package io.trino.execution;

import com.google.common.collect.ImmutableList;
import com.google.common.io.Resources;
import io.airlift.units.Duration;
import io.trino.SessionTestUtils;
import io.trino.client.ClientSession;
import io.trino.client.QueryData;
import io.trino.client.StatementClient;
import io.trino.client.StatementClientFactory;
import io.trino.spi.ErrorCode;
import io.trino.spi.StandardErrorCode;
import io.trino.testing.AbstractTestQueryFramework;
import io.trino.testing.DistributedQueryRunner;
import io.trino.testing.QueryRunner;
import java.io.File;
import java.time.ZoneId;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import okhttp3.OkHttpClient;
import org.junit.jupiter.api.Test;
import org.testng.Assert;

/* loaded from: input_file:io/trino/execution/TestSetSessionAuthorization.class */
public class TestSetSessionAuthorization extends AbstractTestQueryFramework {
    protected QueryRunner createQueryRunner() throws Exception {
        return DistributedQueryRunner.builder(SessionTestUtils.TEST_SESSION).setSystemAccessControl("file", Map.of("security.config-file", new File(Resources.getResource("set_session_authorization_permissions.json").toURI()).getPath())).build();
    }

    @Test
    public void testSetSessionAuthorizationToSelf() {
        ClientSession build = defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).build();
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION user", build).getSetAuthorizationUser().get(), "user");
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION alice", build).getSetAuthorizationUser().get(), "alice");
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION user", build).getSetAuthorizationUser().get(), "user");
    }

    @Test
    public void testValidSetSessionAuthorization() {
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION alice", defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).build()).getSetAuthorizationUser().get(), "alice");
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION bob", defaultClientSessionBuilder().principal(Optional.of("user2")).user(Optional.of("user2")).build()).getSetAuthorizationUser().get(), "bob");
    }

    @Test
    public void testInvalidSetSessionAuthorization() {
        ClientSession build = defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).build();
        assertError(submitQuery("SET SESSION AUTHORIZATION user2", build), StandardErrorCode.PERMISSION_DENIED.toErrorCode(), "Access Denied: User user cannot impersonate user user2");
        assertError(submitQuery("SET SESSION AUTHORIZATION bob", build), StandardErrorCode.PERMISSION_DENIED.toErrorCode(), "Access Denied: User user cannot impersonate user bob");
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION alice", build).getSetAuthorizationUser().get(), "alice");
        assertError(submitQuery("SET SESSION AUTHORIZATION charlie", build), StandardErrorCode.PERMISSION_DENIED.toErrorCode(), "Access Denied: User user cannot impersonate user charlie");
        assertError(submitQuery("SET SESSION AUTHORIZATION alice", ClientSession.builder(build).transactionId(submitQuery("START TRANSACTION", build).getStartedTransactionId()).build()), StandardErrorCode.GENERIC_USER_ERROR.toErrorCode(), "Can't set authorization user in the middle of a transaction");
    }

    @Test
    public void testInvalidTransitiveSetSessionAuthorization() {
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION alice", defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).build()).getSetAuthorizationUser().get(), "alice");
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION charlie", defaultClientSessionBuilder().principal(Optional.of("alice")).user(Optional.of("alice")).build()).getSetAuthorizationUser().get(), "charlie");
        ClientSession build = defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).build();
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION alice", build).getSetAuthorizationUser().get(), "alice");
        assertError(submitQuery("SET SESSION AUTHORIZATION charlie", build), StandardErrorCode.PERMISSION_DENIED.toErrorCode(), "Access Denied: User user cannot impersonate user charlie");
    }

    @Test
    public void testValidSessionAuthorizationExecution() {
        Assert.assertEquals(submitQuery("SELECT 1+1", defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).authorizationUser(Optional.of("alice")).build()).currentStatusInfo().getError(), (Object) null);
        Assert.assertEquals(submitQuery("SELECT 1+1", defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).authorizationUser(Optional.of("user")).build()).currentStatusInfo().getError(), (Object) null);
        Assert.assertEquals(submitQuery("SELECT 1+1", defaultClientSessionBuilder().principal(Optional.of("user")).authorizationUser(Optional.of("alice")).build()).currentStatusInfo().getError(), (Object) null);
    }

