package org.apache.nifi.minifi.c2.security.authorization;

import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriInfo;
import org.apache.nifi.minifi.c2.api.security.authorization.AuthorizationException;
import org.apache.nifi.minifi.c2.api.security.authorization.Authorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import org.springframework.security.core.Authentication;
import org.yaml.snakeyaml.Yaml;

/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/minifi/c2/security/authorization/GrantedAuthorityAuthorizer.class */
public class GrantedAuthorityAuthorizer implements Authorizer {
    private static final Logger logger = LoggerFactory.getLogger(GrantedAuthorityAuthorizer.class);
    public static final String DENY = "deny";
    public static final String ALLOW = "allow";
    public static final String DEFAULT_ACTION = "Default Action";
    private final Map<String, Object> grantedAuthorityMap;

    public GrantedAuthorityAuthorizer(Resource resource) throws IOException {
        InputStream inputStream = resource.getInputStream();
        Throwable th = null;
        try {
            try {
                this.grantedAuthorityMap = (Map) as(Map.class, new Yaml().load(inputStream), obj -> {
                    return new IllegalArgumentException("Expected yaml map for root of configuration but was " + obj);
                });
                if (inputStream != null) {
                    if (0 == 0) {
                        inputStream.close();
                        return;
                    }
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th4;
        }
    }

    public void authorize(Authentication authentication, UriInfo uriInfo) throws AuthorizationException {
        if (authentication == null) {
            throw new AuthorizationException("null authentication object provided.");
        }
        if (!authentication.isAuthenticated()) {
            throw new AuthorizationException(authentication + " not authenticated.");
        }
        Set set = (Set) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toSet());
        String str = (String) as(String.class, this.grantedAuthorityMap.getOrDefault(DEFAULT_ACTION, DENY));
        String path = uriInfo.getAbsolutePath().getPath();
        Map map = (Map) as(Map.class, this.grantedAuthorityMap.get("Paths"));
        if (map == null && !ALLOW.equalsIgnoreCase(str)) {
            throw new AuthorizationException("Didn't find authorizations for " + path + " and default policy is " + str + " instead of allow");
        }
        Map map2 = (Map) as(Map.class, map.get(path));
        if (map2 == null && !ALLOW.equalsIgnoreCase(str)) {
            throw new AuthorizationException("Didn't find authorizations for " + path + " and default policy is " + str + " instead of allow");
        }
        String str2 = (String) as(String.class, map2.getOrDefault(DEFAULT_ACTION, str));
        List<Map> list = (List) as(List.class, map2.get("Actions"));
        MultivaluedMap queryParameters = uriInfo.getQueryParameters();
        for (Map map3 : list) {
            String str3 = (String) as(String.class, map3.get("Action"));
            if (str3 == null || !(ALLOW.equalsIgnoreCase(str3) || DENY.equalsIgnoreCase(str3))) {
                throw new AuthorizationException("Expected Action key of allow or deny for " + map3);
            }
            String str4 = (String) as(String.class, map3.get("Authorization"));
            if (str4 == null || set.contains(str4)) {
                Map map4 = (Map) as(Map.class, map3.get("Query Parameters"));
                if (map4 != null) {
                    boolean z = false;
                    Iterator it = map4.entrySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Map.Entry entry = (Map.Entry) it.next();
                        Object value = entry.getValue();
                        if (value instanceof String) {
                            value = Arrays.asList((String) value);
                        }
                        if (!Objects.equals(queryParameters.get(entry.getKey()), value)) {
                            z = true;
                            break;
                        }
                    }
                    if (z) {
                    }
                }
                if (!ALLOW.equalsIgnoreCase(str3)) {
                    throw new AuthorizationException("Action " + map3 + " matched which resulted in " + str3);
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Action " + map3 + "matched which resulted in " + str3);
                    return;
                }
                return;
            }
        }
        if (!ALLOW.equalsIgnoreCase(str2)) {
            throw new AuthorizationException("Didn't find authorizations for " + path + " and default policy is " + str2 + " instead of allow");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Found no matching actions so falling back to default action " + str2);
        }
    }

    private static <T> T as(Class<T> cls, Object obj) throws AuthorizationException {
        return (T) as(cls, obj, obj2 -> {
            return new AuthorizationException("Expected " + cls + " but was " + obj2);
        });
    }

    private static <T, E extends Throwable> T as(Class<T> cls, Object obj, Function<Object, E> function) throws Throwable {
        if (obj == null) {
            return null;
        }
        if (cls.isInstance(obj)) {
            return cls.cast(obj);
        }
        throw function.apply(obj);
    }
}
