package org.apache.iotdb.db.queryengine.plan.relational.analyzer;

import java.time.ZoneId;
import java.util.Collections;
import org.apache.iotdb.common.rpc.thrift.TEndPoint;
import org.apache.iotdb.commons.exception.auth.AccessDeniedException;
import org.apache.iotdb.db.protocol.session.IClientSession;
import org.apache.iotdb.db.queryengine.common.MPPQueryContext;
import org.apache.iotdb.db.queryengine.common.SessionInfo;
import org.apache.iotdb.db.queryengine.execution.warnings.WarningCollector;
import org.apache.iotdb.db.queryengine.plan.execution.config.TableConfigTaskVisitor;
import org.apache.iotdb.db.queryengine.plan.relational.metadata.QualifiedObjectName;
import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControlImpl;
import org.apache.iotdb.db.queryengine.plan.relational.security.ITableAuthChecker;
import org.apache.iotdb.db.queryengine.plan.relational.security.TableModelPrivilege;
import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.Statement;
import org.apache.iotdb.db.queryengine.plan.relational.sql.parser.SqlParser;
import org.apache.iotdb.db.queryengine.plan.relational.sql.rewrite.StatementRewrite;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/iotdb/db/queryengine/plan/relational/analyzer/AuthTest.class */
public class AuthTest {
    private final SqlParser sqlParser = new SqlParser();
    private final ZoneId zoneId = ZoneId.systemDefault();
    private final QualifiedObjectName testdbTable1 = new QualifiedObjectName(TestMatadata.DB1, TestMatadata.TABLE1);
    private final String userRoot = "root";
    private final String user1 = "user1";
    private final String user2 = "user2";

    @Test
    public void testQueryRelatedAuth() {
        String format = String.format("SELECT * FROM %s.%s", TestMatadata.DB1, TestMatadata.TABLE1);
        ITableAuthChecker iTableAuthChecker = (ITableAuthChecker) Mockito.mock(ITableAuthChecker.class);
        ((ITableAuthChecker) Mockito.doNothing().when(iTableAuthChecker)).checkTablePrivilege((String) ArgumentMatchers.eq("root"), (QualifiedObjectName) ArgumentMatchers.any(), (TableModelPrivilege) ArgumentMatchers.any());
        String format2 = String.format("%s doesn't have %s privilege on TABLE %s.%s", "user1", TableModelPrivilege.SELECT, TestMatadata.DB1, TestMatadata.TABLE1);
        ((ITableAuthChecker) Mockito.doThrow(new Throwable[]{new AccessDeniedException(format2)}).when(iTableAuthChecker)).checkTablePrivilege((String) ArgumentMatchers.eq("user1"), (QualifiedObjectName) ArgumentMatchers.eq(this.testdbTable1), (TableModelPrivilege) ArgumentMatchers.eq(TableModelPrivilege.SELECT));
        ((ITableAuthChecker) Mockito.doNothing().when(iTableAuthChecker)).checkTablePrivilege((String) ArgumentMatchers.eq("user2"), (QualifiedObjectName) ArgumentMatchers.eq(this.testdbTable1), (TableModelPrivilege) ArgumentMatchers.eq(TableModelPrivilege.SELECT));
        try {
            analyzeSQL(format, "root", iTableAuthChecker);
        } catch (Exception e) {
            Assert.fail(e.getMessage());
        }
        try {
            analyzeSQL(format, "user1", iTableAuthChecker);
            Assert.fail("user1 should be denied");
        } catch (AccessDeniedException e2) {
            Assert.assertEquals("Access Denied: " + format2, e2.getMessage());
        } catch (Exception e3) {
            Assert.fail("Unexpected exception : " + e3.getMessage());
        }
        try {
            analyzeSQL(format, "user2", iTableAuthChecker, TestMatadata.DB1);
        } catch (Exception e4) {
            Assert.fail(e4.getMessage());
        }
    }

