package org.apache.nifi.authorization;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.Group;
import org.apache.nifi.authorization.User;
import org.apache.nifi.authorization.annotation.AuthorizerContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
import org.apache.nifi.authorization.exception.UninheritableAuthorizationsException;
import org.apache.nifi.authorization.file.tenants.generated.Group;
import org.apache.nifi.authorization.file.tenants.generated.Groups;
import org.apache.nifi.authorization.file.tenants.generated.Tenants;
import org.apache.nifi.authorization.file.tenants.generated.User;
import org.apache.nifi.authorization.file.tenants.generated.Users;
import org.apache.nifi.authorization.util.IdentityMappingUtil;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.file.FileUtils;
import org.apache.nifi.xml.processing.ProcessingException;
import org.apache.nifi.xml.processing.parsers.StandardDocumentProvider;
import org.apache.nifi.xml.processing.stream.StandardXMLStreamReaderProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/nifi/authorization/FileUserGroupProvider.class */
public class FileUserGroupProvider implements ConfigurableUserGroupProvider {
    private static final String TENANTS_XSD = "/tenants.xsd";
    private static final String JAXB_TENANTS_PATH = "org.apache.nifi.authorization.file.tenants.generated";
    private static final String USER_ELEMENT = "user";
    private static final String GROUP_USER_ELEMENT = "groupUser";
    private static final String GROUP_ELEMENT = "group";
    private static final String IDENTIFIER_ATTR = "identifier";
    private static final String IDENTITY_ATTR = "identity";
    private static final String NAME_ATTR = "name";
    static final String PROP_INITIAL_USER_IDENTITY_PREFIX = "Initial User Identity ";
    static final String PROP_TENANTS_FILE = "Users File";
    private Schema tenantsSchema;
    private NiFiProperties properties;
    private File tenantsFile;
    private File restoreTenantsFile;
    private Set<String> initialUserIdentities;
    private final AtomicReference<UserGroupHolder> userGroupHolder = new AtomicReference<>();
    private static final Logger logger = LoggerFactory.getLogger(FileUserGroupProvider.class);
    private static final JAXBContext JAXB_TENANTS_CONTEXT = initializeJaxbContext();
    private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newInstance();
    static final Pattern INITIAL_USER_IDENTITY_PATTERN = Pattern.compile("Initial User Identity \\S+");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/nifi/authorization/FileUserGroupProvider$UsersAndGroups.class */
    public static class UsersAndGroups {
        final List<User> users;
        final List<Group> groups;

        public UsersAndGroups(List<User> list, List<Group> list2) {
            this.users = list;
            this.groups = list2;
        }

        public List<User> getUsers() {
            return this.users;
        }

        public List<Group> getGroups() {
            return this.groups;
        }
    }

    private static JAXBContext initializeJaxbContext() {
        try {
            return JAXBContext.newInstance(JAXB_TENANTS_PATH, FileUserGroupProvider.class.getClassLoader());
        } catch (JAXBException e) {
            throw new RuntimeException("Unable to create JAXBContext.", e);
        }
    }

    public void initialize(UserGroupProviderInitializationContext userGroupProviderInitializationContext) throws AuthorizerCreationException {
        try {
            this.tenantsSchema = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(FileUserGroupProvider.class.getResource(TENANTS_XSD));
        } catch (Exception e) {
            throw new AuthorizerCreationException(e);
        }
    }

