package org.apache.accumulo.test.functional;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.accumulo.cluster.ClusterUser;
import org.apache.accumulo.core.client.Accumulo;
import org.apache.accumulo.core.client.AccumuloClient;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.BatchWriter;
import org.apache.accumulo.core.client.Scanner;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.data.Mutation;
import org.apache.accumulo.core.metadata.MetadataTable;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.harness.AccumuloClusterHarness;
import org.apache.accumulo.harness.TestingKdc;
import org.apache.accumulo.test.categories.MiniClusterOnlyTests;
import org.apache.accumulo.test.master.SuspendedTabletsIT;
import org.apache.hadoop.io.Text;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({MiniClusterOnlyTests.class})
/* loaded from: input_file:org/apache/accumulo/test/functional/PermissionsIT.class */
public class PermissionsIT extends AccumuloClusterHarness {
    private static final Logger log = LoggerFactory.getLogger(PermissionsIT.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.accumulo.test.functional.PermissionsIT$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/accumulo/test/functional/PermissionsIT$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$accumulo$core$security$SystemPermission;
        static final /* synthetic */ int[] $SwitchMap$org$apache$accumulo$core$security$TablePermission = new int[TablePermission.values().length];

        static {
            try {
                $SwitchMap$org$apache$accumulo$core$security$TablePermission[TablePermission.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$TablePermission[TablePermission.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$TablePermission[TablePermission.BULK_IMPORT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$TablePermission[TablePermission.ALTER_TABLE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$TablePermission[TablePermission.DROP_TABLE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$TablePermission[TablePermission.GRANT.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$TablePermission[TablePermission.GET_SUMMARIES.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            $SwitchMap$org$apache$accumulo$core$security$SystemPermission = new int[SystemPermission.values().length];
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.CREATE_TABLE.ordinal()] = 1;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.DROP_TABLE.ordinal()] = 2;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.ALTER_TABLE.ordinal()] = 3;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.CREATE_USER.ordinal()] = 4;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.DROP_USER.ordinal()] = 5;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.ALTER_USER.ordinal()] = 6;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.SYSTEM.ordinal()] = 7;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.CREATE_NAMESPACE.ordinal()] = 8;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.DROP_NAMESPACE.ordinal()] = 9;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.ALTER_NAMESPACE.ordinal()] = 10;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.OBTAIN_DELEGATION_TOKEN.ordinal()] = 11;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$apache$accumulo$core$security$SystemPermission[SystemPermission.GRANT.ordinal()] = 12;
            } catch (NoSuchFieldError e19) {
            }
        }
    }

    @Override // org.apache.accumulo.harness.AccumuloITBase
    public int defaultTimeoutSeconds() {
        return 90;
    }

    @Before
    public void limitToMini() throws Exception {
        Assume.assumeTrue(getClusterType() == AccumuloClusterHarness.ClusterType.MINI);
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            Set listLocalUsers = accumuloClient.securityOperations().listLocalUsers();
            ClusterUser user = getUser(0);
            if (listLocalUsers.contains(user.getPrincipal())) {
                accumuloClient.securityOperations().dropLocalUser(user.getPrincipal());
            }
            if (accumuloClient != null) {
                accumuloClient.close();
            }
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void loginAs(ClusterUser clusterUser) throws IOException {
        clusterUser.getToken();
    }

    @Test
    public void systemPermissionsTest() throws Exception {
        ClusterUser user = getUser(0);
        ClusterUser adminUser = getAdminUser();
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            verifyHasOnlyTheseSystemPermissions(accumuloClient, accumuloClient.whoami(), SystemPermission.values());
            String principal = user.getPrincipal();
            PasswordToken token = user.getToken();
            PasswordToken passwordToken = token instanceof PasswordToken ? token : null;
            loginAs(adminUser);
            accumuloClient.securityOperations().createLocalUser(principal, passwordToken);
            loginAs(user);
            AccumuloClient accumuloClient2 = (AccumuloClient) Accumulo.newClient().from(accumuloClient.properties()).as(principal, token).build();
            try {
                loginAs(adminUser);
                verifyHasNoSystemPermissions(accumuloClient, principal, SystemPermission.values());
