package org.apache.nifi.ldap.tenants;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.authorization.AuthorizerConfigurationContext;
import org.apache.nifi.authorization.Group;
import org.apache.nifi.authorization.User;
import org.apache.nifi.authorization.UserAndGroups;
import org.apache.nifi.authorization.UserGroupProvider;
import org.apache.nifi.authorization.UserGroupProviderInitializationContext;
import org.apache.nifi.authorization.annotation.AuthorizerContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.util.IdentityMapping;
import org.apache.nifi.authorization.util.IdentityMappingUtil;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.ldap.LdapAuthenticationStrategy;
import org.apache.nifi.ldap.LdapsSocketFactory;
import org.apache.nifi.ldap.ReferralStrategy;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DirContextProcessor;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy;
import org.springframework.ldap.core.support.SingleContextSource;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.HardcodedFilter;

/* loaded from: input_file:org/apache/nifi/ldap/tenants/LdapUserGroupProvider.class */
public class LdapUserGroupProvider implements UserGroupProvider {
    private static final Logger logger = LoggerFactory.getLogger(LdapUserGroupProvider.class);
    public static final String PROP_CONNECT_TIMEOUT = "Connect Timeout";
    public static final String PROP_READ_TIMEOUT = "Read Timeout";
    public static final String PROP_AUTHENTICATION_STRATEGY = "Authentication Strategy";
    public static final String PROP_MANAGER_DN = "Manager DN";
    public static final String PROP_MANAGER_PASSWORD = "Manager Password";
    public static final String PROP_REFERRAL_STRATEGY = "Referral Strategy";
    public static final String PROP_URL = "Url";
    public static final String PROP_PAGE_SIZE = "Page Size";
    public static final String PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY = "Group Membership - Enforce Case Sensitivity";
    public static final String PROP_USER_SEARCH_BASE = "User Search Base";
    public static final String PROP_USER_OBJECT_CLASS = "User Object Class";
    public static final String PROP_USER_SEARCH_SCOPE = "User Search Scope";
    public static final String PROP_USER_SEARCH_FILTER = "User Search Filter";
    public static final String PROP_USER_IDENTITY_ATTRIBUTE = "User Identity Attribute";
    public static final String PROP_USER_GROUP_ATTRIBUTE = "User Group Name Attribute";
    public static final String PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE = "User Group Name Attribute - Referenced Group Attribute";
    public static final String PROP_GROUP_SEARCH_BASE = "Group Search Base";
    public static final String PROP_GROUP_OBJECT_CLASS = "Group Object Class";
    public static final String PROP_GROUP_SEARCH_SCOPE = "Group Search Scope";
    public static final String PROP_GROUP_SEARCH_FILTER = "Group Search Filter";
    public static final String PROP_GROUP_NAME_ATTRIBUTE = "Group Name Attribute";
    public static final String PROP_GROUP_MEMBER_ATTRIBUTE = "Group Member Attribute";
    public static final String PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE = "Group Member Attribute - Referenced User Attribute";
    public static final String PROP_SYNC_INTERVAL = "Sync Interval";
    private static final long MINIMUM_SYNC_INTERVAL_MILLISECONDS = 10000;
    private List<IdentityMapping> identityMappings;
    private List<IdentityMapping> groupMappings;
    private NiFiProperties properties;
    private ScheduledExecutorService ldapSync;
    private final AtomicReference<TenantHolder> tenants = new AtomicReference<>(null);
    private String userSearchBase;
    private SearchScope userSearchScope;
    private String userSearchFilter;
    private String userIdentityAttribute;
    private String userObjectClass;
    private String userGroupNameAttribute;
    private String userGroupReferencedGroupAttribute;
    private boolean useDnForUserIdentity;
    private boolean performUserSearch;
    private String groupSearchBase;
    private SearchScope groupSearchScope;
    private String groupSearchFilter;
    private String groupMemberAttribute;
    private String groupMemberReferencedUserAttribute;
    private String groupNameAttribute;
    private String groupObjectClass;
    private boolean useDnForGroupName;
    private boolean performGroupSearch;
    private Integer pageSize;
    private boolean groupMembershipEnforceCaseSensitivity;

