package io.trino.security;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import io.trino.Session;
import io.trino.metadata.QualifiedObjectName;
import io.trino.metadata.QualifiedTablePrefix;
import io.trino.metadata.SystemSecurityMetadata;
import io.trino.spi.connector.CatalogSchemaName;
import io.trino.spi.connector.CatalogSchemaTableName;
import io.trino.spi.security.GrantInfo;
import io.trino.spi.security.Identity;
import io.trino.spi.security.PrincipalType;
import io.trino.spi.security.Privilege;
import io.trino.spi.security.RoleGrant;
import io.trino.spi.security.TrinoPrincipal;
import java.util.ArrayDeque;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;

/* loaded from: input_file:io/trino/security/TestingSystemSecurityMetadata.class */
class TestingSystemSecurityMetadata implements SystemSecurityMetadata {
    private final Set<String> roles = Collections.synchronizedSet(new HashSet());
    private final Set<RoleGrant> roleGrants = Collections.synchronizedSet(new HashSet());
    private final Map<CatalogSchemaTableName, Identity> viewOwners = Collections.synchronizedMap(new HashMap());

    public void reset() {
        this.roles.clear();
        this.roleGrants.clear();
        this.viewOwners.clear();
    }

    public boolean roleExists(Session session, String str) {
        return this.roles.contains(str);
    }

    public void createRole(Session session, String str, Optional<TrinoPrincipal> optional) {
        Preconditions.checkArgument(optional.isEmpty(), "Grantor is not yet supported");
        this.roles.add(str);
    }

    public void dropRole(Session session, String str) {
        this.roles.remove(str);
    }

    public Set<String> listRoles(Session session) {
        return ImmutableSet.copyOf(this.roles);
    }

    public Set<RoleGrant> listRoleGrants(Session session, TrinoPrincipal trinoPrincipal) {
        return getRoleGrants(trinoPrincipal);
    }

    public void grantRoles(Session session, Set<String> set, Set<TrinoPrincipal> set2, boolean z, Optional<TrinoPrincipal> optional) {
        this.roleGrants.addAll(createRoleGrants(set, set2, z, optional));
    }

    public void revokeRoles(Session session, Set<String> set, Set<TrinoPrincipal> set2, boolean z, Optional<TrinoPrincipal> optional) {
        this.roleGrants.removeAll(createRoleGrants(set, set2, z, optional));
    }

    private static Set<RoleGrant> createRoleGrants(Set<String> set, Set<TrinoPrincipal> set2, boolean z, Optional<TrinoPrincipal> optional) {
        Preconditions.checkArgument(optional.isEmpty(), "Grantor is not yet supported");
        HashSet hashSet = new HashSet();
        for (String str : set) {
            Iterator<TrinoPrincipal> it = set2.iterator();
            while (it.hasNext()) {
                hashSet.add(new RoleGrant(it.next(), str, z));
            }
        }
        return hashSet;
    }

    public Set<RoleGrant> listApplicableRoles(Session session, TrinoPrincipal trinoPrincipal) {
        return getRoleGrantsRecursively(trinoPrincipal);
    }

    public Set<String> listEnabledRoles(Identity identity) {
        Set<String> set = (Set) getRoleGrantsRecursively(new TrinoPrincipal(PrincipalType.USER, identity.getUser())).stream().map((v0) -> {
            return v0.getRoleName();
        }).collect(ImmutableSet.toImmutableSet());
        if (identity.getEnabledRoles().isEmpty()) {
            return set;
        }
        Stream stream = identity.getEnabledRoles().stream();
        Objects.requireNonNull(set);
        Set set2 = (Set) stream.filter((v1) -> {
            return r1.contains(v1);
        }).collect(ImmutableSet.toImmutableSet());
        return ImmutableSet.builder().addAll(set2).addAll((Set) set2.stream().flatMap(str -> {
            return getRoleGrantsRecursively(new TrinoPrincipal(PrincipalType.ROLE, str)).stream();
        }).map((v0) -> {
            return v0.getRoleName();
        }).collect(ImmutableSet.toImmutableSet())).build();
    }

    private Set<RoleGrant> getRoleGrantsRecursively(TrinoPrincipal trinoPrincipal) {
        ArrayDeque arrayDeque = new ArrayDeque(getRoleGrants(trinoPrincipal));
        HashSet hashSet = new HashSet();
        while (!arrayDeque.isEmpty()) {
            RoleGrant roleGrant = (RoleGrant) arrayDeque.remove();
            if (hashSet.add(roleGrant)) {
                arrayDeque.addAll(getRoleGrants(new TrinoPrincipal(PrincipalType.ROLE, roleGrant.getRoleName())));
            }
        }
        return ImmutableSet.copyOf(hashSet);
    }