                for (SystemPermission systemPermission : SystemPermission.values()) {
                    log.debug("Verifying the {} permission", systemPermission);
                    String str = getUniqueNames(1)[0];
                    testMissingSystemPermission(str, accumuloClient, adminUser, accumuloClient2, user, systemPermission);
                    loginAs(adminUser);
                    accumuloClient.securityOperations().grantSystemPermission(principal, systemPermission);
                    verifyHasOnlyTheseSystemPermissions(accumuloClient, principal, systemPermission);
                    testGrantedSystemPermission(str, accumuloClient, adminUser, accumuloClient2, user, systemPermission);
                    loginAs(adminUser);
                    accumuloClient.securityOperations().revokeSystemPermission(principal, systemPermission);
                    verifyHasNoSystemPermissions(accumuloClient, principal, systemPermission);
                }
                if (accumuloClient2 != null) {
                    accumuloClient2.close();
                }
                if (accumuloClient != null) {
                    accumuloClient.close();
                }
            } catch (Throwable th) {
                if (accumuloClient2 != null) {
                    try {
                        accumuloClient2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    static Map<String, String> map(Iterable<Map.Entry<String, String>> iterable) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : iterable) {
            hashMap.put(entry.getKey(), entry.getValue());
        }
        return hashMap;
    }

    private void testMissingSystemPermission(String str, AccumuloClient accumuloClient, ClusterUser clusterUser, AccumuloClient accumuloClient2, ClusterUser clusterUser2, SystemPermission systemPermission) throws Exception {
        boolean z = clusterUser2.getPassword() != null;
        log.debug("Confirming that the lack of the {} permission properly restricts the user", systemPermission);
        switch (AnonymousClass1.$SwitchMap$org$apache$accumulo$core$security$SystemPermission[systemPermission.ordinal()]) {
            case 1:
                String str2 = str + "__CREATE_TABLE_WITHOUT_PERM_TEST__";
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.tableOperations().create(str2);
                    throw new IllegalStateException("Should NOT be able to create a table");
                } catch (AccumuloSecurityException e) {
                    loginAs(clusterUser);
                    if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || accumuloClient.tableOperations().list().contains(str2)) {
                        throw e;
                    }
                    return;
                }
            case 2:
                String str3 = str + "__DROP_TABLE_WITHOUT_PERM_TEST__";
                loginAs(clusterUser);
                accumuloClient.tableOperations().create(str3);
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.tableOperations().delete(str3);
                    throw new IllegalStateException("Should NOT be able to delete a table");
                } catch (AccumuloSecurityException e2) {
                    loginAs(clusterUser);
                    if (e2.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !accumuloClient.tableOperations().list().contains(str3)) {
                        throw e2;
                    }
                    return;
                }
            case 3:
                String str4 = str + "__ALTER_TABLE_WITHOUT_PERM_TEST__";
                loginAs(clusterUser);
                accumuloClient.tableOperations().create(str4);
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.tableOperations().setProperty(str4, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
                    throw new IllegalStateException("Should NOT be able to set a table property");
                } catch (AccumuloSecurityException e3) {
                    loginAs(clusterUser);
                    if (e3.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || map(accumuloClient.tableOperations().getProperties(str4)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                        throw e3;
                    }
                    loginAs(clusterUser);
                    accumuloClient.tableOperations().setProperty(str4, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
                    try {
                        loginAs(clusterUser2);
                        accumuloClient2.tableOperations().removeProperty(str4, Property.TABLE_BLOOM_ERRORRATE.getKey());
                        throw new IllegalStateException("Should NOT be able to remove a table property");
                    } catch (AccumuloSecurityException e4) {
                        loginAs(clusterUser);
                        if (e4.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !map(accumuloClient.tableOperations().getProperties(str4)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                            throw e4;
                        }
                        String str5 = str4 + "2";
                        try {
                            loginAs(clusterUser2);
                            accumuloClient2.tableOperations().rename(str4, str5);
