package io.trino.plugin.base.security;

import com.google.common.base.Suppliers;
import com.google.common.collect.ImmutableList;
import com.google.inject.Binder;
import com.google.inject.Inject;
import com.google.inject.Module;
import com.google.inject.Provides;
import com.google.inject.Scopes;
import com.google.inject.Singleton;
import io.airlift.configuration.AbstractConfigurationAwareModule;
import io.airlift.configuration.ConditionalModule;
import io.airlift.configuration.ConfigBinder;
import io.airlift.http.client.HttpClientBinder;
import io.airlift.log.Logger;
import io.airlift.units.Duration;
import io.trino.plugin.base.security.CatalogAccessControlRule;
import io.trino.plugin.base.util.JsonUtils;
import io.trino.spi.security.SystemAccessControl;
import java.io.File;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import java.util.regex.Pattern;

/* loaded from: input_file:io/trino/plugin/base/security/FileBasedSystemAccessControlModule.class */
public class FileBasedSystemAccessControlModule extends AbstractConfigurationAwareModule {
    private static final Logger log = Logger.get(FileBasedSystemAccessControlModule.class);

    /* loaded from: input_file:io/trino/plugin/base/security/FileBasedSystemAccessControlModule$HttpSystemAccessControlModule.class */
    private static class HttpSystemAccessControlModule implements Module {
        private HttpSystemAccessControlModule() {
        }

        public void configure(Binder binder) {
            HttpClientBinder.httpClientBinder(binder).bindHttpClient("system-access-control", ForAccessControlRules.class).withConfigDefaults(httpClientConfig -> {
                httpClientConfig.setRequestTimeout(Duration.succinctDuration(10.0d, TimeUnit.SECONDS)).setSelectorCount(1).setMinThreads(1);
            });
            binder.bind(HttpBasedAccessControlRulesProvider.class).in(Scopes.SINGLETON);
        }

        @Inject
        @Singleton
        @Provides
        public Supplier<FileBasedSystemAccessControlRules> getSystemAccessControlRules(HttpBasedAccessControlRulesProvider httpBasedAccessControlRulesProvider) {
            return () -> {
                return (FileBasedSystemAccessControlRules) httpBasedAccessControlRulesProvider.extract(FileBasedSystemAccessControlRules.class);
            };
        }
    }

    /* loaded from: input_file:io/trino/plugin/base/security/FileBasedSystemAccessControlModule$LocalSystemAccessControlModule.class */
    private static class LocalSystemAccessControlModule implements Module {
        private LocalSystemAccessControlModule() {
        }

        public void configure(Binder binder) {
        }

        @Inject
        @Singleton
        @Provides
        public Supplier<FileBasedSystemAccessControlRules> getSystemAccessControlRules(FileBasedAccessControlConfig fileBasedAccessControlConfig) {
            File file = new File(fileBasedAccessControlConfig.getConfigFile());
            return () -> {
                return (FileBasedSystemAccessControlRules) JsonUtils.parseJson(file.toPath(), fileBasedAccessControlConfig.getJsonPointer(), FileBasedSystemAccessControlRules.class);
            };
        }
    }

    public void setup(Binder binder) {
        ConfigBinder.configBinder(binder).bindConfig(FileBasedAccessControlConfig.class);
        install(ConditionalModule.conditionalModule(FileBasedAccessControlConfig.class, (v0) -> {
            return v0.isHttp();
        }, new HttpSystemAccessControlModule(), new LocalSystemAccessControlModule()));
    }

    @Inject
    @Singleton
    @Provides
    public SystemAccessControl getSystemAccessControl(FileBasedAccessControlConfig fileBasedAccessControlConfig, Supplier<FileBasedSystemAccessControlRules> supplier) {
        Duration refreshPeriod = fileBasedAccessControlConfig.getRefreshPeriod();
        return refreshPeriod != null ? ForwardingSystemAccessControl.of(Suppliers.memoizeWithExpiration(() -> {
            log.info("Refreshing system access control from %s", new Object[]{fileBasedAccessControlConfig.getConfigFile()});
            return create((FileBasedSystemAccessControlRules) supplier.get());
        }, refreshPeriod.toMillis(), TimeUnit.MILLISECONDS)) : create(supplier.get());
    }

    private SystemAccessControl create(FileBasedSystemAccessControlRules fileBasedSystemAccessControlRules) {
        ImmutableList of;
        if (fileBasedSystemAccessControlRules.getCatalogRules().isPresent()) {
            ImmutableList.Builder builder = ImmutableList.builder();
            builder.addAll(fileBasedSystemAccessControlRules.getCatalogRules().get());
            builder.add(new CatalogAccessControlRule(CatalogAccessControlRule.AccessMode.ALL, Optional.of(Pattern.compile(".*")), Optional.empty(), Optional.empty(), Optional.of(Pattern.compile("system"))));
            of = builder.build();
        } else {
            of = ImmutableList.of(CatalogAccessControlRule.ALLOW_ALL);
        }
        return FileBasedSystemAccessControl.builder().setCatalogRules(of).setQueryAccessRules(fileBasedSystemAccessControlRules.getQueryAccessRules()).setImpersonationRules(fileBasedSystemAccessControlRules.getImpersonationRules()).setPrincipalUserMatchRules(fileBasedSystemAccessControlRules.getPrincipalUserMatchRules()).setSystemInformationRules(fileBasedSystemAccessControlRules.getSystemInformationRules()).setAuthorizationRules(fileBasedSystemAccessControlRules.getAuthorizationRules()).setSchemaRules(fileBasedSystemAccessControlRules.getSchemaRules().orElse(ImmutableList.of(CatalogSchemaAccessControlRule.ALLOW_ALL))).setTableRules(fileBasedSystemAccessControlRules.getTableRules().orElse(ImmutableList.of(CatalogTableAccessControlRule.ALLOW_ALL))).setSessionPropertyRules(fileBasedSystemAccessControlRules.getSessionPropertyRules().orElse(ImmutableList.of(SessionPropertyAccessControlRule.ALLOW_ALL))).setCatalogSessionPropertyRules(fileBasedSystemAccessControlRules.getCatalogSessionPropertyRules().orElse(ImmutableList.of(CatalogSessionPropertyAccessControlRule.ALLOW_ALL))).setFunctionRules(fileBasedSystemAccessControlRules.getFunctionRules().orElse(ImmutableList.of(CatalogFunctionAccessControlRule.ALLOW_BUILTIN))).build();
    }
}