    public void initialize(final UserGroupProviderInitializationContext userGroupProviderInitializationContext) throws AuthorizerCreationException {
        this.ldapSync = Executors.newSingleThreadScheduledExecutor(new ThreadFactory() { // from class: org.apache.nifi.ldap.tenants.LdapUserGroupProvider.1
            final ThreadFactory factory = Executors.defaultThreadFactory();

            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                Thread newThread = this.factory.newThread(runnable);
                newThread.setName(String.format("%s (%s) - background sync thread", getClass().getSimpleName(), userGroupProviderInitializationContext.getIdentifier()));
                return newThread;
            }
        });
    }

    public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
        LdapContextSource ldapContextSource = new LdapContextSource();
        HashMap hashMap = new HashMap();
        setTimeout(authorizerConfigurationContext, hashMap, PROP_CONNECT_TIMEOUT, "com.sun.jndi.ldap.connect.timeout");
        setTimeout(authorizerConfigurationContext, hashMap, PROP_READ_TIMEOUT, "com.sun.jndi.ldap.read.timeout");
        PropertyValue property = authorizerConfigurationContext.getProperty(PROP_AUTHENTICATION_STRATEGY);
        try {
            LdapAuthenticationStrategy valueOf = LdapAuthenticationStrategy.valueOf(property.getValue());
            switch (valueOf) {
                case ANONYMOUS:
                    ldapContextSource.setAnonymousReadOnly(true);
                    break;
                default:
                    String value = authorizerConfigurationContext.getProperty(PROP_MANAGER_DN).getValue();
                    String value2 = authorizerConfigurationContext.getProperty(PROP_MANAGER_PASSWORD).getValue();
                    ldapContextSource.setUserDn(value);
                    ldapContextSource.setPassword(value2);
                    switch (valueOf) {
                        case SIMPLE:
                            ldapContextSource.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                            break;
                        case LDAPS:
                            ldapContextSource.setAuthenticationStrategy(new SimpleDirContextAuthenticationStrategy());
                            hashMap.put("java.naming.security.protocol", "ssl");
                            SSLContext configuredSslContext = getConfiguredSslContext(authorizerConfigurationContext);
                            if (configuredSslContext != null) {
                                LdapsSocketFactory.initialize(configuredSslContext.getSocketFactory());
                                hashMap.put("java.naming.ldap.factory.socket", LdapsSocketFactory.class.getName());
                                break;
                            }
                            break;
                        case START_TLS:
                            DefaultTlsDirContextAuthenticationStrategy defaultTlsDirContextAuthenticationStrategy = new DefaultTlsDirContextAuthenticationStrategy();
                            String value3 = authorizerConfigurationContext.getProperty("TLS - Shutdown Gracefully").getValue();
                            if (StringUtils.isNotBlank(value3)) {
                                defaultTlsDirContextAuthenticationStrategy.setShutdownTlsGracefully(Boolean.TRUE.toString().equalsIgnoreCase(value3));
                            }
                            SSLContext configuredSslContext2 = getConfiguredSslContext(authorizerConfigurationContext);
                            if (configuredSslContext2 != null) {
                                defaultTlsDirContextAuthenticationStrategy.setSslSocketFactory(configuredSslContext2.getSocketFactory());
                            }
                            ldapContextSource.setAuthenticationStrategy(defaultTlsDirContextAuthenticationStrategy);
                            break;
                    }
            }
            String value4 = authorizerConfigurationContext.getProperty(PROP_REFERRAL_STRATEGY).getValue();
            try {
                ldapContextSource.setReferral(ReferralStrategy.valueOf(value4).getValue());
                String value5 = authorizerConfigurationContext.getProperty(PROP_URL).getValue();
                if (StringUtils.isBlank(value5)) {
                    throw new AuthorizerCreationException("LDAP identity provider 'Url' must be specified.");
                }
                ldapContextSource.setUrls(StringUtils.split(value5));
                PropertyValue property2 = authorizerConfigurationContext.getProperty(PROP_USER_SEARCH_BASE);
