package org.apache.hadoop.hive.ql.parse.authorization;

import java.util.HashMap;
import java.util.Iterator;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.ql.Context;
import org.apache.hadoop.hive.ql.QueryState;
import org.apache.hadoop.hive.ql.ddl.DDLWork;
import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.grant.GrantDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.revoke.RevokeDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.role.create.CreateRoleDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.role.drop.DropRoleDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.show.grant.ShowGrantDesc;
import org.apache.hadoop.hive.ql.ddl.privilege.show.rolegrant.ShowRoleGrantDesc;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.Partition;
import org.apache.hadoop.hive.ql.metadata.Table;
import org.apache.hadoop.hive.ql.parse.ASTNode;
import org.apache.hadoop.hive.ql.parse.SemanticException;
import org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator;
import org.apache.hadoop.hive.ql.security.authorization.Privilege;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.class */
public class TestHiveAuthorizationTaskFactory {
    private static final String SELECT = "SELECT";
    private static final String DB = "default";
    private static final String TABLE = "table1";
    private static final String TABLE_QNAME = "default.table1";
    private static final String GROUP = "group1";
    private static final String ROLE = "role1";
    private static final String USER = "user1";
    private QueryState queryState;
    private String currentUser;
    private Hive db;
    private Table table;
    private Partition partition;

    /* loaded from: input_file:org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory$DummyHiveAuthorizationTaskFactoryImpl.class */
    public static class DummyHiveAuthorizationTaskFactoryImpl extends HiveAuthorizationTaskFactoryImpl {
        static String uriPath = "";
        static String serverName = "";

        public DummyHiveAuthorizationTaskFactoryImpl(HiveConf hiveConf, Hive hive) {
            super(hiveConf, hive);
        }

        protected PrivilegeObjectDesc parsePrivObject(ASTNode aSTNode) throws SemanticException {
            ASTNode child = aSTNode.getChild(0);
            ASTNode child2 = child.getChild(0);
            if (child.getType() == 1154) {
                uriPath = child2.getText().replaceAll("'", "").replaceAll("\"", "");
            } else if (child.getType() == 1049) {
                serverName = child2.getText();
            }
            return super.parsePrivObject(aSTNode);
        }

        public static void reset() {
            uriPath = "";
            serverName = "";
        }
    }

    @Before
    public void setup() throws Exception {
        this.queryState = new QueryState.Builder().build();
        HiveConf conf = this.queryState.getConf();
        conf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_TASK_FACTORY, DummyHiveAuthorizationTaskFactoryImpl.class.getName());
        conf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER, "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory");
        this.db = (Hive) Mockito.mock(Hive.class);
        this.table = new Table(DB, TABLE);
        this.partition = new Partition(this.table);
        SessionState.start(conf);
        Mockito.when(this.db.getTable(DB, TABLE, false)).thenReturn(this.table);
        Mockito.when(this.db.getTable(TABLE_QNAME, false)).thenReturn(this.table);
        Mockito.when(this.db.getPartition(this.table, new HashMap(), false)).thenReturn(this.partition);
        HadoopDefaultAuthenticator hadoopDefaultAuthenticator = new HadoopDefaultAuthenticator();
        hadoopDefaultAuthenticator.setConf(conf);
        this.currentUser = hadoopDefaultAuthenticator.getUserName();
        DummyHiveAuthorizationTaskFactoryImpl.reset();
    }

    @Test
    public void testCreateRole() throws Exception {
        CreateRoleDesc dDLDesc = analyze("CREATE ROLE role1").getDDLDesc();
        Assert.assertNotNull("Role should not be null", dDLDesc);
        Assert.assertEquals(ROLE, dDLDesc.getName());
    }

    @Test
    public void testDropRole() throws Exception {
        DropRoleDesc dDLDesc = analyze("DROp ROLE role1").getDDLDesc();
        Assert.assertNotNull("Role should not be null", dDLDesc);
        Assert.assertEquals(ROLE, dDLDesc.getName());
    }

