.common.base.Throwables;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runners.Parameterized;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hbase/security/provider/CustomSaslAuthenticationProviderTestBase.class */
public abstract class CustomSaslAuthenticationProviderTestBase {
    private static final String USER1_PASSWORD = "foobarbaz";
    private static final String USER2_PASSWORD = "bazbarfoo";

    @Parameterized.Parameter
    public String rpcClientImpl;
    private static LocalHBaseCluster CLUSTER;
    private static File KEYTAB_FILE;

    @Rule
    public TableNameTestRule name = new TableNameTestRule();
    private TableName tableName;
    private String clusterId;
    private static final Logger LOG = LoggerFactory.getLogger(CustomSaslAuthenticationProviderTestBase.class);
    private static final Map<String, String> USER_DATABASE = createUserDatabase();
    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
    private static final Configuration CONF = UTIL.getConfiguration();

    /* loaded from: input_file:org/apache/hadoop/hbase/security/provider/CustomSaslAuthenticationProviderTestBase$InMemoryClientProvider.class */
    public static class InMemoryClientProvider extends AbstractSaslClientAuthenticationProvider {
        public static final String MECHANISM = "DIGEST-MD5";
        public static final SaslAuthMethod SASL_AUTH_METHOD = new SaslAuthMethod("IN_MEMORY", (byte) 42, MECHANISM, UserGroupInformation.AuthenticationMethod.TOKEN);

        /* loaded from: input_file:org/apache/hadoop/hbase/security/provider/CustomSaslAuthenticationProviderTestBase$InMemoryClientProvider$InMemoryClientProviderCallbackHandler.class */
        public class InMemoryClientProviderCallbackHandler implements CallbackHandler {
            private final Token<? extends TokenIdentifier> token;

            public InMemoryClientProviderCallbackHandler(Token<? extends TokenIdentifier> token) {
                this.token = token;
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
                NameCallback nameCallback = null;
                PasswordCallback passwordCallback = null;
                RealmCallback realmCallback = null;
                for (Callback callback : callbackArr) {
                    if (!(callback instanceof RealmChoiceCallback)) {
                        if (callback instanceof NameCallback) {
                            nameCallback = (NameCallback) callback;
                        } else if (callback instanceof PasswordCallback) {
                            passwordCallback = (PasswordCallback) callback;
                        } else {
                            if (!(callback instanceof RealmCallback)) {
                                throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback");
                            }
                            realmCallback = (RealmCallback) callback;
                        }
                    }
                }
                if (nameCallback != null) {
                    nameCallback.setName(SaslUtil.encodeIdentifier(this.token.getIdentifier()));
                }
                if (passwordCallback != null) {
                    passwordCallback.setPassword(SaslUtil.encodePassword(this.token.getPassword()));
                }
                if (realmCallback != null) {
                    realmCallback.setText(realmCallback.getDefaultText());
                }
            }
        }

        @Override // org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider
        public SaslClient createClient(Configuration configuration, InetAddress inetAddress, SecurityInfo securityInfo, Token<? extends TokenIdentifier> token, boolean z, Map<String, String> map) throws IOException {
            return Sasl.createSaslClient(new String[]{MECHANISM}, (String) null, (String) null, "default", map, new InMemoryClientProviderCallbackHandler(token));
        }

        public Optional<Token<? extends TokenIdentifier>> findToken(User user) {
            List list = (List) user.getTokens().stream().filter(token -> {
                return token.getKind().equals(PasswordAuthTokenIdentifier.PASSWORD_AUTH_TOKEN);
            }).collect(Collectors.toList());
            if (list.isEmpty()) {
                return Optional.empty();
            }
            if (list.size() > 1) {
                throw new IllegalStateException("Cannot handle more than one PasswordAuthToken");
            }
            return Optional.of(list.get(0));
        }

        @Override // org.apache.hadoop.hbase.security.provider.SaslAuthenticationProvider
        public SaslAuthMethod getSaslAuthMethod() {
            return SASL_AUTH_METHOD;
        }

        @Override // org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider
        public RPCProtos.UserInformation getUserInfo(User user) {
            return null;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/security/provider/CustomSaslAuthenticationProviderTestBase$InMemoryProviderSelector.class */
    public static class InMemoryProviderSelector extends BuiltInProviderSelector {
        private InMemoryClientProvider inMemoryProvider;

