package com.facebook.presto.security;

import com.facebook.presto.connector.ConnectorId;
import com.facebook.presto.metadata.QualifiedObjectName;
import com.facebook.presto.spi.CatalogSchemaTableName;
import com.facebook.presto.spi.PrestoException;
import com.facebook.presto.spi.SchemaTableName;
import com.facebook.presto.spi.connector.Connector;
import com.facebook.presto.spi.connector.ConnectorAccessControl;
import com.facebook.presto.spi.connector.ConnectorMetadata;
import com.facebook.presto.spi.connector.ConnectorSplitManager;
import com.facebook.presto.spi.connector.ConnectorTransactionHandle;
import com.facebook.presto.spi.security.AccessDeniedException;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.spi.security.Privilege;
import com.facebook.presto.spi.security.SystemAccessControl;
import com.facebook.presto.spi.security.SystemAccessControlFactory;
import com.facebook.presto.spi.transaction.IsolationLevel;
import com.facebook.presto.transaction.TransactionBuilder;
import com.facebook.presto.transaction.TransactionManager;
import com.google.common.collect.ImmutableMap;
import java.security.Principal;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:com/facebook/presto/security/TestAccessControlManager.class */
public class TestAccessControlManager {
    private static final Principal PRINCIPAL = new TestingPrincipal("principal");
    private static final String USER_NAME = "user_name";

    /* loaded from: input_file:com/facebook/presto/security/TestAccessControlManager$DenyConnectorAccessControl.class */
    private static class DenyConnectorAccessControl implements ConnectorAccessControl {
        private DenyConnectorAccessControl() {
        }

        public void checkCanSelectFromTable(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            AccessDeniedException.denySelectTable(schemaTableName.toString());
        }

        public void checkCanCreateSchema(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, String str) {
            throw new UnsupportedOperationException();
        }

        public void checkCanDropSchema(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, String str) {
            throw new UnsupportedOperationException();
        }

        public void checkCanRenameSchema(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, String str, String str2) {
            throw new UnsupportedOperationException();
        }

        public void checkCanCreateTable(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanDropTable(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanRenameTable(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName, SchemaTableName schemaTableName2) {
            throw new UnsupportedOperationException();
        }

        public void checkCanAddColumn(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanRenameColumn(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanInsertIntoTable(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanDeleteFromTable(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanCreateView(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanDropView(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanSelectFromView(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanCreateViewWithSelectFromTable(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanCreateViewWithSelectFromView(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanSetCatalogSessionProperty(Identity identity, String str) {
            throw new UnsupportedOperationException();
        }

        public void checkCanGrantTablePrivilege(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, Privilege privilege, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }

        public void checkCanRevokeTablePrivilege(ConnectorTransactionHandle connectorTransactionHandle, Identity identity, Privilege privilege, SchemaTableName schemaTableName) {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: input_file:com/facebook/presto/security/TestAccessControlManager$TestSystemAccessControlFactory.class */
    private static class TestSystemAccessControlFactory implements SystemAccessControlFactory {
        private final String name;
        private Map<String, String> config;
        private Principal checkedPrincipal;
        private String checkedUserName;

        public TestSystemAccessControlFactory(String str) {
            this.name = (String) Objects.requireNonNull(str, "name is null");
        }

        public Map<String, String> getConfig() {
            return this.config;
        }

        public Principal getCheckedPrincipal() {
            return this.checkedPrincipal;
        }

        public String getCheckedUserName() {
            return this.checkedUserName;
        }

        public String getName() {
            return this.name;
        }

        public SystemAccessControl create(Map<String, String> map) {
            this.config = map;
            return new SystemAccessControl() { // from class: com.facebook.presto.security.TestAccessControlManager.TestSystemAccessControlFactory.1
                public void checkCanSetUser(Principal principal, String str) {
                    TestSystemAccessControlFactory.this.checkedPrincipal = principal;
                    TestSystemAccessControlFactory.this.checkedUserName = str;
                }

                public void checkCanSetSystemSessionProperty(Identity identity, String str) {
                    throw new UnsupportedOperationException();
                }

                public void checkCanSelectFromTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
                    if (catalogSchemaTableName.getCatalogName().equals("secured_catalog")) {
                        AccessDeniedException.denySelectTable(catalogSchemaTableName.toString());
                    }
                }
            };
        }
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "Presto server is still initializing")
    public void testInitializing() throws Exception {
        new AccessControlManager(TransactionManager.createTestTransactionManager()).checkCanSetUser((Principal) null, "foo");
    }

