package org.apache.nifi.registry.security.authorization.file;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.registry.properties.NiFiRegistryProperties;
import org.apache.nifi.registry.properties.util.IdentityMapping;
import org.apache.nifi.registry.properties.util.IdentityMappingUtil;
import org.apache.nifi.registry.security.authorization.AccessPolicy;
import org.apache.nifi.registry.security.authorization.AccessPolicyProviderInitializationContext;
import org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext;
import org.apache.nifi.registry.security.authorization.ConfigurableAccessPolicyProvider;
import org.apache.nifi.registry.security.authorization.RequestAction;
import org.apache.nifi.registry.security.authorization.User;
import org.apache.nifi.registry.security.authorization.UserGroupProvider;
import org.apache.nifi.registry.security.authorization.UserGroupProviderLookup;
import org.apache.nifi.registry.security.authorization.annotation.AuthorizerContext;
import org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.registry.security.authorization.exception.UninheritableAuthorizationsException;
import org.apache.nifi.registry.security.authorization.file.generated.Authorizations;
import org.apache.nifi.registry.security.authorization.file.generated.Policies;
import org.apache.nifi.registry.security.authorization.file.generated.Policy;
import org.apache.nifi.registry.security.exception.SecurityProviderCreationException;
import org.apache.nifi.registry.security.exception.SecurityProviderDestructionException;
import org.apache.nifi.registry.util.PropertyValue;
import org.codehaus.stax2.validation.XMLValidationSchema;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/nifi-registry-framework-0.5.0.jar:org/apache/nifi/registry/security/authorization/file/FileAccessPolicyProvider.class */
public class FileAccessPolicyProvider implements ConfigurableAccessPolicyProvider {
    private static final String AUTHORIZATIONS_XSD = "/authorizations.xsd";
    private static final String POLICY_ELEMENT = "policy";
    private static final String POLICY_USER_ELEMENT = "policyUser";
    private static final String POLICY_GROUP_ELEMENT = "policyGroup";
    private static final String IDENTIFIER_ATTR = "identifier";
    private static final String RESOURCE_ATTR = "resource";
    private static final String ACTIONS_ATTR = "actions";
    static final String PROP_NIFI_IDENTITY_PREFIX = "NiFi Identity ";
    static final String PROP_USER_GROUP_PROVIDER = "User Group Provider";
    static final String PROP_AUTHORIZATIONS_FILE = "Authorizations File";
    static final String PROP_INITIAL_ADMIN_IDENTITY = "Initial Admin Identity";
    private Schema authorizationsSchema;
    private NiFiRegistryProperties properties;
    private File authorizationsFile;
    private String initialAdminIdentity;
    private Set<String> nifiIdentities;
    private List<IdentityMapping> identityMappings;
    private UserGroupProvider userGroupProvider;
    private UserGroupProviderLookup userGroupProviderLookup;
    private final AtomicReference<AuthorizationsHolder> authorizationsHolder = new AtomicReference<>();
    private static final Logger logger = LoggerFactory.getLogger(FileAccessPolicyProvider.class);
    private static final String JAXB_AUTHORIZATIONS_PATH = "org.apache.nifi.registry.security.authorization.file.generated";
    private static final JAXBContext JAXB_AUTHORIZATIONS_CONTEXT = initializeJaxbContext(JAXB_AUTHORIZATIONS_PATH);
    private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
    private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newInstance();
    static final String READ_CODE = "R";
    static final String WRITE_CODE = "W";
    static final String DELETE_CODE = "D";
    private static final ResourceActionPair[] INITIAL_ADMIN_ACCESS_POLICIES = {new ResourceActionPair("/tenants", READ_CODE), new ResourceActionPair("/tenants", WRITE_CODE), new ResourceActionPair("/tenants", DELETE_CODE), new ResourceActionPair("/policies", READ_CODE), new ResourceActionPair("/policies", WRITE_CODE), new ResourceActionPair("/policies", DELETE_CODE), new ResourceActionPair("/buckets", READ_CODE), new ResourceActionPair("/buckets", WRITE_CODE), new ResourceActionPair("/buckets", DELETE_CODE), new ResourceActionPair("/actuator", READ_CODE), new ResourceActionPair("/actuator", WRITE_CODE), new ResourceActionPair("/actuator", DELETE_CODE), new ResourceActionPair("/swagger", READ_CODE), new ResourceActionPair("/swagger", WRITE_CODE), new ResourceActionPair("/swagger", DELETE_CODE), new ResourceActionPair("/proxy", READ_CODE), new ResourceActionPair("/proxy", WRITE_CODE), new ResourceActionPair("/proxy", DELETE_CODE)};
    private static final ResourceActionPair[] NIFI_ACCESS_POLICIES = {new ResourceActionPair("/buckets", READ_CODE), new ResourceActionPair("/proxy", READ_CODE), new ResourceActionPair("/proxy", WRITE_CODE), new ResourceActionPair("/proxy", DELETE_CODE)};
    static final Pattern NIFI_IDENTITY_PATTERN = Pattern.compile("NiFi Identity \\S+");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.nifi.registry.security.authorization.file.FileAccessPolicyProvider$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/nifi-registry-framework-0.5.0.jar:org/apache/nifi/registry/security/authorization/file/FileAccessPolicyProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$nifi$registry$security$authorization$RequestAction = new int[RequestAction.values().length];

