package com.facebook.presto.testing;

import com.facebook.presto.hive.$internal.org.apache.hadoop.fs.Path;
import com.facebook.presto.metadata.QualifiedObjectName;
import com.facebook.presto.security.AccessControlManager;
import com.facebook.presto.spi.CatalogSchemaName;
import com.facebook.presto.spi.security.AccessDeniedException;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.transaction.TransactionId;
import com.facebook.presto.transaction.TransactionManager;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableMap;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;

/* loaded from: input_file:com/facebook/presto/testing/TestingAccessControlManager.class */
public class TestingAccessControlManager extends AccessControlManager {
    private final Set<TestingPrivilege> denyPrivileges;

    /* loaded from: input_file:com/facebook/presto/testing/TestingAccessControlManager$TestingPrivilege.class */
    public static class TestingPrivilege {
        private final Optional<String> userName;
        private final String entityName;
        private final TestingPrivilegeType type;

        private TestingPrivilege(Optional<String> optional, String str, TestingPrivilegeType testingPrivilegeType) {
            this.userName = (Optional) Objects.requireNonNull(optional, "userName is null");
            this.entityName = (String) Objects.requireNonNull(str, "entityName is null");
            this.type = (TestingPrivilegeType) Objects.requireNonNull(testingPrivilegeType, "type is null");
        }

        public boolean matches(TestingPrivilege testingPrivilege) {
            return ((Boolean) this.userName.map(str -> {
                return Boolean.valueOf(testingPrivilege.userName.get().equals(str));
            }).orElse(true)).booleanValue() && this.entityName.equals(testingPrivilege.entityName) && this.type == testingPrivilege.type;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            TestingPrivilege testingPrivilege = (TestingPrivilege) obj;
            return Objects.equals(this.entityName, testingPrivilege.entityName) && Objects.equals(this.type, testingPrivilege.type);
        }

        public int hashCode() {
            return Objects.hash(this.entityName, this.type);
        }

        public String toString() {
            return MoreObjects.toStringHelper(this).add("userName", this.userName).add("entityName", this.entityName).add("type", this.type).toString();
        }
    }

    /* loaded from: input_file:com/facebook/presto/testing/TestingAccessControlManager$TestingPrivilegeType.class */
    public enum TestingPrivilegeType {
        SET_USER,
        CREATE_SCHEMA,
        DROP_SCHEMA,
        RENAME_SCHEMA,
        CREATE_TABLE,
        DROP_TABLE,
        RENAME_TABLE,
        SELECT_TABLE,
        INSERT_TABLE,
        DELETE_TABLE,
        ADD_COLUMN,
        RENAME_COLUMN,
        CREATE_VIEW,
        DROP_VIEW,
        SELECT_VIEW,
        CREATE_VIEW_WITH_SELECT_TABLE,
        CREATE_VIEW_WITH_SELECT_VIEW,
        SET_SESSION
    }

    @Inject
    public TestingAccessControlManager(TransactionManager transactionManager) {
        super(transactionManager);
        this.denyPrivileges = new HashSet();
        setSystemAccessControl(AccessControlManager.ALLOW_ALL_ACCESS_CONTROL, ImmutableMap.of());
    }

    public static TestingPrivilege privilege(String str, TestingPrivilegeType testingPrivilegeType) {
        return new TestingPrivilege(Optional.empty(), str, testingPrivilegeType);
    }

    public static TestingPrivilege privilege(String str, String str2, TestingPrivilegeType testingPrivilegeType) {
        return new TestingPrivilege(Optional.of(str), str2, testingPrivilegeType);
    }

    public void deny(TestingPrivilege... testingPrivilegeArr) {
        Collections.addAll(this.denyPrivileges, testingPrivilegeArr);
    }

