package org.apache.hadoop.hbase.security.access;

import java.io.IOException;
import java.util.Map;
import java.util.Optional;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.TableNotEnabledException;
import org.apache.hadoop.hbase.TableNotFoundException;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessor;
import org.apache.hadoop.hbase.coprocessor.RegionObserver;
import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.After;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({SecurityTests.class, LargeTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestCoprocessorWhitelistMasterObserver.class */
public class TestCoprocessorWhitelistMasterObserver extends SecureTestUtil {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestCoprocessorWhitelistMasterObserver.class);
    private static final Logger LOG = LoggerFactory.getLogger(TestCoprocessorWhitelistMasterObserver.class);
    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
    private static final TableName TEST_TABLE = TableName.valueOf("testTable");
    private static final byte[] TEST_FAMILY = Bytes.toBytes("fam1");

    /* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestCoprocessorWhitelistMasterObserver$TestRegionObserver.class */
    public static class TestRegionObserver implements RegionCoprocessor, RegionObserver {
        public Optional<RegionObserver> getRegionObserver() {
            return Optional.of(this);
        }
    }

    @After
    public void tearDownTestCoprocessorWhitelistMasterObserver() throws Exception {
        Admin admin = UTIL.getAdmin();
        try {
            try {
                admin.disableTable(TEST_TABLE);
            } catch (TableNotEnabledException e) {
                LOG.info("Table was left disabled by test");
            }
            admin.deleteTable(TEST_TABLE);
        } catch (TableNotFoundException e2) {
            LOG.info("Table was not created for some reason");
        }
        UTIL.shutdownMiniCluster();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v5, types: [byte[], byte[][]] */
    private static void positiveTestCase(String[] strArr, String str) throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        configuration.set("hbase.coprocessor.master.classes", CoprocessorWhitelistMasterObserver.class.getName());
        configuration.setStrings("hbase.coprocessor.region.whitelist.paths", strArr);
        configuration.setInt("hbase.client.retries.number", 5);
        UTIL.startMiniCluster();
        UTIL.createTable(TEST_TABLE, (byte[][]) new byte[]{TEST_FAMILY});
        UTIL.waitUntilAllRegionsAssigned(TEST_TABLE);
        Connection createConnection = ConnectionFactory.createConnection(configuration);
        HTableDescriptor hTableDescriptor = new HTableDescriptor(createConnection.getTable(TEST_TABLE).getTableDescriptor());
        hTableDescriptor.addCoprocessor("net.clayb.hbase.coprocessor.NotWhitelisted", new Path(str), 1073741823, (Map) null);
        LOG.info("Modifying Table");
        try {
            createConnection.getAdmin().modifyTable(TEST_TABLE, hTableDescriptor);
            Assert.fail("Expected coprocessor to raise IOException");
        } catch (IOException e) {
        }
        LOG.info("Done Modifying Table");
        Assert.assertEquals(0L, r0.getTableDescriptor().getCoprocessors().size());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v5, types: [byte[], byte[][]] */
    private static void negativeTestCase(String[] strArr, String str) throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        configuration.setInt("hbase.client.retries.number", 5);
        configuration.set("hbase.coprocessor.master.classes", CoprocessorWhitelistMasterObserver.class.getName());
        configuration.setStrings("hbase.coprocessor.region.whitelist.paths", strArr);
        UTIL.startMiniCluster();
        UTIL.createTable(TEST_TABLE, (byte[][]) new byte[]{TEST_FAMILY});
        UTIL.waitUntilAllRegionsAssigned(TEST_TABLE);
        Connection createConnection = ConnectionFactory.createConnection(configuration);
        Admin admin = createConnection.getAdmin();
        admin.disableTable(TEST_TABLE);
        HTableDescriptor hTableDescriptor = new HTableDescriptor(createConnection.getTable(TEST_TABLE).getTableDescriptor());
        hTableDescriptor.addCoprocessor("net.clayb.hbase.coprocessor.Whitelisted", new Path(str), 1073741823, (Map) null);
        LOG.info("Modifying Table");
        admin.modifyTable(TEST_TABLE, hTableDescriptor);
        Assert.assertEquals(1L, r0.getTableDescriptor().getCoprocessors().size());
        LOG.info("Done Modifying Table");
    }