        @Override // org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector, org.apache.hadoop.hbase.security.provider.AuthenticationProviderSelector
        public void configure(Configuration configuration, Collection<SaslClientAuthenticationProvider> collection) {
            super.configure(configuration, collection);
            this.inMemoryProvider = (InMemoryClientProvider) collection.stream().filter(saslClientAuthenticationProvider -> {
                return saslClientAuthenticationProvider instanceof InMemoryClientProvider;
            }).findAny().orElseThrow(() -> {
                return new RuntimeException("InMemoryClientProvider not found in available providers: " + collection);
            });
        }

        @Override // org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector, org.apache.hadoop.hbase.security.provider.AuthenticationProviderSelector
        public Pair<SaslClientAuthenticationProvider, Token<? extends TokenIdentifier>> selectProvider(String str, User user) {
            Pair<SaslClientAuthenticationProvider, Token<? extends TokenIdentifier>> selectProvider = super.selectProvider(str, user);
            Optional<Token<? extends TokenIdentifier>> findToken = this.inMemoryProvider.findToken(user);
            if (findToken.isPresent()) {
                CustomSaslAuthenticationProviderTestBase.LOG.info("Using InMemoryClientProvider");
                return new Pair<>(this.inMemoryProvider, findToken.get());
            }
            CustomSaslAuthenticationProviderTestBase.LOG.info("InMemoryClientProvider not usable, falling back to {}", selectProvider);
            return selectProvider;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/security/provider/CustomSaslAuthenticationProviderTestBase$InMemoryServerProvider.class */
    public static class InMemoryServerProvider extends InMemoryClientProvider implements SaslServerAuthenticationProvider {

        /* loaded from: input_file:org/apache/hadoop/hbase/security/provider/CustomSaslAuthenticationProviderTestBase$InMemoryServerProvider$InMemoryServerProviderCallbackHandler.class */
        private class InMemoryServerProviderCallbackHandler implements CallbackHandler {
            private InMemoryServerProviderCallbackHandler() {
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws SecretManager.InvalidToken, UnsupportedCallbackException {
                NameCallback nameCallback = null;
                PasswordCallback passwordCallback = null;
                AuthorizeCallback authorizeCallback = null;
                for (Callback callback : callbackArr) {
                    if (callback instanceof AuthorizeCallback) {
                        authorizeCallback = (AuthorizeCallback) callback;
                    } else if (callback instanceof NameCallback) {
                        nameCallback = (NameCallback) callback;
                    } else if (callback instanceof PasswordCallback) {
                        passwordCallback = (PasswordCallback) callback;
                    } else if (!(callback instanceof RealmCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL Callback");
                    }
                }
                if (nameCallback != null && passwordCallback != null) {
                    byte[] decodeIdentifier = SaslUtil.decodeIdentifier(nameCallback.getDefaultName());
                    PasswordAuthTokenIdentifier passwordAuthTokenIdentifier = new PasswordAuthTokenIdentifier();
                    try {
                        passwordAuthTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(decodeIdentifier)));
                        passwordCallback.setPassword(SaslUtil.encodePassword(Bytes.toBytes(CustomSaslAuthenticationProviderTestBase.getPassword(passwordAuthTokenIdentifier.getUser().getUserName()))));
                    } catch (IOException e) {
                        throw ((SecretManager.InvalidToken) new SecretManager.InvalidToken("Can't de-serialize tokenIdentifier").initCause(e));
                    }
                }
                if (authorizeCallback != null) {
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    } else {
                        authorizeCallback.setAuthorized(false);
                    }
                    if (authorizeCallback.isAuthorized()) {
                        authorizeCallback.setAuthorizedID(authorizationID);
                    }
                }
            }
        }

        @Override // org.apache.hadoop.hbase.security.provider.SaslServerAuthenticationProvider
        public AttemptingUserProvidingSaslServer createServer(SecretManager<TokenIdentifier> secretManager, Map<String, String> map) throws IOException {
            return new AttemptingUserProvidingSaslServer(Sasl.createSaslServer(getSaslAuthMethod().getSaslMechanism(), (String) null, "default", map, new InMemoryServerProviderCallbackHandler()), () -> {
                return null;
            });
        }

        @Override // org.apache.hadoop.hbase.security.provider.SaslServerAuthenticationProvider
        public boolean supportsProtocolAuthentication() {
            return false;
        }

