package org.apache.nifi.web.api;

import com.sun.jersey.api.core.ResourceContext;
import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
import java.net.URI;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.BiFunction;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.AuthorizationRequest;
import org.apache.nifi.authorization.AuthorizationResult;
import org.apache.nifi.authorization.AuthorizeControllerServiceReference;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.ComponentAuthorizable;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.UserContextKeys;
import org.apache.nifi.authorization.resource.ResourceFactory;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.controller.FlowController;
import org.apache.nifi.web.IllegalClusterResourceRequestException;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.Revision;
import org.apache.nifi.web.api.dto.BulletinDTO;
import org.apache.nifi.web.api.dto.ClusterDTO;
import org.apache.nifi.web.api.dto.ControllerServiceDTO;
import org.apache.nifi.web.api.dto.NodeDTO;
import org.apache.nifi.web.api.dto.ReportingTaskDTO;
import org.apache.nifi.web.api.entity.BulletinEntity;
import org.apache.nifi.web.api.entity.ClusterEntity;
import org.apache.nifi.web.api.entity.ComponentEntity;
import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
import org.apache.nifi.web.api.entity.ControllerServiceEntity;
import org.apache.nifi.web.api.entity.Entity;
import org.apache.nifi.web.api.entity.HistoryEntity;
import org.apache.nifi.web.api.entity.NodeEntity;
import org.apache.nifi.web.api.entity.ReportingTaskEntity;
import org.apache.nifi.web.api.request.DateTimeParameter;

@Path("/controller")
@Api(value = "/controller", description = "Provides realtime command and control of this NiFi instance")
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/ControllerResource.class */
public class ControllerResource extends ApplicationResource {
    private NiFiServiceFacade serviceFacade;
    private Authorizer authorizer;
    private ReportingTaskResource reportingTaskResource;
    private ControllerServiceResource controllerServiceResource;

    @Context
    private ResourceContext resourceContext;

    /* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/ControllerResource$EndDateEntity.class */
    private class EndDateEntity extends Entity {
        final Date endDate;

        public EndDateEntity(Date date) {
            this.endDate = date;
        }

        public Date getEndDate() {
            return this.endDate;
        }
    }

    private void authorizeController(RequestAction requestAction) {
        HashMap hashMap;
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        if (StringUtils.isBlank(niFiUser.getClientAddress())) {
            hashMap = null;
        } else {
            hashMap = new HashMap();
            hashMap.put(UserContextKeys.CLIENT_ADDRESS.name(), niFiUser.getClientAddress());
        }
        AuthorizationResult authorize = this.authorizer.authorize(new AuthorizationRequest.Builder().resource(ResourceFactory.getControllerResource()).identity(niFiUser.getIdentity()).anonymous(Boolean.valueOf(niFiUser.isAnonymous())).accessAttempt(true).action(requestAction).userContext(hashMap).explanationSupplier(() -> {
            StringBuilder sb = new StringBuilder("Unable to ");
            if (RequestAction.READ.equals(requestAction)) {
                sb.append("view ");
            } else {
                sb.append("modify ");
            }
            sb.append("the controller.");
            return sb.toString();
        }).build());
        if (!AuthorizationResult.Result.Approved.equals(authorize.getResult())) {
            throw new AccessDeniedException(authorize.getExplanation());
        }
    }

    @GET
    @Path("config")
    @Consumes({"*/*"})
    @ApiOperation(value = "Retrieves the configuration for this NiFi Controller", response = ControllerConfigurationEntity.class, authorizations = {@Authorization(value = "Read - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    public Response getControllerConfig() {
        authorizeController(RequestAction.READ);
        return isReplicateRequest() ? replicate("GET") : clusterContext(generateOkResponse(this.serviceFacade.getControllerConfiguration())).build();
    }

