package io.trino.plugin.base.security;

import com.fasterxml.jackson.annotation.JsonAlias;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.collect.ImmutableSet;
import io.trino.spi.connector.SchemaRoutineName;
import io.trino.spi.function.FunctionKind;
import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:io/trino/plugin/base/security/FunctionAccessControlRule.class */
public class FunctionAccessControlRule {
    private final Set<FunctionPrivilege> privileges;
    private final Optional<Pattern> userRegex;
    private final Optional<Pattern> roleRegex;
    private final Optional<Pattern> groupRegex;
    private final Optional<Pattern> schemaRegex;
    private final Optional<Pattern> functionRegex;

    /* loaded from: input_file:io/trino/plugin/base/security/FunctionAccessControlRule$FunctionPrivilege.class */
    public enum FunctionPrivilege {
        EXECUTE,
        GRANT_EXECUTE
    }

    @JsonCreator
    public FunctionAccessControlRule(@JsonProperty("privileges") Set<FunctionPrivilege> set, @JsonProperty("user") Optional<Pattern> optional, @JsonProperty("role") Optional<Pattern> optional2, @JsonProperty("group") Optional<Pattern> optional3, @JsonProperty("schema") Optional<Pattern> optional4, @JsonProperty("function") Optional<Pattern> optional5, @JsonProperty("function_kinds") @JsonAlias({"functionKinds"}) Set<FunctionKind> set2) {
        this.privileges = ImmutableSet.copyOf((Collection) Objects.requireNonNull(set, "privileges is null"));
        this.userRegex = (Optional) Objects.requireNonNull(optional, "userRegex is null");
        this.roleRegex = (Optional) Objects.requireNonNull(optional2, "roleRegex is null");
        this.groupRegex = (Optional) Objects.requireNonNull(optional3, "groupRegex is null");
        this.schemaRegex = (Optional) Objects.requireNonNull(optional4, "schemaRegex is null");
        this.functionRegex = (Optional) Objects.requireNonNull(optional5, "functionRegex is null");
        if (set2 != null && !set2.isEmpty()) {
            throw new IllegalArgumentException("function_kind is no longer supported in security rules");
        }
    }

    public boolean matches(String str, Set<String> set, Set<String> set2, SchemaRoutineName schemaRoutineName) {
        return ((Boolean) this.userRegex.map(pattern -> {
            return Boolean.valueOf(pattern.matcher(str).matches());
        }).orElse(true)).booleanValue() && ((Boolean) this.roleRegex.map(pattern2 -> {
            return Boolean.valueOf(set.stream().anyMatch(str2 -> {
                return pattern2.matcher(str2).matches();
            }));
        }).orElse(true)).booleanValue() && ((Boolean) this.groupRegex.map(pattern3 -> {
            return Boolean.valueOf(set2.stream().anyMatch(str2 -> {
                return pattern3.matcher(str2).matches();
            }));
        }).orElse(true)).booleanValue() && ((Boolean) this.schemaRegex.map(pattern4 -> {
            return Boolean.valueOf(pattern4.matcher(schemaRoutineName.getSchemaName()).matches());
        }).orElse(true)).booleanValue() && ((Boolean) this.functionRegex.map(pattern5 -> {
            return Boolean.valueOf(pattern5.matcher(schemaRoutineName.getRoutineName()).matches());
        }).orElse(true)).booleanValue();
    }

    public boolean canExecuteFunction() {
        return this.privileges.contains(FunctionPrivilege.EXECUTE) || canGrantExecuteFunction();
    }

    public boolean canGrantExecuteFunction() {
        return this.privileges.contains(FunctionPrivilege.GRANT_EXECUTE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<AnySchemaPermissionsRule> toAnySchemaPermissionsRule() {
        return this.privileges.isEmpty() ? Optional.empty() : Optional.of(new AnySchemaPermissionsRule(this.userRegex, this.roleRegex, this.groupRegex, this.schemaRegex));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<FunctionPrivilege> getPrivileges() {
        return this.privileges;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<Pattern> getUserRegex() {
        return this.userRegex;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<Pattern> getRoleRegex() {
        return this.roleRegex;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<Pattern> getGroupRegex() {
        return this.groupRegex;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<Pattern> getSchemaRegex() {
        return this.schemaRegex;
    }
}