                PropertyValue property3 = authorizerConfigurationContext.getProperty(PROP_USER_OBJECT_CLASS);
                PropertyValue property4 = authorizerConfigurationContext.getProperty(PROP_USER_SEARCH_SCOPE);
                if (property2.isSet() && !property3.isSet()) {
                    throw new AuthorizerCreationException("LDAP user group provider 'User Object Class' must be specified when 'User Search Base' is set.");
                }
                if (property2.isSet() && !property4.isSet()) {
                    throw new AuthorizerCreationException("LDAP user group provider 'User Search Scope' must be specified when 'User Search Base' is set.");
                }
                this.userSearchBase = property2.getValue();
                this.userObjectClass = property3.getValue();
                this.userSearchFilter = authorizerConfigurationContext.getProperty(PROP_USER_SEARCH_FILTER).getValue();
                this.userIdentityAttribute = authorizerConfigurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE).getValue();
                this.userGroupNameAttribute = authorizerConfigurationContext.getProperty(PROP_USER_GROUP_ATTRIBUTE).getValue();
                this.userGroupReferencedGroupAttribute = authorizerConfigurationContext.getProperty(PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE).getValue();
                try {
                    this.userSearchScope = SearchScope.valueOf(property4.getValue());
                    this.useDnForUserIdentity = StringUtils.isBlank(this.userIdentityAttribute);
                    this.performUserSearch = StringUtils.isNotBlank(this.userSearchBase);
                    PropertyValue property5 = authorizerConfigurationContext.getProperty(PROP_GROUP_SEARCH_BASE);
                    PropertyValue property6 = authorizerConfigurationContext.getProperty(PROP_GROUP_OBJECT_CLASS);
                    PropertyValue property7 = authorizerConfigurationContext.getProperty(PROP_GROUP_SEARCH_SCOPE);
                    if (property5.isSet() && !property6.isSet()) {
                        throw new AuthorizerCreationException("LDAP user group provider 'Group Object Class' must be specified when 'Group Search Base' is set.");
                    }
                    if (property5.isSet() && !property7.isSet()) {
                        throw new AuthorizerCreationException("LDAP user group provider 'Group Search Scope' must be specified when 'Group Search Base' is set.");
                    }
                    this.groupSearchBase = property5.getValue();
                    this.groupObjectClass = property6.getValue();
                    this.groupSearchFilter = authorizerConfigurationContext.getProperty(PROP_GROUP_SEARCH_FILTER).getValue();
                    this.groupNameAttribute = authorizerConfigurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE).getValue();
                    this.groupMemberAttribute = authorizerConfigurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE).getValue();
                    this.groupMemberReferencedUserAttribute = authorizerConfigurationContext.getProperty(PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE).getValue();
                    try {
                        this.groupSearchScope = SearchScope.valueOf(property7.getValue());
                        this.useDnForGroupName = StringUtils.isBlank(this.groupNameAttribute);
                        this.performGroupSearch = StringUtils.isNotBlank(this.groupSearchBase);
                        if (!this.performUserSearch && !this.performGroupSearch) {
                            throw new AuthorizerCreationException("LDAP user group provider 'User Search Base' or 'Group Search Base' must be specified.");
                        }
                        if (this.performGroupSearch && !this.performUserSearch && StringUtils.isBlank(this.groupMemberAttribute)) {
                            throw new AuthorizerCreationException("'Group Member Attribute' is required when searching groups but not users.");
                        }
                        if (StringUtils.isNotBlank(this.groupMemberReferencedUserAttribute) && !this.performUserSearch) {
                            throw new AuthorizerCreationException("''User Search Base' must be set when specifying 'Group Member Attribute - Referenced User Attribute'.");
                        }
                        if (StringUtils.isNotBlank(this.userGroupReferencedGroupAttribute) && !this.performGroupSearch) {
                            throw new AuthorizerCreationException("'Group Search Base' must be set when specifying 'User Group Name Attribute - Referenced Group Attribute'.");
                        }
