package org.apache.nifi.cluster.authorization;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
import org.apache.nifi.authorization.FileAuthorizationProvider;
import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
import org.apache.nifi.authorization.exception.ProviderCreationException;
import org.apache.nifi.authorization.exception.ProviderDestructionException;
import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage;
import org.apache.nifi.cluster.authorization.protocol.message.jaxb.JaxbProtocolUtils;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
import org.apache.nifi.cluster.protocol.ProtocolContext;
import org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext;
import org.apache.nifi.io.socket.ServerSocketConfiguration;
import org.apache.nifi.io.socket.SocketListener;
import org.apache.nifi.io.socket.SocketUtils;
import org.apache.nifi.io.socket.multicast.DiscoverableServiceImpl;
import org.apache.nifi.logging.NiFiLog;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;

/* loaded from: input_file:org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.class */
public class ClusterManagerAuthorizationProvider extends FileAuthorizationProvider implements AuthorityProvider, ApplicationContextAware {
    public static final String AUTHORITY_PROVIDER_SERVIVE_NAME = "cluster-authority-provider";
    private static final Logger logger = new NiFiLog(LoggerFactory.getLogger(ClusterManagerAuthorizationProvider.class));
    private static final String CLUSTER_MANAGER_AUTHORITY_PROVIDER_PORT = "Authority Provider Port";
    private static final String CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS = "Authority Provider Threads";
    private static final int DEFAULT_CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS = 10;
    private WebClusterManager clusterManager;
    private ProtocolContext<ProtocolMessage> authorityProviderProtocolContext;
    private SocketListener socketListener;
    private NiFiProperties properties;
    private ApplicationContext applicationContext;

    public void initialize(AuthorityProviderInitializationContext authorityProviderInitializationContext) throws ProviderCreationException {
        super.initialize(authorityProviderInitializationContext);
    }

    public void onConfigured(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) throws ProviderCreationException {
        super.onConfigured(authorityProviderConfigurationContext);
        InetSocketAddress clusterManagerAuthorityProviderAddress = getClusterManagerAuthorityProviderAddress(authorityProviderConfigurationContext);
        this.clusterManager = (WebClusterManager) this.applicationContext.getBean("clusterManager", WebClusterManager.class);
        if (this.properties.getClusterProtocolUseMulticast()) {
            this.clusterManager.addBroadcastedService(new DiscoverableServiceImpl(AUTHORITY_PROVIDER_SERVIVE_NAME, clusterManagerAuthorityProviderAddress));
        }
        this.socketListener = new SocketListener(getClusterManagerAuthorityProviderThreads(authorityProviderConfigurationContext), clusterManagerAuthorityProviderAddress.getPort(), (ServerSocketConfiguration) this.applicationContext.getBean("protocolServerSocketConfiguration", ServerSocketConfiguration.class)) { // from class: org.apache.nifi.cluster.authorization.ClusterManagerAuthorizationProvider.1
            public void dispatchRequest(Socket socket) {
                ClusterManagerAuthorizationProvider.this.dispatchRequest(socket);
            }
        };
        if (this.socketListener != null && !this.socketListener.isRunning()) {
            try {
                this.socketListener.start();
            } catch (IOException e) {
                throw new ProviderCreationException("Failed to start Cluster Manager Authorization Provider due to: " + e, e);
            }
        }
        this.authorityProviderProtocolContext = new JaxbProtocolContext(JaxbProtocolUtils.JAXB_CONTEXT);
    }

    public void preDestruction() throws ProviderDestructionException {
        if (this.socketListener != null && this.socketListener.isRunning()) {
            try {
                this.socketListener.stop();
            } catch (IOException e) {
                throw new ProviderDestructionException("Failed to stop Cluster Manager Authorization Provider due to: " + e, e);
            }
        }
        super.preDestruction();
    }

    private int getClusterManagerAuthorityProviderThreads(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) {
        try {
            return Integer.parseInt(authorityProviderConfigurationContext.getProperty(CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS));
        } catch (NumberFormatException e) {
            return DEFAULT_CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS;
        }
    }

    private InetSocketAddress getClusterManagerAuthorityProviderAddress(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) {
        try {
            String property = this.properties.getProperty("nifi.cluster.manager.address");
            if (StringUtils.isBlank(property)) {
                property = "localhost";
            }
            return InetSocketAddress.createUnresolved(property, getClusterManagerAuthorityProviderPort(authorityProviderConfigurationContext).intValue());
        } catch (Exception e) {
            throw new RuntimeException("Invalid manager authority provider address/port due to: " + e, e);
        }
    }

    private Integer getClusterManagerAuthorityProviderPort(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) {
        String property = authorityProviderConfigurationContext.getProperty(CLUSTER_MANAGER_AUTHORITY_PROVIDER_PORT);
        if (property == null || property.trim().isEmpty()) {
            throw new ProviderCreationException("The authority provider port must be specified.");
        }
        return Integer.valueOf(Integer.parseInt(property));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void dispatchRequest(Socket socket) {
        try {
            try {
                ProtocolMessage protocolMessage = (ProtocolMessage) this.authorityProviderProtocolContext.createUnmarshaller().unmarshal(socket.getInputStream());
                try {
                    switch (protocolMessage.getType()) {
                        case DOES_DN_EXIST:
                            DoesDnExistMessage doesDnExistMessage = (DoesDnExistMessage) protocolMessage;
                            doesDnExistMessage.setResponse(doesDnExist(doesDnExistMessage.getDn()));
                            break;
                        case GET_AUTHORITIES:
                            GetAuthoritiesMessage getAuthoritiesMessage = (GetAuthoritiesMessage) protocolMessage;
                            getAuthoritiesMessage.setResponse(getAuthorities(getAuthoritiesMessage.getDn()));
                            break;
                        case GET_GROUP_FOR_USER:
                            GetGroupForUserMessage getGroupForUserMessage = (GetGroupForUserMessage) protocolMessage;
                            getGroupForUserMessage.setResponse(getGroupForUser(getGroupForUserMessage.getDn()));
                            break;
                        default:
                            throw new Exception("Unsupported Message Type: " + protocolMessage.getType());
                    }
                } catch (Exception e) {
                    protocolMessage.setExceptionClass(e.getClass().getName());
                    protocolMessage.setExceptionMessage(e.getMessage());
                }
                this.authorityProviderProtocolContext.createMarshaller().marshal(protocolMessage, socket.getOutputStream());
                SocketUtils.closeQuietly(socket);
            } catch (Exception e2) {
                logger.warn("Failed processing Socket Authorization Provider protocol message due to " + e2, e2);
                SocketUtils.closeQuietly(socket);
            }
        } catch (Throwable th) {
            SocketUtils.closeQuietly(socket);
            throw th;
        }
    }

    @AuthorityProviderContext
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    @AuthorityProviderContext
    public void setNiFiProperties(NiFiProperties niFiProperties) {
        super.setNiFiProperties(niFiProperties);
        this.properties = niFiProperties;
    }
}