                            throw new IllegalStateException("Should NOT be able to rename a table");
                        } catch (AccumuloSecurityException e5) {
                            loginAs(clusterUser);
                            if (e5.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !accumuloClient.tableOperations().list().contains(str4) || accumuloClient.tableOperations().list().contains(str5)) {
                                throw e5;
                            }
                            return;
                        }
                    }
                }
            case 4:
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.securityOperations().createLocalUser("__CREATE_USER_WITHOUT_PERM_TEST__", z ? new PasswordToken("password") : null);
                    throw new IllegalStateException("Should NOT be able to create a user");
                } catch (AccumuloSecurityException e6) {
                    AuthenticationToken token = clusterUser2.getToken();
                    loginAs(clusterUser);
                    if (e6.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || ((token instanceof PasswordToken) && accumuloClient.securityOperations().authenticateUser("__CREATE_USER_WITHOUT_PERM_TEST__", token))) {
                        throw e6;
                    }
                    return;
                }
            case SuspendedTabletsIT.TSERVERS /* 5 */:
                loginAs(clusterUser);
                accumuloClient.securityOperations().createLocalUser("__DROP_USER_WITHOUT_PERM_TEST__", z ? new PasswordToken("password") : null);
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.securityOperations().dropLocalUser("__DROP_USER_WITHOUT_PERM_TEST__");
                    throw new IllegalStateException("Should NOT be able to delete a user");
                } catch (AccumuloSecurityException e7) {
                    loginAs(clusterUser);
                    if (e7.getSecurityErrorCode() == SecurityErrorCode.PERMISSION_DENIED && accumuloClient.securityOperations().listLocalUsers().contains("__DROP_USER_WITHOUT_PERM_TEST__")) {
                        return;
                    }
                    log.info("Failed to authenticate as {}", "__DROP_USER_WITHOUT_PERM_TEST__");
                    throw e7;
                }
            case 6:
                loginAs(clusterUser);
                accumuloClient.securityOperations().createLocalUser("__ALTER_USER_WITHOUT_PERM_TEST__", z ? new PasswordToken("password") : null);
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.securityOperations().changeUserAuthorizations("__ALTER_USER_WITHOUT_PERM_TEST__", new Authorizations(new String[]{"A", "B"}));
                    throw new IllegalStateException("Should NOT be able to alter a user");
                } catch (AccumuloSecurityException e8) {
                    loginAs(clusterUser);
                    if (e8.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !accumuloClient.securityOperations().getUserAuthorizations("__ALTER_USER_WITHOUT_PERM_TEST__").isEmpty()) {
                        throw e8;
                    }
                    return;
                }
            case 7:
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.instanceOperations().setProperty(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey(), "10000");
                    throw new IllegalStateException("Should NOT be able to set System Property");
                } catch (AccumuloSecurityException e9) {
                    loginAs(clusterUser);
                    if (e9.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || ((String) accumuloClient.instanceOperations().getSystemConfiguration().get(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey())).equals("10000")) {
                        throw e9;
                    }
                    loginAs(clusterUser);
                    accumuloClient.instanceOperations().setProperty(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey(), "10000");
                    try {
                        loginAs(clusterUser2);
                        accumuloClient2.instanceOperations().removeProperty(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey());
                        throw new IllegalStateException("Should NOT be able to remove Sysem Property");
                    } catch (AccumuloSecurityException e10) {
                        loginAs(clusterUser);
                        if (e10.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !((String) accumuloClient.instanceOperations().getSystemConfiguration().get(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey())).equals("10000")) {
                            throw e10;
                        }
                        return;
                    }
                }
            case 8:
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.namespaceOperations().create("__CREATE_NAMESPACE_WITHOUT_PERM_TEST__");
                    throw new IllegalStateException("Should NOT be able to create a namespace");
                } catch (AccumuloSecurityException e11) {
                    loginAs(clusterUser);
                    if (e11.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || accumuloClient.namespaceOperations().list().contains("__CREATE_NAMESPACE_WITHOUT_PERM_TEST__")) {