                        PropertyValue property8 = authorizerConfigurationContext.getProperty(PROP_PAGE_SIZE);
                        if (property8.isSet() && StringUtils.isNotBlank(property8.getValue())) {
                            this.pageSize = property8.asInteger();
                        }
                        this.groupMembershipEnforceCaseSensitivity = Boolean.parseBoolean(authorizerConfigurationContext.getProperty(PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY).getValue());
                        this.identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(this.properties));
                        this.groupMappings = Collections.unmodifiableList(IdentityMappingUtil.getGroupMappings(this.properties));
                        if (!hashMap.isEmpty()) {
                            ldapContextSource.setBaseEnvironmentProperties(hashMap);
                        }
                        try {
                            ldapContextSource.afterPropertiesSet();
                            PropertyValue property9 = authorizerConfigurationContext.getProperty(PROP_SYNC_INTERVAL);
                            if (!property9.isSet()) {
                                throw new AuthorizerCreationException(String.format("The '%s' must be specified.", PROP_SYNC_INTERVAL));
                            }
                            try {
                                long timeDuration = FormatUtils.getTimeDuration(property9.getValue(), TimeUnit.MILLISECONDS);
                                if (timeDuration < MINIMUM_SYNC_INTERVAL_MILLISECONDS) {
                                    throw new AuthorizerCreationException(String.format("The %s '%s' is below the minimum value of '%d ms'", PROP_SYNC_INTERVAL, property9.getValue(), Long.valueOf(MINIMUM_SYNC_INTERVAL_MILLISECONDS)));
                                }
                                try {
                                    load(ldapContextSource);
                                    if (this.tenants.get() == null) {
                                        throw new AuthorizerCreationException("Unable to sync users and groups.");
                                    }
                                    this.ldapSync.scheduleWithFixedDelay(() -> {
                                        try {
                                            load(ldapContextSource);
                                        } catch (Throwable th) {
                                            logger.error("Failed to sync User/Groups from LDAP due to {}. Will try again in {} millis.", new Object[]{th.toString(), Long.valueOf(timeDuration)});
                                            if (logger.isDebugEnabled()) {
                                                logger.error("", th);
                                            }
                                        }
                                    }, timeDuration, timeDuration, TimeUnit.MILLISECONDS);
                                } catch (AuthorizationAccessException e) {
                                    throw new AuthorizerCreationException(e);
                                }
                            } catch (IllegalArgumentException e2) {
                                throw new AuthorizerCreationException(String.format("The %s '%s' is not a valid time duration", PROP_SYNC_INTERVAL, property9.getValue()));
                            }
                        } catch (Exception e3) {
                            throw new AuthorizerCreationException(e3.getMessage(), e3);
                        }
                    } catch (IllegalArgumentException e4) {
                        throw new AuthorizerCreationException(String.format("Unrecognized group search scope '%s'. Possible values are [%s]", property7.getValue(), StringUtils.join(SearchScope.values(), ", ")));
                    }
                } catch (IllegalArgumentException e5) {
                    throw new AuthorizerCreationException(String.format("Unrecognized user search scope '%s'. Possible values are [%s]", property4.getValue(), StringUtils.join(SearchScope.values(), ", ")));
                }
            } catch (IllegalArgumentException e6) {
                throw new AuthorizerCreationException(String.format("Unrecognized referral strategy '%s'. Possible values are [%s]", value4, StringUtils.join(ReferralStrategy.values(), ", ")));
            }
        } catch (IllegalArgumentException e7) {
            throw new AuthorizerCreationException(String.format("Unrecognized authentication strategy '%s'. Possible values are [%s]", property.getValue(), StringUtils.join(LdapAuthenticationStrategy.values(), ", ")));
        }
    }