    @Test
    public void testGrantUserTable() throws Exception {
        GrantDesc dDLDesc = analyze("GRANT SELECT ON TABLE table1 TO USER user1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.USER, principalDesc.getType());
            Assert.assertEquals(USER, principalDesc.getName());
        }
        Iterator it = ListSizeMatcher.inList(dDLDesc.getPrivileges()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(Privilege.SELECT, ((PrivilegeDesc) it.next()).getPrivilege());
        }
        Assert.assertTrue("Expected table", dDLDesc.getPrivilegeSubject().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getPrivilegeSubject().getObject());
    }

    @Test
    public void testGrantRoleTable() throws Exception {
        GrantDesc dDLDesc = analyze("GRANT SELECT ON TABLE table1 TO ROLE role1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.ROLE, principalDesc.getType());
            Assert.assertEquals(ROLE, principalDesc.getName());
        }
        Iterator it = ListSizeMatcher.inList(dDLDesc.getPrivileges()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(Privilege.SELECT, ((PrivilegeDesc) it.next()).getPrivilege());
        }
        Assert.assertTrue("Expected table", dDLDesc.getPrivilegeSubject().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getPrivilegeSubject().getObject());
    }

    @Test
    public void testGrantGroupTable() throws Exception {
        GrantDesc dDLDesc = analyze("GRANT SELECT ON TABLE table1 TO GROUP group1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.GROUP, principalDesc.getType());
            Assert.assertEquals(GROUP, principalDesc.getName());
        }
        Iterator it = ListSizeMatcher.inList(dDLDesc.getPrivileges()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(Privilege.SELECT, ((PrivilegeDesc) it.next()).getPrivilege());
        }
        Assert.assertTrue("Expected table", dDLDesc.getPrivilegeSubject().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getPrivilegeSubject().getObject());
    }

    @Test
    public void testRevokeUserTable() throws Exception {
        RevokeDesc dDLDesc = analyze("REVOKE SELECT ON TABLE table1 FROM USER user1").getDDLDesc();
        Assert.assertNotNull("Revoke should not be null", dDLDesc);
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.USER, principalDesc.getType());
            Assert.assertEquals(USER, principalDesc.getName());
        }
        Iterator it = ListSizeMatcher.inList(dDLDesc.getPrivileges()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(Privilege.SELECT, ((PrivilegeDesc) it.next()).getPrivilege());
        }
        Assert.assertTrue("Expected table", dDLDesc.getPrivilegeSubject().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getPrivilegeSubject().getObject());
    }

    @Test
    public void testRevokeRoleTable() throws Exception {
        RevokeDesc dDLDesc = analyze("REVOKE SELECT ON TABLE table1 FROM ROLE role1").getDDLDesc();
        Assert.assertNotNull("Revoke should not be null", dDLDesc);
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.ROLE, principalDesc.getType());
            Assert.assertEquals(ROLE, principalDesc.getName());
        }
        Iterator it = ListSizeMatcher.inList(dDLDesc.getPrivileges()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(Privilege.SELECT, ((PrivilegeDesc) it.next()).getPrivilege());
        }
        Assert.assertTrue("Expected table", dDLDesc.getPrivilegeSubject().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getPrivilegeSubject().getObject());
    }

    @Test
    public void testRevokeGroupTable() throws Exception {
        RevokeDesc dDLDesc = analyze("REVOKE SELECT ON TABLE table1 FROM GROUP group1").getDDLDesc();
        Assert.assertNotNull("Revoke should not be null", dDLDesc);
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.GROUP, principalDesc.getType());
            Assert.assertEquals(GROUP, principalDesc.getName());
        }
        Iterator it = ListSizeMatcher.inList(dDLDesc.getPrivileges()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(Privilege.SELECT, ((PrivilegeDesc) it.next()).getPrivilege());
        }
        Assert.assertTrue("Expected table", dDLDesc.getPrivilegeSubject().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getPrivilegeSubject().getObject());
    }