                        throw e11;
                    }
                    return;
                }
            case 9:
                loginAs(clusterUser);
                accumuloClient.namespaceOperations().create("__DROP_NAMESPACE_WITHOUT_PERM_TEST__");
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.namespaceOperations().delete("__DROP_NAMESPACE_WITHOUT_PERM_TEST__");
                    throw new IllegalStateException("Should NOT be able to delete a namespace");
                } catch (AccumuloSecurityException e12) {
                    loginAs(clusterUser);
                    if (e12.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !accumuloClient.namespaceOperations().list().contains("__DROP_NAMESPACE_WITHOUT_PERM_TEST__")) {
                        throw e12;
                    }
                    return;
                }
            case TestingKdc.NUM_USERS /* 10 */:
                loginAs(clusterUser);
                accumuloClient.namespaceOperations().create("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__");
                try {
                    loginAs(clusterUser2);
                    accumuloClient2.namespaceOperations().setProperty("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__", Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
                    throw new IllegalStateException("Should NOT be able to set a namespace property");
                } catch (AccumuloSecurityException e13) {
                    loginAs(clusterUser);
                    if (e13.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || map(accumuloClient.namespaceOperations().getProperties("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__")).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                        throw e13;
                    }
                    loginAs(clusterUser);
                    accumuloClient.namespaceOperations().setProperty("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__", Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
                    try {
                        loginAs(clusterUser2);
                        accumuloClient2.namespaceOperations().removeProperty("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__", Property.TABLE_BLOOM_ERRORRATE.getKey());
                        throw new IllegalStateException("Should NOT be able to remove a namespace property");
                    } catch (AccumuloSecurityException e14) {
                        loginAs(clusterUser);
                        if (e14.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !map(accumuloClient.namespaceOperations().getProperties("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__")).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                            throw e14;
                        }
                        String str6 = "__ALTER_NAMESPACE_WITHOUT_PERM_TEST__2";
                        try {
                            loginAs(clusterUser2);
                            accumuloClient2.namespaceOperations().rename("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__", str6);
                            throw new IllegalStateException("Should NOT be able to rename a namespace");
                        } catch (AccumuloSecurityException e15) {
                            loginAs(clusterUser);
                            if (e15.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !accumuloClient.namespaceOperations().list().contains("__ALTER_NAMESPACE_WITHOUT_PERM_TEST__") || accumuloClient.namespaceOperations().list().contains(str6)) {
                                throw e15;
                            }
                            return;
                        }
                    }
                }
            case 11:
                if (saslEnabled()) {
                }
                return;
            case 12:
                loginAs(clusterUser2);
                try {
                    accumuloClient2.securityOperations().grantSystemPermission(clusterUser2.getPrincipal(), SystemPermission.GRANT);
                    throw new IllegalStateException("Should NOT be able to grant System.GRANT to yourself");
                } catch (AccumuloSecurityException e16) {
                    loginAs(clusterUser);
                    Assert.assertFalse(accumuloClient.securityOperations().hasSystemPermission(clusterUser2.getPrincipal(), SystemPermission.GRANT));
                    return;
                }
            default:
                throw new IllegalArgumentException("Unrecognized System Permission: " + systemPermission);
        }
    }

    private void testGrantedSystemPermission(String str, AccumuloClient accumuloClient, ClusterUser clusterUser, AccumuloClient accumuloClient2, ClusterUser clusterUser2, SystemPermission systemPermission) throws Exception {
        boolean z = clusterUser2.getPassword() != null;
        log.debug("Confirming that the presence of the {} permission properly permits the user", systemPermission);
        switch (AnonymousClass1.$SwitchMap$org$apache$accumulo$core$security$SystemPermission[systemPermission.ordinal()]) {
            case 1:
