package io.trino.connector;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import io.trino.plugin.base.security.AllowAllAccessControl;
import io.trino.spi.connector.ColumnSchema;
import io.trino.spi.connector.ConnectorSecurityContext;
import io.trino.spi.connector.SchemaTableName;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.ConnectorIdentity;
import io.trino.spi.security.Privilege;
import io.trino.spi.security.TrinoPrincipal;
import io.trino.spi.security.ViewExpression;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;

/* loaded from: input_file:io/trino/connector/MockConnectorAccessControl.class */
class MockConnectorAccessControl extends AllowAllAccessControl {
    private static final String INFORMATION_SCHEMA = "information_schema";
    private final Grants<String> schemaGrants;
    private final Grants<SchemaTableName> tableGrants;
    private final Function<SchemaTableName, ViewExpression> rowFilters;
    private final BiFunction<SchemaTableName, String, ViewExpression> columnMasks;

    /* JADX INFO: Access modifiers changed from: package-private */
    public MockConnectorAccessControl(Grants<String> grants, Grants<SchemaTableName> grants2, Function<SchemaTableName, ViewExpression> function, BiFunction<SchemaTableName, String, ViewExpression> biFunction) {
        this.schemaGrants = (Grants) Objects.requireNonNull(grants, "schemaGrants is null");
        this.tableGrants = (Grants) Objects.requireNonNull(grants2, "tableGrants is null");
        this.rowFilters = (Function) Objects.requireNonNull(function, "rowFilters is null");
        this.columnMasks = (BiFunction) Objects.requireNonNull(biFunction, "columnMasks is null");
    }

    public Set<String> filterSchemas(ConnectorSecurityContext connectorSecurityContext, Set<String> set) {
        return (Set) set.stream().filter(str -> {
            return canAccessSchema(connectorSecurityContext.getIdentity(), str);
        }).collect(ImmutableSet.toImmutableSet());
    }

    public void checkCanGrantSchemaPrivilege(ConnectorSecurityContext connectorSecurityContext, Privilege privilege, String str, TrinoPrincipal trinoPrincipal, boolean z) {
        if (this.schemaGrants.canGrant(connectorSecurityContext.getIdentity().getUser(), str, privilege)) {
            return;
        }
        AccessDeniedException.denyGrantSchemaPrivilege(privilege.toString(), str);
    }

    public void checkCanDenySchemaPrivilege(ConnectorSecurityContext connectorSecurityContext, Privilege privilege, String str, TrinoPrincipal trinoPrincipal) {
        throw new UnsupportedOperationException();
    }

    public void checkCanRevokeSchemaPrivilege(ConnectorSecurityContext connectorSecurityContext, Privilege privilege, String str, TrinoPrincipal trinoPrincipal, boolean z) {
        if (this.schemaGrants.canGrant(connectorSecurityContext.getIdentity().getUser(), str, privilege)) {
            return;
        }
        AccessDeniedException.denyRevokeSchemaPrivilege(privilege.toString(), str);
    }

    public Set<SchemaTableName> filterTables(ConnectorSecurityContext connectorSecurityContext, Set<SchemaTableName> set) {
        return (Set) set.stream().filter(schemaTableName -> {
            return canAccessSchema(connectorSecurityContext.getIdentity(), schemaTableName.getSchemaName()) || canAccessTable(connectorSecurityContext.getIdentity(), schemaTableName);
        }).collect(ImmutableSet.toImmutableSet());
    }

    public void checkCanGrantTablePrivilege(ConnectorSecurityContext connectorSecurityContext, Privilege privilege, SchemaTableName schemaTableName, TrinoPrincipal trinoPrincipal, boolean z) {
        String user = connectorSecurityContext.getIdentity().getUser();
        if (this.schemaGrants.canGrant(user, schemaTableName.getSchemaName(), privilege) || this.tableGrants.canGrant(user, schemaTableName, privilege)) {
            return;
        }
        AccessDeniedException.denyGrantTablePrivilege(privilege.toString(), schemaTableName.getTableName());
    }

    public void checkCanDenyTablePrivilege(ConnectorSecurityContext connectorSecurityContext, Privilege privilege, SchemaTableName schemaTableName, TrinoPrincipal trinoPrincipal) {
        throw new UnsupportedOperationException();
    }

    public void checkCanRevokeTablePrivilege(ConnectorSecurityContext connectorSecurityContext, Privilege privilege, SchemaTableName schemaTableName, TrinoPrincipal trinoPrincipal, boolean z) {
        String user = connectorSecurityContext.getIdentity().getUser();
        if (this.schemaGrants.canGrant(user, schemaTableName.getSchemaName(), privilege) || this.tableGrants.canGrant(user, schemaTableName, privilege)) {
            return;
        }
        AccessDeniedException.denyRevokeTablePrivilege(privilege.toString(), schemaTableName.toString());
    }

    public List<ViewExpression> getRowFilters(ConnectorSecurityContext connectorSecurityContext, SchemaTableName schemaTableName) {
        return (List) Optional.ofNullable(this.rowFilters.apply(schemaTableName)).map((v0) -> {
            return ImmutableList.of(v0);
        }).orElseGet(ImmutableList::of);
    }

    public Map<ColumnSchema, ViewExpression> getColumnMasks(ConnectorSecurityContext connectorSecurityContext, SchemaTableName schemaTableName, List<ColumnSchema> list) {
        return (Map) list.stream().map(columnSchema -> {
            return Map.entry(columnSchema, Optional.ofNullable(this.columnMasks.apply(schemaTableName, columnSchema.getName())));
        }).filter(entry -> {
            return ((Optional) entry.getValue()).isPresent();
        }).collect(ImmutableMap.toImmutableMap((v0) -> {
            return v0.getKey();
        }, entry2 -> {
            return (ViewExpression) ((Optional) entry2.getValue()).orElseThrow();
        }));
    }

    public void grantSchemaPrivileges(String str, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        this.schemaGrants.grant(trinoPrincipal, str, set, z);
    }

    public void revokeSchemaPrivileges(String str, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        this.schemaGrants.revoke(trinoPrincipal, str, set, z);
    }

    public void grantTablePrivileges(SchemaTableName schemaTableName, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        this.tableGrants.grant(trinoPrincipal, schemaTableName, set, z);
    }

    public void revokeTablePrivileges(SchemaTableName schemaTableName, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        this.tableGrants.revoke(trinoPrincipal, schemaTableName, set, z);
    }

    private boolean canAccessSchema(ConnectorIdentity connectorIdentity, String str) {
        return str.equalsIgnoreCase(INFORMATION_SCHEMA) || Arrays.stream(Privilege.values()).anyMatch(privilege -> {
            return this.schemaGrants.isAllowed(connectorIdentity.getUser(), str, privilege);
        });
    }

    private boolean canAccessTable(ConnectorIdentity connectorIdentity, SchemaTableName schemaTableName) {
        return Arrays.stream(Privilege.values()).anyMatch(privilege -> {
            return this.tableGrants.isAllowed(connectorIdentity.getUser(), schemaTableName, privilege);
        });
    }
}