    public Set<User> getUsers() throws AuthorizationAccessException {
        return this.tenants.get().getAllUsers();
    }

    public User getUser(String str) throws AuthorizationAccessException {
        return this.tenants.get().getUsersById().get(str);
    }

    public User getUserByIdentity(String str) throws AuthorizationAccessException {
        return this.tenants.get().getUser(str);
    }

    public Set<Group> getGroups() throws AuthorizationAccessException {
        return this.tenants.get().getAllGroups();
    }

    public Group getGroup(String str) throws AuthorizationAccessException {
        return this.tenants.get().getGroupsById().get(str);
    }

    public Group getGroupByName(String str) throws AuthorizationAccessException {
        return this.tenants.get().getGroupsByName().get(str);
    }

    public UserAndGroups getUserAndGroups(final String str) throws AuthorizationAccessException {
        final TenantHolder tenantHolder = this.tenants.get();
        return new UserAndGroups() { // from class: org.apache.nifi.ldap.tenants.LdapUserGroupProvider.2
            public User getUser() {
                return tenantHolder.getUser(str);
            }

            public Set<Group> getGroups() {
                return tenantHolder.getGroups(str);
            }
        };
    }

    private void load(ContextSource contextSource) {
        SingleContextSource singleContextSource = new SingleContextSource(contextSource.getReadOnlyContext());
        final LdapTemplate ldapTemplate = new LdapTemplate(singleContextSource);
        try {
            final ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            final HashMap hashMap = new HashMap();
            final HashMap hashMap2 = new HashMap();
            if (this.performUserSearch) {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this.userSearchScope.ordinal());
                LdapTemplate.NullDirContextProcessor nullDirContextProcessor = this.pageSize == null ? new LdapTemplate.NullDirContextProcessor() : new PagedResultsDirContextProcessor(this.pageSize.intValue());
                AndFilter andFilter = new AndFilter();
                andFilter.and(new EqualsFilter("objectClass", this.userObjectClass));
                if (StringUtils.isNotBlank(this.userSearchFilter)) {
                    andFilter.and(new HardcodedFilter(this.userSearchFilter));
                }
                do {
                    arrayList.addAll(ldapTemplate.search(this.userSearchBase, andFilter.encode(), searchControls, new AbstractContextMapper<User>() { // from class: org.apache.nifi.ldap.tenants.LdapUserGroupProvider.3
                        /* JADX INFO: Access modifiers changed from: protected */
                        /* renamed from: doMapFromContext, reason: merged with bridge method [inline-methods] */
                        public User m6doMapFromContext(DirContextOperations dirContextOperations) {
                            String str;
                            String userIdentity = LdapUserGroupProvider.this.getUserIdentity(dirContextOperations);
                            User build = new User.Builder().identifierGenerateFromSeed(userIdentity).identity(userIdentity).build();
                            hashMap2.put(LdapUserGroupProvider.this.getReferencedUserValue(dirContextOperations), build);
                            if (StringUtils.isNotBlank(LdapUserGroupProvider.this.userGroupNameAttribute)) {
                                Attribute attribute = dirContextOperations.getAttributes().get(LdapUserGroupProvider.this.userGroupNameAttribute);
                                if (attribute == null) {
                                    LdapUserGroupProvider.logger.debug(String.format("User group name attribute [%s] does not exist for %s. This may be due to misconfiguration or the user may just not belong to any groups. Ignoring group membership.", LdapUserGroupProvider.this.userGroupNameAttribute, userIdentity));
                                } else {
                                    try {
                                        NamingEnumeration all = attribute.getAll();
                                        while (all.hasMoreElements()) {
                                            String str2 = (String) all.next();
                                            if (LdapUserGroupProvider.this.performGroupSearch) {
                                                str = LdapUserGroupProvider.this.groupMembershipEnforceCaseSensitivity ? str2 : str2.toLowerCase();
                                            } else {
                                                str = str2;
                                            }
                                            ((Set) hashMap.computeIfAbsent(str, str3 -> {
                                                return new HashSet();
                                            })).add(build.getIdentifier());
                                        }
                                    } catch (NamingException e) {
                                        throw new AuthorizationAccessException("Error while retrieving user group name attribute [" + LdapUserGroupProvider.this.userIdentityAttribute + "].");
                                    }
                                }
                            }
                            return build;
                        }
                    }, nullDirContextProcessor));
                } while (hasMorePages(nullDirContextProcessor));
            }
            if (this.performGroupSearch) {
                SearchControls searchControls2 = new SearchControls();
                searchControls2.setSearchScope(this.groupSearchScope.ordinal());
                LdapTemplate.NullDirContextProcessor nullDirContextProcessor2 = this.pageSize == null ? new LdapTemplate.NullDirContextProcessor() : new PagedResultsDirContextProcessor(this.pageSize.intValue());
                AndFilter andFilter2 = new AndFilter();
                andFilter2.and(new EqualsFilter("objectClass", this.groupObjectClass));
                if (StringUtils.isNotBlank(this.groupSearchFilter)) {
                    andFilter2.and(new HardcodedFilter(this.groupSearchFilter));
                }
                do {
