package org.apache.nifi.admin.service.action;

import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.DataAccessException;
import org.apache.nifi.admin.dao.UserDAO;
import org.apache.nifi.admin.service.AccountNotFoundException;
import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.authorization.Authority;
import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.UnknownIdentityException;
import org.apache.nifi.user.AccountStatus;
import org.apache.nifi.user.NiFiUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/admin/service/action/UpdateUserGroupAction.class */
public class UpdateUserGroupAction extends AbstractUserAction<Void> {
    private static final Logger logger = LoggerFactory.getLogger(UpdateUserGroupAction.class);
    private final String group;
    private final Set<String> userIds;
    private final Set<Authority> authorities;

    public UpdateUserGroupAction(String str, Set<String> set, Set<Authority> set2) {
        this.group = str;
        this.userIds = set;
        this.authorities = set2;
    }

    @Override // org.apache.nifi.admin.service.action.AdministrationAction
    public Void execute(DAOFactory dAOFactory, AuthorityProvider authorityProvider) throws DataAccessException {
        if (this.userIds == null && this.authorities == null) {
            throw new IllegalArgumentException("Must specify user Ids or authorities.");
        }
        UserDAO userDAO = dAOFactory.getUserDAO();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (this.userIds != null) {
            if (this.userIds.isEmpty()) {
                throw new IllegalArgumentException("When creating a group, at least one user id must be specified.");
            }
            for (String str : this.userIds) {
                NiFiUser findUserById = userDAO.findUserById(str);
                if (findUserById == null) {
                    throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", str));
                }
                try {
                    if (!authorityProvider.doesDnExist(findUserById.getDn()) || AccountStatus.DISABLED.equals(findUserById.getStatus())) {
                        throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", findUserById.getDn(), AccountStatus.ACTIVE.toString()));
                    }
                    hashSet.add(findUserById);
                    hashSet2.add(findUserById.getDn());
                } catch (AuthorityAccessException e) {
                    throw new AdministrationException(String.format("Unable to access authority details: %s", e.getMessage()), e);
                }
            }
            try {
                authorityProvider.setUsersGroup(hashSet2, this.group);
            } catch (UnknownIdentityException e2) {
                throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(hashSet2, ", "), e2.getMessage()), e2);
            } catch (AuthorityAccessException e3) {
                throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(hashSet2, ", "), e3.getMessage()), e3);
            }
        }
        HashSet<NiFiUser> hashSet3 = new HashSet(userDAO.findUsersForGroup(this.group));
        hashSet3.addAll(hashSet);
        if (hashSet3.isEmpty()) {
            throw new AccountNotFoundException(String.format("Unable to find user accounts with group id %s.", this.group));
        }
        for (NiFiUser niFiUser : hashSet3) {
            if (this.authorities != null) {
                try {
                    authorityProvider.setAuthorities(niFiUser.getDn(), this.authorities);
                    niFiUser.getAuthorities().clear();
                    niFiUser.getAuthorities().addAll(this.authorities);
                } catch (AuthorityAccessException e4) {
                    throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", niFiUser.getDn(), e4.getMessage()), e4);
                } catch (UnknownIdentityException e5) {
                    throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", niFiUser.getDn(), e5.getMessage()), e5);
                }
            } else {
                try {
                    niFiUser.getAuthorities().clear();
                    niFiUser.getAuthorities().addAll(authorityProvider.getAuthorities(niFiUser.getDn()));
                } catch (UnknownIdentityException e6) {
                    throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", niFiUser.getDn(), e6.getMessage()), e6);
                } catch (AuthorityAccessException e7) {
                    throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", niFiUser.getDn(), e7.getMessage()), e7);
                }
            }
            try {
                niFiUser.setUserGroup(authorityProvider.getGroupForUser(niFiUser.getDn()));
                niFiUser.setStatus(AccountStatus.ACTIVE);
                niFiUser.setLastVerified(new Date());
                new UpdateUserCacheAction(niFiUser).execute(dAOFactory, authorityProvider);
                new UpdateUserAuthoritiesCacheAction(niFiUser).execute(dAOFactory, authorityProvider);
            } catch (UnknownIdentityException e8) {
                throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", niFiUser.getDn(), e8.getMessage()), e8);
            } catch (AuthorityAccessException e9) {
                throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", niFiUser.getDn(), e9.getMessage()), e9);
            }
        }
        return null;
    }
}