    @Test
    public void testSubstringNonWhitelisted() throws Exception {
        positiveTestCase(new String[]{"/permitted/*"}, "file:///notpermitted/couldnotpossiblyexist.jar");
    }

    @Test
    public void testDifferentFileSystemNonWhitelisted() throws Exception {
        positiveTestCase(new String[]{"hdfs://foo/bar"}, "file:///notpermitted/couldnotpossiblyexist.jar");
    }

    @Test
    public void testSchemeAndDirectorywhitelisted() throws Exception {
        negativeTestCase(new String[]{"/tmp", "file:///permitted/*"}, "file:///permitted/couldnotpossiblyexist.jar");
    }

    @Test
    public void testSchemeWhitelisted() throws Exception {
        negativeTestCase(new String[]{"file:///"}, "file:///permitted/couldnotpossiblyexist.jar");
    }

    @Test
    public void testDFSNameWhitelistedWorks() throws Exception {
        negativeTestCase(new String[]{"hdfs://Your-FileSystem"}, "hdfs://Your-FileSystem/permitted/couldnotpossiblyexist.jar");
    }

    @Test
    public void testDFSNameNotWhitelistedFails() throws Exception {
        positiveTestCase(new String[]{"hdfs://Your-FileSystem"}, "hdfs://My-FileSystem/permitted/couldnotpossiblyexist.jar");
    }

    @Test
    public void testBlanketWhitelist() throws Exception {
        negativeTestCase(new String[]{"*"}, "hdfs:///permitted/couldnotpossiblyexist.jar");
    }

    @Test
    public void testCreationNonWhitelistedCoprocessorPath() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        configuration.set("hbase.coprocessor.master.classes", CoprocessorWhitelistMasterObserver.class.getName());
        configuration.setStrings("hbase.coprocessor.region.whitelist.paths", new String[0]);
        configuration.setInt("hbase.client.retries.number", 5);
        UTIL.startMiniCluster();
        HTableDescriptor hTableDescriptor = new HTableDescriptor(TEST_TABLE);
        hTableDescriptor.addFamily(new HColumnDescriptor(TEST_FAMILY));
        hTableDescriptor.addCoprocessor("net.clayb.hbase.coprocessor.NotWhitelisted", new Path("file:///notpermitted/couldnotpossiblyexist.jar"), 1073741823, (Map) null);
        Admin admin = ConnectionFactory.createConnection(configuration).getAdmin();
        LOG.info("Creating Table");
        try {
            admin.createTable(hTableDescriptor);
            Assert.fail("Expected coprocessor to raise IOException");
        } catch (IOException e) {
        }
        LOG.info("Done Creating Table");
        Assert.assertEquals(new HTableDescriptor[0], admin.listTables("^" + TEST_TABLE.getNameAsString() + "$"));
    }

    @Test
    public void testCreationClasspathCoprocessor() throws Exception {
        Configuration configuration = UTIL.getConfiguration();
        configuration.set("hbase.coprocessor.master.classes", CoprocessorWhitelistMasterObserver.class.getName());
        configuration.setStrings("hbase.coprocessor.region.whitelist.paths", new String[0]);
        configuration.setInt("hbase.client.retries.number", 5);
        UTIL.startMiniCluster();
        HTableDescriptor hTableDescriptor = new HTableDescriptor(TEST_TABLE);
        hTableDescriptor.addFamily(new HColumnDescriptor(TEST_FAMILY));
        hTableDescriptor.addCoprocessor(TestRegionObserver.class.getName());
        Admin admin = ConnectionFactory.createConnection(configuration).getAdmin();
        LOG.info("Creating Table");
        admin.createTable(hTableDescriptor);
        LOG.info("Done Creating Table");
        Assert.assertEquals(1L, r0.getTable(TEST_TABLE).getTableDescriptor().getCoprocessors().size());
    }
}