        static {
            try {
                $SwitchMap$org$apache$nifi$registry$security$authorization$RequestAction[RequestAction.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$nifi$registry$security$authorization$RequestAction[RequestAction.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$nifi$registry$security$authorization$RequestAction[RequestAction.DELETE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/nifi-registry-framework-0.5.0.jar:org/apache/nifi/registry/security/authorization/file/FileAccessPolicyProvider$ResourceActionPair.class */
    public static class ResourceActionPair {
        public String resource;
        public String actionCode;

        public ResourceActionPair(String str, String str2) {
            this.resource = str;
            this.actionCode = str2;
        }
    }

    private static JAXBContext initializeJaxbContext(String str) {
        try {
            return JAXBContext.newInstance(str, FileAuthorizer.class.getClassLoader());
        } catch (JAXBException e) {
            throw new RuntimeException("Unable to create JAXBContext.");
        }
    }

    public void initialize(AccessPolicyProviderInitializationContext accessPolicyProviderInitializationContext) throws SecurityProviderCreationException {
        this.userGroupProviderLookup = accessPolicyProviderInitializationContext.getUserGroupProviderLookup();
        try {
            this.authorizationsSchema = SchemaFactory.newInstance(XMLValidationSchema.SCHEMA_ID_W3C_SCHEMA).newSchema(FileAuthorizer.class.getResource(AUTHORIZATIONS_XSD));
        } catch (Exception e) {
            throw new SecurityProviderCreationException(e);
        }
    }

    public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws SecurityProviderCreationException {
        try {
            PropertyValue property = authorizerConfigurationContext.getProperty(PROP_USER_GROUP_PROVIDER);
            if (!property.isSet()) {
                throw new SecurityProviderCreationException("The user group provider must be specified.");
            }
            this.userGroupProvider = this.userGroupProviderLookup.getUserGroupProvider(property.getValue());
            if (this.userGroupProvider == null) {
                throw new SecurityProviderCreationException("Unable to locate user group provider with identifier " + property.getValue());
            }
            PropertyValue property2 = authorizerConfigurationContext.getProperty(PROP_AUTHORIZATIONS_FILE);
            if (StringUtils.isBlank(property2.getValue())) {
                throw new SecurityProviderCreationException("The authorizations file must be specified.");
            }
            this.authorizationsFile = new File(property2.getValue());
            if (!this.authorizationsFile.exists()) {
                logger.info("Creating new authorizations file at {}", new Object[]{this.authorizationsFile.getAbsolutePath()});
                saveAuthorizations(new Authorizations());
            }
            this.identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(this.properties));
            PropertyValue property3 = authorizerConfigurationContext.getProperty(PROP_INITIAL_ADMIN_IDENTITY);
            this.initialAdminIdentity = property3.isSet() ? IdentityMappingUtil.mapIdentity(property3.getValue(), this.identityMappings) : null;
            this.nifiIdentities = new HashSet();
            for (Map.Entry entry : authorizerConfigurationContext.getProperties().entrySet()) {
                if (NIFI_IDENTITY_PATTERN.matcher((CharSequence) entry.getKey()).matches() && !StringUtils.isBlank((CharSequence) entry.getValue())) {
                    this.nifiIdentities.add(IdentityMappingUtil.mapIdentity((String) entry.getValue(), this.identityMappings));
                }
            }
            load();
            logger.info(String.format("Authorizations file loaded at %s", new Date().toString()));
        } catch (SecurityProviderCreationException | IllegalStateException | JAXBException | SAXException e) {
            throw new SecurityProviderCreationException(e);
        }
    }

