package com.facebook.presto.security;

import com.facebook.presto.connector.ConnectorId;
import com.facebook.presto.metadata.QualifiedObjectName;
import com.facebook.presto.spi.CatalogSchemaName;
import com.facebook.presto.spi.CatalogSchemaTableName;
import com.facebook.presto.spi.PrestoException;
import com.facebook.presto.spi.StandardErrorCode;
import com.facebook.presto.spi.connector.ConnectorAccessControl;
import com.facebook.presto.spi.connector.ConnectorTransactionHandle;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.spi.security.Privilege;
import com.facebook.presto.spi.security.SystemAccessControl;
import com.facebook.presto.spi.security.SystemAccessControlFactory;
import com.facebook.presto.transaction.TransactionId;
import com.facebook.presto.transaction.TransactionManager;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import io.airlift.log.Logger;
import io.airlift.stats.CounterStat;
import java.io.File;
import java.io.FileInputStream;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.inject.Inject;
import org.weakref.jmx.Managed;
import org.weakref.jmx.Nested;

/* loaded from: input_file:com/facebook/presto/security/AccessControlManager.class */
public class AccessControlManager implements AccessControl {
    private static final Logger log = Logger.get((Class<?>) AccessControlManager.class);
    private static final File ACCESS_CONTROL_CONFIGURATION = new File("etc/access-control.properties");
    private static final String ACCESS_CONTROL_PROPERTY_NAME = "access-control.name";
    public static final String ALLOW_ALL_ACCESS_CONTROL = "allow-all";
    private final TransactionManager transactionManager;
    private final Map<String, SystemAccessControlFactory> systemAccessControlFactories = new ConcurrentHashMap();
    private final Map<String, CatalogAccessControlEntry> catalogAccessControl = new ConcurrentHashMap();
    private final AtomicReference<SystemAccessControl> systemAccessControl = new AtomicReference<>(new InitializingSystemAccessControl());
    private final AtomicBoolean systemAccessControlLoading = new AtomicBoolean();
    private final CounterStat authenticationSuccess = new CounterStat();
    private final CounterStat authenticationFail = new CounterStat();
    private final CounterStat authorizationSuccess = new CounterStat();
    private final CounterStat authorizationFail = new CounterStat();

    /* loaded from: input_file:com/facebook/presto/security/AccessControlManager$AllowAllSystemAccessControl.class */
    private static class AllowAllSystemAccessControl implements SystemAccessControl {
        private AllowAllSystemAccessControl() {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanSetUser(Principal principal, String str) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanSetSystemSessionProperty(Identity identity, String str) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanCreateSchema(Identity identity, CatalogSchemaName catalogSchemaName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanDropSchema(Identity identity, CatalogSchemaName catalogSchemaName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanRenameSchema(Identity identity, CatalogSchemaName catalogSchemaName, String str) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanCreateTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanDropTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanRenameTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName, CatalogSchemaTableName catalogSchemaTableName2) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanAddColumn(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanRenameColumn(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanSelectFromTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanInsertIntoTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanDeleteFromTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanCreateView(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanDropView(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanSelectFromView(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanCreateViewWithSelectFromTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanCreateViewWithSelectFromView(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanSetCatalogSessionProperty(Identity identity, String str, String str2) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanGrantTablePrivilege(Identity identity, Privilege privilege, CatalogSchemaTableName catalogSchemaTableName) {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanRevokeTablePrivilege(Identity identity, Privilege privilege, CatalogSchemaTableName catalogSchemaTableName) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/facebook/presto/security/AccessControlManager$CatalogAccessControlEntry.class */
    public class CatalogAccessControlEntry {
        private final ConnectorId connectorId;
        private final ConnectorAccessControl accessControl;

        public CatalogAccessControlEntry(ConnectorId connectorId, ConnectorAccessControl connectorAccessControl) {
            this.connectorId = (ConnectorId) Objects.requireNonNull(connectorId, "connectorId is null");
            this.accessControl = (ConnectorAccessControl) Objects.requireNonNull(connectorAccessControl, "accessControl is null");
        }

        public ConnectorAccessControl getAccessControl() {
            return this.accessControl;
        }

        public ConnectorTransactionHandle getTransactionHandle(TransactionId transactionId) {
            return AccessControlManager.this.transactionManager.getConnectorTransaction(transactionId, this.connectorId);
        }
    }

    /* loaded from: input_file:com/facebook/presto/security/AccessControlManager$InitializingSystemAccessControl.class */
    private static class InitializingSystemAccessControl implements SystemAccessControl {
        private InitializingSystemAccessControl() {
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanSetUser(Principal principal, String str) {
            throw new PrestoException(StandardErrorCode.SERVER_STARTING_UP, "Presto server is still initializing");
        }