                String str2 = str + "__CREATE_TABLE_WITH_PERM_TEST__";
                loginAs(clusterUser2);
                accumuloClient2.tableOperations().create(str2);
                loginAs(clusterUser);
                if (!accumuloClient.tableOperations().list().contains(str2)) {
                    throw new IllegalStateException("Should be able to create a table");
                }
                return;
            case 2:
                String str3 = str + "__DROP_TABLE_WITH_PERM_TEST__";
                loginAs(clusterUser);
                accumuloClient.tableOperations().create(str3);
                loginAs(clusterUser2);
                accumuloClient2.tableOperations().delete(str3);
                loginAs(clusterUser);
                if (accumuloClient.tableOperations().list().contains(str3)) {
                    throw new IllegalStateException("Should be able to delete a table");
                }
                return;
            case 3:
                String str4 = str + "__ALTER_TABLE_WITH_PERM_TEST__";
                String str5 = str4 + "2";
                loginAs(clusterUser);
                accumuloClient.tableOperations().create(str4);
                testArbitraryProperty(accumuloClient, str4, true);
                loginAs(clusterUser2);
                accumuloClient2.tableOperations().setProperty(str4, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
                loginAs(clusterUser);
                if (!map(accumuloClient.tableOperations().getProperties(str4)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                    throw new IllegalStateException("Should be able to set a table property");
                }
                loginAs(clusterUser2);
                accumuloClient2.tableOperations().removeProperty(str4, Property.TABLE_BLOOM_ERRORRATE.getKey());
                loginAs(clusterUser);
                if (map(accumuloClient.tableOperations().getProperties(str4)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                    throw new IllegalStateException("Should be able to remove a table property");
                }
                loginAs(clusterUser2);
                accumuloClient2.tableOperations().rename(str4, str5);
                loginAs(clusterUser);
                if (accumuloClient.tableOperations().list().contains(str4) || !accumuloClient.tableOperations().list().contains(str5)) {
                    throw new IllegalStateException("Should be able to rename a table");
                }
                return;
            case 4:
                loginAs(clusterUser2);
                accumuloClient2.securityOperations().createLocalUser("__CREATE_USER_WITH_PERM_TEST__", z ? new PasswordToken("password") : null);
                loginAs(clusterUser);
                if (z && !accumuloClient.securityOperations().authenticateUser("__CREATE_USER_WITH_PERM_TEST__", new PasswordToken("password"))) {
                    throw new IllegalStateException("Should be able to create a user");
                }
                return;
            case SuspendedTabletsIT.TSERVERS /* 5 */:
                loginAs(clusterUser);
                accumuloClient.securityOperations().createLocalUser("__DROP_USER_WITH_PERM_TEST__", z ? new PasswordToken("password") : null);
                loginAs(clusterUser2);
                accumuloClient2.securityOperations().dropLocalUser("__DROP_USER_WITH_PERM_TEST__");
                loginAs(clusterUser);
                if (z && accumuloClient.securityOperations().authenticateUser("__DROP_USER_WITH_PERM_TEST__", new PasswordToken("password"))) {
                    throw new IllegalStateException("Should be able to delete a user");
                }
                return;
            case 6:
                loginAs(clusterUser);
                accumuloClient.securityOperations().createLocalUser("__ALTER_USER_WITH_PERM_TEST__", z ? new PasswordToken("password") : null);
                loginAs(clusterUser2);
                accumuloClient2.securityOperations().changeUserAuthorizations("__ALTER_USER_WITH_PERM_TEST__", new Authorizations(new String[]{"A", "B"}));
                loginAs(clusterUser);
                if (accumuloClient.securityOperations().getUserAuthorizations("__ALTER_USER_WITH_PERM_TEST__").isEmpty()) {
                    throw new IllegalStateException("Should be able to alter a user");
                }
                return;
            case 7:
                loginAs(clusterUser2);
                accumuloClient2.instanceOperations().setProperty(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey(), "10000");
                loginAs(clusterUser);
                if (!((String) accumuloClient.instanceOperations().getSystemConfiguration().get(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey())).equals("10000")) {
                    throw new IllegalStateException("Should be able to set system property");
                }
                loginAs(clusterUser2);
                accumuloClient2.instanceOperations().removeProperty(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey());
                loginAs(clusterUser);
                if (((String) accumuloClient.instanceOperations().getSystemConfiguration().get(Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey())).equals("10000")) {