    public UserGroupProvider getUserGroupProvider() {
        return this.userGroupProvider;
    }

    public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
        return this.authorizationsHolder.get().getAllPolicies();
    }

    public synchronized AccessPolicy addAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
        if (accessPolicy == null) {
            throw new IllegalArgumentException("AccessPolicy cannot be null");
        }
        Policy createJAXBPolicy = createJAXBPolicy(accessPolicy);
        Authorizations authorizations = this.authorizationsHolder.get().getAuthorizations();
        authorizations.getPolicies().getPolicy().add(createJAXBPolicy);
        saveAndRefreshHolder(authorizations);
        return this.authorizationsHolder.get().getPoliciesById().get(accessPolicy.getIdentifier());
    }

    public AccessPolicy getAccessPolicy(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.authorizationsHolder.get().getPoliciesById().get(str);
    }

    public AccessPolicy getAccessPolicy(String str, RequestAction requestAction) throws AuthorizationAccessException {
        return this.authorizationsHolder.get().getAccessPolicy(str, requestAction);
    }

    public synchronized AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
        if (accessPolicy == null) {
            throw new IllegalArgumentException("AccessPolicy cannot be null");
        }
        Authorizations authorizations = this.authorizationsHolder.get().getAuthorizations();
        Policy policy = null;
        Iterator<Policy> it = authorizations.getPolicies().getPolicy().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Policy next = it.next();
            if (next.getIdentifier().equals(accessPolicy.getIdentifier())) {
                policy = next;
                break;
            }
        }
        if (policy == null) {
            return null;
        }
        transferUsersAndGroups(accessPolicy, policy);
        saveAndRefreshHolder(authorizations);
        return this.authorizationsHolder.get().getPoliciesById().get(accessPolicy.getIdentifier());
    }

    public synchronized AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
        if (accessPolicy == null) {
            throw new IllegalArgumentException("AccessPolicy cannot be null");
        }
        return deleteAccessPolicy(accessPolicy.getIdentifier());
    }

    public synchronized AccessPolicy deleteAccessPolicy(String str) throws AuthorizationAccessException {
        if (str == null) {
            throw new IllegalArgumentException("Access policy identifier cannot be null");
        }
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        AccessPolicy accessPolicy = authorizationsHolder.getPoliciesById().get(str);
        if (accessPolicy == null) {
            return null;
        }
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        Iterator<Policy> it = authorizations.getPolicies().getPolicy().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().getIdentifier().equals(str)) {
                it.remove();
                break;
            }
        }
        saveAndRefreshHolder(authorizations);
        return accessPolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationsHolder getAuthorizationsHolder() {
        return this.authorizationsHolder.get();
    }

