package org.apache.nifi.cluster.authorization;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.nifi.authorization.Authority;
import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
import org.apache.nifi.authorization.DownloadAuthorization;
import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
import org.apache.nifi.authorization.exception.ProviderCreationException;
import org.apache.nifi.authorization.exception.ProviderDestructionException;
import org.apache.nifi.authorization.exception.UnknownIdentityException;
import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage;
import org.apache.nifi.cluster.authorization.protocol.message.jaxb.JaxbProtocolUtils;
import org.apache.nifi.cluster.protocol.ProtocolContext;
import org.apache.nifi.cluster.protocol.impl.ClusterServiceDiscovery;
import org.apache.nifi.cluster.protocol.impl.ClusterServiceLocator;
import org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext;
import org.apache.nifi.io.socket.SocketConfiguration;
import org.apache.nifi.io.socket.SocketUtils;
import org.apache.nifi.io.socket.multicast.DiscoverableService;
import org.apache.nifi.io.socket.multicast.DiscoverableServiceImpl;
import org.apache.nifi.io.socket.multicast.MulticastConfiguration;
import org.apache.nifi.logging.NiFiLog;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;

/* loaded from: input_file:org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.class */
public class NodeAuthorizationProvider implements AuthorityProvider, ApplicationContextAware {
    private static final Logger logger = new NiFiLog(LoggerFactory.getLogger(NodeAuthorizationProvider.class));
    private static final String CLUSTER_NODE_MANAGER_AUTHORITY_PROVIDER_PORT = "Cluster Manager Authority Provider Port";
    private ProtocolContext<ProtocolMessage> authorityProviderProtocolContext;
    private SocketConfiguration socketConfiguration;
    private ClusterServiceLocator serviceLocator;
    private ApplicationContext applicationContext;
    private NiFiProperties properties;

    public void initialize(AuthorityProviderInitializationContext authorityProviderInitializationContext) throws ProviderCreationException {
    }

    public void onConfigured(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) throws ProviderCreationException {
        if (this.properties.getClusterProtocolUseMulticast()) {
            ClusterServiceDiscovery clusterServiceDiscovery = new ClusterServiceDiscovery(ClusterManagerAuthorizationProvider.AUTHORITY_PROVIDER_SERVIVE_NAME, this.properties.getClusterProtocolMulticastAddress(), (MulticastConfiguration) this.applicationContext.getBean("protocolMulticastConfiguration", MulticastConfiguration.class), (ProtocolContext) this.applicationContext.getBean("protocolContext", ProtocolContext.class));
            ClusterServiceLocator.AttemptsConfig attemptsConfig = new ClusterServiceLocator.AttemptsConfig();
            attemptsConfig.setNumAttempts(3);
            attemptsConfig.setTimeBetweenAttempts(1);
            attemptsConfig.setTimeBetweenAttempsUnit(TimeUnit.SECONDS);
            this.serviceLocator = new ClusterServiceLocator(clusterServiceDiscovery);
            this.serviceLocator.setAttemptsConfig(attemptsConfig);
        } else {
            this.serviceLocator = new ClusterServiceLocator(new DiscoverableServiceImpl(ClusterManagerAuthorizationProvider.AUTHORITY_PROVIDER_SERVIVE_NAME, getClusterNodeManagerAuthorityProviderAddress(authorityProviderConfigurationContext)));
        }
        try {
            this.serviceLocator.start();
            this.socketConfiguration = (SocketConfiguration) this.applicationContext.getBean("protocolSocketConfiguration", SocketConfiguration.class);
            this.authorityProviderProtocolContext = new JaxbProtocolContext(JaxbProtocolUtils.JAXB_CONTEXT);
        } catch (IOException e) {
            throw new ProviderCreationException(e);
        }
    }

    private InetSocketAddress getClusterNodeManagerAuthorityProviderAddress(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) {
        try {
            String property = this.properties.getProperty("nifi.cluster.node.unicast.manager.address");
            if (StringUtils.isBlank(property)) {
                property = "localhost";
            }
            return InetSocketAddress.createUnresolved(property, getClusterNodeManagerAuthorityProviderPort(authorityProviderConfigurationContext).intValue());
        } catch (Exception e) {
            throw new ProviderCreationException("Invalid cluster manager authority provider address/port due to: " + e, e);
        }
    }