                    throw new IllegalStateException("Should be able remove systemproperty");
                }
                return;
            case 8:
                loginAs(clusterUser2);
                accumuloClient2.namespaceOperations().create("__CREATE_NAMESPACE_WITH_PERM_TEST__");
                loginAs(clusterUser);
                if (!accumuloClient.namespaceOperations().list().contains("__CREATE_NAMESPACE_WITH_PERM_TEST__")) {
                    throw new IllegalStateException("Should be able to create a namespace");
                }
                return;
            case 9:
                loginAs(clusterUser);
                accumuloClient.namespaceOperations().create("__DROP_NAMESPACE_WITH_PERM_TEST__");
                loginAs(clusterUser2);
                accumuloClient2.namespaceOperations().delete("__DROP_NAMESPACE_WITH_PERM_TEST__");
                loginAs(clusterUser);
                if (accumuloClient.namespaceOperations().list().contains("__DROP_NAMESPACE_WITH_PERM_TEST__")) {
                    throw new IllegalStateException("Should be able to delete a namespace");
                }
                return;
            case TestingKdc.NUM_USERS /* 10 */:
                String str6 = "__ALTER_NAMESPACE_WITH_PERM_TEST__2";
                loginAs(clusterUser);
                accumuloClient.namespaceOperations().create("__ALTER_NAMESPACE_WITH_PERM_TEST__");
                loginAs(clusterUser2);
                accumuloClient2.namespaceOperations().setProperty("__ALTER_NAMESPACE_WITH_PERM_TEST__", Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
                loginAs(clusterUser);
                if (!map(accumuloClient.namespaceOperations().getProperties("__ALTER_NAMESPACE_WITH_PERM_TEST__")).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                    throw new IllegalStateException("Should be able to set a table property");
                }
                loginAs(clusterUser2);
                accumuloClient2.namespaceOperations().removeProperty("__ALTER_NAMESPACE_WITH_PERM_TEST__", Property.TABLE_BLOOM_ERRORRATE.getKey());
                loginAs(clusterUser);
                if (map(accumuloClient.namespaceOperations().getProperties("__ALTER_NAMESPACE_WITH_PERM_TEST__")).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) {
                    throw new IllegalStateException("Should be able to remove a table property");
                }
                loginAs(clusterUser2);
                accumuloClient2.namespaceOperations().rename("__ALTER_NAMESPACE_WITH_PERM_TEST__", str6);
                loginAs(clusterUser);
                if (accumuloClient.namespaceOperations().list().contains("__ALTER_NAMESPACE_WITH_PERM_TEST__") || !accumuloClient.namespaceOperations().list().contains(str6)) {
                    throw new IllegalStateException("Should be able to rename a table");
                }
                return;
            case 11:
                if (saslEnabled()) {
                }
                return;
            case 12:
                loginAs(clusterUser);
                accumuloClient.securityOperations().grantSystemPermission(clusterUser2.getPrincipal(), SystemPermission.GRANT);
                loginAs(clusterUser2);
                accumuloClient2.securityOperations().grantSystemPermission(clusterUser2.getPrincipal(), SystemPermission.CREATE_TABLE);
                loginAs(clusterUser);
                Assert.assertTrue("Test user should have CREATE_TABLE", accumuloClient.securityOperations().hasSystemPermission(clusterUser2.getPrincipal(), SystemPermission.CREATE_TABLE));
                Assert.assertTrue("Test user should have GRANT", accumuloClient.securityOperations().hasSystemPermission(clusterUser2.getPrincipal(), SystemPermission.GRANT));
                accumuloClient.securityOperations().revokeSystemPermission(clusterUser2.getPrincipal(), SystemPermission.CREATE_TABLE);
                return;
            default:
                throw new IllegalArgumentException("Unrecognized System Permission: " + systemPermission);
        }
    }

    private void verifyHasOnlyTheseSystemPermissions(AccumuloClient accumuloClient, String str, SystemPermission... systemPermissionArr) throws AccumuloException, AccumuloSecurityException {
        List asList = Arrays.asList(systemPermissionArr);
        for (SystemPermission systemPermission : SystemPermission.values()) {
            if (asList.contains(systemPermission)) {
                if (!accumuloClient.securityOperations().hasSystemPermission(str, systemPermission)) {
                    throw new IllegalStateException(str + " SHOULD have system permission " + systemPermission);
                }
            } else if (accumuloClient.securityOperations().hasSystemPermission(str, systemPermission)) {
                throw new IllegalStateException(str + " SHOULD NOT have system permission " + systemPermission);
            }
        }
    }

    private void verifyHasNoSystemPermissions(AccumuloClient accumuloClient, String str, SystemPermission... systemPermissionArr) throws AccumuloException, AccumuloSecurityException {
        for (SystemPermission systemPermission : systemPermissionArr) {
            if (accumuloClient.securityOperations().hasSystemPermission(str, systemPermission)) {
