package org.apache.hadoop.hive.ql.security.authorization.plugin.metastore;

import java.io.File;
import java.util.Arrays;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.common.FileUtils;
import org.apache.hadoop.hive.metastore.HMSHandler;
import org.apache.hadoop.hive.metastore.MetaStoreTestUtils;
import org.apache.hadoop.hive.metastore.ObjectStore;
import org.apache.hadoop.hive.metastore.RawStore;
import org.apache.hadoop.hive.metastore.TableType;
import org.apache.hadoop.hive.metastore.Warehouse;
import org.apache.hadoop.hive.metastore.api.AlterDataConnectorRequest;
import org.apache.hadoop.hive.metastore.api.CreateCatalogRequest;
import org.apache.hadoop.hive.metastore.api.CreateDataConnectorRequest;
import org.apache.hadoop.hive.metastore.api.DataConnector;
import org.apache.hadoop.hive.metastore.api.DropCatalogRequest;
import org.apache.hadoop.hive.metastore.api.DropDataConnectorRequest;
import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.metastore.client.builder.CatalogBuilder;
import org.apache.hadoop.hive.metastore.client.builder.DatabaseBuilder;
import org.apache.hadoop.hive.metastore.client.builder.RoleBuilder;
import org.apache.hadoop.hive.metastore.client.builder.TableBuilder;
import org.apache.hadoop.hive.metastore.conf.MetastoreConf;
import org.apache.hadoop.hive.metastore.events.PreEventContext;
import org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.class */
public class TestHiveMetaStoreAuthorizer {
    private static final String dbName = "test";
    private static final String tblName = "tmptbl";
    private static final String viewName = "tmpview";
    private static final String roleName = "tmpRole";
    private static final String catalogName = "testCatalog";
    private static final String dcName = "testDC";
    private static final String unAuthorizedUser = "bob";
    private static final String authorizedUser = "sam";
    private static final String superUser = "hive";
    private static final String metaConfVal = "";
    private static final String TEST_DATA_DIR = new File("file:///testdata").getPath();
    private RawStore rawStore;
    private Configuration conf;
    private HMSHandler hmsHandler;

    @Before
    public void setUp() throws Exception {
        this.conf = MetastoreConf.newMetastoreConf();
        MetastoreConf.setBoolVar(this.conf, MetastoreConf.ConfVars.HIVE_IN_TEST, true);
        MetastoreConf.setBoolVar(this.conf, MetastoreConf.ConfVars.HIVE_TXN_STATS_ENABLED, true);
        MetastoreConf.setBoolVar(this.conf, MetastoreConf.ConfVars.AGGREGATE_STATS_CACHE_ENABLED, false);
        MetastoreConf.setVar(this.conf, MetastoreConf.ConfVars.PARTITION_NAME_WHITELIST_PATTERN, metaConfVal);
        MetastoreConf.setLongVar(this.conf, MetastoreConf.ConfVars.THRIFT_CONNECTION_RETRIES, 3L);
        MetastoreConf.setBoolVar(this.conf, MetastoreConf.ConfVars.HIVE_SUPPORT_CONCURRENCY, false);
        MetastoreConf.setVar(this.conf, MetastoreConf.ConfVars.HIVE_AUTHORIZATION_MANAGER, DummyHiveAuthorizerFactory.class.getName());
        MetastoreConf.setVar(this.conf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS, HiveMetaStoreAuthorizer.class.getName());
        MetastoreConf.setVar(this.conf, MetastoreConf.ConfVars.HIVE_METASTORE_AUTHENTICATOR_MANAGER, HadoopDefaultMetastoreAuthenticator.class.getName());
        this.conf.set("hadoop.proxyuser.hive.groups", "*");
        this.conf.set("hadoop.proxyuser.hive.hosts", "*");
        this.conf.set("hadoop.proxyuser.hive.users", "*");
        MetaStoreTestUtils.setConfForStandloneMode(this.conf);
        this.hmsHandler = new HMSHandler(dbName, this.conf);
        this.hmsHandler.init();
        this.rawStore = new ObjectStore();
        this.rawStore.setConf(this.hmsHandler.getConf());
        HMSHandler.createDefaultCatalog(this.rawStore, new Warehouse(this.conf));
        try {
            DropDataConnectorRequest dropDataConnectorRequest = new DropDataConnectorRequest(dcName);
            dropDataConnectorRequest.setIfNotExists(true);
            dropDataConnectorRequest.setCheckReferences(true);
            this.hmsHandler.drop_dataconnector_req(dropDataConnectorRequest);
            this.hmsHandler.drop_table(dbName, tblName, true);
            this.hmsHandler.drop_database(dbName, true, false);
            this.hmsHandler.drop_catalog(new DropCatalogRequest(catalogName));
            FileUtils.deleteDirectory(new File(TEST_DATA_DIR));
        } catch (Exception e) {
        }
    }

