package org.apache.nifi.web.dao.impl;

import java.util.Set;
import java.util.stream.Collectors;
import org.apache.nifi.authorization.AccessPolicy;
import org.apache.nifi.authorization.AccessPolicyProvider;
import org.apache.nifi.authorization.AccessPolicyProviderInitializationContext;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.AuthorizerCapabilityDetection;
import org.apache.nifi.authorization.AuthorizerConfigurationContext;
import org.apache.nifi.authorization.ConfigurableAccessPolicyProvider;
import org.apache.nifi.authorization.ConfigurableUserGroupProvider;
import org.apache.nifi.authorization.Group;
import org.apache.nifi.authorization.ManagedAuthorizer;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.User;
import org.apache.nifi.authorization.UserAndGroups;
import org.apache.nifi.authorization.UserGroupProvider;
import org.apache.nifi.authorization.UserGroupProviderInitializationContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
import org.apache.nifi.authorization.resource.Authorizable;
import org.apache.nifi.web.ResourceNotFoundException;
import org.apache.nifi.web.api.dto.AccessPolicyDTO;
import org.apache.nifi.web.api.dto.UserDTO;
import org.apache.nifi.web.api.dto.UserGroupDTO;
import org.apache.nifi.web.dao.AccessPolicyDAO;
import org.apache.nifi.web.dao.UserDAO;
import org.apache.nifi.web.dao.UserGroupDAO;

/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.class */
public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGroupDAO, UserDAO {
    private final AccessPolicyProvider accessPolicyProvider;
    private final UserGroupProvider userGroupProvider;

    public StandardPolicyBasedAuthorizerDAO(Authorizer authorizer) {
        if (AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
            this.accessPolicyProvider = ((ManagedAuthorizer) authorizer).getAccessPolicyProvider();
        } else {
            this.accessPolicyProvider = new AccessPolicyProvider() { // from class: org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO.1
                public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                }

                public AccessPolicy getAccessPolicy(String str) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                }

                public AccessPolicy getAccessPolicy(String str, RequestAction requestAction) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                }

                public UserGroupProvider getUserGroupProvider() {
                    return new UserGroupProvider() { // from class: org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO.1.1
                        public Set<User> getUsers() throws AuthorizationAccessException {
                            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                        }

                        public User getUser(String str) throws AuthorizationAccessException {
                            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                        }

                        public User getUserByIdentity(String str) throws AuthorizationAccessException {
                            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                        }

                        public Set<Group> getGroups() throws AuthorizationAccessException {
                            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                        }

                        public Group getGroup(String str) throws AuthorizationAccessException {
                            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                        }

                        public UserAndGroups getUserAndGroups(String str) throws AuthorizationAccessException {
                            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
                        }

                        public void initialize(UserGroupProviderInitializationContext userGroupProviderInitializationContext) throws AuthorizerCreationException {
                        }

                        public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
                        }

                        public void preDestruction() throws AuthorizerDestructionException {
                        }
                    };
                }

                public void initialize(AccessPolicyProviderInitializationContext accessPolicyProviderInitializationContext) throws AuthorizerCreationException {
                }

                public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
                }

                public void preDestruction() throws AuthorizerDestructionException {
                }
            };
        }
        this.userGroupProvider = this.accessPolicyProvider.getUserGroupProvider();
    }

    private AccessPolicy findAccessPolicy(RequestAction requestAction, String str) {
        return (AccessPolicy) this.accessPolicyProvider.getAccessPolicies().stream().filter(accessPolicy -> {
            return accessPolicy.getAction().equals(requestAction) && accessPolicy.getResource().equals(str);
        }).findFirst().orElse(null);
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public boolean supportsConfigurableAuthorizer() {
        return this.accessPolicyProvider instanceof ConfigurableAccessPolicyProvider;
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public boolean hasAccessPolicy(String str) {
        return this.accessPolicyProvider.getAccessPolicy(str) != null;
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy createAccessPolicy(AccessPolicyDTO accessPolicyDTO) {
        if (supportsConfigurableAuthorizer()) {
            return this.accessPolicyProvider.addAccessPolicy(buildAccessPolicy(accessPolicyDTO.getId(), accessPolicyDTO.getResource(), RequestAction.valueOfValue(accessPolicyDTO.getAction()), accessPolicyDTO));
        }
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy getAccessPolicy(String str) {
        AccessPolicy accessPolicy = this.accessPolicyProvider.getAccessPolicy(str);
        if (accessPolicy == null) {
            throw new ResourceNotFoundException(String.format("Unable to find access policy with id '%s'.", str));
        }
        return accessPolicy;
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy getAccessPolicy(RequestAction requestAction, String str) {
        return findAccessPolicy(requestAction, str);
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy getAccessPolicy(RequestAction requestAction, Authorizable authorizable) {
        String identifier = authorizable.getResource().getIdentifier();
        AccessPolicy findAccessPolicy = findAccessPolicy(requestAction, authorizable.getResource().getIdentifier());
        if (findAccessPolicy != null) {
            return findAccessPolicy;
        }
        Authorizable parentAuthorizable = authorizable.getParentAuthorizable();
        if (parentAuthorizable == null) {
            throw new ResourceNotFoundException(String.format("Unable to find access policy for %s on %s", requestAction.toString(), identifier));
        }
        return getAccessPolicy(requestAction, parentAuthorizable);
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy updateAccessPolicy(AccessPolicyDTO accessPolicyDTO) {
        if (!supportsConfigurableAuthorizer()) {
            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
        }
        ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = this.accessPolicyProvider;
        AccessPolicy accessPolicy = getAccessPolicy(accessPolicyDTO.getId());
        return configurableAccessPolicyProvider.updateAccessPolicy(buildAccessPolicy(accessPolicy.getIdentifier(), accessPolicy.getResource(), accessPolicy.getAction(), accessPolicyDTO));
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy deleteAccessPolicy(String str) {
        if (supportsConfigurableAuthorizer()) {
            return this.accessPolicyProvider.deleteAccessPolicy(getAccessPolicy(str));
        }
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_POLICIES);
    }

