package org.apache.nifi.registry.security.authentication;

import java.io.File;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.registry.extension.ExtensionManager;
import org.apache.nifi.registry.properties.NiFiRegistryProperties;
import org.apache.nifi.registry.properties.SensitivePropertyProtectionException;
import org.apache.nifi.registry.properties.SensitivePropertyProvider;
import org.apache.nifi.registry.security.authentication.annotation.IdentityProviderContext;
import org.apache.nifi.registry.security.authentication.generated.IdentityProviders;
import org.apache.nifi.registry.security.authentication.generated.Property;
import org.apache.nifi.registry.security.authentication.generated.Provider;
import org.apache.nifi.registry.security.util.XmlUtils;
import org.codehaus.stax2.validation.XMLValidationSchema;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.lang.Nullable;
import org.xml.sax.SAXException;

@Configuration
/* loaded from: input_file:WEB-INF/lib/nifi-registry-framework-0.5.0.jar:org/apache/nifi/registry/security/authentication/IdentityProviderFactory.class */
public class IdentityProviderFactory implements IdentityProviderLookup, DisposableBean {
    private static final String LOGIN_IDENTITY_PROVIDERS_XSD = "/identity-providers.xsd";
    private static final String JAXB_GENERATED_PATH = "org.apache.nifi.registry.security.authentication.generated";
    private NiFiRegistryProperties properties;
    private ExtensionManager extensionManager;
    private SensitivePropertyProvider sensitivePropertyProvider;
    private IdentityProvider identityProvider;
    private final Map<String, IdentityProvider> identityProviders = new HashMap();
    private static final Logger logger = LoggerFactory.getLogger(IdentityProviderFactory.class);
    private static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();

    private static JAXBContext initializeJaxbContext() {
        try {
            return JAXBContext.newInstance(JAXB_GENERATED_PATH, IdentityProviderFactory.class.getClassLoader());
        } catch (JAXBException e) {
            throw new RuntimeException("Unable to create JAXBContext.");
        }
    }

    @Autowired
    public IdentityProviderFactory(NiFiRegistryProperties niFiRegistryProperties, ExtensionManager extensionManager, @Nullable SensitivePropertyProvider sensitivePropertyProvider) {
        this.properties = niFiRegistryProperties;
        this.extensionManager = extensionManager;
        this.sensitivePropertyProvider = sensitivePropertyProvider;
        if (this.properties == null) {
            throw new IllegalStateException("NiFiRegistryProperties cannot be null");
        }
        if (this.extensionManager == null) {
            throw new IllegalStateException("ExtensionManager cannot be null");
        }
    }

    public IdentityProvider getIdentityProvider(String str) {
        return this.identityProviders.get(str);
    }

    @Bean
    @Primary
    public IdentityProvider getIdentityProvider() throws Exception {
        if (this.identityProvider == null) {
            String property = this.properties.getProperty("nifi.registry.security.identity.provider");
            if (StringUtils.isNotBlank(property)) {
                IdentityProviders loadLoginIdentityProvidersConfiguration = loadLoginIdentityProvidersConfiguration();
                for (Provider provider : loadLoginIdentityProvidersConfiguration.getProvider()) {
                    this.identityProviders.put(provider.getIdentifier(), createLoginIdentityProvider(provider.getIdentifier(), provider.getClazz()));
                }
                for (Provider provider2 : loadLoginIdentityProvidersConfiguration.getProvider()) {
                    this.identityProviders.get(provider2.getIdentifier()).onConfigured(loadLoginIdentityProviderConfiguration(provider2));
                }
                this.identityProvider = getIdentityProvider(property);
                if (this.identityProvider == null) {
                    throw new Exception(String.format("The specified login identity provider '%s' could not be found.", property));
                }
            }
        }
        return this.identityProvider;
    }

    @Override // org.springframework.beans.factory.DisposableBean
    public void destroy() throws Exception {
        if (this.identityProviders != null) {
            this.identityProviders.entrySet().stream().forEach(entry -> {
                ((IdentityProvider) entry.getValue()).preDestruction();
            });
        }
    }

