package org.apache.nifi.authorization.resource;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.nifi.annotation.behavior.Restricted;
import org.apache.nifi.annotation.behavior.Restriction;
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.AuthorizationResult;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.Resource;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.components.RequiredPermission;

/* loaded from: input_file:org/apache/nifi/authorization/resource/RestrictedComponentsAuthorizableFactory.class */
public class RestrictedComponentsAuthorizableFactory {
    private static final Authorizable RESTRICTED_COMPONENTS_AUTHORIZABLE = new Authorizable() { // from class: org.apache.nifi.authorization.resource.RestrictedComponentsAuthorizableFactory.1
        public Authorizable getParentAuthorizable() {
            return null;
        }

        public Resource getResource() {
            return ResourceFactory.getRestrictedComponentsResource();
        }
    };

    public static Authorizable getRestrictedComponentsAuthorizable() {
        return RESTRICTED_COMPONENTS_AUTHORIZABLE;
    }

    public static Authorizable getRestrictedComponentsAuthorizable(final RequiredPermission requiredPermission) {
        return new Authorizable() { // from class: org.apache.nifi.authorization.resource.RestrictedComponentsAuthorizableFactory.2
            public Authorizable getParentAuthorizable() {
                return RestrictedComponentsAuthorizableFactory.RESTRICTED_COMPONENTS_AUTHORIZABLE;
            }

            public Resource getResource() {
                return ResourceFactory.getRestrictedComponentsResource(requiredPermission);
            }

            public AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction requestAction, NiFiUser niFiUser, Map<String, String> map) {
                if (niFiUser == null) {
                    return AuthorizationResult.denied("Unknown user.");
                }
                AuthorizationResult checkAuthorization = super.checkAuthorization(authorizer, requestAction, niFiUser, map);
                return AuthorizationResult.Result.Denied.equals(checkAuthorization.getResult()) ? getParentAuthorizable().checkAuthorization(authorizer, requestAction, niFiUser, map) : checkAuthorization;
            }

            public void authorize(Authorizer authorizer, RequestAction requestAction, NiFiUser niFiUser, Map<String, String> map) throws AccessDeniedException {
                if (niFiUser == null) {
                    throw new AccessDeniedException("Unknown user.");
                }
                try {
                    super.authorize(authorizer, requestAction, niFiUser, map);
                } catch (AccessDeniedException e) {
                    try {
                        getParentAuthorizable().authorize(authorizer, requestAction, niFiUser, map);
                    } catch (AccessDeniedException e2) {
                        throw e;
                    }
                }
            }
        };
    }

    public static Set<Authorizable> getRestrictedComponentsAuthorizable(Class<?> cls) {
        HashSet hashSet = new HashSet();
        Restricted annotation = cls.getAnnotation(Restricted.class);
        if (annotation != null) {
            Restriction[] restrictions = annotation.restrictions();
            if (restrictions == null || restrictions.length <= 0) {
                hashSet.add(getRestrictedComponentsAuthorizable());
            } else {
                Arrays.stream(restrictions).forEach(restriction -> {
                    hashSet.add(getRestrictedComponentsAuthorizable(restriction.requiredPermission()));
                });
            }
        }
        return hashSet;
    }
}