    private AccessPolicy buildAccessPolicy(String str, String str2, RequestAction requestAction, AccessPolicyDTO accessPolicyDTO) {
        Set userGroups = accessPolicyDTO.getUserGroups();
        Set users = accessPolicyDTO.getUsers();
        AccessPolicy.Builder resource = new AccessPolicy.Builder().identifier(str).resource(str2);
        if (userGroups != null) {
            resource.addGroups((Set) userGroups.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        if (users != null) {
            resource.addUsers((Set) users.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        resource.action(requestAction);
        return resource.build();
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public boolean hasUserGroup(String str) {
        return this.userGroupProvider.getGroup(str) != null;
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group createUserGroup(UserGroupDTO userGroupDTO) {
        if (this.userGroupProvider instanceof ConfigurableUserGroupProvider) {
            return this.userGroupProvider.addGroup(buildUserGroup(userGroupDTO.getId(), userGroupDTO));
        }
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group getUserGroup(String str) {
        Group group = this.userGroupProvider.getGroup(str);
        if (group == null) {
            throw new ResourceNotFoundException(String.format("Unable to find user group with id '%s'.", str));
        }
        return group;
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<Group> getUserGroupsForUser(String str) {
        return (Set) this.userGroupProvider.getGroups().stream().filter(group -> {
            return group.getUsers().contains(str);
        }).collect(Collectors.toSet());
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<AccessPolicy> getAccessPoliciesForUser(String str) {
        return (Set) this.accessPolicyProvider.getAccessPolicies().stream().filter(accessPolicy -> {
            if (accessPolicy.getUsers().contains(str)) {
                return true;
            }
            return accessPolicy.getGroups().stream().anyMatch(str2 -> {
                Group group = this.userGroupProvider.getGroup(str2);
                return group != null && group.getUsers().contains(str);
            });
        }).collect(Collectors.toSet());
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<AccessPolicy> getAccessPoliciesForUserGroup(String str) {
        return (Set) this.accessPolicyProvider.getAccessPolicies().stream().filter(accessPolicy -> {
            return accessPolicy.getGroups().contains(str);
        }).collect(Collectors.toSet());
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<Group> getUserGroups() {
        return this.userGroupProvider.getGroups();
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group updateUserGroup(UserGroupDTO userGroupDTO) {
        if (this.userGroupProvider instanceof ConfigurableUserGroupProvider) {
            return this.userGroupProvider.updateGroup(buildUserGroup(getUserGroup(userGroupDTO.getId()).getIdentifier(), userGroupDTO));
        }
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group deleteUserGroup(String str) {
        if (!(this.userGroupProvider instanceof ConfigurableUserGroupProvider)) {
            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
        }
        Group deleteGroup = this.userGroupProvider.deleteGroup(getUserGroup(str));
        if (deleteGroup == null) {
            throw new ResourceNotFoundException(String.format("Unable to find user group with id '%s'.", deleteGroup));
        }
        if (this.accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) {
            for (AccessPolicy accessPolicy : this.accessPolicyProvider.getAccessPolicies()) {
                ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = this.accessPolicyProvider;
                if (accessPolicy.getGroups().contains(deleteGroup.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(accessPolicy)) {
                    configurableAccessPolicyProvider.updateAccessPolicy(new AccessPolicy.Builder(accessPolicy).removeGroup(deleteGroup.getIdentifier()).build());
                }
            }
        }
        return deleteGroup;
    }

    private Group buildUserGroup(String str, UserGroupDTO userGroupDTO) {
        Set users = userGroupDTO.getUsers();
        Group.Builder name = new Group.Builder().identifier(str).name(userGroupDTO.getIdentity());
        if (users != null) {
            name.addUsers((Set) users.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        return name.build();
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public boolean hasUser(String str) {
        return this.userGroupProvider.getUser(str) != null;
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User createUser(UserDTO userDTO) {
        if (this.userGroupProvider instanceof ConfigurableUserGroupProvider) {
            return this.userGroupProvider.addUser(buildUser(userDTO.getId(), userDTO));
        }
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User getUser(String str) {
        User user = this.userGroupProvider.getUser(str);
        if (user == null) {
            throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", str));
        }
        return user;
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public Set<User> getUsers() {
        return this.userGroupProvider.getUsers();
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User updateUser(UserDTO userDTO) {
        if (this.userGroupProvider instanceof ConfigurableUserGroupProvider) {
            return this.userGroupProvider.updateUser(buildUser(getUser(userDTO.getId()).getIdentifier(), userDTO));
        }
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User deleteUser(String str) {
        if (!(this.userGroupProvider instanceof ConfigurableUserGroupProvider)) {
            throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
        }
        User deleteUser = this.userGroupProvider.deleteUser(getUser(str));
        if (deleteUser == null) {
            throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", str));
        }
        if (this.accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) {
            for (AccessPolicy accessPolicy : this.accessPolicyProvider.getAccessPolicies()) {
                ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = this.accessPolicyProvider;
                if (accessPolicy.getUsers().contains(deleteUser.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(accessPolicy)) {
                    configurableAccessPolicyProvider.updateAccessPolicy(new AccessPolicy.Builder(accessPolicy).removeUser(deleteUser.getIdentifier()).build());
                }
            }
        }
        return deleteUser;
    }

    private User buildUser(String str, UserDTO userDTO) {
        return new User.Builder().identifier(str).identity(userDTO.getIdentity()).build();
    }
}
