package io.prestosql.testing;

import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableMap;
import io.prestosql.metadata.QualifiedObjectName;
import io.prestosql.security.AccessControlManager;
import io.prestosql.security.SecurityContext;
import io.prestosql.spi.connector.CatalogSchemaName;
import io.prestosql.spi.security.AccessDeniedException;
import io.prestosql.spi.security.Identity;
import io.prestosql.transaction.TransactionId;
import io.prestosql.transaction.TransactionManager;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;

/* loaded from: input_file:io/prestosql/testing/TestingAccessControlManager.class */
public class TestingAccessControlManager extends AccessControlManager {
    private final Set<TestingPrivilege> denyPrivileges;

    /* loaded from: input_file:io/prestosql/testing/TestingAccessControlManager$TestingPrivilege.class */
    public static class TestingPrivilege {
        private final Optional<String> userName;
        private final String entityName;
        private final TestingPrivilegeType type;

        private TestingPrivilege(Optional<String> optional, String str, TestingPrivilegeType testingPrivilegeType) {
            this.userName = (Optional) Objects.requireNonNull(optional, "userName is null");
            this.entityName = (String) Objects.requireNonNull(str, "entityName is null");
            this.type = (TestingPrivilegeType) Objects.requireNonNull(testingPrivilegeType, "type is null");
        }

        public boolean matches(TestingPrivilege testingPrivilege) {
            return ((Boolean) this.userName.map(str -> {
                return Boolean.valueOf(testingPrivilege.userName.get().equals(str));
            }).orElse(true)).booleanValue() && this.entityName.equals(testingPrivilege.entityName) && this.type == testingPrivilege.type;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            TestingPrivilege testingPrivilege = (TestingPrivilege) obj;
            return Objects.equals(this.entityName, testingPrivilege.entityName) && Objects.equals(this.type, testingPrivilege.type);
        }

        public int hashCode() {
            return Objects.hash(this.entityName, this.type);
        }

        public String toString() {
            return MoreObjects.toStringHelper(this).add("userName", this.userName).add("entityName", this.entityName).add("type", this.type).toString();
        }
    }

    /* loaded from: input_file:io/prestosql/testing/TestingAccessControlManager$TestingPrivilegeType.class */
    public enum TestingPrivilegeType {
        SET_USER,
        CREATE_SCHEMA,
        DROP_SCHEMA,
        RENAME_SCHEMA,
        CREATE_TABLE,
        DROP_TABLE,
        RENAME_TABLE,
        COMMENT_TABLE,
        INSERT_TABLE,
        DELETE_TABLE,
        ADD_COLUMN,
        DROP_COLUMN,
        RENAME_COLUMN,
        SELECT_COLUMN,
        CREATE_VIEW,
        DROP_VIEW,
        CREATE_VIEW_WITH_SELECT_COLUMNS,
        SET_SESSION
    }

    @Inject
    public TestingAccessControlManager(TransactionManager transactionManager) {
        super(transactionManager);
        this.denyPrivileges = new HashSet();
        setSystemAccessControl("allow-all", ImmutableMap.of());
    }

    public static TestingPrivilege privilege(String str, TestingPrivilegeType testingPrivilegeType) {
        return new TestingPrivilege(Optional.empty(), str, testingPrivilegeType);
    }

    public static TestingPrivilege privilege(String str, String str2, TestingPrivilegeType testingPrivilegeType) {
        return new TestingPrivilege(Optional.of(str), str2, testingPrivilegeType);
    }

    public void deny(TestingPrivilege... testingPrivilegeArr) {
        Collections.addAll(this.denyPrivileges, testingPrivilegeArr);
    }