    @Test
    public void testDatabaseManagementRelatedAuth() {
        String format = String.format("CREATE DATABASE %s", "test1");
        ITableAuthChecker iTableAuthChecker = (ITableAuthChecker) Mockito.mock(ITableAuthChecker.class);
        ((ITableAuthChecker) Mockito.doNothing().when(iTableAuthChecker)).checkDatabasePrivilege((String) ArgumentMatchers.eq("root"), (String) ArgumentMatchers.any(), (TableModelPrivilege) ArgumentMatchers.any());
        String format2 = String.format("%s doesn't have %s privilege on DATABASE %s", "user1", TableModelPrivilege.CREATE, "test1");
        ((ITableAuthChecker) Mockito.doThrow(new Throwable[]{new AccessDeniedException(format2)}).when(iTableAuthChecker)).checkDatabasePrivilege((String) ArgumentMatchers.eq("user1"), (String) ArgumentMatchers.eq("test1"), (TableModelPrivilege) ArgumentMatchers.eq(TableModelPrivilege.CREATE));
        ((ITableAuthChecker) Mockito.doNothing().when(iTableAuthChecker)).checkDatabasePrivilege((String) ArgumentMatchers.eq("user2"), (String) ArgumentMatchers.eq("test1"), (TableModelPrivilege) ArgumentMatchers.eq(TableModelPrivilege.CREATE));
        try {
            analyzeConfigTask(format, "root", iTableAuthChecker);
        } catch (Exception e) {
            Assert.fail(e.getMessage());
        }
        try {
            analyzeConfigTask(format, "user1", iTableAuthChecker);
            Assert.fail("user1 should be denied");
        } catch (AccessDeniedException e2) {
            Assert.assertEquals("Access Denied: " + format2, e2.getMessage());
        } catch (Exception e3) {
            Assert.fail("Unexpected exception : " + e3.getMessage());
        }
        try {
            analyzeConfigTask(format, "user2", iTableAuthChecker);
        } catch (Exception e4) {
            Assert.fail(e4.getMessage());
        }
        ((ITableAuthChecker) Mockito.doNothing().when(iTableAuthChecker)).checkDatabaseVisibility((String) ArgumentMatchers.eq("root"), (String) ArgumentMatchers.any());
        String format3 = String.format("%s has no privileges on DATABASE %s", "user1", "test1");
        ((ITableAuthChecker) Mockito.doThrow(new Throwable[]{new AccessDeniedException(format3)}).when(iTableAuthChecker)).checkDatabaseVisibility((String) ArgumentMatchers.eq("user1"), (String) ArgumentMatchers.eq("test1"));
        ((ITableAuthChecker) Mockito.doNothing().when(iTableAuthChecker)).checkDatabaseVisibility((String) ArgumentMatchers.eq("user1"), (String) ArgumentMatchers.eq("test2"));
        String format4 = String.format("USE %s", "test1");
        try {
            analyzeConfigTask(format4, "root", iTableAuthChecker);
        } catch (Exception e5) {
            Assert.fail(e5.getMessage());
        }
        try {
            analyzeConfigTask(format4, "user1", iTableAuthChecker);
            Assert.fail("user1 should be denied");
        } catch (AccessDeniedException e6) {
            Assert.assertEquals("Access Denied: " + format3, e6.getMessage());
        } catch (Exception e7) {
            Assert.fail("Unexpected exception : " + e7.getMessage());
        }
        try {
            analyzeConfigTask(String.format("USE %s", "test2"), "user1", iTableAuthChecker);
        } catch (Exception e8) {
            Assert.fail(e8.getMessage());
        }
    }

    private void analyzeSQL(String str, String str2, ITableAuthChecker iTableAuthChecker) {
        analyzeSQL(str, str2, iTableAuthChecker, null);
    }

    private void analyzeSQL(String str, String str2, ITableAuthChecker iTableAuthChecker, String str3) {
        IClientSession iClientSession = (IClientSession) Mockito.mock(IClientSession.class);
        Mockito.when(iClientSession.getDatabaseName()).thenReturn(str3);
        Statement createStatement = this.sqlParser.createStatement(str, this.zoneId, iClientSession);
        SessionInfo sessionInfo = new SessionInfo(0L, str2, this.zoneId, str3, IClientSession.SqlDialect.TABLE);
        new Analyzer(new MPPQueryContext(str, TestUtils.QUERY_ID, 0L, sessionInfo, (TEndPoint) null, (TEndPoint) null), sessionInfo, new StatementAnalyzerFactory(TestUtils.TEST_MATADATA, this.sqlParser, new AccessControlImpl(iTableAuthChecker)), Collections.emptyList(), Collections.emptyMap(), StatementRewrite.NOOP, WarningCollector.NOOP).analyze(createStatement);
    }

    private void analyzeConfigTask(String str, String str2, ITableAuthChecker iTableAuthChecker) {
        IClientSession iClientSession = (IClientSession) Mockito.mock(IClientSession.class);
        Mockito.when(iClientSession.getDatabaseName()).thenReturn((Object) null);
        this.sqlParser.createStatement(str, this.zoneId, iClientSession).accept(new TableConfigTaskVisitor((IClientSession) Mockito.mock(IClientSession.class), TestUtils.TEST_MATADATA, new AccessControlImpl(iTableAuthChecker)), new MPPQueryContext(str, TestUtils.QUERY_ID, 0L, new SessionInfo(0L, str2, this.zoneId, (String) null, IClientSession.SqlDialect.TABLE), (TEndPoint) null, (TEndPoint) null));
    }

    private void analyzeConfigTask(String str, String str2, ITableAuthChecker iTableAuthChecker, IClientSession iClientSession) {
        this.sqlParser.createStatement(str, this.zoneId, iClientSession).accept(new TableConfigTaskVisitor(iClientSession, TestUtils.TEST_MATADATA, new AccessControlImpl(iTableAuthChecker)), new MPPQueryContext(str, TestUtils.QUERY_ID, 0L, new SessionInfo(0L, str2, this.zoneId, (String) null, IClientSession.SqlDialect.TABLE), (TEndPoint) null, (TEndPoint) null));
    }
}