    @AuthorizerContext
    public void setNiFiProperties(NiFiRegistryProperties niFiRegistryProperties) {
        this.properties = niFiRegistryProperties;
    }

    public synchronized void inheritFingerprint(String str) throws AuthorizationAccessException {
        parsePolicies(str).forEach(accessPolicy -> {
            addAccessPolicy(accessPolicy);
        });
    }

    public void checkInheritability(String str) throws AuthorizationAccessException, UninheritableAuthorizationsException {
        try {
            parsePolicies(str);
            if (!getAccessPolicies().isEmpty()) {
                throw new UninheritableAuthorizationsException("Proposed fingerprint is not inheritable because the current access policies is not empty.");
            }
        } catch (AuthorizationAccessException e) {
            throw new UninheritableAuthorizationsException("Unable to parse the proposed fingerprint: " + e);
        }
    }

    public String getFingerprint() throws AuthorizationAccessException {
        ArrayList arrayList = new ArrayList(getAccessPolicies());
        Collections.sort(arrayList, Comparator.comparing((v0) -> {
            return v0.getIdentifier();
        }));
        XMLStreamWriter xMLStreamWriter = null;
        StringWriter stringWriter = new StringWriter();
        try {
            try {
                xMLStreamWriter = XML_OUTPUT_FACTORY.createXMLStreamWriter(stringWriter);
                xMLStreamWriter.writeStartDocument();
                xMLStreamWriter.writeStartElement("accessPolicies");
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    writePolicy(xMLStreamWriter, (AccessPolicy) it.next());
                }
                xMLStreamWriter.writeEndElement();
                xMLStreamWriter.writeEndDocument();
                xMLStreamWriter.flush();
                if (xMLStreamWriter != null) {
                    try {
                        xMLStreamWriter.close();
                    } catch (XMLStreamException e) {
                    }
                }
                return stringWriter.toString();
            } catch (XMLStreamException e2) {
                throw new AuthorizationAccessException("Unable to generate fingerprint", e2);
            }
        } catch (Throwable th) {
            if (xMLStreamWriter != null) {
                try {
                    xMLStreamWriter.close();
                } catch (XMLStreamException e3) {
                }
            }
            throw th;
        }
    }

    private List<AccessPolicy> parsePolicies(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                NodeList elementsByTagName = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder().parse(byteArrayInputStream).getDocumentElement().getElementsByTagName(POLICY_ELEMENT);
                for (int i = 0; i < elementsByTagName.getLength(); i++) {
                    arrayList.add(parsePolicy((Element) elementsByTagName.item(i)));
                }
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                return arrayList;
            } finally {
            }
        } catch (IOException | ParserConfigurationException | SAXException e) {
            throw new AuthorizationAccessException("Unable to parse fingerprint", e);
        }
    }

    private AccessPolicy parsePolicy(Element element) {
        AccessPolicy.Builder resource = new AccessPolicy.Builder().identifier(element.getAttribute(IDENTIFIER_ATTR)).resource(element.getAttribute("resource"));
        String attribute = element.getAttribute(ACTIONS_ATTR);
        if (attribute.equals(RequestAction.READ.name())) {
            resource.action(RequestAction.READ);
        } else if (attribute.equals(RequestAction.WRITE.name())) {
            resource.action(RequestAction.WRITE);
        } else {
            if (!attribute.equals(RequestAction.DELETE.name())) {
                throw new IllegalStateException("Unknown Policy Action: " + attribute);
            }
            resource.action(RequestAction.DELETE);
        }
        NodeList elementsByTagName = element.getElementsByTagName(POLICY_USER_ELEMENT);
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            resource.addUser(((Element) elementsByTagName.item(i)).getAttribute(IDENTIFIER_ATTR));
        }
        NodeList elementsByTagName2 = element.getElementsByTagName(POLICY_GROUP_ELEMENT);
        for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
            resource.addGroup(((Element) elementsByTagName2.item(i2)).getAttribute(IDENTIFIER_ATTR));
        }
        return resource.build();
    }