    @Test
    public void testGrantRoleUser() throws Exception {
        GrantRoleDesc dDLDesc = analyze("GRANT ROLE role1 TO USER user1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        Assert.assertFalse("With admin option is not specified", dDLDesc.isGrantOption());
        Assert.assertEquals(this.currentUser, dDLDesc.getGrantor());
        Iterator it = ListSizeMatcher.inList(dDLDesc.getRoles()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(ROLE, (String) it.next());
        }
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.USER, principalDesc.getType());
            Assert.assertEquals(USER, principalDesc.getName());
        }
    }

    @Test
    public void testGrantRoleRole() throws Exception {
        GrantRoleDesc dDLDesc = analyze("GRANT ROLE role1 TO ROLE role1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        Assert.assertFalse("With admin option is not specified", dDLDesc.isGrantOption());
        Assert.assertEquals(this.currentUser, dDLDesc.getGrantor());
        Iterator it = ListSizeMatcher.inList(dDLDesc.getRoles()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(ROLE, (String) it.next());
        }
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.ROLE, principalDesc.getType());
            Assert.assertEquals(ROLE, principalDesc.getName());
        }
    }

    @Test
    public void testGrantRoleGroup() throws Exception {
        GrantRoleDesc dDLDesc = analyze("GRANT ROLE role1 TO GROUP group1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        Assert.assertFalse("With admin option is not specified", dDLDesc.isGrantOption());
        Assert.assertEquals(this.currentUser, dDLDesc.getGrantor());
        Iterator it = ListSizeMatcher.inList(dDLDesc.getRoles()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(ROLE, (String) it.next());
        }
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.GROUP, principalDesc.getType());
            Assert.assertEquals(GROUP, principalDesc.getName());
        }
    }

    @Test
    public void testRevokeRoleUser() throws Exception {
        RevokeRoleDesc dDLDesc = analyze("REVOKE ROLE role1 FROM USER user1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        Assert.assertFalse("With admin option is not specified", dDLDesc.isGrantOption());
        Assert.assertEquals(this.currentUser, dDLDesc.getGrantor());
        Iterator it = ListSizeMatcher.inList(dDLDesc.getRoles()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(ROLE, (String) it.next());
        }
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.USER, principalDesc.getType());
            Assert.assertEquals(USER, principalDesc.getName());
        }
    }

    @Test
    public void testRevokeRoleRole() throws Exception {
        RevokeRoleDesc dDLDesc = analyze("REVOKE ROLE role1 FROM ROLE role1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        Assert.assertFalse("With admin option is not specified", dDLDesc.isGrantOption());
        Assert.assertEquals(this.currentUser, dDLDesc.getGrantor());
        Iterator it = ListSizeMatcher.inList(dDLDesc.getRoles()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(ROLE, (String) it.next());
        }
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.ROLE, principalDesc.getType());
            Assert.assertEquals(ROLE, principalDesc.getName());
        }
    }

    @Test
    public void testRevokeRoleGroup() throws Exception {
        RevokeRoleDesc dDLDesc = analyze("REVOKE ROLE role1 FROM GROUP group1").getDDLDesc();
        Assert.assertNotNull("Grant should not be null", dDLDesc);
        Assert.assertFalse("With admin option is not specified", dDLDesc.isGrantOption());
        Assert.assertEquals(this.currentUser, dDLDesc.getGrantor());
        Iterator it = ListSizeMatcher.inList(dDLDesc.getRoles()).ofSize(1).iterator();
        while (it.hasNext()) {
            Assert.assertEquals(ROLE, (String) it.next());
        }
        for (PrincipalDesc principalDesc : ListSizeMatcher.inList(dDLDesc.getPrincipals()).ofSize(1)) {
            Assert.assertEquals(PrincipalType.GROUP, principalDesc.getType());
            Assert.assertEquals(GROUP, principalDesc.getName());
        }
    }

    @Test
    public void testShowRoleGrantUser() throws Exception {
        ShowRoleGrantDesc dDLDesc = analyze("SHOW ROLE GRANT USER user1").getDDLDesc();
        Assert.assertNotNull("Role should not be null", dDLDesc);
        Assert.assertEquals(PrincipalType.USER, dDLDesc.getPrincipalType());
        Assert.assertEquals(USER, dDLDesc.getName());
    }