    @Test
    public void testInvalidSessionAuthorizationExecution() {
        assertError(submitQuery("SELECT 1+1", defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).authorizationUser(Optional.of("user2")).build()), StandardErrorCode.PERMISSION_DENIED.toErrorCode(), "Access Denied: User user cannot impersonate user user2");
        assertError(submitQuery("SELECT 1+1", defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).authorizationUser(Optional.of("user3")).build()), StandardErrorCode.PERMISSION_DENIED.toErrorCode(), "Access Denied: User user cannot impersonate user user3");
        assertError(submitQuery("SELECT 1+1", defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).authorizationUser(Optional.of("charlie")).build()), StandardErrorCode.PERMISSION_DENIED.toErrorCode(), "Access Denied: User user cannot impersonate user charlie");
    }

    @Test
    public void testSelectCurrentUser() {
        ClientSession build = defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).authorizationUser(Optional.of("alice")).build();
        ImmutableList.Builder<List<Object>> builder = ImmutableList.builder();
        submitQuery("SELECT CURRENT_USER", build, builder);
        Assert.assertEquals((String) ((List) builder.build().get(0)).get(0), "alice");
    }

    @Test
    public void testResetSessionAuthorization() {
        ClientSession build = defaultClientSessionBuilder().principal(Optional.of("user")).user(Optional.of("user")).build();
        assertResetAuthorizationUser(submitQuery("RESET SESSION AUTHORIZATION", build));
        Assert.assertEquals((String) submitQuery("SET SESSION AUTHORIZATION alice", build).getSetAuthorizationUser().get(), "alice");
        assertResetAuthorizationUser(submitQuery("RESET SESSION AUTHORIZATION", build));
        assertError(submitQuery("RESET SESSION AUTHORIZATION", ClientSession.builder(build).transactionId(submitQuery("START TRANSACTION", build).getStartedTransactionId()).build()), StandardErrorCode.GENERIC_USER_ERROR.toErrorCode(), "Can't reset authorization user in the middle of a transaction");
    }

    private void assertError(StatementClient statementClient, ErrorCode errorCode, String str) {
        Assert.assertEquals(statementClient.getSetAuthorizationUser(), Optional.empty());
        Assert.assertEquals(statementClient.currentStatusInfo().getError().getErrorName(), errorCode.getName());
        Assert.assertEquals(statementClient.currentStatusInfo().getError().getMessage(), str);
    }

    private void assertResetAuthorizationUser(StatementClient statementClient) {
        Assert.assertEquals(statementClient.isResetAuthorizationUser(), true);
        Assert.assertEquals(statementClient.getSetAuthorizationUser().isEmpty(), true);
    }

    private ClientSession.Builder defaultClientSessionBuilder() {
        return ClientSession.builder().server(getDistributedQueryRunner().getCoordinator().getBaseUrl()).source("source").timeZone(ZoneId.of("America/Los_Angeles")).locale(Locale.ENGLISH).clientRequestTimeout(new Duration(2.0d, TimeUnit.MINUTES));
    }

    private StatementClient submitQuery(String str, ClientSession clientSession) {
        OkHttpClient okHttpClient = new OkHttpClient();
        try {
            StatementClient newStatementClient = StatementClientFactory.newStatementClient(okHttpClient, clientSession, str);
            while (newStatementClient.isRunning() && !newStatementClient.currentStatusInfo().getStats().isScheduled()) {
                try {
                    newStatementClient.advance();
                } catch (Throwable th) {
                    if (newStatementClient != null) {
                        try {
                            newStatementClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            if (newStatementClient != null) {
                newStatementClient.close();
            }
            return newStatementClient;
        } finally {
            okHttpClient.dispatcher().executorService().shutdown();
            okHttpClient.connectionPool().evictAll();
        }
    }

    private StatementClient submitQuery(String str, ClientSession clientSession, ImmutableList.Builder<List<Object>> builder) {
        OkHttpClient okHttpClient = new OkHttpClient();
        try {
            StatementClient newStatementClient = StatementClientFactory.newStatementClient(okHttpClient, clientSession, str);
            while (newStatementClient.isRunning() && !Thread.currentThread().isInterrupted()) {
                try {
                    QueryData currentData = newStatementClient.currentData();
                    if (currentData.getData() != null) {
                        builder.addAll(currentData.getData());
                    }
                    newStatementClient.advance();
                } catch (Throwable th) {
                    if (newStatementClient != null) {
                        try {
                            newStatementClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            while (newStatementClient.isRunning() && !newStatementClient.currentStatusInfo().getStats().isScheduled()) {
                newStatementClient.advance();
            }
            if (newStatementClient != null) {
                newStatementClient.close();
            }
            return newStatementClient;
        } finally {
            okHttpClient.dispatcher().executorService().shutdown();
            okHttpClient.connectionPool().evictAll();
        }
    }
}