                    arrayList2.addAll(ldapTemplate.search(this.groupSearchBase, andFilter2.encode(), searchControls2, new AbstractContextMapper<Group>() { // from class: org.apache.nifi.ldap.tenants.LdapUserGroupProvider.4
                        /* JADX INFO: Access modifiers changed from: protected */
                        /* renamed from: doMapFromContext, reason: merged with bridge method [inline-methods] */
                        public Group m7doMapFromContext(DirContextOperations dirContextOperations) {
                            dirContextOperations.getDn().toString();
                            String groupName = LdapUserGroupProvider.this.getGroupName(dirContextOperations);
                            String referencedGroupValue = LdapUserGroupProvider.this.getReferencedGroupValue(dirContextOperations);
                            if (!StringUtils.isBlank(LdapUserGroupProvider.this.groupMemberAttribute)) {
                                Attribute attribute = dirContextOperations.getAttributes().get(LdapUserGroupProvider.this.groupMemberAttribute);
                                if (attribute == null) {
                                    LdapUserGroupProvider.logger.debug(String.format("Group member attribute [%s] does not exist for %s. This may be due to misconfiguration or the group may not have any members. Ignoring group membership.", LdapUserGroupProvider.this.groupMemberAttribute, groupName));
                                } else {
                                    try {
                                        NamingEnumeration all = attribute.getAll();
                                        while (all.hasMoreElements()) {
                                            String str = (String) all.next();
                                            if (LdapUserGroupProvider.this.performUserSearch) {
                                                User user = (User) hashMap2.get(LdapUserGroupProvider.this.groupMembershipEnforceCaseSensitivity ? str : str.toLowerCase());
                                                if (user != null) {
                                                    ((Set) hashMap.computeIfAbsent(referencedGroupValue, str2 -> {
                                                        return new HashSet();
                                                    })).add(user.getIdentifier());
                                                } else {
                                                    LdapUserGroupProvider.logger.debug(String.format("%s contains member %s but that user was not found while searching users. This may be due to a misconfiguration or it's possible the user is not a NiFi user. Ignoring group membership.", groupName, str));
                                                }
                                            } else {
                                                String mapIdentity = LdapUserGroupProvider.this.useDnForUserIdentity ? IdentityMappingUtil.mapIdentity(str, LdapUserGroupProvider.this.identityMappings) : LdapUserGroupProvider.this.getUserIdentity((DirContextAdapter) ldapTemplate.lookup(str));
                                                User build = new User.Builder().identifierGenerateFromSeed(mapIdentity).identity(mapIdentity).build();
                                                arrayList.add(build);
                                                ((Set) hashMap.computeIfAbsent(referencedGroupValue, str3 -> {
                                                    return new HashSet();
                                                })).add(build.getIdentifier());
                                            }
                                        }
                                    } catch (NamingException e) {
                                        throw new AuthorizationAccessException("Error while retrieving group name attribute [" + LdapUserGroupProvider.this.groupNameAttribute + "].");
                                    }
                                }
                            }
                            Group.Builder name = new Group.Builder().identifierGenerateFromSeed(groupName).name(groupName);
                            if (hashMap.containsKey(referencedGroupValue)) {
                                ((Set) hashMap.remove(referencedGroupValue)).forEach(str4 -> {
                                    name.addUser(str4);
                                });
                            }
                            return name.build();
                        }
                    }, nullDirContextProcessor2));
                } while (hasMorePages(nullDirContextProcessor2));
                hashMap.forEach((str, set) -> {
                    logger.debug(String.format("[%s] are members of %s but that group was not found while searching groups. This may be due to a misconfiguration or it's possible the group is not a NiFi group. Ignoring group membership.", StringUtils.join(set, ", "), str));
                });
            } else {
                hashMap.forEach((str2, set2) -> {
                    String mapIdentity = this.useDnForGroupName ? IdentityMappingUtil.mapIdentity(str2, this.groupMappings) : getGroupName((DirContextAdapter) ldapTemplate.lookup(str2));
                    Group.Builder name = new Group.Builder().identifierGenerateFromSeed(mapIdentity).name(mapIdentity);
                    set2.forEach(str2 -> {
                        name.addUser(str2);
                    });
                    arrayList2.add(name.build());
                });
            }
            if (logger.isDebugEnabled()) {
                logger.debug("-------------------------------------");
                logger.debug("Loaded the following users from LDAP:");
                arrayList.forEach(user -> {
                    logger.debug(" - " + user);
                });
                logger.debug("--------------------------------------");
                logger.debug("Loaded the following groups from LDAP:");
                arrayList2.forEach(group -> {
                    logger.debug(" - " + group);
                });
                logger.debug("--------------------------------------");
            }
            this.tenants.set(new TenantHolder(new HashSet(arrayList), new HashSet(arrayList2)));
            singleContextSource.destroy();
        } catch (Throwable th) {
            singleContextSource.destroy();
            throw th;
        }
    }