    public void reset() {
        this.denyPrivileges.clear();
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanSetUser(Principal principal, String str) {
        if (shouldDenyPrivilege(str, str, TestingPrivilegeType.SET_USER)) {
            AccessDeniedException.denySetUser(principal, str);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSetUser(principal, str);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanCreateSchema(TransactionId transactionId, Identity identity, CatalogSchemaName catalogSchemaName) {
        if (shouldDenyPrivilege(identity.getUser(), catalogSchemaName.getSchemaName(), TestingPrivilegeType.CREATE_SCHEMA)) {
            AccessDeniedException.denyCreateSchema(catalogSchemaName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateSchema(transactionId, identity, catalogSchemaName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanDropSchema(TransactionId transactionId, Identity identity, CatalogSchemaName catalogSchemaName) {
        if (shouldDenyPrivilege(identity.getUser(), catalogSchemaName.getSchemaName(), TestingPrivilegeType.DROP_SCHEMA)) {
            AccessDeniedException.denyDropSchema(catalogSchemaName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDropSchema(transactionId, identity, catalogSchemaName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanRenameSchema(TransactionId transactionId, Identity identity, CatalogSchemaName catalogSchemaName, String str) {
        if (shouldDenyPrivilege(identity.getUser(), catalogSchemaName.getSchemaName(), TestingPrivilegeType.RENAME_SCHEMA)) {
            AccessDeniedException.denyRenameSchema(catalogSchemaName.toString(), str);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanRenameSchema(transactionId, identity, catalogSchemaName, str);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanCreateTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.CREATE_TABLE)) {
            AccessDeniedException.denyCreateTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateTable(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanDropTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.DROP_TABLE)) {
            AccessDeniedException.denyDropTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDropTable(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanRenameTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName, QualifiedObjectName qualifiedObjectName2) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.RENAME_TABLE)) {
            AccessDeniedException.denyRenameTable(qualifiedObjectName.toString(), qualifiedObjectName2.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanRenameTable(transactionId, identity, qualifiedObjectName, qualifiedObjectName2);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanAddColumns(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.ADD_COLUMN)) {
            AccessDeniedException.denyAddColumn(qualifiedObjectName.toString());
        }
        super.checkCanAddColumns(transactionId, identity, qualifiedObjectName);
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanRenameColumn(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.RENAME_COLUMN)) {
            AccessDeniedException.denyRenameColumn(qualifiedObjectName.toString());
        }
        super.checkCanRenameColumn(transactionId, identity, qualifiedObjectName);
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanSelectFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.SELECT_TABLE)) {
            AccessDeniedException.denySelectTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSelectFromTable(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanInsertIntoTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.INSERT_TABLE)) {
            AccessDeniedException.denyInsertTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanInsertIntoTable(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanDeleteFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.DELETE_TABLE)) {
            AccessDeniedException.denyDeleteTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDeleteFromTable(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanCreateView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.CREATE_VIEW)) {
            AccessDeniedException.denyCreateView(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateView(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanDropView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.DROP_VIEW)) {
            AccessDeniedException.denyDropView(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanDropView(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanSelectFromView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.SELECT_VIEW)) {
            AccessDeniedException.denySelectView(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSelectFromView(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanSetSystemSessionProperty(Identity identity, String str) {
        if (shouldDenyPrivilege(identity.getUser(), str, TestingPrivilegeType.SET_SESSION)) {
            AccessDeniedException.denySetSystemSessionProperty(str);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSetSystemSessionProperty(identity, str);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanCreateViewWithSelectFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.CREATE_VIEW_WITH_SELECT_TABLE)) {
            AccessDeniedException.denySelectTable(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateViewWithSelectFromTable(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanCreateViewWithSelectFromView(TransactionId transactionId, Identity identity, QualifiedObjectName qualifiedObjectName) {
        if (shouldDenyPrivilege(identity.getUser(), qualifiedObjectName.getObjectName(), TestingPrivilegeType.CREATE_VIEW_WITH_SELECT_VIEW)) {
            AccessDeniedException.denySelectView(qualifiedObjectName.toString());
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanCreateViewWithSelectFromView(transactionId, identity, qualifiedObjectName);
        }
    }

    @Override // com.facebook.presto.security.AccessControlManager, com.facebook.presto.security.AccessControl
    public void checkCanSetCatalogSessionProperty(TransactionId transactionId, Identity identity, String str, String str2) {
        if (shouldDenyPrivilege(identity.getUser(), str + Path.CUR_DIR + str2, TestingPrivilegeType.SET_SESSION)) {
            AccessDeniedException.denySetCatalogSessionProperty(str, str2);
        }
        if (this.denyPrivileges.isEmpty()) {
            super.checkCanSetCatalogSessionProperty(transactionId, identity, str, str2);
        }
    }

    private boolean shouldDenyPrivilege(String str, String str2, TestingPrivilegeType testingPrivilegeType) {
        TestingPrivilege privilege = privilege(str, str2, testingPrivilegeType);
        Iterator<TestingPrivilege> it2 = this.denyPrivileges.iterator();
        while (it2.hasNext()) {
            if (it2.next().matches(privilege)) {
                return true;
            }
        }
        return false;
    }
}