    public void reset() {
        this.denyPrivileges.clear();
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanSetUser(Optional<Principal> optional, String str) {
        if (shouldDenyPrivilege(str, str, TestingPrivilegeType.SET_USER)) {
            AccessDeniedException.denySetUser(optional, str);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSetUser(optional, str);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanCreateSchema(SecurityContext securityContext, CatalogSchemaName catalogSchemaName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), catalogSchemaName.getSchemaName(), TestingPrivilegeType.CREATE_SCHEMA)) {
            AccessDeniedException.denyCreateSchema(catalogSchemaName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateSchema(securityContext, catalogSchemaName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanDropSchema(SecurityContext securityContext, CatalogSchemaName catalogSchemaName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), catalogSchemaName.getSchemaName(), TestingPrivilegeType.DROP_SCHEMA)) {
            AccessDeniedException.denyDropSchema(catalogSchemaName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDropSchema(securityContext, catalogSchemaName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanRenameSchema(SecurityContext securityContext, CatalogSchemaName catalogSchemaName, String str) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), catalogSchemaName.getSchemaName(), TestingPrivilegeType.RENAME_SCHEMA)) {
            AccessDeniedException.denyRenameSchema(catalogSchemaName.toString(), str);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanRenameSchema(securityContext, catalogSchemaName, str);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanCreateTable(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.CREATE_TABLE)) {
            AccessDeniedException.denyCreateTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateTable(securityContext, qualifiedObjectName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanDropTable(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.DROP_TABLE)) {
            AccessDeniedException.denyDropTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDropTable(securityContext, qualifiedObjectName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanRenameTable(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName, QualifiedObjectName qualifiedObjectName2) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.RENAME_TABLE)) {
            AccessDeniedException.denyRenameTable(qualifiedObjectName.toString(), qualifiedObjectName2.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanRenameTable(securityContext, qualifiedObjectName, qualifiedObjectName2);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanSetTableComment(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.COMMENT_TABLE)) {
            AccessDeniedException.denyCommentTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSetTableComment(securityContext, qualifiedObjectName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanAddColumns(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.ADD_COLUMN)) {
            AccessDeniedException.denyAddColumn(qualifiedObjectName.toString());
        }
        super.checkCanAddColumns(securityContext, qualifiedObjectName);
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanDropColumn(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.DROP_COLUMN)) {
            AccessDeniedException.denyDropColumn(qualifiedObjectName.toString());
        }
        super.checkCanDropColumn(securityContext, qualifiedObjectName);
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanRenameColumn(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.RENAME_COLUMN)) {
            AccessDeniedException.denyRenameColumn(qualifiedObjectName.toString());
        }
        super.checkCanRenameColumn(securityContext, qualifiedObjectName);
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanInsertIntoTable(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.INSERT_TABLE)) {
            AccessDeniedException.denyInsertTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanInsertIntoTable(securityContext, qualifiedObjectName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanDeleteFromTable(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.DELETE_TABLE)) {
            AccessDeniedException.denyDeleteTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDeleteFromTable(securityContext, qualifiedObjectName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanCreateView(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.CREATE_VIEW)) {
            AccessDeniedException.denyCreateView(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateView(securityContext, qualifiedObjectName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanDropView(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.DROP_VIEW)) {
            AccessDeniedException.denyDropView(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDropView(securityContext, qualifiedObjectName);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanSetSystemSessionProperty(Identity identity, String str) {
        if (shouldDenyPrivilege(identity.getUser(), str, TestingPrivilegeType.SET_SESSION)) {
            AccessDeniedException.denySetSystemSessionProperty(str);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSetSystemSessionProperty(identity, str);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanCreateViewWithSelectFromColumns(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName, Set<String> set) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.CREATE_VIEW_WITH_SELECT_COLUMNS)) {
            AccessDeniedException.denyCreateViewWithSelect(qualifiedObjectName.toString(), securityContext.getIdentity());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateViewWithSelectFromColumns(securityContext, qualifiedObjectName, set);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanSetCatalogSessionProperty(TransactionId transactionId, Identity identity, String str, String str2) {
        if (shouldDenyPrivilege(identity.getUser(), str + "." + str2, TestingPrivilegeType.SET_SESSION)) {
            AccessDeniedException.denySetCatalogSessionProperty(str, str2);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSetCatalogSessionProperty(transactionId, identity, str, str2);
        }
    }

    @Override // io.prestosql.security.AccessControlManager, io.prestosql.security.AccessControl
    public void checkCanSelectFromColumns(SecurityContext securityContext, QualifiedObjectName qualifiedObjectName, Set<String> set) {
        if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.SELECT_COLUMN)) {
            AccessDeniedException.denySelectColumns(qualifiedObjectName.toString(), set);
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (shouldDenyPrivilege(securityContext.getIdentity().getUser(), it.next(), TestingPrivilegeType.SELECT_COLUMN)) {
                AccessDeniedException.denySelectColumns(qualifiedObjectName.toString(), set);
            }
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSelectFromColumns(securityContext, qualifiedObjectName, set);
        }
    }

    private boolean shouldDenyPrivilege(String str, String str2, TestingPrivilegeType testingPrivilegeType) {
        TestingPrivilege privilege = privilege(str, str2, testingPrivilegeType);
        Iterator<TestingPrivilege> it = this.denyPrivileges.iterator();
        while (it.hasNext()) {
            if (it.next().matches(privilege)) {
                return true;
            }
        }
        return false;
    }
}
