package io.trino.aws.proxy.server;

import com.google.inject.Inject;
import com.google.inject.Scopes;
import io.trino.aws.proxy.server.testing.TestingTrinoAwsProxyServer;
import io.trino.aws.proxy.server.testing.containers.DockerAttachUtil;
import io.trino.aws.proxy.server.testing.containers.PySparkContainer;
import io.trino.aws.proxy.server.testing.harness.BuilderFilter;
import io.trino.aws.proxy.server.testing.harness.TrinoAwsProxyTest;
import io.trino.aws.proxy.spi.credentials.Identity;
import io.trino.aws.proxy.spi.plugin.TrinoAwsProxyServerBinding;
import io.trino.aws.proxy.spi.rest.ParsedS3Request;
import io.trino.aws.proxy.spi.security.S3DatabaseSecurityDecorator;
import io.trino.aws.proxy.spi.security.S3SecurityFacade;
import io.trino.aws.proxy.spi.security.S3SecurityFacadeProvider;
import io.trino.aws.proxy.spi.security.SecurityResponse;
import jakarta.ws.rs.WebApplicationException;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import org.junit.jupiter.api.Test;
import software.amazon.awssdk.services.s3.S3Client;

@TrinoAwsProxyTest(filters = {Filter.class})
/* loaded from: input_file:io/trino/aws/proxy/server/TestDatabaseSecurity.class */
public class TestDatabaseSecurity {
    public static final String DATABASE_NAME = "db";
    public static final String TABLE_NAME = "people";
    private final S3Client s3Client;
    private final PySparkContainer pySparkContainer;
    private final FacadeProvider facadeProvider;

    /* loaded from: input_file:io/trino/aws/proxy/server/TestDatabaseSecurity$FacadeProvider.class */
    public static class FacadeProvider implements S3DatabaseSecurityDecorator, S3SecurityFacadeProvider {
        final AtomicBoolean disallowGets = new AtomicBoolean();

        public S3SecurityFacade securityFacadeForRequest(ParsedS3Request parsedS3Request, Optional<Identity> optional) throws WebApplicationException {
            return S3DatabaseSecurityDecorator.decorate(parsedS3Request, optional2 -> {
                return SecurityResponse.SUCCESS;
            }, this);
        }

        public Optional<String> tableName(ParsedS3Request parsedS3Request, Optional<String> optional) {
            return Optional.of("people");
        }

        public SecurityResponse tableOperation(ParsedS3Request parsedS3Request, String str, Optional<String> optional) {
            return (this.disallowGets.get() && parsedS3Request.httpVerb().equalsIgnoreCase("GET")) ? SecurityResponse.FAILURE : SecurityResponse.SUCCESS;
        }
    }

    /* loaded from: input_file:io/trino/aws/proxy/server/TestDatabaseSecurity$Filter.class */
    public static class Filter implements BuilderFilter {
        @Override // io.trino.aws.proxy.server.testing.harness.BuilderFilter
        public TestingTrinoAwsProxyServer.Builder filter(TestingTrinoAwsProxyServer.Builder builder) {
            return builder.addModule(TrinoAwsProxyServerBinding.s3SecurityFacadeProviderModule("db", FacadeProvider.class, binder -> {
                binder.bind(FacadeProvider.class).in(Scopes.SINGLETON);
            })).withProperty("s3-security.type", "db").withV3PySparkContainer();
        }
    }

    @Inject
    public TestDatabaseSecurity(S3Client s3Client, PySparkContainer pySparkContainer, FacadeProvider facadeProvider) {
        this.s3Client = (S3Client) Objects.requireNonNull(s3Client, "s3Client is null");
        this.pySparkContainer = (PySparkContainer) Objects.requireNonNull(pySparkContainer, "pySparkContainer is null");
        this.facadeProvider = (FacadeProvider) Objects.requireNonNull(facadeProvider, "facadeProvider is null");
    }

    @Test
    public void testDatabaseSecurity() throws Exception {
        TestPySparkSql.createDatabaseAndTable(this.s3Client, this.pySparkContainer);
        DockerAttachUtil.clearInputStreamAndClose(DockerAttachUtil.inputToContainerStdin(this.pySparkContainer.containerId(), "spark.sql(\"select * from %s.%s\").show()".formatted("db", "people")), str -> {
            return str.equals("|    John Galt| 28|");
        });
        try {
            this.facadeProvider.disallowGets.set(true);
            DockerAttachUtil.clearInputStreamAndClose(DockerAttachUtil.inputToContainerStdin(this.pySparkContainer.containerId(), "spark.sql(\"select * from %s.%s\").show()".formatted("db", "people")), str2 -> {
                return str2.contains("Status Code: 401; Error Code: Unauthorized");
            });
        } finally {
            this.facadeProvider.disallowGets.set(false);
        }
    }
}