    @Test
    public void testNoneSystemAccessControl() throws Exception {
        AccessControlManager accessControlManager = new AccessControlManager(TransactionManager.createTestTransactionManager());
        accessControlManager.setSystemAccessControl("allow-all", ImmutableMap.of());
        accessControlManager.checkCanSetUser((Principal) null, USER_NAME);
    }

    @Test
    public void testSetAccessControl() throws Exception {
        AccessControlManager accessControlManager = new AccessControlManager(TransactionManager.createTestTransactionManager());
        TestSystemAccessControlFactory testSystemAccessControlFactory = new TestSystemAccessControlFactory("test");
        accessControlManager.addSystemAccessControlFactory(testSystemAccessControlFactory);
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        accessControlManager.checkCanSetUser(PRINCIPAL, USER_NAME);
        Assert.assertEquals(testSystemAccessControlFactory.getCheckedUserName(), USER_NAME);
        Assert.assertEquals(testSystemAccessControlFactory.getCheckedPrincipal(), PRINCIPAL);
    }

    @Test
    public void testNoCatalogAccessControl() throws Exception {
        TransactionManager createTestTransactionManager = TransactionManager.createTestTransactionManager();
        AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager);
        accessControlManager.addSystemAccessControlFactory(new TestSystemAccessControlFactory("test"));
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        TransactionBuilder.transaction(createTestTransactionManager).execute(transactionId -> {
            accessControlManager.checkCanSelectFromTable(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"));
        });
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table schema.table")
    public void testDenyCatalogAccessControl() throws Exception {
        TransactionManager createTestTransactionManager = TransactionManager.createTestTransactionManager();
        AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager);
        accessControlManager.addSystemAccessControlFactory(new TestSystemAccessControlFactory("test"));
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        registerBogusConnector(createTestTransactionManager, "connector");
        accessControlManager.addCatalogAccessControl(new ConnectorId("connector"), "catalog", new DenyConnectorAccessControl());
        TransactionBuilder.transaction(createTestTransactionManager).execute(transactionId -> {
            accessControlManager.checkCanSelectFromTable(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"));
        });
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table secured_catalog.schema.table")
    public void testDenySystemAccessControl() throws Exception {
        TransactionManager createTestTransactionManager = TransactionManager.createTestTransactionManager();
        AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager);
        accessControlManager.addSystemAccessControlFactory(new TestSystemAccessControlFactory("test"));
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        registerBogusConnector(createTestTransactionManager, "connector");
        accessControlManager.addCatalogAccessControl(new ConnectorId("connector"), "secured_catalog", new DenyConnectorAccessControl());
        TransactionBuilder.transaction(createTestTransactionManager).execute(transactionId -> {
            accessControlManager.checkCanSelectFromTable(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("secured_catalog", "schema", "table"));
        });
    }

    private static void registerBogusConnector(TransactionManager transactionManager, String str) {
        transactionManager.addConnector(new ConnectorId(str), new Connector() { // from class: com.facebook.presto.security.TestAccessControlManager.1
            public ConnectorTransactionHandle beginTransaction(IsolationLevel isolationLevel, boolean z) {
                return new ConnectorTransactionHandle() { // from class: com.facebook.presto.security.TestAccessControlManager.1.1
                };
            }

            public ConnectorMetadata getMetadata(ConnectorTransactionHandle connectorTransactionHandle) {
                throw new UnsupportedOperationException();
            }

            public ConnectorSplitManager getSplitManager() {
                throw new UnsupportedOperationException();
            }
        });
    }
}
