package org.apache.ranger.authorization.presto.authorizer;

import io.prestosql.spi.connector.CatalogSchemaName;
import io.prestosql.spi.connector.CatalogSchemaTableName;
import io.prestosql.spi.connector.SchemaTableName;
import io.prestosql.spi.security.AccessDeniedException;
import io.prestosql.spi.security.Identity;
import io.prestosql.spi.security.SystemAccessControl;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;
import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;

/* loaded from: input_file:org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.class */
public class RangerSystemAccessControl implements SystemAccessControl {
    private static final String RANGER_PLUGIN_TYPE = "presto";
    private static final String RANGER_PRESTO_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.presto.authorizer.RangerSystemAccessControl";
    private final RangerPluginClassLoader rangerPluginClassLoader;
    private final SystemAccessControl systemAccessControlImpl;

    @Inject
    public RangerSystemAccessControl(RangerConfig rangerConfig) {
        try {
            try {
                this.rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, getClass());
                Class<?> cls = Class.forName(RANGER_PRESTO_AUTHORIZER_IMPL_CLASSNAME, true, this.rangerPluginClassLoader);
                activatePluginClassLoader();
                HashMap hashMap = new HashMap();
                if (rangerConfig.getKeytab() != null && rangerConfig.getPrincipal() != null) {
                    hashMap.put("ranger.keytab", rangerConfig.getKeytab());
                    hashMap.put("ranger.principal", rangerConfig.getPrincipal());
                }
                this.systemAccessControlImpl = (SystemAccessControl) cls.getDeclaredConstructor(Map.class).newInstance(hashMap);
                deactivatePluginClassLoader();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public void checkCanSetUser(Optional<Principal> optional, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetUser(optional, str);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denySetUser(optional, str);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanSetSystemSessionProperty(Identity identity, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetSystemSessionProperty(identity, str);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denySetSystemSessionProperty(str);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanAccessCatalog(Identity identity, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAccessCatalog(identity, str);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyCatalogAccess(str);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public Set<String> filterCatalogs(Identity identity, Set<String> set) {
        return set;
    }

    public void checkCanCreateSchema(Identity identity, CatalogSchemaName catalogSchemaName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateSchema(identity, catalogSchemaName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyCreateSchema(catalogSchemaName.getSchemaName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanDropSchema(Identity identity, CatalogSchemaName catalogSchemaName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropSchema(identity, catalogSchemaName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyDropSchema(catalogSchemaName.getSchemaName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanRenameSchema(Identity identity, CatalogSchemaName catalogSchemaName, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRenameSchema(identity, catalogSchemaName, str);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyRenameSchema(catalogSchemaName.getSchemaName(), str);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanAlterSchema(Identity identity, CatalogSchemaName catalogSchemaName, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAlterSchema(identity, catalogSchemaName, str);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyAlterSchema(catalogSchemaName.getSchemaName(), str);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanShowSchemas(Identity identity, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowSchemas(identity, str);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyShowSchemas();
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public Set<String> filterSchemas(Identity identity, String str, Set<String> set) {
        return set;
    }

    public void checkCanCreateTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateTable(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyCreateTable(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanDropTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropTable(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyDropTable(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanRenameTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName, CatalogSchemaTableName catalogSchemaTableName2) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRenameTable(identity, catalogSchemaTableName, catalogSchemaTableName2);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyRenameTable(catalogSchemaTableName.getSchemaTableName().getTableName(), catalogSchemaTableName2.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanAlterTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAlterTable(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyAlterTable(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanShowTablesMetadata(Identity identity, CatalogSchemaName catalogSchemaName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowTablesMetadata(identity, catalogSchemaName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyShowTablesMetadata(catalogSchemaName.getSchemaName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public Set<SchemaTableName> filterTables(Identity identity, String str, Set<SchemaTableName> set) {
        return set;
    }

    public void checkCanAddColumn(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAddColumn(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyAddColumn(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanDropColumn(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropColumn(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyDropColumn(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanRenameColumn(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanRenameColumn(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyRenameColumn(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanAlterColumn(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAlterColumn(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyAlterColumn(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanSelectFromColumns(Identity identity, CatalogSchemaTableName catalogSchemaTableName, Set<String> set) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSelectFromColumns(identity, catalogSchemaTableName, set);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denySelectColumns(catalogSchemaTableName.getSchemaTableName().getTableName(), set);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanInsertIntoTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanInsertIntoTable(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyInsertTable(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanDeleteFromTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDeleteFromTable(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyDeleteTable(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanCreateView(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateView(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyCreateView(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanAlterView(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanAlterView(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyAlterView(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanDropView(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanDropView(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyDropView(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanCreateViewWithSelectFromColumns(Identity identity, CatalogSchemaTableName catalogSchemaTableName, Set<String> set) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanCreateViewWithSelectFromColumns(identity, catalogSchemaTableName, set);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyCreateViewWithSelect(catalogSchemaTableName.getSchemaTableName().getTableName(), identity);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanSetCatalogSessionProperty(Identity identity, String str, String str2) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetCatalogSessionProperty(identity, str, str2);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denySetCatalogSessionProperty(str, str2);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanShowColumnsMetadata(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanShowColumnsMetadata(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyShowColumnsMetadata(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanUpdateTable(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanUpdateTable(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyUpdateTable(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanUpdateCatalog(Identity identity, String str) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanUpdateCatalog(identity, str);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyUpdateCatalog(str);
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public void checkCanSetTableComment(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            this.systemAccessControlImpl.checkCanSetTableComment(identity, catalogSchemaTableName);
        } catch (Exception e) {
            deactivatePluginClassLoader();
            AccessDeniedException.denyCommentTable(catalogSchemaTableName.getSchemaTableName().getTableName());
        } catch (AccessDeniedException e2) {
            deactivatePluginClassLoader();
            throw e2;
        }
    }

    public String applyRowLevelFiltering(Identity identity, CatalogSchemaTableName catalogSchemaTableName) {
        try {
            activatePluginClassLoader();
            String applyRowLevelFiltering = this.systemAccessControlImpl.applyRowLevelFiltering(identity, catalogSchemaTableName);
            deactivatePluginClassLoader();
            return applyRowLevelFiltering;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    public String applyColumnMasking(Identity identity, CatalogSchemaTableName catalogSchemaTableName, String str) {
        try {
            activatePluginClassLoader();
            String applyColumnMasking = this.systemAccessControlImpl.applyColumnMasking(identity, catalogSchemaTableName, str);
            deactivatePluginClassLoader();
            return applyColumnMasking;
        } catch (Throwable th) {
            deactivatePluginClassLoader();
            throw th;
        }
    }

    private void activatePluginClassLoader() {
        if (this.rangerPluginClassLoader != null) {
            this.rangerPluginClassLoader.activate();
        }
    }

    private void deactivatePluginClassLoader() {
        if (this.rangerPluginClassLoader != null) {
            this.rangerPluginClassLoader.deactivate();
        }
    }
}