    private Integer getClusterNodeManagerAuthorityProviderPort(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) {
        String property = authorityProviderConfigurationContext.getProperty(CLUSTER_NODE_MANAGER_AUTHORITY_PROVIDER_PORT);
        if (property == null || property.trim().isEmpty()) {
            throw new ProviderCreationException("The cluster manager authority provider port must be specified.");
        }
        return Integer.valueOf(Integer.parseInt(property));
    }

    public void setAuthorities(String str, Set<Authority> set) throws AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to set user authorities.");
    }

    public void addUser(String str, String str2) throws IdentityAlreadyExistsException, AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to add users.");
    }

    public boolean doesDnExist(String str) throws AuthorityAccessException {
        DoesDnExistMessage doesDnExistMessage = new DoesDnExistMessage();
        doesDnExistMessage.setDn(str);
        Socket socket = null;
        try {
            InetSocketAddress serviceAddress = getServiceAddress();
            if (serviceAddress == null) {
                throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
            }
            try {
                socket = SocketUtils.createSocket(serviceAddress, this.socketConfiguration);
                try {
                    this.authorityProviderProtocolContext.createMarshaller().marshal(doesDnExistMessage, socket.getOutputStream());
                    try {
                        DoesDnExistMessage doesDnExistMessage2 = (DoesDnExistMessage) this.authorityProviderProtocolContext.createUnmarshaller().unmarshal(socket.getInputStream());
                        if (doesDnExistMessage2.wasException()) {
                            throw new AuthorityAccessException(doesDnExistMessage2.getExceptionMessage());
                        }
                        boolean response = doesDnExistMessage2.getResponse();
                        SocketUtils.closeQuietly(socket);
                        return response;
                    } catch (IOException e) {
                        throw new AuthorityAccessException("Failed unmarshalling '" + doesDnExistMessage.getType() + "' response protocol message due to: " + e, e);
                    }
                } catch (IOException e2) {
                    throw new AuthorityAccessException("Failed marshalling '" + doesDnExistMessage.getType() + "' protocol message due to: " + e2, e2);
                }
            } catch (IOException e3) {
                throw new AuthorityAccessException("Failed to create socket due to: " + e3, e3);
            }
        } catch (Throwable th) {
            SocketUtils.closeQuietly(socket);
            throw th;
        }
    }

    public Set<Authority> getAuthorities(String str) throws UnknownIdentityException, AuthorityAccessException {
        GetAuthoritiesMessage getAuthoritiesMessage = new GetAuthoritiesMessage();
        getAuthoritiesMessage.setDn(str);
        Socket socket = null;
        try {
            InetSocketAddress serviceAddress = getServiceAddress();
            if (serviceAddress == null) {
                throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
            }
            try {
                socket = SocketUtils.createSocket(serviceAddress, this.socketConfiguration);
                try {
                    this.authorityProviderProtocolContext.createMarshaller().marshal(getAuthoritiesMessage, socket.getOutputStream());
                    try {
                        GetAuthoritiesMessage getAuthoritiesMessage2 = (GetAuthoritiesMessage) this.authorityProviderProtocolContext.createUnmarshaller().unmarshal(socket.getInputStream());
                        if (getAuthoritiesMessage2.wasException()) {
                            if (isException(UnknownIdentityException.class, getAuthoritiesMessage2)) {
                                throw new UnknownIdentityException(getAuthoritiesMessage2.getExceptionMessage());
                            }
                            throw new AuthorityAccessException(getAuthoritiesMessage2.getExceptionMessage());
                        }
                        Set<Authority> response = getAuthoritiesMessage2.getResponse();
                        SocketUtils.closeQuietly(socket);
                        return response;
                    } catch (IOException e) {
                        throw new AuthorityAccessException("Failed unmarshalling '" + getAuthoritiesMessage.getType() + "' response protocol message due to: " + e, e);
                    }
                } catch (IOException e2) {
                    throw new AuthorityAccessException("Failed marshalling '" + getAuthoritiesMessage.getType() + "' protocol message due to: " + e2, e2);
                }
            } catch (IOException e3) {
                throw new AuthorityAccessException("Failed to create socket due to: " + e3, e3);
            }
        } catch (Throwable th) {
            SocketUtils.closeQuietly(socket);
            throw th;
        }
    }