    private IdentityProviders loadLoginIdentityProvidersConfiguration() throws Exception {
        File identityProviderConfigurationFile = this.properties.getIdentityProviderConfigurationFile();
        if (!identityProviderConfigurationFile.exists()) {
            throw new Exception("Unable to find the login identity provider configuration file at " + identityProviderConfigurationFile.getAbsolutePath());
        }
        try {
            Schema newSchema = SchemaFactory.newInstance(XMLValidationSchema.SCHEMA_ID_W3C_SCHEMA).newSchema(IdentityProviders.class.getResource(LOGIN_IDENTITY_PROVIDERS_XSD));
            XMLStreamReader createSafeReader = XmlUtils.createSafeReader(new StreamSource(identityProviderConfigurationFile));
            Unmarshaller createUnmarshaller = JAXB_CONTEXT.createUnmarshaller();
            createUnmarshaller.setSchema(newSchema);
            return (IdentityProviders) createUnmarshaller.unmarshal(createSafeReader, IdentityProviders.class).getValue();
        } catch (JAXBException | SAXException e) {
            throw new Exception("Unable to load the login identity provider configuration file at: " + identityProviderConfigurationFile.getAbsolutePath());
        }
    }

    private IdentityProvider createLoginIdentityProvider(String str, String str2) throws Exception {
        ClassLoader extensionClassLoader = this.extensionManager.getExtensionClassLoader(str2);
        if (extensionClassLoader == null) {
            throw new IllegalStateException("Extension not found in any of the configured class loaders: " + str2);
        }
        Class asSubclass = Class.forName(str2, true, extensionClassLoader).asSubclass(IdentityProvider.class);
        IdentityProvider identityProvider = (IdentityProvider) asSubclass.getConstructor(new Class[0]).newInstance(new Object[0]);
        performMethodInjection(identityProvider, asSubclass);
        performFieldInjection(identityProvider, asSubclass);
        return identityProvider;
    }

    private IdentityProviderConfigurationContext loadLoginIdentityProviderConfiguration(Provider provider) {
        HashMap hashMap = new HashMap();
        for (Property property : provider.getProperty()) {
            if (StringUtils.isBlank(property.getEncryption())) {
                hashMap.put(property.getName(), property.getValue());
            } else {
                hashMap.put(property.getName(), decryptValue(property.getValue(), property.getEncryption()));
            }
        }
        return new StandardIdentityProviderConfigurationContext(provider.getIdentifier(), this, hashMap);
    }

    private void performMethodInjection(IdentityProvider identityProvider, Class cls) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        Method[] methods = cls.getMethods();
        int length = methods.length;
        for (int i = 0; i < length; i++) {
            Method method = methods[i];
            if (method.isAnnotationPresent(IdentityProviderContext.class)) {
                boolean isAccessible = method.isAccessible();
                method.setAccessible(true);
                try {
                    Class<?>[] parameterTypes = method.getParameterTypes();
                    if (parameterTypes.length == 1 && NiFiRegistryProperties.class.isAssignableFrom(parameterTypes[0])) {
                        method.invoke(identityProvider, this.properties);
                    }
                } finally {
                    method.setAccessible(isAccessible);
                }
            }
        }
        Class superclass = cls.getSuperclass();
        if (superclass == null || !IdentityProvider.class.isAssignableFrom(superclass)) {
            return;
        }
        performMethodInjection(identityProvider, superclass);
    }

    private void performFieldInjection(IdentityProvider identityProvider, Class cls) throws IllegalArgumentException, IllegalAccessException {
        Field[] declaredFields = cls.getDeclaredFields();
        int length = declaredFields.length;
        for (int i = 0; i < length; i++) {
            Field field = declaredFields[i];
            if (field.isAnnotationPresent(IdentityProviderContext.class)) {
                boolean isAccessible = field.isAccessible();
                field.setAccessible(true);
                try {
                    Class<?> type = field.getType();
                    if (field.get(identityProvider) == null && NiFiRegistryProperties.class.isAssignableFrom(type)) {
                        field.set(identityProvider, this.properties);
                    }
                } finally {
                    field.setAccessible(isAccessible);
                }
            }
        }
        Class superclass = cls.getSuperclass();
        if (superclass == null || !IdentityProvider.class.isAssignableFrom(superclass)) {
            return;
        }
        performFieldInjection(identityProvider, superclass);
    }

    private String decryptValue(String str, String str2) throws SensitivePropertyProtectionException {
        if (this.sensitivePropertyProvider == null) {
            throw new SensitivePropertyProtectionException("Sensitive Property Provider dependency was never wired, so protected properties cannot be decrypted. This usually indicates that a master key for this NiFi Registry was not detected and configured during the bootstrap startup sequence. Contact the system administrator.");
        }
        if (this.sensitivePropertyProvider.getIdentifierKey().equalsIgnoreCase(str2)) {
            return this.sensitivePropertyProvider.unprotect(str);
        }
        throw new SensitivePropertyProtectionException("Identity Provider configuration XML was protected using " + str2 + ", but the configured Sensitive Property Provider supports " + this.sensitivePropertyProvider.getIdentifierKey() + ". Cannot configure this Identity Provider due to failing to decrypt protected configuration properties.");
    }
}