    @Path("config")
    @Consumes({"application/json"})
    @ApiOperation(value = "Retrieves the configuration for this NiFi", response = ControllerConfigurationEntity.class, authorizations = {@Authorization(value = "Write - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    @PUT
    public Response updateControllerConfig(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The controller configuration.", required = true) ControllerConfigurationEntity controllerConfigurationEntity) {
        if (controllerConfigurationEntity == null || controllerConfigurationEntity.getComponent() == null) {
            throw new IllegalArgumentException("Controller configuration must be specified");
        }
        if (controllerConfigurationEntity.getRevision() == null) {
            throw new IllegalArgumentException("Revision must be specified.");
        }
        if (isReplicateRequest()) {
            return replicate("PUT", controllerConfigurationEntity);
        }
        return withWriteLock(this.serviceFacade, (NiFiServiceFacade) controllerConfigurationEntity, getRevision(controllerConfigurationEntity.getRevision(), FlowController.class.getSimpleName()), authorizableLookup -> {
            authorizeController(RequestAction.WRITE);
        }, (Runnable) null, (BiFunction<Revision, NiFiServiceFacade, Response>) (revision, controllerConfigurationEntity2) -> {
            return clusterContext(generateOkResponse(this.serviceFacade.updateControllerConfiguration(revision, controllerConfigurationEntity2.getComponent()))).build();
        });
    }

    @Path("reporting-tasks")
    @Consumes({"application/json"})
    @ApiOperation(value = "Creates a new reporting task", response = ReportingTaskEntity.class, authorizations = {@Authorization(value = "Write - /controller", type = ""), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = ""), @Authorization(value = "Write - if the Reporting Task is restricted - /restricted-components", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @POST
    @Produces({"application/json"})
    public Response createReportingTask(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The reporting task configuration details.", required = true) ReportingTaskEntity reportingTaskEntity) {
        if (reportingTaskEntity == null || reportingTaskEntity.getComponent() == null) {
            throw new IllegalArgumentException("Reporting task details must be specified.");
        }
        if (reportingTaskEntity.getRevision() == null || reportingTaskEntity.getRevision().getVersion() == null || reportingTaskEntity.getRevision().getVersion().longValue() != 0) {
            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Reporting task.");
        }
        ReportingTaskDTO component = reportingTaskEntity.getComponent();
        if (component.getId() != null) {
            throw new IllegalArgumentException("Reporting task ID cannot be specified.");
        }
        if (StringUtils.isBlank(component.getType())) {
            throw new IllegalArgumentException("The type of reporting task to create must be specified.");
        }
        return isReplicateRequest() ? replicate("POST", reportingTaskEntity) : withWriteLock(this.serviceFacade, reportingTaskEntity, authorizableLookup -> {
            authorizeController(RequestAction.WRITE);
            ComponentAuthorizable componentAuthorizable = null;
            try {
                componentAuthorizable = authorizableLookup.getConfigurableComponent(component.getType(), component.getBundle());
                if (componentAuthorizable.isRestricted()) {
                    authorizableLookup.getRestrictedComponents().authorize(this.authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
                }
                if (component.getProperties() != null) {
                    AuthorizeControllerServiceReference.authorizeControllerServiceReferences((Map<String, String>) component.getProperties(), componentAuthorizable, this.authorizer, authorizableLookup);
                }
                if (componentAuthorizable != null) {
                    componentAuthorizable.cleanUpResources();
                }
            } catch (Throwable th) {
                if (componentAuthorizable != null) {
                    componentAuthorizable.cleanUpResources();
                }
                throw th;
            }
        }, () -> {
            this.serviceFacade.verifyCreateReportingTask(component);
        }, reportingTaskEntity2 -> {
            ReportingTaskDTO component2 = reportingTaskEntity2.getComponent();
            component2.setId(generateUuid());
            ReportingTaskEntity createReportingTask = this.serviceFacade.createReportingTask(getRevision((ComponentEntity) reportingTaskEntity2, component2.getId()), component2);
            this.reportingTaskResource.populateRemainingReportingTaskEntityContent(createReportingTask);
            return clusterContext(generateCreatedResponse(URI.create(createReportingTask.getUri()), createReportingTask)).build();
        });
    }