    public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to get users for a given authority.");
    }

    public void revokeUser(String str) throws UnknownIdentityException, AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to revoke users.");
    }

    public void setUsersGroup(Set<String> set, String str) throws UnknownIdentityException, AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to set user groups.");
    }

    public void ungroupUser(String str) throws UnknownIdentityException, AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to ungroup users.");
    }

    public void ungroup(String str) throws AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to ungroup.");
    }

    public DownloadAuthorization authorizeDownload(List<String> list, Map<String, String> map) throws UnknownIdentityException, AuthorityAccessException {
        return DownloadAuthorization.approved();
    }

    public String getGroupForUser(String str) throws UnknownIdentityException, AuthorityAccessException {
        GetGroupForUserMessage getGroupForUserMessage = new GetGroupForUserMessage();
        getGroupForUserMessage.setDn(str);
        Socket socket = null;
        try {
            InetSocketAddress serviceAddress = getServiceAddress();
            if (serviceAddress == null) {
                throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
            }
            try {
                socket = SocketUtils.createSocket(serviceAddress, this.socketConfiguration);
                try {
                    this.authorityProviderProtocolContext.createMarshaller().marshal(getGroupForUserMessage, socket.getOutputStream());
                    try {
                        GetGroupForUserMessage getGroupForUserMessage2 = (GetGroupForUserMessage) this.authorityProviderProtocolContext.createUnmarshaller().unmarshal(socket.getInputStream());
                        if (getGroupForUserMessage2.wasException()) {
                            if (isException(UnknownIdentityException.class, getGroupForUserMessage2)) {
                                throw new UnknownIdentityException(getGroupForUserMessage2.getExceptionMessage());
                            }
                            throw new AuthorityAccessException(getGroupForUserMessage2.getExceptionMessage());
                        }
                        String response = getGroupForUserMessage2.getResponse();
                        SocketUtils.closeQuietly(socket);
                        return response;
                    } catch (IOException e) {
                        throw new AuthorityAccessException("Failed unmarshalling '" + getGroupForUserMessage.getType() + "' response protocol message due to: " + e, e);
                    }
                } catch (IOException e2) {
                    throw new AuthorityAccessException("Failed marshalling '" + getGroupForUserMessage.getType() + "' protocol message due to: " + e2, e2);
                }
            } catch (IOException e3) {
                throw new AuthorityAccessException("Failed to create socket due to: " + e3, e3);
            }
        } catch (Throwable th) {
            SocketUtils.closeQuietly(socket);
            throw th;
        }
    }

    public void revokeGroup(String str) throws UnknownIdentityException, AuthorityAccessException {
        throw new AuthorityAccessException("Nodes are not allowed to revoke groups.");
    }

    public void preDestruction() throws ProviderDestructionException {
        try {
            if (this.serviceLocator != null && this.serviceLocator.isRunning()) {
                this.serviceLocator.stop();
            }
        } catch (IOException e) {
            throw new ProviderDestructionException(e);
        }
    }

    @AuthorityProviderContext
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    @AuthorityProviderContext
    public void setNiFiProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    private InetSocketAddress getServiceAddress() {
        DiscoverableService service = this.serviceLocator.getService();
        if (service != null) {
            return service.getServiceAddress();
        }
        return null;
    }

    private boolean isException(Class<? extends Exception> cls, ProtocolMessage protocolMessage) {
        if (protocolMessage.wasException()) {
            return cls.getName().equals(protocolMessage.getExceptionClass());
        }
        return false;
    }
}
