package org.apache.ranger.authorization.trino.authorizer;

import io.trino.spi.connector.CatalogSchemaName;
import io.trino.spi.connector.CatalogSchemaRoutineName;
import io.trino.spi.connector.CatalogSchemaTableName;
import io.trino.spi.connector.SchemaTableName;
import io.trino.spi.security.Privilege;
import io.trino.spi.security.SystemAccessControl;
import io.trino.spi.security.SystemSecurityContext;
import io.trino.spi.security.TrinoPrincipal;
import io.trino.spi.security.ViewExpression;
import io.trino.spi.type.Type;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;
import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;

/* loaded from: input_file:org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.class */
public class RangerSystemAccessControl implements SystemAccessControl {
    private static final String RANGER_PLUGIN_TYPE = "trino";
    private static final String RANGER_TRINO_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl";
    private final RangerPluginClassLoader rangerPluginClassLoader;
    private final SystemAccessControl systemAccessControlImpl;

    @Inject
    public RangerSystemAccessControl(RangerConfig rangerConfig) {
        try {
            try {
                this.rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, getClass());
                Class<?> cls = Class.forName(RANGER_TRINO_AUTHORIZER_IMPL_CLASSNAME, true, this.rangerPluginClassLoader);
                activatePluginClassLoader();
                HashMap hashMap = new HashMap();
                if (rangerConfig.getKeytab() != null && rangerConfig.getPrincipal() != null) {
                    hashMap.put("ranger.keytab", rangerConfig.getKeytab());
                    hashMap.put("ranger.principal", rangerConfig.getPrincipal());
                }
                hashMap.put("ranger.use_ugi", Boolean.toString(rangerConfig.isUseUgi()));
                if (rangerConfig.getHadoopConfigPath() != null) {
                    hashMap.put("ranger.hadoop_config", rangerConfig.getHadoopConfigPath());
                }
                this.systemAccessControlImpl = (SystemAccessControl) cls.getDeclaredConstructor(Map.class).newInstance(hashMap);
                deactivatePluginClassLoader();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanSetSystemSessionProperty(SystemSecurityContext systemSecurityContext, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetSystemSessionProperty(systemSecurityContext, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanAccessCatalog(SystemSecurityContext systemSecurityContext, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAccessCatalog(systemSecurityContext, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public Set<String> filterCatalogs(SystemSecurityContext systemSecurityContext, Set<String> set) {
        try {
            activatePluginClassLoader();
            Set<String> filterCatalogs = this.systemAccessControlImpl.filterCatalogs(systemSecurityContext, set);
            deactivatePluginClassLoader();
            return filterCatalogs;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanCreateSchema(SystemSecurityContext systemSecurityContext, CatalogSchemaName catalogSchemaName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateSchema(systemSecurityContext, catalogSchemaName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanDropSchema(SystemSecurityContext systemSecurityContext, CatalogSchemaName catalogSchemaName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropSchema(systemSecurityContext, catalogSchemaName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanRenameSchema(SystemSecurityContext systemSecurityContext, CatalogSchemaName catalogSchemaName, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRenameSchema(systemSecurityContext, catalogSchemaName, str);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanShowSchemas(SystemSecurityContext systemSecurityContext, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowSchemas(systemSecurityContext, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public Set<String> filterSchemas(SystemSecurityContext systemSecurityContext, String str, Set<String> set) {
        try {
            activatePluginClassLoader();
            Set<String> filterSchemas = this.systemAccessControlImpl.filterSchemas(systemSecurityContext, str, set);
            deactivatePluginClassLoader();
            return filterSchemas;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanCreateTable(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, Map<String, Object> map) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateTable(systemSecurityContext, catalogSchemaTableName, map);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanDropTable(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropTable(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanRenameTable(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, CatalogSchemaTableName catalogSchemaTableName2) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRenameTable(systemSecurityContext, catalogSchemaTableName, catalogSchemaTableName2);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public Set<SchemaTableName> filterTables(SystemSecurityContext systemSecurityContext, String str, Set<SchemaTableName> set) {
        try {
            activatePluginClassLoader();
            Set<SchemaTableName> filterTables = this.systemAccessControlImpl.filterTables(systemSecurityContext, str, set);
            deactivatePluginClassLoader();
            return filterTables;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanAddColumn(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAddColumn(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanDropColumn(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropColumn(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanRenameColumn(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRenameColumn(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanSelectFromColumns(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, Set<String> set) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSelectFromColumns(systemSecurityContext, catalogSchemaTableName, set);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanInsertIntoTable(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanInsertIntoTable(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanDeleteFromTable(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDeleteFromTable(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanTruncateTable(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanTruncateTable(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanCreateView(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateView(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanCreateMaterializedView(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, Map<String, Object> map) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateMaterializedView(systemSecurityContext, catalogSchemaTableName, map);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanDropMaterializedView(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropMaterializedView(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanDropView(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropView(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanSetViewAuthorization(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, TrinoPrincipal