    private boolean hasMorePages(DirContextProcessor dirContextProcessor) {
        return (dirContextProcessor instanceof PagedResultsDirContextProcessor) && ((PagedResultsDirContextProcessor) dirContextProcessor).hasMore();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getUserIdentity(DirContextOperations dirContextOperations) {
        String str;
        if (this.useDnForUserIdentity) {
            str = dirContextOperations.getDn().toString();
        } else {
            Attribute attribute = dirContextOperations.getAttributes().get(this.userIdentityAttribute);
            if (attribute == null) {
                throw new AuthorizationAccessException("User identity attribute [" + this.userIdentityAttribute + "] does not exist.");
            }
            try {
                str = (String) attribute.get();
            } catch (NamingException e) {
                throw new AuthorizationAccessException("Error while retrieving user name attribute [" + this.userIdentityAttribute + "].");
            }
        }
        return IdentityMappingUtil.mapIdentity(str, this.identityMappings);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getReferencedUserValue(DirContextOperations dirContextOperations) {
        String str;
        if (StringUtils.isBlank(this.groupMemberReferencedUserAttribute)) {
            str = dirContextOperations.getDn().toString();
        } else {
            Attribute attribute = dirContextOperations.getAttributes().get(this.groupMemberReferencedUserAttribute);
            if (attribute == null) {
                throw new AuthorizationAccessException("Referenced user value attribute [" + this.groupMemberReferencedUserAttribute + "] does not exist.");
            }
            try {
                str = (String) attribute.get();
            } catch (NamingException e) {
                throw new AuthorizationAccessException("Error while retrieving reference user value attribute [" + this.groupMemberReferencedUserAttribute + "].");
            }
        }
        return this.groupMembershipEnforceCaseSensitivity ? str : str.toLowerCase();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getGroupName(DirContextOperations dirContextOperations) {
        String str;
        if (this.useDnForGroupName) {
            str = dirContextOperations.getDn().toString();
        } else {
            Attribute attribute = dirContextOperations.getAttributes().get(this.groupNameAttribute);
            if (attribute == null) {
                throw new AuthorizationAccessException("Group identity attribute [" + this.groupNameAttribute + "] does not exist.");
            }
            try {
                str = (String) attribute.get();
            } catch (NamingException e) {
                throw new AuthorizationAccessException("Error while retrieving group name attribute [" + this.groupNameAttribute + "].");
            }
        }
        return IdentityMappingUtil.mapIdentity(str, this.groupMappings);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getReferencedGroupValue(DirContextOperations dirContextOperations) {
        String str;
        if (StringUtils.isBlank(this.userGroupReferencedGroupAttribute)) {
            str = dirContextOperations.getDn().toString();
        } else {
            Attribute attribute = dirContextOperations.getAttributes().get(this.userGroupReferencedGroupAttribute);
            if (attribute == null) {
                throw new AuthorizationAccessException("Referenced group value attribute [" + this.userGroupReferencedGroupAttribute + "] does not exist.");
            }
            try {
                str = (String) attribute.get();
            } catch (NamingException e) {
                throw new AuthorizationAccessException("Error while retrieving referenced group value attribute [" + this.userGroupReferencedGroupAttribute + "].");
            }
        }
        return this.groupMembershipEnforceCaseSensitivity ? str : str.toLowerCase();
    }