    @Path("bulletin")
    @Consumes({"application/json"})
    @ApiOperation(value = "Creates a new bulletin", response = BulletinEntity.class, authorizations = {@Authorization(value = "Write - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @POST
    @Produces({"application/json"})
    public Response createBulletin(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The reporting task configuration details.", required = true) BulletinEntity bulletinEntity) {
        if (bulletinEntity == null || bulletinEntity.getBulletin() == null) {
            throw new IllegalArgumentException("Bulletin details must be specified.");
        }
        BulletinDTO bulletin = bulletinEntity.getBulletin();
        if (bulletin.getId() != null) {
            throw new IllegalArgumentException("A bulletin ID cannot be specified.");
        }
        if (StringUtils.isBlank(bulletin.getMessage())) {
            throw new IllegalArgumentException("The bulletin message must be specified.");
        }
        return isReplicateRequest() ? replicate("POST", bulletinEntity) : withWriteLock(this.serviceFacade, bulletinEntity, authorizableLookup -> {
            authorizeController(RequestAction.WRITE);
        }, null, bulletinEntity2 -> {
            return generateOkResponse(this.serviceFacade.createBulletin(bulletinEntity2.getBulletin(), true)).build();
        });
    }

    @Path("controller-services")
    @Consumes({"application/json"})
    @ApiOperation(value = "Creates a new controller service", response = ControllerServiceEntity.class, authorizations = {@Authorization(value = "Write - /controller", type = ""), @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = ""), @Authorization(value = "Write - if the Controller Service is restricted - /restricted-components", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @POST
    @Produces({"application/json"})
    public Response createControllerService(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The controller service configuration details.", required = true) ControllerServiceEntity controllerServiceEntity) {
        if (controllerServiceEntity == null || controllerServiceEntity.getComponent() == null) {
            throw new IllegalArgumentException("Controller service details must be specified.");
        }
        if (controllerServiceEntity.getRevision() == null || controllerServiceEntity.getRevision().getVersion() == null || controllerServiceEntity.getRevision().getVersion().longValue() != 0) {
            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Controller service.");
        }
        ControllerServiceDTO component = controllerServiceEntity.getComponent();
        if (component.getId() != null) {
            throw new IllegalArgumentException("Controller service ID cannot be specified.");
        }
        if (component.getParentGroupId() != null) {
            throw new IllegalArgumentException("Parent process group ID cannot be specified.");
        }
        if (StringUtils.isBlank(component.getType())) {
            throw new IllegalArgumentException("The type of controller service to create must be specified.");
        }
        return isReplicateRequest() ? replicate("POST", controllerServiceEntity) : withWriteLock(this.serviceFacade, controllerServiceEntity, authorizableLookup -> {
            authorizeController(RequestAction.WRITE);
            ComponentAuthorizable componentAuthorizable = null;
            try {
                componentAuthorizable = authorizableLookup.getConfigurableComponent(component.getType(), component.getBundle());
                if (componentAuthorizable.isRestricted()) {
                    authorizableLookup.getRestrictedComponents().authorize(this.authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
                }
                if (component.getProperties() != null) {
                    AuthorizeControllerServiceReference.authorizeControllerServiceReferences((Map<String, String>) component.getProperties(), componentAuthorizable, this.authorizer, authorizableLookup);
                }
                if (componentAuthorizable != null) {
                    componentAuthorizable.cleanUpResources();
                }
            } catch (Throwable th) {
                if (componentAuthorizable != null) {
                    componentAuthorizable.cleanUpResources();
                }
                throw th;
            }
        }, () -> {
            this.serviceFacade.verifyCreateControllerService(component);
        }, controllerServiceEntity2 -> {
            ControllerServiceDTO component2 = controllerServiceEntity2.getComponent();
            component2.setId(generateUuid());
            ControllerServiceEntity createControllerService = this.serviceFacade.createControllerService(getRevision((ComponentEntity) controllerServiceEntity2, component2.getId()), null, component2);
            this.controllerServiceResource.populateRemainingControllerServiceEntityContent(createControllerService);
            return clusterContext(generateCreatedResponse(URI.create(createControllerService.getUri()), createControllerService)).build();
        });
    }

    @GET
    @Path("cluster")
    @Consumes({"*/*"})
    @ApiOperation(value = "Gets the contents of the cluster", notes = "Returns the contents of the cluster including all nodes and their status.", response = ClusterEntity.class, authorizations = {@Authorization(value = "Read - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    public Response getCluster() {
        authorizeController(RequestAction.READ);
        if (!isConnectedToCluster()) {
            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
        }
        if (isReplicateRequest()) {
            return replicate("GET", getClusterCoordinatorNode());
        }
        ClusterDTO cluster = this.serviceFacade.getCluster();
        ClusterEntity clusterEntity = new ClusterEntity();
        clusterEntity.setCluster(cluster);
        return generateOkResponse(clusterEntity).build();
    }