    private Set<RoleGrant> getRoleGrants(TrinoPrincipal trinoPrincipal) {
        return (Set) this.roleGrants.stream().filter(roleGrant -> {
            return roleGrant.getGrantee().equals(trinoPrincipal);
        }).collect(ImmutableSet.toImmutableSet());
    }

    public void grantSchemaPrivileges(Session session, CatalogSchemaName catalogSchemaName, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        throw new UnsupportedOperationException();
    }

    public void denySchemaPrivileges(Session session, CatalogSchemaName catalogSchemaName, Set<Privilege> set, TrinoPrincipal trinoPrincipal) {
        throw new UnsupportedOperationException();
    }

    public void revokeSchemaPrivileges(Session session, CatalogSchemaName catalogSchemaName, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        throw new UnsupportedOperationException();
    }

    public void grantTablePrivileges(Session session, QualifiedObjectName qualifiedObjectName, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        throw new UnsupportedOperationException();
    }

    public void denyTablePrivileges(Session session, QualifiedObjectName qualifiedObjectName, Set<Privilege> set, TrinoPrincipal trinoPrincipal) {
        throw new UnsupportedOperationException();
    }

    public void revokeTablePrivileges(Session session, QualifiedObjectName qualifiedObjectName, Set<Privilege> set, TrinoPrincipal trinoPrincipal, boolean z) {
        throw new UnsupportedOperationException();
    }

    public Set<GrantInfo> listTablePrivileges(Session session, QualifiedTablePrefix qualifiedTablePrefix) {
        throw new UnsupportedOperationException();
    }

    public Optional<TrinoPrincipal> getSchemaOwner(Session session, CatalogSchemaName catalogSchemaName) {
        return Optional.empty();
    }

    public void setSchemaOwner(Session session, CatalogSchemaName catalogSchemaName, TrinoPrincipal trinoPrincipal) {
        throw new UnsupportedOperationException();
    }

    public void setTableOwner(Session session, CatalogSchemaTableName catalogSchemaTableName, TrinoPrincipal trinoPrincipal) {
        throw new UnsupportedOperationException();
    }

    public Optional<Identity> getViewRunAsIdentity(Session session, CatalogSchemaTableName catalogSchemaTableName) {
        return Optional.ofNullable(this.viewOwners.get(catalogSchemaTableName)).map(identity -> {
            return Identity.from(identity).withEnabledRoles((Set) getRoleGrantsRecursively(new TrinoPrincipal(PrincipalType.USER, identity.getUser())).stream().map((v0) -> {
                return v0.getRoleName();
            }).collect(ImmutableSet.toImmutableSet())).build();
        });
    }

    public void setViewOwner(Session session, CatalogSchemaTableName catalogSchemaTableName, TrinoPrincipal trinoPrincipal) {
        Preconditions.checkArgument(trinoPrincipal.getType() == PrincipalType.USER, "Only a user can be a view owner");
        this.viewOwners.put(catalogSchemaTableName, Identity.ofUser(trinoPrincipal.getName()));
    }

    public void schemaCreated(Session session, CatalogSchemaName catalogSchemaName) {
    }

    public void schemaRenamed(Session session, CatalogSchemaName catalogSchemaName, CatalogSchemaName catalogSchemaName2) {
    }

    public void schemaDropped(Session session, CatalogSchemaName catalogSchemaName) {
    }

    public void tableCreated(Session session, CatalogSchemaTableName catalogSchemaTableName) {
    }

    public void tableRenamed(Session session, CatalogSchemaTableName catalogSchemaTableName, CatalogSchemaTableName catalogSchemaTableName2) {
    }

    public void tableDropped(Session session, CatalogSchemaTableName catalogSchemaTableName) {
    }

    public void columnCreated(Session session, CatalogSchemaTableName catalogSchemaTableName, String str) {
        throw new UnsupportedOperationException();
    }

    public void columnRenamed(Session session, CatalogSchemaTableName catalogSchemaTableName, String str, String str2) {
        throw new UnsupportedOperationException();
    }

    public void columnDropped(Session session, CatalogSchemaTableName catalogSchemaTableName, String str) {
        throw new UnsupportedOperationException();
    }
}