    @AuthorizerContext
    public void setNiFiProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    public final void preDestruction() throws ProviderDestructionException {
        this.ldapSync.shutdown();
        try {
            if (!this.ldapSync.awaitTermination(MINIMUM_SYNC_INTERVAL_MILLISECONDS, TimeUnit.MILLISECONDS)) {
                logger.info("Failed to stop ldap sync thread in 10 sec. Terminating");
                this.ldapSync.shutdownNow();
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }

    private void setTimeout(AuthorizerConfigurationContext authorizerConfigurationContext, Map<String, Object> map, String str, String str2) {
        PropertyValue property = authorizerConfigurationContext.getProperty(str);
        if (property.isSet()) {
            try {
                map.put(str2, Long.valueOf(FormatUtils.getTimeDuration(property.getValue(), TimeUnit.MILLISECONDS)).toString());
            } catch (IllegalArgumentException e) {
                throw new AuthorizerCreationException(String.format("The %s '%s' is not a valid time duration", str, property));
            }
        }
    }

    private SSLContext getConfiguredSslContext(AuthorizerConfigurationContext authorizerConfigurationContext) {
        try {
            return SslContextFactory.createSslContext(new StandardTlsConfiguration(authorizerConfigurationContext.getProperty("TLS - Keystore").getValue(), authorizerConfigurationContext.getProperty("TLS - Keystore Password").getValue(), (String) null, authorizerConfigurationContext.getProperty("TLS - Keystore Type").getValue(), authorizerConfigurationContext.getProperty("TLS - Truststore").getValue(), authorizerConfigurationContext.getProperty("TLS - Truststore Password").getValue(), authorizerConfigurationContext.getProperty("TLS - Truststore Type").getValue(), authorizerConfigurationContext.getProperty("TLS - Protocol").getValue()));
        } catch (TlsException e) {
            logger.error("Encountered an error configuring TLS for LDAP user group provider: {}", e.getLocalizedMessage());
            throw new ProviderCreationException("Error configuring TLS for LDAP user group provider", e);
        }
    }
}