    public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
        try {
            PropertyValue property = authorizerConfigurationContext.getProperty(PROP_TENANTS_FILE);
            if (StringUtils.isBlank(property.getValue())) {
                throw new AuthorizerCreationException("The users file must be specified.");
            }
            this.tenantsFile = new File(property.getValue());
            if (!this.tenantsFile.exists()) {
                logger.info("Creating new users file at {}", this.tenantsFile.getAbsolutePath());
                saveTenants(new Tenants());
            }
            File parentFile = this.tenantsFile.getAbsoluteFile().getParentFile();
            File restoreDirectory = this.properties.getRestoreDirectory();
            if (restoreDirectory != null) {
                FileUtils.ensureDirectoryExistAndCanAccess(restoreDirectory);
                if (parentFile.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
                    throw new AuthorizerCreationException(String.format("Users file directory '%s' is the same as restore directory '%s' ", parentFile.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
                }
                this.restoreTenantsFile = new File(restoreDirectory, this.tenantsFile.getName());
                try {
                    FileUtils.syncWithRestore(this.tenantsFile, this.restoreTenantsFile, logger);
                } catch (IOException | IllegalStateException e) {
                    throw new AuthorizerCreationException(e);
                }
            }
            List unmodifiableList = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(this.properties));
            this.initialUserIdentities = new HashSet();
            for (Map.Entry entry : authorizerConfigurationContext.getProperties().entrySet()) {
                if (INITIAL_USER_IDENTITY_PATTERN.matcher((CharSequence) entry.getKey()).matches() && !StringUtils.isBlank((CharSequence) entry.getValue())) {
                    this.initialUserIdentities.add(IdentityMappingUtil.mapIdentity((String) entry.getValue(), unmodifiableList));
                }
            }
            load();
            if (this.restoreTenantsFile != null) {
                FileUtils.copyFile(this.tenantsFile, this.restoreTenantsFile, false, false, logger);
            }
            logger.debug("Users/Groups file loaded");
        } catch (IOException | AuthorizerCreationException | JAXBException | IllegalStateException e2) {
            throw new AuthorizerCreationException(e2);
        }
    }

    public Set<User> getUsers() throws AuthorizationAccessException {
        return this.userGroupHolder.get().getAllUsers();
    }

    public synchronized User addUser(User user) throws AuthorizationAccessException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        addUsersAndGroups(new UsersAndGroups(Collections.singletonList(user), Collections.emptyList()));
        return this.userGroupHolder.get().getUsersById().get(user.getIdentifier());
    }

    public User getUser(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.userGroupHolder.get().getUsersById().get(str);
    }

    public synchronized User updateUser(User user) throws AuthorizationAccessException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        Tenants tenants = this.userGroupHolder.get().getTenants();
        User user2 = null;
        Iterator<User> it = tenants.getUsers().getUser().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            User next = it.next();
            if (user.getIdentifier().equals(next.getIdentifier())) {
                user2 = next;
                break;
            }
        }
        if (user2 == null) {
            return null;
        }
        user2.setIdentity(user.getIdentity());
        saveAndRefreshHolder(tenants);
        return this.userGroupHolder.get().getUsersById().get(user.getIdentifier());
    }

    public User getUserByIdentity(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.userGroupHolder.get().getUsersByIdentity().get(str);
    }

    public synchronized User deleteUser(User user) throws AuthorizationAccessException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        Tenants tenants = this.userGroupHolder.get().getTenants();
        List<User> user2 = tenants.getUsers().getUser();
        Iterator<Group> it = tenants.getGroups().getGroup().iterator();
        while (it.hasNext()) {
            Iterator<Group.User> it2 = it.next().getUser().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (it2.next().getIdentifier().equals(user.getIdentifier())) {
                    it2.remove();
                    break;
                }
            }
        }
        boolean z = false;
        Iterator<User> it3 = user2.iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            }
            if (user.getIdentifier().equals(it3.next().getIdentifier())) {
                it3.remove();
                z = true;
                break;
            }
        }
        if (!z) {
            return null;
        }
        saveAndRefreshHolder(tenants);
        return user;
    }

    public Set<Group> getGroups() throws AuthorizationAccessException {
        return this.userGroupHolder.get().getAllGroups();
    }

    private synchronized void addUsersAndGroups(UsersAndGroups usersAndGroups) {
        Tenants tenants = this.userGroupHolder.get().getTenants();
        for (Group group : usersAndGroups.getGroups()) {
            Group group2 = new Group();
            group2.setIdentifier(group.getIdentifier());
            group2.setName(group.getName());
            for (String str : group.getUsers()) {
                Group.User user = new Group.User();
                user.setIdentifier(str);
                group2.getUser().add(user);
            }
            tenants.getGroups().getGroup().add(group2);
        }
        Iterator<User> it = usersAndGroups.getUsers().iterator();
        while (it.hasNext()) {
            tenants.getUsers().getUser().add(createJAXBUser(it.next()));
        }
        saveAndRefreshHolder(tenants);
    }