trinoPrincipal) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetViewAuthorization(systemSecurityContext, catalogSchemaTableName, trinoPrincipal);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanCreateViewWithSelectFromColumns(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, Set<String> set) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateViewWithSelectFromColumns(systemSecurityContext, catalogSchemaTableName, set);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanSetCatalogSessionProperty(SystemSecurityContext systemSecurityContext, String str, String str2) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetCatalogSessionProperty(systemSecurityContext, str, str2);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanImpersonateUser(SystemSecurityContext systemSecurityContext, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanImpersonateUser(systemSecurityContext, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanExecuteQuery(SystemSecurityContext systemSecurityContext) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanExecuteQuery(systemSecurityContext);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanViewQueryOwnedBy(SystemSecurityContext systemSecurityContext, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanViewQueryOwnedBy(systemSecurityContext, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public Set<String> filterViewQueryOwnedBy(SystemSecurityContext systemSecurityContext, Set<String> set) {
        try {
            activatePluginClassLoader();
            Set<String> filterViewQueryOwnedBy = this.systemAccessControlImpl.filterViewQueryOwnedBy(systemSecurityContext, set);
            deactivatePluginClassLoader();
            return filterViewQueryOwnedBy;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanKillQueryOwnedBy(SystemSecurityContext systemSecurityContext, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanKillQueryOwnedBy(systemSecurityContext, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanShowCreateTable(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowCreateTable(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanSetTableComment(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetTableComment(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanSetColumnComment(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetColumnComment(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanShowTables(SystemSecurityContext systemSecurityContext, CatalogSchemaName catalogSchemaName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowTables(systemSecurityContext, catalogSchemaName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanShowColumns(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowColumns(systemSecurityContext, catalogSchemaTableName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public Set<String> filterColumns(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, Set<String> set) {
        try {
            activatePluginClassLoader();
            Set<String> filterColumns = this.systemAccessControlImpl.filterColumns(systemSecurityContext, catalogSchemaTableName, set);
            deactivatePluginClassLoader();
            return filterColumns;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanRenameView(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, CatalogSchemaTableName catalogSchemaTableName2) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRenameView(systemSecurityContext, catalogSchemaTableName, catalogSchemaTableName2);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanGrantTablePrivilege(SystemSecurityContext systemSecurityContext, Privilege privilege, CatalogSchemaTableName catalogSchemaTableName, TrinoPrincipal trinoPrincipal, boolean z) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanGrantTablePrivilege(systemSecurityContext, privilege, catalogSchemaTableName, trinoPrincipal, z);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanRevokeTablePrivilege(SystemSecurityContext systemSecurityContext, Privilege privilege, CatalogSchemaTableName catalogSchemaTableName, TrinoPrincipal trinoPrincipal, boolean z) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRevokeTablePrivilege(systemSecurityContext, privilege, catalogSchemaTableName, trinoPrincipal, z);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanShowRoles(SystemSecurityContext systemSecurityContext) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowRoles(systemSecurityContext);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanShowCurrentRoles(SystemSecurityContext systemSecurityContext) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowCurrentRoles(systemSecurityContext);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanShowRoleGrants(SystemSecurityContext systemSecurityContext) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowRoleGrants(systemSecurityContext);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public Optional<ViewExpression> getRowFilter(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            Optional<ViewExpression> rowFilter = this.systemAccessControlImpl.getRowFilter(systemSecurityContext, catalogSchemaTableName);
            deactivatePluginClassLoader();
            return rowFilter;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public Optional<ViewExpression> getColumnMask(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, String str, Type type) {
        try {
            activatePluginClassLoader();
            Optional<ViewExpression> columnMask = this.systemAccessControlImpl.getColumnMask(systemSecurityContext, catalogSchemaTableName, str, type);
            deactivatePluginClassLoader();
            return columnMask;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanSetUser(Optional<Principal> optional, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetUser(optional, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanGrantExecuteFunctionPrivilege(SystemSecurityContext systemSecurityContext, String str, TrinoPrincipal trinoPrincipal, boolean z) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanGrantExecuteFunctionPrivilege(systemSecurityContext, str, trinoPrincipal, z);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanSetSchemaAuthorization(SystemSecurityContext systemSecurityContext, CatalogSchemaName catalogSchemaName, TrinoPrincipal trinoPrincipal) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetSchemaAuthorization(systemSecurityContext, catalogSchemaName, trinoPrincipal);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanShowCreateSchema(SystemSecurityContext systemSecurityContext, CatalogSchemaName catalogSchemaName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowCreateSchema(systemSecurityContext, catalogSchemaName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanExecuteProcedure(SystemSecurityContext systemSecurityContext, CatalogSchemaRoutineName catalogSchemaRoutineName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanExecuteProcedure(systemSecurityContext, catalogSchemaRoutineName);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    public void checkCanExecuteTableProcedure(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanExecuteTableProcedure(systemSecurityContext, catalogSchemaTableName, str);
            deactivatePluginClassLoader();
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanExecuteFunction(SystemSecurityContext systemSecurityContext, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanExecuteFunction(systemSecurityContext, str);
        } finally {
            deactivatePluginClassLoader();
        }
    }

    private void activatePluginClassLoader() {
        if (this.rangerPluginClassLoader != null) {
            this.rangerPluginClassLoader.activate();
        }
    }

    private void deactivatePluginClassLoader() {
        if (this.rangerPluginClassLoader != null) {
            this.rangerPluginClassLoader.deactivate();
        }
    }
}