        @Override // com.facebook.presto.spi.security.SystemAccessControl
        public void checkCanSetSystemSessionProperty(Identity identity, String str) {
            throw new PrestoException(StandardErrorCode.SERVER_STARTING_UP, "Presto server is still initializing");
        }
    }

    @Inject
    public AccessControlManager(TransactionManager transactionManager) {
        this.transactionManager = (TransactionManager) Objects.requireNonNull(transactionManager, "transactionManager is null");
        this.systemAccessControlFactories.put(ALLOW_ALL_ACCESS_CONTROL, new SystemAccessControlFactory() { // from class: com.facebook.presto.security.AccessControlManager.1
            @Override // com.facebook.presto.spi.security.SystemAccessControlFactory
            public String getName() {
                return AccessControlManager.ALLOW_ALL_ACCESS_CONTROL;
            }

            @Override // com.facebook.presto.spi.security.SystemAccessControlFactory
            public SystemAccessControl create(Map<String, String> map) {
                Objects.requireNonNull(map, "config is null");
                Preconditions.checkArgument(map.isEmpty(), "The none access-controller does not support any configuration properties");
                return new AllowAllSystemAccessControl();
            }
        });
    }

    public void addSystemAccessControlFactory(SystemAccessControlFactory systemAccessControlFactory) {
        Objects.requireNonNull(systemAccessControlFactory, "accessControlFactory is null");
        if (this.systemAccessControlFactories.putIfAbsent(systemAccessControlFactory.getName(), systemAccessControlFactory) != null) {
            throw new IllegalArgumentException(String.format("Access control '%s' is already registered", systemAccessControlFactory.getName()));
        }
    }

    public void addCatalogAccessControl(ConnectorId connectorId, String str, ConnectorAccessControl connectorAccessControl) {
        Objects.requireNonNull(connectorId, "connectorId is null");
        Objects.requireNonNull(str, "catalogName is null");
        Objects.requireNonNull(connectorAccessControl, "accessControl is null");
        if (this.catalogAccessControl.putIfAbsent(str, new CatalogAccessControlEntry(connectorId, connectorAccessControl)) != null) {
            throw new IllegalArgumentException(String.format("Access control for catalog '%s' is already registered", str));
        }
    }