    @Test
    public void testShowRoleGrantRole() throws Exception {
        ShowRoleGrantDesc dDLDesc = analyze("SHOW ROLE GRANT ROLE role1").getDDLDesc();
        Assert.assertNotNull("Role should not be null", dDLDesc);
        Assert.assertEquals(PrincipalType.ROLE, dDLDesc.getPrincipalType());
        Assert.assertEquals(ROLE, dDLDesc.getName());
    }

    @Test
    public void testShowRoleGrantGroup() throws Exception {
        ShowRoleGrantDesc dDLDesc = analyze("SHOW ROLE GRANT GROUP group1").getDDLDesc();
        Assert.assertNotNull("Role should not be null", dDLDesc);
        Assert.assertEquals(PrincipalType.GROUP, dDLDesc.getPrincipalType());
        Assert.assertEquals(GROUP, dDLDesc.getName());
    }

    @Test
    public void testShowGrantUserOnTable() throws Exception {
        ShowGrantDesc dDLDesc = analyze("SHOW GRANT USER user1 ON TABLE table1").getDDLDesc();
        Assert.assertNotNull("Show grant should not be null", dDLDesc);
        Assert.assertEquals(PrincipalType.USER, dDLDesc.getPrincipalDesc().getType());
        Assert.assertEquals(USER, dDLDesc.getPrincipalDesc().getName());
        Assert.assertTrue("Expected table", dDLDesc.getHiveObj().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getHiveObj().getObject());
        Assert.assertTrue("Expected table", dDLDesc.getHiveObj().getTable());
    }

    @Test
    public void testShowGrantRoleOnTable() throws Exception {
        ShowGrantDesc dDLDesc = analyze("SHOW GRANT ROLE role1 ON TABLE table1").getDDLDesc();
        Assert.assertNotNull("Show grant should not be null", dDLDesc);
        Assert.assertEquals(PrincipalType.ROLE, dDLDesc.getPrincipalDesc().getType());
        Assert.assertEquals(ROLE, dDLDesc.getPrincipalDesc().getName());
        Assert.assertTrue("Expected table", dDLDesc.getHiveObj().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getHiveObj().getObject());
        Assert.assertTrue("Expected table", dDLDesc.getHiveObj().getTable());
    }

    @Test
    public void testShowGrantGroupOnTable() throws Exception {
        ShowGrantDesc dDLDesc = analyze("SHOW GRANT GROUP group1 ON TABLE table1").getDDLDesc();
        Assert.assertNotNull("Show grant should not be null", dDLDesc);
        Assert.assertEquals(PrincipalType.GROUP, dDLDesc.getPrincipalDesc().getType());
        Assert.assertEquals(GROUP, dDLDesc.getPrincipalDesc().getName());
        Assert.assertTrue("Expected table", dDLDesc.getHiveObj().getTable());
        Assert.assertEquals(TABLE_QNAME, dDLDesc.getHiveObj().getObject());
        Assert.assertTrue("Expected table", dDLDesc.getHiveObj().getTable());
    }

    @Test
    public void testGrantUri() throws Exception {
        try {
            analyze("GRANT ALL ON URI '/tmp' TO USER user2");
            Assert.fail("Grant on URI should fail");
        } catch (SemanticException e) {
            Assert.assertEquals("/tmp", DummyHiveAuthorizationTaskFactoryImpl.uriPath);
        }
    }

    @Test
    public void testGrantServer() throws Exception {
        try {
            analyze("GRANT ALL ON SERVER foo TO USER user2");
            Assert.fail("Grant on Server should fail");
        } catch (SemanticException e) {
            Assert.assertEquals("foo", DummyHiveAuthorizationTaskFactoryImpl.serverName);
        }
    }

    private DDLWork analyze(String str) throws Exception {
        return AuthorizationTestUtil.analyze(str, this.queryState, this.db, new Context(this.queryState.getConf()));
    }
}