        @Override // org.apache.hadoop.hbase.security.provider.SaslServerAuthenticationProvider
        public UserGroupInformation getAuthorizedUgi(String str, SecretManager<TokenIdentifier> secretManager) throws IOException {
            byte[] decodeIdentifier = SaslUtil.decodeIdentifier(str);
            TokenIdentifier passwordAuthTokenIdentifier = new PasswordAuthTokenIdentifier();
            try {
                passwordAuthTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(decodeIdentifier)));
                UserGroupInformation user = passwordAuthTokenIdentifier.getUser();
                if (user == null) {
                    throw new AccessDeniedException("Can't retrieve username from tokenIdentifier.");
                }
                user.addTokenIdentifier(passwordAuthTokenIdentifier);
                user.setAuthenticationMethod(getSaslAuthMethod().getAuthMethod());
                return user;
            } catch (IOException e) {
                throw new IOException("Can't de-serialize PasswordAuthTokenIdentifier", e);
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/security/provider/CustomSaslAuthenticationProviderTestBase$PasswordAuthTokenIdentifier.class */
    public static class PasswordAuthTokenIdentifier extends TokenIdentifier {
        public static final Text PASSWORD_AUTH_TOKEN = new Text("HBASE_PASSWORD_TEST_TOKEN");
        private String username;

        public PasswordAuthTokenIdentifier() {
        }

        public PasswordAuthTokenIdentifier(String str) {
            this.username = str;
        }

        @Override // org.apache.hadoop.io.Writable
        public void readFields(DataInput dataInput) throws IOException {
            this.username = WritableUtils.readString(dataInput);
        }

        @Override // org.apache.hadoop.io.Writable
        public void write(DataOutput dataOutput) throws IOException {
            WritableUtils.writeString(dataOutput, this.username);
        }

        @Override // org.apache.hadoop.security.token.TokenIdentifier
        public Text getKind() {
            return PASSWORD_AUTH_TOKEN;
        }

        @Override // org.apache.hadoop.security.token.TokenIdentifier
        public UserGroupInformation getUser() {
            if (this.username == null || "".equals(this.username)) {
                return null;
            }
            return UserGroupInformation.createRemoteUser(this.username);
        }
    }

    @Parameterized.Parameters
    public static Collection<Object[]> parameters() {
        return Arrays.asList(new Object[]{BlockingRpcClient.class.getName()}, new Object[]{NettyRpcClient.class.getName()});
    }

    private static Map<String, String> createUserDatabase() {
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        concurrentHashMap.put("user1", USER1_PASSWORD);
        concurrentHashMap.put("user2", USER2_PASSWORD);
        return concurrentHashMap;
    }

    public static String getPassword(String str) {
        String str2 = USER_DATABASE.get(str);
        if (str2 == null) {
            throw new IllegalStateException("Cannot request password for a user that doesn't exist");
        }
        return str2;
    }

    public static Token<? extends TokenIdentifier> createPasswordToken(String str, String str2, String str3) {
        PasswordAuthTokenIdentifier passwordAuthTokenIdentifier = new PasswordAuthTokenIdentifier(str);
        return new Token<>(passwordAuthTokenIdentifier.getBytes(), Bytes.toBytes(str2), passwordAuthTokenIdentifier.getKind(), new Text(str3));
    }

    private static void createBaseCluster(HBaseTestingUtility hBaseTestingUtility, File file, MiniKdc miniKdc) throws Exception {
        miniKdc.createPrincipal(file, new String[]{"hbase/localhost"});
        hBaseTestingUtility.startMiniZKCluster();
        HBaseKerberosUtils.setSecuredConfiguration(hBaseTestingUtility.getConfiguration(), "hbase/localhost@" + miniKdc.getRealm(), "HTTP/localhost@" + miniKdc.getRealm());
        HBaseKerberosUtils.setSSLConfiguration(hBaseTestingUtility, SecureTestCluster.class);
        hBaseTestingUtility.getConfiguration().setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, TokenProvider.class.getName());
        hBaseTestingUtility.startMiniDFSCluster(1);
        CommonFSUtils.setRootDir(hBaseTestingUtility.getConfiguration(), hBaseTestingUtility.getDataTestDirOnTestFS("TestCustomSaslAuthenticationProvider"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void startCluster(String str) throws Exception {
        KEYTAB_FILE = new File(UTIL.getDataTestDir("keytab").toUri().getPath());
        MiniKdc miniKdc = UTIL.setupMiniKdc(KEYTAB_FILE);
        CONF.setStrings(SaslClientAuthenticationProviders.EXTRA_PROVIDERS_KEY, InMemoryClientProvider.class.getName());
        CONF.setStrings(SaslServerAuthenticationProviders.EXTRA_PROVIDERS_KEY, InMemoryServerProvider.class.getName());
        CONF.set(SaslClientAuthenticationProviders.SELECTOR_KEY, InMemoryProviderSelector.class.getName());
        CONF.setLong(CommonConfigurationKeysPublic.HADOOP_KERBEROS_MIN_SECONDS_BEFORE_RELOGIN, 600L);
        createBaseCluster(UTIL, KEYTAB_FILE, miniKdc);
        CONF.set(RpcServerFactory.CUSTOM_RPC_SERVER_IMPL_CONF_KEY, str);
        CLUSTER = new LocalHBaseCluster(CONF, 1);
        CLUSTER.startup();
    }

