package org.apache.nifi.authorization;

import java.io.File;
import java.io.IOException;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
import org.apache.nifi.authorization.exception.ProviderCreationException;
import org.apache.nifi.authorization.exception.UnknownIdentityException;
import org.apache.nifi.user.generated.ObjectFactory;
import org.apache.nifi.user.generated.Role;
import org.apache.nifi.user.generated.User;
import org.apache.nifi.user.generated.Users;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.file.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/nifi/authorization/FileAuthorizationProvider.class */
public class FileAuthorizationProvider implements AuthorityProvider {
    private static final String USERS_XSD = "/users.xsd";
    private static final String JAXB_GENERATED_PATH = "org.apache.nifi.user.generated";
    private NiFiProperties properties;
    private File usersFile;
    private File restoreUsersFile;
    private Users users;
    private final Set<String> defaultAuthorities = new HashSet();
    private static final Logger logger = LoggerFactory.getLogger(FileAuthorizationProvider.class);
    private static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();

    private static JAXBContext initializeJaxbContext() {
        try {
            return JAXBContext.newInstance(JAXB_GENERATED_PATH, FileAuthorizationProvider.class.getClassLoader());
        } catch (JAXBException e) {
            throw new RuntimeException("Unable to create JAXBContext.");
        }
    }

    public void initialize(AuthorityProviderInitializationContext authorityProviderInitializationContext) throws ProviderCreationException {
    }

    public void onConfigured(AuthorityProviderConfigurationContext authorityProviderConfigurationContext) throws ProviderCreationException {
        try {
            String property = authorityProviderConfigurationContext.getProperty("Authorized Users File");
            if (property == null || property.trim().isEmpty()) {
                throw new ProviderCreationException("The authorized users file must be specified.");
            }
            this.usersFile = new File(property);
            File parentFile = this.usersFile.getParentFile();
            File restoreDirectory = this.properties.getRestoreDirectory();
            if (restoreDirectory != null) {
                FileUtils.ensureDirectoryExistAndCanAccess(restoreDirectory);
                if (parentFile.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
                    throw new ProviderCreationException(String.format("Authorized User's directory '%s' is the same as restore directory '%s' ", parentFile.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
                }
                this.restoreUsersFile = new File(restoreDirectory, this.usersFile.getName());
                try {
                    FileUtils.syncWithRestore(this.usersFile, this.restoreUsersFile, logger);
                } catch (IOException | IllegalStateException e) {
                    throw new ProviderCreationException(e);
                }
            }
            if (this.usersFile.exists()) {
                Schema newSchema = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(FileAuthorizationProvider.class.getResource(USERS_XSD));
                Unmarshaller createUnmarshaller = JAXB_CONTEXT.createUnmarshaller();
                createUnmarshaller.setSchema(newSchema);
                this.users = (Users) createUnmarshaller.unmarshal(new StreamSource(this.usersFile), Users.class).getValue();
            } else {
                this.users = new ObjectFactory().createUsers();
            }
            String property2 = authorityProviderConfigurationContext.getProperty("Default User Roles");
            if (StringUtils.isNotBlank(property2)) {
                HashSet hashSet = new HashSet();
                for (String str : property2.split(",")) {
                    String trim = str.trim();
                    if (Authority.valueOfAuthority(trim) == null) {
                        hashSet.add(trim);
                    } else {
                        this.defaultAuthorities.add(trim);
                    }
                }
                if (!hashSet.isEmpty()) {
                    logger.warn(String.format("The following default role(s) '%s' were not recognized. Possible values: %s.", StringUtils.join(hashSet, ", "), StringUtils.join(Authority.getRawAuthorities(), ", ")));
                }
            }
        } catch (IOException | ProviderCreationException | SAXException | JAXBException e2) {
            throw new ProviderCreationException(e2);
        }
    }

    public void preDestruction() {
    }

    private boolean hasDefaultRoles() {
        return !this.defaultAuthorities.isEmpty();
    }

    public boolean doesDnExist(String str) throws AuthorityAccessException {
        return hasDefaultRoles() || getUser(str) != null;
    }

    public synchronized Set<Authority> getAuthorities(String str) throws UnknownIdentityException, AuthorityAccessException {
        EnumSet noneOf = EnumSet.noneOf(Authority.class);
        User user = getUser(str);
        if (user != null) {
            Iterator<Role> it = user.getRole().iterator();
            while (it.hasNext()) {
                noneOf.add(Authority.valueOfAuthority(it.next().getName()));
            }
        } else {
            if (!hasDefaultRoles()) {
                throw new UnknownIdentityException(String.format("User DN not found: %s.", str));
            }
            logger.debug(String.format("User DN not found: %s. Creating new user with default roles.", str));
            addUser(str, null);
            noneOf.addAll(getAuthorities(str));
        }
        return noneOf;
    }

    public synchronized void setAuthorities(String str, Set<Authority> set) throws UnknownIdentityException, AuthorityAccessException {
        User user = getUser(str);
        if (user == null) {
            throw new UnknownIdentityException(String.format("User DN not found: %s.", str));
        }
        setUserAuthorities(user, set);
        try {
            save();
        } catch (Exception e) {
            throw new AuthorityAccessException(e.getMessage(), e);
        }
    }