    public void loadSystemAccessControl() throws Exception {
        if (!ACCESS_CONTROL_CONFIGURATION.exists()) {
            setSystemAccessControl(ALLOW_ALL_ACCESS_CONTROL, ImmutableMap.of());
            return;
        }
        HashMap hashMap = new HashMap(loadProperties(ACCESS_CONTROL_CONFIGURATION));
        String remove = hashMap.remove(ACCESS_CONTROL_PROPERTY_NAME);
        Preconditions.checkArgument(!Strings.isNullOrEmpty(remove), "Access control configuration %s does not contain %s", ACCESS_CONTROL_CONFIGURATION.getAbsoluteFile(), ACCESS_CONTROL_PROPERTY_NAME);
        setSystemAccessControl(remove, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @VisibleForTesting
    public void setSystemAccessControl(String str, Map<String, String> map) {
        Objects.requireNonNull(str, "name is null");
        Objects.requireNonNull(map, "properties is null");
        Preconditions.checkState(this.systemAccessControlLoading.compareAndSet(false, true), "System access control already initialized");
        log.info("-- Loading system access control --");
        SystemAccessControlFactory systemAccessControlFactory = this.systemAccessControlFactories.get(str);
        Preconditions.checkState(systemAccessControlFactory != null, "Access control %s is not registered", str);
        this.systemAccessControl.set(systemAccessControlFactory.create(ImmutableMap.copyOf((Map) map)));
        log.info("-- Loaded system access control %s --", str);
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanSetUser(Principal principal, String str) {
        Objects.requireNonNull(str, "userName is null");
        authenticationCheck(() -> {
            this.systemAccessControl.get().checkCanSetUser(principal, str);
        });
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanCreateSchema(TransactionId transactionId, Identity identity, CatalogSchemaName catalogSchemaName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(catalogSchemaName, "schemaName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanCreateSchema(identity, catalogSchemaName);
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(catalogSchemaName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanCreateSchema(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, catalogSchemaName.getSchemaName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanDropSchema(TransactionId transactionId, Identity identity, CatalogSchemaName catalogSchemaName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(catalogSchemaName, "schemaName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanDropSchema(identity, catalogSchemaName);
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(catalogSchemaName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanDropSchema(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, catalogSchemaName.getSchemaName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanRenameSchema(TransactionId transactionId, Identity identity, CatalogSchemaName catalogSchemaName, String str) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(catalogSchemaName, "schemaName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanRenameSchema(identity, catalogSchemaName, str);
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(catalogSchemaName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanRenameSchema(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, catalogSchemaName.getSchemaName(), str);
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanCreateTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanCreateTable(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanCreateTable(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanDropTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanDropTable(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanDropTable(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanRenameTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName, QualifiedObjectName qualifiedObjectName2) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        Objects.requireNonNull(qualifiedObjectName2, "newTableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanRenameTable(identity, qualifiedObjectName.asCatalogSchemaTableName(), qualifiedObjectName2.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanRenameTable(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName(), qualifiedObjectName2.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanAddColumns(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanAddColumn(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanAddColumn(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanRenameColumn(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanRenameColumn(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanRenameColumn(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanSelectFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanSelectFromTable(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanSelectFromTable(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanInsertIntoTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanInsertIntoTable(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanInsertIntoTable(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanDeleteFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanDeleteFromTable(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanDeleteFromTable(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanCreateView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "viewName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanCreateView(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanCreateView(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanDropView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "viewName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanDropView(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanDropView(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanSelectFromView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "viewName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanSelectFromView(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanSelectFromView(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanCreateViewWithSelectFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanCreateViewWithSelectFromTable(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanCreateViewWithSelectFromTable(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanCreateViewWithSelectFromView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "viewName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanCreateViewWithSelectFromView(identity, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanCreateViewWithSelectFromView(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanGrantTablePrivilege(TransactionId transactionId, Identity identity, Privilege privilege, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        Objects.requireNonNull(privilege, "privilege is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanGrantTablePrivilege(identity, privilege, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanGrantTablePrivilege(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, privilege, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanRevokeTablePrivilege(TransactionId transactionId, Identity identity, Privilege privilege, QualifiedObjectName qualifiedObjectName) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(qualifiedObjectName, "tableName is null");
        Objects.requireNonNull(privilege, "privilege is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanRevokeTablePrivilege(identity, privilege, qualifiedObjectName.asCatalogSchemaTableName());
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(qualifiedObjectName.getCatalogName());
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanRevokeTablePrivilege(catalogAccessControlEntry.getTransactionHandle(transactionId), identity, privilege, qualifiedObjectName.asSchemaTableName());
            });
        }
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanSetSystemSessionProperty(Identity identity, String str) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(str, "propertyName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanSetSystemSessionProperty(identity, str);
        });
    }

    @Override // com.facebook.presto.security.AccessControl
    public void checkCanSetCatalogSessionProperty(Identity identity, String str, String str2) {
        Objects.requireNonNull(identity, "identity is null");
        Objects.requireNonNull(str, "catalogName is null");
        Objects.requireNonNull(str2, "propertyName is null");
        authorizationCheck(() -> {
            this.systemAccessControl.get().checkCanSetCatalogSessionProperty(identity, str, str2);
        });
        CatalogAccessControlEntry catalogAccessControlEntry = this.catalogAccessControl.get(str);
        if (catalogAccessControlEntry != null) {
            authorizationCheck(() -> {
                catalogAccessControlEntry.getAccessControl().checkCanSetCatalogSessionProperty(identity, str2);
            });
        }
    }

    @Managed
    @Nested
    public CounterStat getAuthenticationSuccess() {
        return this.authenticationSuccess;
    }

    @Managed
    @Nested
    public CounterStat getAuthenticationFail() {
        return this.authenticationFail;
    }

    @Managed
    @Nested
    public CounterStat getAuthorizationSuccess() {
        return this.authorizationSuccess;
    }

    @Managed
    @Nested
    public CounterStat getAuthorizationFail() {
        return this.authorizationFail;
    }

    private void authenticationCheck(Runnable runnable) {
        try {
            runnable.run();
            this.authenticationSuccess.update(1L);
        } catch (PrestoException e) {
            this.authenticationFail.update(1L);
            throw e;
        }
    }

    private void authorizationCheck(Runnable runnable) {
        try {
            runnable.run();
            this.authorizationSuccess.update(1L);
        } catch (PrestoException e) {
            this.authorizationFail.update(1L);
            throw e;
        }
    }

    private static Map<String, String> loadProperties(File file) throws Exception {
        Objects.requireNonNull(file, "file is null");
        Properties properties = new Properties();
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            try {
                properties.load(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return Maps.fromProperties(properties);
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }
}