    @AfterClass
    public static void shutdownCluster() throws Exception {
        if (CLUSTER != null) {
            CLUSTER.shutdown();
            CLUSTER = null;
        }
        UTIL.shutdownMiniDFSCluster();
        UTIL.shutdownMiniZKCluster();
        UTIL.cleanupTestDir();
    }

    @Before
    public void setUp() throws Exception {
        createTable();
    }

    @After
    public void tearDown() throws IOException {
        UTIL.deleteTable(this.name.getTableName());
    }

    private void createTable() throws Exception {
        this.tableName = this.name.getTableName();
        this.clusterId = (String) UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/localhost", KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.hbase.security.provider.CustomSaslAuthenticationProviderTestBase.1
            /* JADX WARN: Can't rename method to resolve collision */
            /* JADX WARN: Failed to calculate best type for var: r8v1 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Failed to calculate best type for var: r9v0 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
             */
            /* JADX WARN: Not initialized variable reg: 8, insn: 0x0139: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:75:0x0139 */
            /* JADX WARN: Not initialized variable reg: 9, insn: 0x013d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:77:0x013d */
            /* JADX WARN: Type inference failed for: r8v1, types: [org.apache.hadoop.hbase.client.Admin] */
            /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws Exception {
                ?? r8;
                ?? r9;
                Connection createConnection = ConnectionFactory.createConnection(CustomSaslAuthenticationProviderTestBase.CONF);
                Throwable th = null;
                try {
                    try {
                        Admin admin = createConnection.getAdmin();
                        Throwable th2 = null;
                        admin.createTable(TableDescriptorBuilder.newBuilder(CustomSaslAuthenticationProviderTestBase.this.tableName).setColumnFamily(ColumnFamilyDescriptorBuilder.of(SpaceQuotaHelperForTests.F1)).build());
                        CustomSaslAuthenticationProviderTestBase.UTIL.waitTableAvailable(CustomSaslAuthenticationProviderTestBase.this.tableName);
                        Table table = createConnection.getTable(CustomSaslAuthenticationProviderTestBase.this.tableName);
                        Throwable th3 = null;
                        try {
                            try {
                                Put put = new Put(Bytes.toBytes("r1"));
                                put.addColumn(Bytes.toBytes(SpaceQuotaHelperForTests.F1), Bytes.toBytes("q1"), Bytes.toBytes("1"));
                                table.put(put);
                                if (table != null) {
                                    if (0 != 0) {
                                        try {
                                            table.close();
                                        } catch (Throwable th4) {
                                            th3.addSuppressed(th4);
                                        }
                                    } else {
                                        table.close();
                                    }
                                }
                                String clusterId = admin.getClusterMetrics().getClusterId();
                                if (admin != null) {
                                    if (0 != 0) {
                                        try {
                                            admin.close();
                                        } catch (Throwable th5) {
                                            th2.addSuppressed(th5);
                                        }
                                    } else {
                                        admin.close();
                                    }
                                }
                                return clusterId;
                            } finally {
                            }
                        } catch (Throwable th6) {
                            if (table != null) {
                                if (th3 != null) {
                                    try {
                                        table.close();
                                    } catch (Throwable th7) {
                                        th3.addSuppressed(th7);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            throw th6;
                        }
                    } finally {
                        if (createConnection != null) {
                            if (0 != 0) {
                                try {
                                    createConnection.close();
                                } catch (Throwable th8) {
                                    th.addSuppressed(th8);
                                }
                            } else {
                                createConnection.close();
                            }
                        }
                    }
                } catch (Throwable th9) {
                    if (r8 != 0) {
                        if (r9 != 0) {
                            try {
                                r8.close();
                            } catch (Throwable th10) {
                                r9.addSuppressed(th10);
                            }
                        } else {
                            r8.close();
                        }
                    }
                    throw th9;
                }
            }
        });
        Assert.assertNotNull(this.clusterId);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Configuration getClientConf() {
        Configuration configuration = new Configuration(CONF);
        configuration.set(RpcClientFactory.CUSTOM_RPC_CLIENT_IMPL_CONF_KEY, this.rpcClientImpl);
        return configuration;
    }