    private void writePolicy(XMLStreamWriter xMLStreamWriter, AccessPolicy accessPolicy) throws XMLStreamException {
        ArrayList<String> arrayList = new ArrayList(accessPolicy.getUsers());
        Collections.sort(arrayList);
        ArrayList<String> arrayList2 = new ArrayList(accessPolicy.getGroups());
        Collections.sort(arrayList2);
        xMLStreamWriter.writeStartElement(POLICY_ELEMENT);
        xMLStreamWriter.writeAttribute(IDENTIFIER_ATTR, accessPolicy.getIdentifier());
        xMLStreamWriter.writeAttribute("resource", accessPolicy.getResource());
        xMLStreamWriter.writeAttribute(ACTIONS_ATTR, accessPolicy.getAction().name());
        for (String str : arrayList) {
            xMLStreamWriter.writeStartElement(POLICY_USER_ELEMENT);
            xMLStreamWriter.writeAttribute(IDENTIFIER_ATTR, str);
            xMLStreamWriter.writeEndElement();
        }
        for (String str2 : arrayList2) {
            xMLStreamWriter.writeStartElement(POLICY_GROUP_ELEMENT);
            xMLStreamWriter.writeAttribute(IDENTIFIER_ATTR, str2);
            xMLStreamWriter.writeEndElement();
        }
        xMLStreamWriter.writeEndElement();
    }

    private synchronized void load() throws JAXBException, SAXException {
        Authorizations unmarshallAuthorizations = unmarshallAuthorizations();
        if (unmarshallAuthorizations.getPolicies() == null) {
            unmarshallAuthorizations.setPolicies(new Policies());
        }
        AuthorizationsHolder authorizationsHolder = new AuthorizationsHolder(unmarshallAuthorizations);
        boolean isEmpty = authorizationsHolder.getAllPolicies().isEmpty();
        boolean z = (this.initialAdminIdentity == null || StringUtils.isBlank(this.initialAdminIdentity)) ? false : true;
        boolean z2 = (this.nifiIdentities == null || this.nifiIdentities.isEmpty()) ? false : true;
        if (!isEmpty) {
            this.authorizationsHolder.set(authorizationsHolder);
            return;
        }
        if (z) {
            logger.info("Populating authorizations for Initial Admin: " + this.initialAdminIdentity);
            populateInitialAdmin(unmarshallAuthorizations);
        }
        if (z2) {
            logger.info("Populating proxy authorizations for NiFi clients: [{}]", StringUtils.join(this.nifiIdentities, ";"));
            populateNiFiIdentities(unmarshallAuthorizations);
        }
        saveAndRefreshHolder(unmarshallAuthorizations);
    }

    private void saveAuthorizations(Authorizations authorizations) throws JAXBException {
        Marshaller createMarshaller = JAXB_AUTHORIZATIONS_CONTEXT.createMarshaller();
        createMarshaller.setSchema(this.authorizationsSchema);
        createMarshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
        createMarshaller.marshal(authorizations, this.authorizationsFile);
    }

    private Authorizations unmarshallAuthorizations() throws JAXBException {
        Unmarshaller createUnmarshaller = JAXB_AUTHORIZATIONS_CONTEXT.createUnmarshaller();
        createUnmarshaller.setSchema(this.authorizationsSchema);
        return (Authorizations) createUnmarshaller.unmarshal(new StreamSource(this.authorizationsFile), Authorizations.class).getValue();
    }

    private void populateInitialAdmin(Authorizations authorizations) {
        User userByIdentity = this.userGroupProvider.getUserByIdentity(this.initialAdminIdentity);
        if (userByIdentity == null) {
            throw new SecurityProviderCreationException("Unable to locate initial admin " + this.initialAdminIdentity + " to seed policies");
        }
        for (ResourceActionPair resourceActionPair : INITIAL_ADMIN_ACCESS_POLICIES) {
            addUserToAccessPolicy(authorizations, resourceActionPair.resource, userByIdentity.getIdentifier(), resourceActionPair.actionCode);
        }
    }

    private void populateNiFiIdentities(Authorizations authorizations) {
        for (String str : this.nifiIdentities) {
            User userByIdentity = this.userGroupProvider.getUserByIdentity(str);
            if (userByIdentity == null) {
                throw new SecurityProviderCreationException("Unable to locate node " + str + " to seed policies.");
            }
            for (ResourceActionPair resourceActionPair : NIFI_ACCESS_POLICIES) {
                addUserToAccessPolicy(authorizations, resourceActionPair.resource, userByIdentity.getIdentifier(), resourceActionPair.actionCode);
            }
        }
    }