    @Test
    public void testA_CreateDatabase_unAuthorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
        try {
            this.hmsHandler.create_database(new DatabaseBuilder().setName(dbName).build(this.conf));
        } catch (Exception e) {
            Assert.assertEquals("Operation type " + HiveOperationType.CREATEDATABASE + " not allowed for user:" + unAuthorizedUser, e.getMessage());
        }
    }

    @Test
    public void testB_CreateTable_unAuthorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
        try {
            this.hmsHandler.create_table(((TableBuilder) new TableBuilder().setTableName(tblName).addCol("name", "string")).setOwner(unAuthorizedUser).build(this.conf));
        } catch (Exception e) {
            Assert.assertEquals("Operation type " + HiveOperationType.CREATETABLE + " not allowed for user:" + unAuthorizedUser, e.getMessage());
        }
    }

    @Test
    public void testC_CreateView_anyUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            Table build = ((TableBuilder) new TableBuilder().setTableName(viewName).setType(TableType.VIRTUAL_VIEW.name()).addCol("name", "string")).setOwner(authorizedUser).build(this.conf);
            this.hmsHandler.create_table(build);
            Map parameters = build.getParameters();
            Assert.assertTrue(parameters.containsKey("Authorized"));
            Assert.assertTrue("false".equalsIgnoreCase((String) parameters.get("Authorized")));
        } catch (Exception e) {
        }
    }

    @Test
    public void testC2_AlterView_anyUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_table(((TableBuilder) new TableBuilder().setTableName(viewName).setType(TableType.VIRTUAL_VIEW.name()).addCol("name", "string")).setOwner(authorizedUser).build(this.conf));
            Table build = ((TableBuilder) new TableBuilder().setTableName(viewName).setType(TableType.VIRTUAL_VIEW.name()).addCol("dep", "string")).setOwner(authorizedUser).build(this.conf);
            this.hmsHandler.alter_table("default", viewName, build);
            Map parameters = build.getParameters();
            Assert.assertTrue(parameters.containsKey("Authorized"));
            Assert.assertTrue("false".equalsIgnoreCase((String) parameters.get("Authorized")));
        } catch (Exception e) {
        }
    }

    @Test
    public void testD_CreateView_SuperUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(superUser));
        try {
            this.hmsHandler.create_table(((TableBuilder) new TableBuilder().setTableName(viewName).setType(TableType.VIRTUAL_VIEW.name()).addCol("name", "string")).build(this.conf));
        } catch (Exception e) {
        }
    }

    @Test
    public void testE_CreateRole__anyUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_role(new RoleBuilder().setRoleName(roleName).setOwnerName(authorizedUser).build());
        } catch (Exception e) {
            Assert.assertEquals("Operation type " + PreEventContext.PreEventType.AUTHORIZATION_API_CALL.name() + " not allowed for user:" + authorizedUser, e.getMessage());
        }
    }

    @Test
    public void testF_CreateCatalog_anyUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_catalog(new CreateCatalogRequest(new CatalogBuilder().setName(catalogName).setLocation(TEST_DATA_DIR).build()));
        } catch (Exception e) {
            Assert.assertEquals("Operation type " + PreEventContext.PreEventType.CREATE_CATALOG.name() + " not allowed for user:" + authorizedUser, e.getMessage());
        }
    }

    @Test
    public void testG_CreateCatalog_SuperUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(superUser));
        try {
            this.hmsHandler.create_catalog(new CreateCatalogRequest(new CatalogBuilder().setName(catalogName).setLocation(TEST_DATA_DIR).build()));
        } catch (Exception e) {
        }
    }

    @Test
    public void testH_CreateDatabase_authorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_database(new DatabaseBuilder().setName(dbName).build(this.conf));
        } catch (Exception e) {
        }
    }