    public synchronized Group addGroup(Group group) throws AuthorizationAccessException {
        if (group == null) {
            throw new IllegalArgumentException("Group cannot be null");
        }
        addUsersAndGroups(new UsersAndGroups(Collections.emptyList(), Collections.singletonList(group)));
        return this.userGroupHolder.get().getGroupsById().get(group.getIdentifier());
    }

    public Group getGroup(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.userGroupHolder.get().getGroupsById().get(str);
    }

    public Group getGroupByName(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.userGroupHolder.get().getGroupsByName().get(str);
    }

    public UserAndGroups getUserAndGroups(String str) throws AuthorizationAccessException {
        UserGroupHolder userGroupHolder = this.userGroupHolder.get();
        final User user = userGroupHolder.getUser(str);
        final Set<Group> groups = userGroupHolder.getGroups(str);
        return new UserAndGroups(this) { // from class: org.apache.nifi.authorization.FileUserGroupProvider.1
            public User getUser() {
                return user;
            }

            public Set<Group> getGroups() {
                return groups;
            }
        };
    }

    public synchronized Group updateGroup(Group group) throws AuthorizationAccessException {
        if (group == null) {
            throw new IllegalArgumentException("Group cannot be null");
        }
        Tenants tenants = this.userGroupHolder.get().getTenants();
        Group group2 = null;
        Iterator<Group> it = tenants.getGroups().getGroup().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Group next = it.next();
            if (next.getIdentifier().equals(group.getIdentifier())) {
                group2 = next;
                break;
            }
        }
        if (group2 == null) {
            return null;
        }
        group2.getUser().clear();
        for (String str : group.getUsers()) {
            Group.User user = new Group.User();
            user.setIdentifier(str);
            group2.getUser().add(user);
        }
        group2.setName(group.getName());
        saveAndRefreshHolder(tenants);
        return this.userGroupHolder.get().getGroupsById().get(group.getIdentifier());
    }

    public synchronized Group deleteGroup(Group group) throws AuthorizationAccessException {
        Tenants tenants = this.userGroupHolder.get().getTenants();
        boolean z = false;
        Iterator<Group> it = tenants.getGroups().getGroup().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (group.getIdentifier().equals(it.next().getIdentifier())) {
                it.remove();
                z = true;
                break;
            }
        }
        if (!z) {
            return null;
        }
        saveAndRefreshHolder(tenants);
        return group;
    }

    UserGroupHolder getUserGroupHolder() {
        return this.userGroupHolder.get();
    }

    @AuthorizerContext
    public void setNiFiProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    public synchronized void inheritFingerprint(String str) throws AuthorizationAccessException {
        inherit(parseUsersAndGroups(str));
    }

    private synchronized void inherit(UsersAndGroups usersAndGroups) {
        addUsersAndGroups(usersAndGroups);
    }

    public synchronized void forciblyInheritFingerprint(String str) throws AuthorizationAccessException {
        if (str == null || str.trim().isEmpty()) {
            logger.info("Inheriting Empty Users & Groups. Will backup existing Uesrs & Groups first.");
            backupUsersAndGroups();
            purgeUsersAndGroups();
            return;
        }
        UsersAndGroups parseUsersAndGroups = parseUsersAndGroups(str);
        if (isInheritable()) {
            logger.debug("Inheriting cluster's Users & Groups");
            inherit(parseUsersAndGroups);
        } else {
            logger.info("Cannot directly inherit proposed Users & Groups so will backup existing Users & Groups and then replace with proposed configuration");
            backupUsersAndGroups();
            purgeUsersAndGroups();
            addUsersAndGroups(parseUsersAndGroups);
        }
    }

    public void backupUsersAndGroups() throws AuthorizationAccessException {
        Tenants tenants = this.userGroupHolder.get().getTenants();
        File file = new File(this.tenantsFile.getParentFile(), this.tenantsFile.getName() + "." + new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(new Date()));
        logger.info("Writing backup of Users & Groups to {}", file.getAbsolutePath());
        try {
            saveTenants(tenants, file);
        } catch (JAXBException e) {
            throw new AuthorizationAccessException("Could not backup existing Users and Groups so will not inherit new Users and Groups", e);
        }
    }

    public synchronized void purgeUsersAndGroups() {
        Tenants tenants = this.userGroupHolder.get().getTenants();
        tenants.setGroups(new Groups());
        tenants.setUsers(new Users());
        saveAndRefreshHolder(tenants);
    }