                throw new IllegalStateException(str + " SHOULD NOT have system permission " + systemPermission);
            }
        }
    }

    @Test
    public void tablePermissionTest() throws Exception {
        ClusterUser user = getUser(0);
        ClusterUser adminUser = getAdminUser();
        String principal = user.getPrincipal();
        PasswordToken token = user.getToken();
        PasswordToken passwordToken = token instanceof PasswordToken ? token : null;
        loginAs(adminUser);
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            accumuloClient.securityOperations().createLocalUser(principal, passwordToken);
            loginAs(user);
            AccumuloClient accumuloClient2 = (AccumuloClient) Accumulo.newClient().from(accumuloClient.properties()).as(principal, token).build();
            try {
                loginAs(adminUser);
                verifyHasOnlyTheseTablePermissions(accumuloClient, accumuloClient.whoami(), MetadataTable.NAME, TablePermission.READ, TablePermission.ALTER_TABLE);
                verifyHasOnlyTheseTablePermissions(accumuloClient, principal, MetadataTable.NAME, TablePermission.READ);
                String str = getUniqueNames(1)[0] + "__TABLE_PERMISSION_TEST__";
                for (TablePermission tablePermission : TablePermission.values()) {
                    log.debug("Verifying the {} permission", tablePermission);
                    createTestTable(accumuloClient, principal, str);
                    loginAs(user);
                    testMissingTablePermission(accumuloClient2, tablePermission, str);
                    loginAs(adminUser);
                    accumuloClient.securityOperations().grantTablePermission(principal, str, tablePermission);
                    verifyHasOnlyTheseTablePermissions(accumuloClient, principal, str, tablePermission);
                    loginAs(user);
                    testGrantedTablePermission(accumuloClient2, tablePermission, str);
                    loginAs(adminUser);
                    createTestTable(accumuloClient, principal, str);
                    accumuloClient.securityOperations().revokeTablePermission(principal, str, tablePermission);
                    verifyHasNoTablePermissions(accumuloClient, principal, str, tablePermission);
                }
                if (accumuloClient2 != null) {
                    accumuloClient2.close();
                }
                if (accumuloClient != null) {
                    accumuloClient.close();
                }
            } catch (Throwable th) {
                if (accumuloClient2 != null) {
                    try {
                        accumuloClient2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    private void createTestTable(AccumuloClient accumuloClient, String str, String str2) throws Exception {
        if (accumuloClient.tableOperations().exists(str2)) {
            return;
        }
        accumuloClient.tableOperations().create(str2);
        BatchWriter createBatchWriter = accumuloClient.createBatchWriter(str2);
        try {
            Mutation mutation = new Mutation(new Text("row"));
            mutation.put("cf", "cq", "val");
            createBatchWriter.addMutation(mutation);
            if (createBatchWriter != null) {
                createBatchWriter.close();
            }
            verifyHasOnlyTheseTablePermissions(accumuloClient, accumuloClient.whoami(), str2, TablePermission.values());
            verifyHasNoTablePermissions(accumuloClient, str, str2, TablePermission.values());
        } catch (Throwable th) {
            if (createBatchWriter != null) {
                try {
                    createBatchWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:121:0x0176  */
    /* JADX WARN: Removed duplicated region for block: B:123:0x0179 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void testMissingTablePermission(org.apache.accumulo.core.client.AccumuloClient r12, org.apache.accumulo.core.security.TablePermission r13, java.lang.String r14) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 767
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.accumulo.test.functional.PermissionsIT.testMissingTablePermission(org.apache.accumulo.core.client.AccumuloClient, org.apache.accumulo.core.security.TablePermission, java.lang.String):void");
    }

    private void testGrantedTablePermission(AccumuloClient accumuloClient, TablePermission tablePermission, String str) throws AccumuloException, AccumuloSecurityException, TableNotFoundException {
        log.debug("Confirming that the presence of the {} permission properly permits the user", tablePermission);
        switch (AnonymousClass1.$SwitchMap$org$apache$accumulo$core$security$TablePermission[tablePermission.ordinal()]) {
            case 1:
                Scanner createScanner = accumuloClient.createScanner(str, Authorizations.EMPTY);
                try {
                    Iterator it = createScanner.iterator();
                    while (it.hasNext()) {
                        Assert.assertNotNull((Map.Entry) it.next());
                    }
                    if (createScanner != null) {
                        createScanner.close();
                        return;
                    }
