package io.trino.plugin.base.security;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import io.trino.spi.connector.SchemaTableName;
import io.trino.spi.security.ViewExpression;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Stream;

/* loaded from: input_file:io/trino/plugin/base/security/TableAccessControlRule.class */
public class TableAccessControlRule {
    public static final TableAccessControlRule ALLOW_ALL = new TableAccessControlRule(ImmutableSet.copyOf(TablePrivilege.values()), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty());
    private final Set<TablePrivilege> privileges;
    private final Map<String, ColumnConstraint> columnConstraints;
    private final Set<String> restrictedColumns;
    private final Optional<String> filter;
    private final Optional<ExpressionEnvironment> filterEnvironment;
    private final Optional<Pattern> userRegex;
    private final Optional<Pattern> roleRegex;
    private final Optional<Pattern> groupRegex;
    private final Optional<Pattern> schemaRegex;
    private final Optional<Pattern> tableRegex;

    /* loaded from: input_file:io/trino/plugin/base/security/TableAccessControlRule$TablePrivilege.class */
    public enum TablePrivilege {
        SELECT,
        INSERT,
        DELETE,
        UPDATE,
        OWNERSHIP,
        GRANT_SELECT
    }

    @JsonCreator
    public TableAccessControlRule(@JsonProperty("privileges") Set<TablePrivilege> set, @JsonProperty("columns") Optional<List<ColumnConstraint>> optional, @JsonProperty("filter") Optional<String> optional2, @JsonProperty("filter_environment") Optional<ExpressionEnvironment> optional3, @JsonProperty("user") Optional<Pattern> optional4, @JsonProperty("role") Optional<Pattern> optional5, @JsonProperty("group") Optional<Pattern> optional6, @JsonProperty("schema") Optional<Pattern> optional7, @JsonProperty("table") Optional<Pattern> optional8) {
        this.privileges = ImmutableSet.copyOf((Collection) Objects.requireNonNull(set, "privileges is null"));
        this.columnConstraints = Maps.uniqueIndex(optional.orElse(ImmutableList.of()), (v0) -> {
            return v0.getName();
        });
        this.restrictedColumns = (Set) this.columnConstraints.values().stream().filter(columnConstraint -> {
            return !columnConstraint.isAllowed();
        }).map((v0) -> {
            return v0.getName();
        }).collect(ImmutableSet.toImmutableSet());
        this.filter = (Optional) Objects.requireNonNull(optional2, "filter is null");
        this.filterEnvironment = (Optional) Objects.requireNonNull(optional3, "filterEnvironment is null");
        this.userRegex = (Optional) Objects.requireNonNull(optional4, "userRegex is null");
        this.roleRegex = (Optional) Objects.requireNonNull(optional5, "roleRegex is null");
        this.groupRegex = (Optional) Objects.requireNonNull(optional6, "groupRegex is null");
        this.schemaRegex = (Optional) Objects.requireNonNull(optional7, "schemaRegex is null");
        this.tableRegex = (Optional) Objects.requireNonNull(optional8, "tableRegex is null");
    }

    public boolean matches(String str, Set<String> set, Set<String> set2, SchemaTableName schemaTableName) {
        return ((Boolean) this.userRegex.map(pattern -> {
            return Boolean.valueOf(pattern.matcher(str).matches());
        }).orElse(true)).booleanValue() && ((Boolean) this.roleRegex.map(pattern2 -> {
            return Boolean.valueOf(set.stream().anyMatch(str2 -> {
                return pattern2.matcher(str2).matches();
            }));
        }).orElse(true)).booleanValue() && ((Boolean) this.groupRegex.map(pattern3 -> {
            return Boolean.valueOf(set2.stream().anyMatch(str2 -> {
                return pattern3.matcher(str2).matches();
            }));
        }).orElse(true)).booleanValue() && ((Boolean) this.schemaRegex.map(pattern4 -> {
            return Boolean.valueOf(pattern4.matcher(schemaTableName.getSchemaName()).matches());
        }).orElse(true)).booleanValue() && ((Boolean) this.tableRegex.map(pattern5 -> {
            return Boolean.valueOf(pattern5.matcher(schemaTableName.getTableName()).matches());
        }).orElse(true)).booleanValue();
    }

    public Set<String> getRestrictedColumns() {
        return this.restrictedColumns;
    }

    public boolean canSelectColumns(Set<String> set) {
        if (this.privileges.contains(TablePrivilege.SELECT) || this.privileges.contains(TablePrivilege.GRANT_SELECT)) {
            Stream<String> stream = this.restrictedColumns.stream();
            Objects.requireNonNull(set);
            if (stream.noneMatch((v1) -> {
                return r1.contains(v1);
            })) {
                return true;
            }
        }
        return false;
    }

    public Optional<ViewExpression> getColumnMask(String str, String str2, String str3, String str4) {
        return Optional.ofNullable(this.columnConstraints.get(str4)).flatMap(columnConstraint -> {
            return columnConstraint.getMask().map(str5 -> {
                return new ViewExpression((String) columnConstraint.getMaskEnvironment().flatMap((v0) -> {
                    return v0.getUser();
                }).orElse(str), Optional.of(str2), Optional.of(str3), str5);
            });
        });
    }

    public Optional<ViewExpression> getFilter(String str, String str2, String str3) {
        return this.filter.map(str4 -> {
            return new ViewExpression((String) this.filterEnvironment.flatMap((v0) -> {
                return v0.getUser();
            }).orElse(str), Optional.of(str2), Optional.of(str3), str4);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<AnySchemaPermissionsRule> toAnySchemaPermissionsRule() {
        return this.privileges.isEmpty() ? Optional.empty() : Optional.of(new AnySchemaPermissionsRule(this.userRegex, this.roleRegex, this.groupRegex, this.schemaRegex));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<TablePrivilege> getPrivileges() {
        return this.privileges;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<Pattern> getUserRegex() {
        return this.userRegex;
    }

    public Optional<Pattern> getRoleRegex() {
        return this.roleRegex;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<Pattern> getGroupRegex() {
        return this.groupRegex;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<Pattern> getSchemaRegex() {
        return this.schemaRegex;
    }
}