    public void checkInheritability(String str) throws AuthorizationAccessException {
        if (!isInheritable()) {
            throw new UninheritableAuthorizationsException("Proposed fingerprint is not inheritable because the current users and groups is not empty.");
        }
    }

    private boolean isInheritable() {
        UserGroupHolder userGroupHolder = this.userGroupHolder.get();
        return userGroupHolder.getAllUsers().isEmpty() && userGroupHolder.getAllGroups().isEmpty();
    }

    public String getFingerprint() throws AuthorizationAccessException {
        UserGroupHolder userGroupHolder = this.userGroupHolder.get();
        ArrayList arrayList = new ArrayList(userGroupHolder.getAllUsers());
        arrayList.sort(Comparator.comparing((v0) -> {
            return v0.getIdentifier();
        }));
        ArrayList arrayList2 = new ArrayList(userGroupHolder.getAllGroups());
        arrayList2.sort(Comparator.comparing((v0) -> {
            return v0.getIdentifier();
        }));
        XMLStreamWriter xMLStreamWriter = null;
        StringWriter stringWriter = new StringWriter();
        try {
            try {
                xMLStreamWriter = XML_OUTPUT_FACTORY.createXMLStreamWriter(stringWriter);
                xMLStreamWriter.writeStartDocument();
                xMLStreamWriter.writeStartElement("tenants");
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    writeUser(xMLStreamWriter, (User) it.next());
                }
                Iterator it2 = arrayList2.iterator();
                while (it2.hasNext()) {
                    writeGroup(xMLStreamWriter, (Group) it2.next());
                }
                xMLStreamWriter.writeEndElement();
                xMLStreamWriter.writeEndDocument();
                xMLStreamWriter.flush();
                if (xMLStreamWriter != null) {
                    try {
                        xMLStreamWriter.close();
                    } catch (XMLStreamException e) {
                    }
                }
                return stringWriter.toString();
            } catch (Throwable th) {
                if (xMLStreamWriter != null) {
                    try {
                        xMLStreamWriter.close();
                    } catch (XMLStreamException e2) {
                    }
                }
                throw th;
            }
        } catch (XMLStreamException e3) {
            throw new AuthorizationAccessException("Unable to generate fingerprint", e3);
        }
    }

    private UsersAndGroups parseUsersAndGroups(String str) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
            try {
                Element documentElement = new StandardDocumentProvider().parse(byteArrayInputStream).getDocumentElement();
                NodeList elementsByTagName = documentElement.getElementsByTagName(USER_ELEMENT);
                for (int i = 0; i < elementsByTagName.getLength(); i++) {
                    arrayList.add(parseUser((Element) elementsByTagName.item(i)));
                }
                NodeList elementsByTagName2 = documentElement.getElementsByTagName(GROUP_ELEMENT);
                for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                    arrayList2.add(parseGroup((Element) elementsByTagName2.item(i2)));
                }
                byteArrayInputStream.close();
                return new UsersAndGroups(arrayList, arrayList2);
            } finally {
            }
        } catch (ProcessingException | IOException e) {
            throw new AuthorizationAccessException("Unable to parse fingerprint", e);
        }
    }

    private User parseUser(Element element) {
        return new User.Builder().identifier(element.getAttribute(IDENTIFIER_ATTR)).identity(element.getAttribute(IDENTITY_ATTR)).build();
    }

    private Group parseGroup(Element element) {
        Group.Builder name = new Group.Builder().identifier(element.getAttribute(IDENTIFIER_ATTR)).name(element.getAttribute(NAME_ATTR));
        NodeList elementsByTagName = element.getElementsByTagName(GROUP_USER_ELEMENT);
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            name.addUser(((Element) elementsByTagName.item(i)).getAttribute(IDENTIFIER_ATTR));
        }
        return name.build();
    }

    private void writeUser(XMLStreamWriter xMLStreamWriter, User user) throws XMLStreamException {
        xMLStreamWriter.writeStartElement(USER_ELEMENT);
        xMLStreamWriter.writeAttribute(IDENTIFIER_ATTR, user.getIdentifier());
        xMLStreamWriter.writeAttribute(IDENTITY_ATTR, user.getIdentity());
        xMLStreamWriter.writeEndElement();
    }