                    return;
                } catch (Throwable th) {
                    if (createScanner != null) {
                        try {
                            createScanner.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            case 2:
                accumuloClient.tableOperations().flush(str, new Text("myrow"), new Text("myrow~"), false);
                BatchWriter createBatchWriter = accumuloClient.createBatchWriter(str);
                try {
                    Mutation mutation = new Mutation(new Text("row"));
                    mutation.put("a", "b", "c");
                    createBatchWriter.addMutation(mutation);
                    if (createBatchWriter != null) {
                        createBatchWriter.close();
                        return;
                    }
                    return;
                } catch (Throwable th3) {
                    if (createBatchWriter != null) {
                        try {
                            createBatchWriter.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            case 3:
                return;
            case 4:
                accumuloClient.tableOperations().flush(str, new Text("myrow"), new Text("myrow~"), false);
                testArbitraryProperty(accumuloClient, str, true);
                return;
            case SuspendedTabletsIT.TSERVERS /* 5 */:
                accumuloClient.tableOperations().delete(str);
                return;
            case 6:
                accumuloClient.securityOperations().grantTablePermission(getAdminPrincipal(), str, TablePermission.GRANT);
                return;
            case 7:
                Assert.assertTrue(accumuloClient.tableOperations().summaries(str).retrieve().isEmpty());
                return;
            default:
                throw new IllegalArgumentException("Unrecognized table Permission: " + tablePermission);
        }
    }

    private void verifyHasOnlyTheseTablePermissions(AccumuloClient accumuloClient, String str, String str2, TablePermission... tablePermissionArr) throws AccumuloException, AccumuloSecurityException {
        List asList = Arrays.asList(tablePermissionArr);
        for (TablePermission tablePermission : TablePermission.values()) {
            if (asList.contains(tablePermission)) {
                if (!accumuloClient.securityOperations().hasTablePermission(str, str2, tablePermission)) {
                    throw new IllegalStateException(str + " SHOULD have table permission " + tablePermission + " for table " + str2);
                }
            } else if (accumuloClient.securityOperations().hasTablePermission(str, str2, tablePermission)) {
                throw new IllegalStateException(str + " SHOULD NOT have table permission " + tablePermission + " for table " + str2);
            }
        }
    }

    private void verifyHasNoTablePermissions(AccumuloClient accumuloClient, String str, String str2, TablePermission... tablePermissionArr) throws AccumuloException, AccumuloSecurityException {
        for (TablePermission tablePermission : tablePermissionArr) {
            if (accumuloClient.securityOperations().hasTablePermission(str, str2, tablePermission)) {
                throw new IllegalStateException(str + " SHOULD NOT have table permission " + tablePermission + " for table " + str2);
            }
        }
    }

    private void testArbitraryProperty(AccumuloClient accumuloClient, String str, boolean z) throws AccumuloException, TableNotFoundException {
        Assert.assertTrue(Property.isValidPropertyKey("table.custom.description"));
        try {
            accumuloClient.tableOperations().setProperty(str, "table.custom.description", "Description");
            int i = 0;
            for (Map.Entry entry : accumuloClient.tableOperations().getProperties(str)) {
                if (((String) entry.getKey()).equals("table.custom.description") && ((String) entry.getValue()).equals("Description")) {
                    i++;
                }
            }
            Assert.assertEquals(i, 1L);
            accumuloClient.tableOperations().setProperty(str, "table.custom.description", "set second");
            int i2 = 0;
            for (Map.Entry entry2 : accumuloClient.tableOperations().getProperties(str)) {
                if (((String) entry2.getKey()).equals("table.custom.description") && ((String) entry2.getValue()).equals("set second")) {
                    i2++;
                }
            }
            Assert.assertEquals(i2, 1L);
            accumuloClient.tableOperations().removeProperty(str, "table.custom.description");
            int i3 = 0;
            Iterator it = accumuloClient.tableOperations().getProperties(str).iterator();
            while (it.hasNext()) {
                if (((String) ((Map.Entry) it.next()).getKey()).equals("table.custom.description")) {
                    i3++;
                }
            }
            Assert.assertEquals(i3, 0L);
            if (!z) {
                throw new IllegalStateException("User should not been able to alter property.");
            }
        } catch (AccumuloSecurityException e) {
            if (z) {
                throw new IllegalStateException("User should have been able to alter property");
            }
        }
    }
}