    @GET
    @Path("cluster/nodes/{id}")
    @Consumes({"*/*"})
    @ApiOperation(value = "Gets a node in the cluster", response = NodeEntity.class, authorizations = {@Authorization(value = "Read - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    public Response getNode(@PathParam("id") @ApiParam(value = "The node id.", required = true) String str) {
        authorizeController(RequestAction.READ);
        if (!isConnectedToCluster()) {
            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
        }
        if (isReplicateRequest()) {
            return replicate("GET", getClusterCoordinatorNode());
        }
        NodeDTO node = this.serviceFacade.getNode(str);
        NodeEntity nodeEntity = new NodeEntity();
        nodeEntity.setNode(node);
        return generateOkResponse(nodeEntity).build();
    }

    @Path("cluster/nodes/{id}")
    @Consumes({"application/json"})
    @ApiOperation(value = "Updates a node in the cluster", response = NodeEntity.class, authorizations = {@Authorization(value = "Write - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    @PUT
    public Response updateNode(@PathParam("id") @ApiParam(value = "The node id.", required = true) String str, @ApiParam(value = "The node configuration. The only configuration that will be honored at this endpoint is the status.", required = true) NodeEntity nodeEntity) {
        authorizeController(RequestAction.WRITE);
        if (!isConnectedToCluster()) {
            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
        }
        if (nodeEntity == null || nodeEntity.getNode() == null) {
            throw new IllegalArgumentException("Node details must be specified.");
        }
        NodeDTO node = nodeEntity.getNode();
        if (!str.equals(node.getNodeId())) {
            throw new IllegalArgumentException(String.format("The node id (%s) in the request body does not equal the node id of the requested resource (%s).", node.getNodeId(), str));
        }
        if (isReplicateRequest()) {
            return replicateToCoordinator("PUT", nodeEntity);
        }
        NodeDTO updateNode = this.serviceFacade.updateNode(node);
        NodeEntity nodeEntity2 = new NodeEntity();
        nodeEntity2.setNode(updateNode);
        return generateOkResponse(nodeEntity2).build();
    }

    @Path("cluster/nodes/{id}")
    @Consumes({"*/*"})
    @DELETE
    @ApiOperation(value = "Removes a node from the cluster", response = NodeEntity.class, authorizations = {@Authorization(value = "Write - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    public Response deleteNode(@PathParam("id") @ApiParam(value = "The node id.", required = true) String str) {
        authorizeController(RequestAction.WRITE);
        if (!isConnectedToCluster()) {
            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
        }
        if (isReplicateRequest()) {
            return replicateToCoordinator("DELETE", getRequestParameters());
        }
        this.serviceFacade.deleteNode(str);
        return generateOkResponse(new NodeEntity()).build();
    }

    @Path("history")
    @Consumes({"*/*"})
    @DELETE
    @ApiOperation(value = "Purges history", response = HistoryEntity.class, authorizations = {@Authorization(value = "Write - /controller", type = "")})
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Produces({"application/json"})
    public Response deleteHistory(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "Purge actions before this date/time.", required = true) @QueryParam("endDate") DateTimeParameter dateTimeParameter) {
        if (dateTimeParameter == null) {
            throw new IllegalArgumentException("The end date must be specified.");
        }
        return withWriteLock(this.serviceFacade, new EndDateEntity(dateTimeParameter.getDateTime()), authorizableLookup -> {
            authorizeController(RequestAction.WRITE);
        }, null, endDateEntity -> {
            this.serviceFacade.deleteActions(endDateEntity.getEndDate());
            return generateOkResponse(new HistoryEntity()).build();
        });
    }

    public void setServiceFacade(NiFiServiceFacade niFiServiceFacade) {
        this.serviceFacade = niFiServiceFacade;
    }

    public void setReportingTaskResource(ReportingTaskResource reportingTaskResource) {
        this.reportingTaskResource = reportingTaskResource;
    }

    public void setControllerServiceResource(ControllerServiceResource controllerServiceResource) {
        this.controllerServiceResource = controllerServiceResource;
    }

    public void setAuthorizer(Authorizer authorizer) {
        this.authorizer = authorizer;
    }
}
