package org.apache.nifi.authorization;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/authorization/CompositeUserGroupProvider.class */
public class CompositeUserGroupProvider implements UserGroupProvider {
    static final String PROP_USER_GROUP_PROVIDER_PREFIX = "User Group Provider ";
    private final boolean allowEmptyProviderList;
    private UserGroupProviderLookup userGroupProviderLookup;
    private List<UserGroupProvider> userGroupProviders;
    private static final Logger logger = LoggerFactory.getLogger(CompositeUserGroupProvider.class);
    static final Pattern USER_GROUP_PROVIDER_PATTERN = Pattern.compile("User Group Provider \\S+");

    public CompositeUserGroupProvider() {
        this(false);
    }

    public CompositeUserGroupProvider(boolean z) {
        this.userGroupProviders = new ArrayList();
        this.allowEmptyProviderList = z;
    }

    public void initialize(UserGroupProviderInitializationContext userGroupProviderInitializationContext) throws AuthorizerCreationException {
        this.userGroupProviderLookup = userGroupProviderInitializationContext.getUserGroupProviderLookup();
    }

    public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
        for (Map.Entry entry : authorizerConfigurationContext.getProperties().entrySet()) {
            if (USER_GROUP_PROVIDER_PATTERN.matcher((CharSequence) entry.getKey()).matches() && !StringUtils.isBlank((CharSequence) entry.getValue())) {
                String str = (String) entry.getValue();
                UserGroupProvider userGroupProvider = this.userGroupProviderLookup.getUserGroupProvider(str);
                if (userGroupProvider == null) {
                    throw new AuthorizerCreationException(String.format("Unable to locate the configured User Group Provider: %s", str));
                }
                if (this.userGroupProviders.contains(userGroupProvider)) {
                    throw new AuthorizerCreationException(String.format("Duplicate provider in Composite User Group Provider configuration: %s", str));
                }
                this.userGroupProviders.add(userGroupProvider);
            }
        }
        if (!this.allowEmptyProviderList && this.userGroupProviders.isEmpty()) {
            throw new AuthorizerCreationException("At least one User Group Provider must be configured.");
        }
    }

    public Set<User> getUsers() throws AuthorizationAccessException {
        HashSet hashSet = new HashSet();
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getUsers());
        }
        return hashSet;
    }

    public User getUser(String str) throws AuthorizationAccessException {
        User user = null;
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            user = it.next().getUser(str);
            if (user != null) {
                break;
            }
        }
        return user;
    }

    public User getUserByIdentity(String str) throws AuthorizationAccessException {
        User user = null;
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            user = it.next().getUserByIdentity(str);
            if (user != null) {
                break;
            }
        }
        return user;
    }

    public Set<Group> getGroups() throws AuthorizationAccessException {
        HashSet hashSet = new HashSet();
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getGroups());
        }
        return hashSet;
    }

    public Group getGroup(String str) throws AuthorizationAccessException {
        Group group = null;
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            group = it.next().getGroup(str);
            if (group != null) {
                break;
            }
        }
        return group;
    }

    public Group getGroupByName(String str) throws AuthorizationAccessException {
        Group group = null;
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            group = it.next().getGroupByName(str);
            if (group != null) {
                break;
            }
        }
        return group;
    }

    public UserAndGroups getUserAndGroups(String str) throws AuthorizationAccessException {
        CompositeUserAndGroups compositeUserAndGroups = new CompositeUserAndGroups();
        String str2 = "";
        for (UserGroupProvider userGroupProvider : this.userGroupProviders) {
            UserAndGroups userAndGroups = userGroupProvider.getUserAndGroups(str);
            if (userAndGroups.getUser() != null) {
                if (compositeUserAndGroups.getUser() != null) {
                    logger.warn("Multiple UserGroupProviders are claiming to provide identity [{}] user '{}': [{} and {}] ", new Object[]{str, userAndGroups.getUser(), str2, userGroupProvider.getClass().getName()});
                    throw new IllegalStateException("Multiple UserGroupProviders are claiming to provide user " + str);
                }
                compositeUserAndGroups.setUser(userAndGroups.getUser());
                str2 = userGroupProvider.getClass().getName();
            }
            if (userAndGroups.getGroups() != null) {
                compositeUserAndGroups.addAllGroups(userAndGroups.getGroups());
            }
        }
        if (compositeUserAndGroups.getUser() == null) {
            logger.debug("No user found for identity {}", str);
            return UserAndGroups.EMPTY;
        }
        String identifier = compositeUserAndGroups.getUser().getIdentifier();
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            for (Group group : it.next().getGroups()) {
                if (group.getUsers() != null && group.getUsers().contains(identifier)) {
                    compositeUserAndGroups.addGroup(group);
                }
            }
        }
        return compositeUserAndGroups;
    }

    public void preDestruction() throws AuthorizerDestructionException {
        Exception exc = null;
        Iterator<UserGroupProvider> it = this.userGroupProviders.iterator();
        while (it.hasNext()) {
            try {
                it.next().preDestruction();
            } catch (Exception e) {
                exc = e;
                logger.error("Error pre-destructing: " + String.valueOf(e));
            }
        }
        if (exc != null) {
            throw new AuthorizerDestructionException(exc);
        }
    }
}