    @Test
    public void testI_CreateTable_authorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_table(((TableBuilder) new TableBuilder().setTableName(tblName).addCol("name", "string")).setOwner(authorizedUser).build(this.conf));
        } catch (Exception e) {
        }
    }

    @Test
    public void testJ_AlterTable_AuthorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_table(((TableBuilder) new TableBuilder().setTableName(tblName).addCol("name", "string")).setOwner(authorizedUser).build(this.conf));
            this.hmsHandler.alter_table("default", tblName, ((TableBuilder) new TableBuilder().addCol("dep", "string")).build(this.conf));
        } catch (Exception e) {
        }
    }

    @Test
    public void testK_DropTable_authorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.drop_table(dbName, tblName, true);
        } catch (Exception e) {
        }
    }

    @Test
    public void testL_DropDatabase_authorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.drop_database(dbName, true, true);
        } catch (Exception e) {
        }
    }

    @Test
    public void testM_DropCatalog_SuperUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(superUser));
        try {
            this.hmsHandler.drop_catalog(new DropCatalogRequest(catalogName));
        } catch (Exception e) {
        }
    }

    @Test
    public void testNShowDatabaseAuthorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.get_all_databases();
        } catch (Exception e) {
        }
    }

    @Test
    public void testOShowDatabaseUnauthorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
        try {
            this.hmsHandler.get_all_databases();
        } catch (Exception e) {
            if (StringUtils.isNotEmpty(e.getMessage())) {
            }
        }
    }

    @Test
    public void testPShowTablesAuthorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.get_all_tables("default");
        } catch (Exception e) {
        }
    }

    @Test
    public void testQShowTablesUnauthorizedUser() throws Exception {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
        try {
            this.hmsHandler.get_all_tables("default");
        } catch (Exception e) {
            if (StringUtils.isNotEmpty(e.getMessage())) {
            }
        }
    }

    @Test
    public void testR_CreateDataConnector_unAuthorizedUser() {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
        try {
            this.hmsHandler.create_dataconnector_req(new CreateDataConnectorRequest(new DataConnector(dcName, "mysql", "jdbc:mysql://localhost:3306/hive")));
        } catch (Exception e) {
            Assert.assertEquals("Operation type " + HiveOperationType.CREATEDATACONNECTOR + " not allowed for user:" + unAuthorizedUser, e.getMessage());
        }
    }

    @Test
    public void testS_CreateDataConnector_authorizedUser() {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_dataconnector_req(new CreateDataConnectorRequest(new DataConnector(dcName, "mysql", "jdbc:mysql://localhost:3306/hive")));
        } catch (Exception e) {
            Assert.fail("testS_CreateDataConnector_authorizedUser() failed with " + e);
        }
    }

    @Test
    public void testT_AlterDataConnector_AuthorizedUser() {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            this.hmsHandler.create_dataconnector_req(new CreateDataConnectorRequest(new DataConnector(dcName, "mysql", "jdbc:mysql://localhost:3306/hive")));
            this.hmsHandler.alter_dataconnector_req(new AlterDataConnectorRequest(dcName, new DataConnector(dcName, "mysql", "jdbc:mysql://localhost:3308/hive")));
        } catch (Exception e) {
            Assert.fail("testT_AlterDataConnector_AuthorizedUser() failed with " + e);
        }
    }

    @Test
    public void testU_DropDataConnector_authorizedUser() {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
        try {
            DropDataConnectorRequest dropDataConnectorRequest = new DropDataConnectorRequest(dcName);
            dropDataConnectorRequest.setIfNotExists(true);
            dropDataConnectorRequest.setCheckReferences(true);
            this.hmsHandler.drop_dataconnector_req(dropDataConnectorRequest);
        } catch (Exception e) {
            Assert.fail("testU_DropDataConnector_authorizedUser() failed with " + e);
        }
    }

    @Test
    public void testUnAuthorizedCause() {
        UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
        try {
            this.hmsHandler.create_database(new DatabaseBuilder().setName(dbName).build(this.conf));
        } catch (Exception e) {
            Assert.assertTrue(Arrays.stream(ExceptionUtils.getRootCauseStackTrace(e)).anyMatch(str -> {
                return str.contains(DummyHiveAuthorizer.class.getName());
            }));
        }
    }
}