    @Test
    public void testPositiveAuthentication() throws Exception {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user1", new String[0]);
        createUserForTesting.addToken(createPasswordToken("user1", USER1_PASSWORD, this.clusterId));
        createUserForTesting.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.provider.CustomSaslAuthenticationProviderTestBase.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(CustomSaslAuthenticationProviderTestBase.this.getClientConf());
                Throwable th = null;
                try {
                    Table table = createConnection.getTable(CustomSaslAuthenticationProviderTestBase.this.tableName);
                    Throwable th2 = null;
                    try {
                        try {
                            Result result = table.get(new Get(Bytes.toBytes("r1")));
                            Assert.assertNotNull(result);
                            Assert.assertFalse("Should have read a non-empty Result", result.isEmpty());
                            Assert.assertTrue("Unexpected value", CellUtil.matchingValue(result.getColumnLatestCell(Bytes.toBytes(SpaceQuotaHelperForTests.F1), Bytes.toBytes("q1")), Bytes.toBytes("1")));
                            if (table != null) {
                                if (0 != 0) {
                                    try {
                                        table.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            return null;
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (table != null) {
                            if (th2 != null) {
                                try {
                                    table.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                table.close();
                            }
                        }
                        throw th4;
                    }
                } finally {
                    if (createConnection != null) {
                        if (0 != 0) {
                            try {
                                createConnection.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        } else {
                            createConnection.close();
                        }
                    }
                }
            }
        });
    }

    @Test
    public void testNegativeAuthentication() throws Exception {
        final Configuration configuration = new Configuration(CONF);
        configuration.set("hbase.client.registry.impl", HConstants.ZK_CONNECTION_REGISTRY_CLASS);
        configuration.setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 3);
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user1", new String[0]);
        createUserForTesting.addToken(createPasswordToken("user1", "definitely not the password", this.clusterId));
        createUserForTesting.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.provider.CustomSaslAuthenticationProviderTestBase.3
            /* JADX WARN: Can't rename method to resolve collision */
            /* JADX WARN: Finally extract failed */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                try {
                    Connection createConnection = ConnectionFactory.createConnection(configuration);
                    Throwable th = null;
                    try {
                        Table table = createConnection.getTable(CustomSaslAuthenticationProviderTestBase.this.tableName);
                        Throwable th2 = null;
                        try {
                            try {
                                table.get(new Get(Bytes.toBytes("r1")));
                                Assert.fail("Should not successfully authenticate with HBase");
                                if (table != null) {
                                    if (0 != 0) {
                                        try {
                                            table.close();
                                        } catch (Throwable th3) {
                                            th2.addSuppressed(th3);
                                        }
                                    } else {
                                        table.close();
                                    }
                                }
                                if (createConnection != null) {
                                    if (0 != 0) {
                                        try {
                                            createConnection.close();
                                        } catch (Throwable th4) {
                                            th.addSuppressed(th4);
                                        }
                                    } else {
                                        createConnection.close();
                                    }
                                }
                                return null;
                            } catch (Throwable th5) {
                                th2 = th5;
                                throw th5;
                            }
                        } catch (Throwable th6) {
                            if (table != null) {
                                if (th2 != null) {
                                    try {
                                        table.close();
                                    } catch (Throwable th7) {
                                        th2.addSuppressed(th7);
                                    }
                                } else {
                                    table.close();
                                }
                            }
                            throw th6;
                        }
                    } catch (Throwable th8) {
                        if (createConnection != null) {
                            if (0 != 0) {
                                try {
                                    createConnection.close();
                                } catch (Throwable th9) {
                                    th.addSuppressed(th9);
                                }
                            } else {
                                createConnection.close();
                            }
                        }
                        throw th8;
                    }
                } catch (RetriesExhaustedException e) {
                    Assert.assertTrue(e.getMessage(), e.getMessage().contains("SaslException"));
                    return null;
                } catch (Exception e2) {
                    Assert.fail("Unexpected exception caught, was expecting a authentication error: " + Throwables.getStackTraceAsString(e2));
                    return null;
                }
            }
        });
    }
}