    private void writeGroup(XMLStreamWriter xMLStreamWriter, Group group) throws XMLStreamException {
        ArrayList<String> arrayList = new ArrayList(group.getUsers());
        Collections.sort(arrayList);
        xMLStreamWriter.writeStartElement(GROUP_ELEMENT);
        xMLStreamWriter.writeAttribute(IDENTIFIER_ATTR, group.getIdentifier());
        xMLStreamWriter.writeAttribute(NAME_ATTR, group.getName());
        for (String str : arrayList) {
            xMLStreamWriter.writeStartElement(GROUP_USER_ELEMENT);
            xMLStreamWriter.writeAttribute(IDENTIFIER_ATTR, str);
            xMLStreamWriter.writeEndElement();
        }
        xMLStreamWriter.writeEndElement();
    }

    private org.apache.nifi.authorization.file.tenants.generated.User createJAXBUser(User user) {
        org.apache.nifi.authorization.file.tenants.generated.User user2 = new org.apache.nifi.authorization.file.tenants.generated.User();
        user2.setIdentifier(user.getIdentifier());
        user2.setIdentity(user.getIdentity());
        return user2;
    }

    private synchronized void load() throws JAXBException, IllegalStateException {
        Tenants unmarshallTenants = unmarshallTenants();
        if (unmarshallTenants.getUsers() == null) {
            unmarshallTenants.setUsers(new Users());
        }
        if (unmarshallTenants.getGroups() == null) {
            unmarshallTenants.setGroups(new Groups());
        }
        UserGroupHolder userGroupHolder = new UserGroupHolder(unmarshallTenants);
        if (!(userGroupHolder.getAllUsers().isEmpty() && userGroupHolder.getAllGroups().isEmpty())) {
            this.userGroupHolder.set(userGroupHolder);
        } else {
            populateInitialUsers(unmarshallTenants);
            saveAndRefreshHolder(unmarshallTenants);
        }
    }

    private void saveTenants(Tenants tenants) throws JAXBException {
        saveTenants(tenants, this.tenantsFile);
    }

    private void saveTenants(Tenants tenants, File file) throws JAXBException {
        Marshaller createMarshaller = JAXB_TENANTS_CONTEXT.createMarshaller();
        createMarshaller.setSchema(this.tenantsSchema);
        createMarshaller.setProperty("jaxb.formatted.output", true);
        createMarshaller.marshal(tenants, file);
    }

    private Tenants unmarshallTenants() throws JAXBException {
        Unmarshaller createUnmarshaller = JAXB_TENANTS_CONTEXT.createUnmarshaller();
        createUnmarshaller.setSchema(this.tenantsSchema);
        try {
            return (Tenants) createUnmarshaller.unmarshal(new StandardXMLStreamReaderProvider().getStreamReader(new StreamSource(this.tenantsFile)), Tenants.class).getValue();
        } catch (ProcessingException e) {
            throw new JAXBException("Error unmarshalling tenants", e);
        }
    }

    private void populateInitialUsers(Tenants tenants) {
        Iterator<String> it = this.initialUserIdentities.iterator();
        while (it.hasNext()) {
            createUser(tenants, it.next());
        }
    }

    private void createUser(Tenants tenants, String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        org.apache.nifi.authorization.file.tenants.generated.User user = null;
        Iterator<org.apache.nifi.authorization.file.tenants.generated.User> it = tenants.getUsers().getUser().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            org.apache.nifi.authorization.file.tenants.generated.User next = it.next();
            if (next.getIdentity().equals(str)) {
                user = next;
                break;
            }
        }
        if (user == null) {
            String identifier = IdentifierUtil.getIdentifier(str);
            org.apache.nifi.authorization.file.tenants.generated.User user2 = new org.apache.nifi.authorization.file.tenants.generated.User();
            user2.setIdentifier(identifier);
            user2.setIdentity(str);
            tenants.getUsers().getUser().add(user2);
        }
    }

    private synchronized void saveAndRefreshHolder(Tenants tenants) throws AuthorizationAccessException {
        try {
            saveTenants(tenants);
            this.userGroupHolder.set(new UserGroupHolder(tenants));
        } catch (JAXBException e) {
            throw new AuthorizationAccessException("Unable to save Authorizations", e);
        }
    }

    public void preDestruction() throws AuthorizerDestructionException {
    }
}
