package org.apache.nifi.admin.service.action;

import java.util.Calendar;
import java.util.Date;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.DataAccessException;
import org.apache.nifi.admin.service.AccountDisabledException;
import org.apache.nifi.admin.service.AccountNotFoundException;
import org.apache.nifi.admin.service.AccountPendingException;
import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.UnknownIdentityException;
import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.user.AccountStatus;
import org.apache.nifi.user.NiFiUser;

/* loaded from: input_file:org/apache/nifi/admin/service/action/AuthorizeUserAction.class */
public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
    private final String dn;
    private final int cacheDurationSeconds;

    public AuthorizeUserAction(String str, int i) {
        this.dn = str;
        this.cacheDurationSeconds = i;
    }

    @Override // org.apache.nifi.admin.service.action.AdministrationAction
    public NiFiUser execute(DAOFactory dAOFactory, AuthorityProvider authorityProvider) throws DataAccessException {
        NiFiUser findUserByDn = dAOFactory.getUserDAO().findUserByDn(this.dn);
        if (findUserByDn == null) {
            try {
                if (!authorityProvider.doesDnExist(this.dn)) {
                    throw new AccountNotFoundException(String.format("Unable to verify access for %s.", this.dn));
                }
                findUserByDn = new NiFiUser();
                findUserByDn.setDn(this.dn);
                findUserByDn.setUserName(CertificateUtils.extractUsername(this.dn));
                findUserByDn.setJustification("User details specified by authority provider.");
                try {
                    verifyAccount(authorityProvider, findUserByDn);
                    Date lastVerified = findUserByDn.getLastVerified();
                    findUserByDn.setLastAccessed(lastVerified);
                    findUserByDn.setCreation(lastVerified);
                    new CreateUserAction(findUserByDn).execute(dAOFactory, authorityProvider);
                } catch (AuthorityAccessException e) {
                    throw new AdministrationException(String.format("Unable to access authority details: %s", e.getMessage()), e);
                } catch (UnknownIdentityException e2) {
                    throw new AccountNotFoundException(String.format("Unable to verify access for %s.", this.dn));
                }
            } catch (AuthorityAccessException e3) {
                throw new AdministrationException(String.format("Unable to access authority details: %s", e3.getMessage()), e3);
            }
        } else {
            Throwable th = null;
            if (isAccountVerificationRequired(findUserByDn)) {
                try {
                    verifyAccount(authorityProvider, findUserByDn);
                    findUserByDn.setLastAccessed(findUserByDn.getLastVerified());
                } catch (AuthorityAccessException e4) {
                    throw new AdministrationException(String.format("Unable to access authority details: %s", e4.getMessage()), e4);
                } catch (UnknownIdentityException e5) {
                    checkAccountStatus(findUserByDn);
                    findUserByDn.setStatus(AccountStatus.DISABLED);
                    th = e5;
                }
            } else {
                checkAccountStatus(findUserByDn);
                findUserByDn.setLastAccessed(new Date());
            }
            new UpdateUserCacheAction(findUserByDn).execute(dAOFactory, authorityProvider);
            new UpdateUserAuthoritiesCacheAction(findUserByDn).execute(dAOFactory, authorityProvider);
            if (th != null) {
                throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", findUserByDn.getDn()), th);
            }
        }
        return findUserByDn;
    }

    private boolean isAccountVerificationRequired(NiFiUser niFiUser) {
        if (niFiUser.getLastVerified() == null) {
            return true;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, -this.cacheDurationSeconds);
        return niFiUser.getLastVerified().before(calendar.getTime());
    }

    private void checkAccountStatus(NiFiUser niFiUser) {
        if (AccountStatus.DISABLED.equals(niFiUser.getStatus())) {
            throw new AccountDisabledException(String.format("Account for %s is disabled.", niFiUser.getDn()));
        }
        if (AccountStatus.PENDING.equals(niFiUser.getStatus())) {
            throw new AccountPendingException(String.format("Account for %s is pending.", niFiUser.getDn()));
        }
    }
}