    private void setUserAuthorities(User user, Set<Authority> set) {
        user.getRole().clear();
        ObjectFactory objectFactory = new ObjectFactory();
        for (Authority authority : set) {
            Role createRole = objectFactory.createRole();
            createRole.setName(authority.toString());
            user.getRole().add(createRole);
        }
    }

    public synchronized void addUser(String str, String str2) throws IdentityAlreadyExistsException, AuthorityAccessException {
        if (getUser(str) != null) {
            throw new IdentityAlreadyExistsException(String.format("User DN already exists: %s", str));
        }
        ObjectFactory objectFactory = new ObjectFactory();
        User createUser = objectFactory.createUser();
        createUser.setDn(str);
        createUser.setGroup(str2);
        if (hasDefaultRoles()) {
            for (String str3 : this.defaultAuthorities) {
                Role createRole = objectFactory.createRole();
                createRole.setName(str3);
                createUser.getRole().add(createRole);
            }
        }
        this.users.getUser().add(createUser);
        try {
            save();
        } catch (Exception e) {
            throw new AuthorityAccessException(e.getMessage(), e);
        }
    }

    public synchronized Set<String> getUsers(Authority authority) throws AuthorityAccessException {
        HashSet hashSet = new HashSet();
        for (User user : this.users.getUser()) {
            Iterator<Role> it = user.getRole().iterator();
            while (it.hasNext()) {
                if (it.next().getName().equals(authority.toString())) {
                    hashSet.add(user.getDn());
                }
            }
        }
        return hashSet;
    }

    public synchronized void revokeUser(String str) throws UnknownIdentityException, AuthorityAccessException {
        User user = getUser(str);
        if (user == null) {
            throw new UnknownIdentityException(String.format("User DN not found: %s.", str));
        }
        this.users.getUser().remove(user);
        try {
            save();
        } catch (Exception e) {
            throw new AuthorityAccessException(e.getMessage(), e);
        }
    }

    public void setUsersGroup(Set<String> set, String str) throws UnknownIdentityException, AuthorityAccessException {
        HashSet hashSet = new HashSet();
        for (String str2 : set) {
            User user = getUser(str2);
            if (user == null) {
                throw new UnknownIdentityException(String.format("User DN not found: %s.", str2));
            }
            hashSet.add(user);
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            ((User) it.next()).setGroup(str);
        }
        try {
            save();
        } catch (Exception e) {
            throw new AuthorityAccessException(e.getMessage(), e);
        }
    }

    public void ungroupUser(String str) throws UnknownIdentityException, AuthorityAccessException {
        User user = getUser(str);
        if (user == null) {
            throw new UnknownIdentityException(String.format("User DN not found: %s.", str));
        }
        user.setGroup(null);
        try {
            save();
        } catch (Exception e) {
            throw new AuthorityAccessException(e.getMessage(), e);
        }
    }

    public void ungroup(String str) throws AuthorityAccessException {
        Collection<User> userGroup = getUserGroup(str);
        if (userGroup == null) {
            return;
        }
        Iterator<User> it = userGroup.iterator();
        while (it.hasNext()) {
            it.next().setGroup(null);
        }
        try {
            save();
        } catch (Exception e) {
            throw new AuthorityAccessException(e.getMessage(), e);
        }
    }

    public String getGroupForUser(String str) throws UnknownIdentityException, AuthorityAccessException {
        User user = getUser(str);
        if (user == null) {
            throw new UnknownIdentityException(String.format("User DN not found: %s.", str));
        }
        return user.getGroup();
    }

    public void revokeGroup(String str) throws UnknownIdentityException, AuthorityAccessException {
        Collection<User> userGroup = getUserGroup(str);
        if (userGroup == null) {
            throw new UnknownIdentityException(String.format("User group not found: %s.", str));
        }
        Iterator<User> it = userGroup.iterator();
        while (it.hasNext()) {
            this.users.getUser().remove(it.next());
        }
        try {
            save();
        } catch (Exception e) {
            throw new AuthorityAccessException(e.getMessage(), e);
        }
    }

    public DownloadAuthorization authorizeDownload(List<String> list, Map<String, String> map) throws UnknownIdentityException, AuthorityAccessException {
        return DownloadAuthorization.approved();
    }

    private User getUser(String str) throws UnknownIdentityException {
        if (str == null) {
            throw new UnknownIdentityException("User DN not specified.");
        }
        User user = null;
        Iterator<User> it = this.users.getUser().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            User next = it.next();
            if (str.equalsIgnoreCase(next.getDn())) {
                user = next;
                break;
            }
        }
        return user;
    }

    private Collection<User> getUserGroup(String str) throws UnknownIdentityException {
        if (str == null) {
            throw new UnknownIdentityException("User group not specified.");
        }
        HashSet hashSet = null;
        for (User user : this.users.getUser()) {
            if (str.equals(user.getGroup())) {
                if (hashSet == null) {
                    hashSet = new HashSet();
                }
                hashSet.add(user);
            }
        }
        return hashSet;
    }

    private void save() throws Exception {
        Marshaller createMarshaller = JAXB_CONTEXT.createMarshaller();
        createMarshaller.setProperty("jaxb.formatted.output", Boolean.TRUE);
        if (this.restoreUsersFile != null) {
            createMarshaller.marshal(this.users, this.restoreUsersFile);
        }
        createMarshaller.marshal(this.users, this.usersFile);
    }

    @AuthorityProviderContext
    public void setNiFiProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }
}