    private void addUserToAccessPolicy(Authorizations authorizations, String str, String str2, String str3) {
        Policy policy = null;
        Iterator<Policy> it = authorizations.getPolicies().getPolicy().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Policy next = it.next();
            if (next.getResource().equals(str) && next.getAction().equals(str3)) {
                policy = next;
                break;
            }
        }
        if (policy != null) {
            Policy.User user = new Policy.User();
            user.setIdentifier(str2);
            policy.getUser().add(user);
            return;
        }
        AccessPolicy.Builder addUser = new AccessPolicy.Builder().identifierGenerateFromSeed(str + str3).resource(str).addUser(str2);
        if (str3.equals(READ_CODE)) {
            addUser.action(RequestAction.READ);
        } else if (str3.equals(WRITE_CODE)) {
            addUser.action(RequestAction.WRITE);
        } else {
            if (!str3.equals(DELETE_CODE)) {
                throw new IllegalStateException("Unknown Policy Action: " + str3);
            }
            addUser.action(RequestAction.DELETE);
        }
        authorizations.getPolicies().getPolicy().add(createJAXBPolicy(addUser.build()));
    }

    private Policy createJAXBPolicy(AccessPolicy accessPolicy) {
        Policy policy = new Policy();
        policy.setIdentifier(accessPolicy.getIdentifier());
        policy.setResource(accessPolicy.getResource());
        switch (AnonymousClass1.$SwitchMap$org$apache$nifi$registry$security$authorization$RequestAction[accessPolicy.getAction().ordinal()]) {
            case 1:
                policy.setAction(READ_CODE);
                break;
            case 2:
                policy.setAction(WRITE_CODE);
                break;
            case 3:
                policy.setAction(DELETE_CODE);
                break;
        }
        transferUsersAndGroups(accessPolicy, policy);
        return policy;
    }

    private void transferUsersAndGroups(AccessPolicy accessPolicy, Policy policy) {
        policy.getUser().clear();
        for (String str : accessPolicy.getUsers()) {
            Policy.User user = new Policy.User();
            user.setIdentifier(str);
            policy.getUser().add(user);
        }
        policy.getGroup().clear();
        for (String str2 : accessPolicy.getGroups()) {
            Policy.Group group = new Policy.Group();
            group.setIdentifier(str2);
            policy.getGroup().add(group);
        }
    }

    private void addUserToPolicy(String str, Policy policy) {
        boolean z = false;
        Iterator<Policy.User> it = policy.getUser().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().getIdentifier().equals(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        Policy.User user = new Policy.User();
        user.setIdentifier(str);
        policy.getUser().add(user);
    }

    private void addGroupToPolicy(String str, Policy policy) {
        boolean z = false;
        Iterator<Policy.Group> it = policy.getGroup().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().getIdentifier().equals(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        Policy.Group group = new Policy.Group();
        group.setIdentifier(str);
        policy.getGroup().add(group);
    }

    private Policy getOrCreatePolicy(List<Policy> list, String str, String str2, String str3) {
        Policy policy = null;
        Iterator<Policy> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Policy next = it.next();
            if (next.getResource().equals(str2) && next.getAction().equals(str3)) {
                policy = next;
                break;
            }
        }
        if (policy == null) {
            String identifier = IdentifierUtil.getIdentifier(str2 + str3 + str);
            policy = new Policy();
            policy.setIdentifier(identifier);
            policy.setResource(str2);
            policy.setAction(str3);
            list.add(policy);
        }
        return policy;
    }

    private synchronized void saveAndRefreshHolder(Authorizations authorizations) throws AuthorizationAccessException {
        try {
            saveAuthorizations(authorizations);
            this.authorizationsHolder.set(new AuthorizationsHolder(authorizations));
        } catch (JAXBException e) {
            throw new AuthorizationAccessException("Unable to save Authorizations", e);
        }
    }

    public void preDestruction() throws SecurityProviderDestructionException {
    }
}
