package org.apache.nifi.admin.service.action;

import java.util.HashSet;
import java.util.Set;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.DataAccessException;
import org.apache.nifi.admin.dao.UserDAO;
import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.authorization.Authority;
import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.UnknownIdentityException;
import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.user.AccountStatus;
import org.apache.nifi.user.NiFiUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/admin/service/action/SeedUserAccountsAction.class */
public class SeedUserAccountsAction extends AbstractUserAction<Void> {
    private static final Logger logger = LoggerFactory.getLogger(SeedUserAccountsAction.class);

    @Override // org.apache.nifi.admin.service.action.AdministrationAction
    public Void execute(DAOFactory dAOFactory, AuthorityProvider authorityProvider) throws DataAccessException {
        UserDAO userDAO = dAOFactory.getUserDAO();
        HashSet<String> hashSet = new HashSet();
        try {
            Set<NiFiUser> findUsers = userDAO.findUsers();
            try {
                for (Authority authority : Authority.values()) {
                    hashSet.addAll(authorityProvider.getUsers(authority));
                }
                HashSet<NiFiUser> hashSet2 = new HashSet(findUsers);
                for (String str : hashSet) {
                    NiFiUser niFiUser = null;
                    try {
                        niFiUser = userDAO.findUserByDn(str);
                        boolean z = false;
                        if (niFiUser == null) {
                            logger.info(String.format("Creating user account: %s", str));
                            z = true;
                            niFiUser = new NiFiUser();
                            niFiUser.setIdentity(str);
                            niFiUser.setUserName(CertificateUtils.extractUsername(str));
                            niFiUser.setJustification("User details specified by authority provider.");
                        } else {
                            logger.info(String.format("User account already created: %s. Updating authorities...", str));
                        }
                        verifyAccount(authorityProvider, niFiUser);
                        if (z) {
                            new CreateUserAction(niFiUser).execute(dAOFactory, authorityProvider);
                        } else {
                            hashSet2.remove(niFiUser);
                            new UpdateUserCacheAction(niFiUser).execute(dAOFactory, authorityProvider);
                            new UpdateUserAuthoritiesCacheAction(niFiUser).execute(dAOFactory, authorityProvider);
                        }
                    } catch (DataAccessException e) {
                        if (niFiUser != null) {
                            logger.warn(String.format("Unable to access account details in local cache for user %s: %s", niFiUser, e.getMessage()));
                        } else {
                            logger.warn(String.format("Unable to access account details in local cache: %s", e.getMessage()));
                        }
                    } catch (UnknownIdentityException e2) {
                        if (niFiUser != null) {
                            logger.warn(String.format("Unable to find account details in authority provider for user %s: %s", niFiUser, e2.getMessage()));
                        } else {
                            logger.warn(String.format("Unable to find account details in authority provider: %s", e2.getMessage()));
                        }
                    } catch (AuthorityAccessException e3) {
                        logger.warn("Unable to access authority provider due to " + e3);
                        hashSet2.remove(niFiUser);
                    }
                }
                for (NiFiUser niFiUser2 : hashSet2) {
                    if (!AccountStatus.PENDING.equals(niFiUser2.getStatus())) {
                        try {
                            logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", niFiUser2.getIdentity()));
                            niFiUser2.setStatus(AccountStatus.DISABLED);
                            niFiUser2.setLastVerified(null);
                            new UpdateUserCacheAction(niFiUser2).execute(dAOFactory, authorityProvider);
                        } catch (Exception e4) {
                            logger.error(String.format("Unable to revoke access for user %s that is no longer authorized: %s", niFiUser2, e4));
                            throw new AdministrationException(e4);
                        }
                    }
                }
                return null;
            } catch (AuthorityAccessException e5) {
                logger.warn("Unable to access authority provider due to " + e5);
                return null;
            }
        } catch (Exception e6) {
            logger.error(String.format("Unable to get existing user base. Cannot proceed until these users can be verified against the current authority provider: %s", e6));
            throw new AdministrationException(e6);
        }
    }
}
