package org.apache.nifi.registry.security.authorization.database;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.sql.DataSource;
import org.apache.commons.lang3.Validate;
import org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext;
import org.apache.nifi.registry.security.authorization.ConfigurableUserGroupProvider;
import org.apache.nifi.registry.security.authorization.Group;
import org.apache.nifi.registry.security.authorization.User;
import org.apache.nifi.registry.security.authorization.UserAndGroups;
import org.apache.nifi.registry.security.authorization.UserGroupProviderInitializationContext;
import org.apache.nifi.registry.security.authorization.annotation.AuthorizerContext;
import org.apache.nifi.registry.security.authorization.database.entity.DatabaseGroup;
import org.apache.nifi.registry.security.authorization.database.entity.DatabaseUser;
import org.apache.nifi.registry.security.authorization.database.mapper.DatabaseGroupRowMapper;
import org.apache.nifi.registry.security.authorization.database.mapper.DatabaseUserRowMapper;
import org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.registry.security.authorization.exception.UninheritableAuthorizationsException;
import org.apache.nifi.registry.security.authorization.util.UserGroupProviderUtils;
import org.apache.nifi.registry.security.exception.SecurityProviderCreationException;
import org.apache.nifi.registry.security.exception.SecurityProviderDestructionException;
import org.apache.nifi.registry.security.identity.IdentityMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;

/* loaded from: input_file:WEB-INF/lib/nifi-registry-framework-1.15.0.jar:org/apache/nifi/registry/security/authorization/database/DatabaseUserGroupProvider.class */
public class DatabaseUserGroupProvider implements ConfigurableUserGroupProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(DatabaseUserGroupProvider.class);
    private DataSource dataSource;
    private IdentityMapper identityMapper;
    private JdbcTemplate jdbcTemplate;

    @AuthorizerContext
    public void setDataSource(DataSource dataSource) {
        this.dataSource = dataSource;
    }

    @AuthorizerContext
    public void setIdentityMapper(IdentityMapper identityMapper) {
        this.identityMapper = identityMapper;
    }

    public void initialize(UserGroupProviderInitializationContext userGroupProviderInitializationContext) throws SecurityProviderCreationException {
        this.jdbcTemplate = new JdbcTemplate(this.dataSource);
    }

    public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws SecurityProviderCreationException {
        for (String str : UserGroupProviderUtils.getInitialUserIdentities(authorizerConfigurationContext, this.identityMapper)) {
            if (getUserByIdentity(str) == null) {
                addUser(new User.Builder().identifierGenerateFromSeed(str).identity(str).build());
                LOGGER.info("Created initial user with identity {}", new Object[]{str});
            } else {
                LOGGER.debug("User already exists with identity {}", new Object[]{str});
            }
        }
    }

    public void preDestruction() throws SecurityProviderDestructionException {
    }

    public String getFingerprint() throws AuthorizationAccessException {
        throw new UnsupportedOperationException("Fingerprinting is not supported by this provider");
    }

    public void inheritFingerprint(String str) throws AuthorizationAccessException {
        throw new UnsupportedOperationException("Fingerprinting is not supported by this provider");
    }

    public void checkInheritability(String str) throws AuthorizationAccessException, UninheritableAuthorizationsException {
        throw new UnsupportedOperationException("Fingerprinting is not supported by this provider");
    }

    public User addUser(User user) throws AuthorizationAccessException {
        Validate.notNull(user);
        this.jdbcTemplate.update("INSERT INTO UGP_USER(IDENTIFIER, IDENTITY) VALUES (?, ?)", user.getIdentifier(), user.getIdentity());
        return user;
    }

    public User updateUser(User user) throws AuthorizationAccessException {
        Validate.notNull(user);
        if (this.jdbcTemplate.update("UPDATE UGP_USER SET IDENTITY = ? WHERE IDENTIFIER = ?", user.getIdentity(), user.getIdentifier()) <= 0) {
            return null;
        }
        return user;
    }

    public Set<User> getUsers() throws AuthorizationAccessException {
        List query = this.jdbcTemplate.query("SELECT * FROM UGP_USER", new DatabaseUserRowMapper());
        HashSet hashSet = new HashSet();
        query.forEach(databaseUser -> {
            hashSet.add(mapToUser(databaseUser));
        });
        return hashSet;
    }

    public User getUser(String str) throws AuthorizationAccessException {
        Validate.notBlank(str);
        DatabaseUser databaseUser = getDatabaseUser(str);
        if (databaseUser == null) {
            return null;
        }
        return mapToUser(databaseUser);
    }

    public User getUserByIdentity(String str) throws AuthorizationAccessException {
        Validate.notBlank(str);
        DatabaseUser databaseUser = (DatabaseUser) queryForObject("SELECT * FROM UGP_USER WHERE IDENTITY = ?", new Object[]{str}, new DatabaseUserRowMapper());
        if (databaseUser == null) {
            return null;
        }
        return mapToUser(databaseUser);
    }

    public UserAndGroups getUserAndGroups(String str) throws AuthorizationAccessException {
        HashSet hashSet;
        Validate.notBlank(str);
        final User userByIdentity = getUserByIdentity(str);
        if (userByIdentity == null) {
            hashSet = null;
        } else {
            List query = this.jdbcTemplate.query("SELECT G.IDENTIFIER AS IDENTIFIER, G.IDENTITY AS IDENTITY FROM UGP_GROUP AS G, UGP_USER_GROUP AS UG WHERE G.IDENTIFIER = UG.GROUP_IDENTIFIER AND UG.USER_IDENTIFIER = ?", new Object[]{userByIdentity.getIdentifier()}, new DatabaseGroupRowMapper());
            hashSet = new HashSet();
            query.forEach(databaseGroup -> {
                hashSet.add(mapToGroup(databaseGroup, getUserIdentifiers(databaseGroup.getIdentifier())));
            });
        }
        final HashSet hashSet2 = hashSet;
        return new UserAndGroups() { // from class: org.apache.nifi.registry.security.authorization.database.DatabaseUserGroupProvider.1
            public User getUser() {
                return userByIdentity;
            }

            public Set<Group> getGroups() {
                return hashSet2;
            }
        };
    }

    public User deleteUser(User user) throws AuthorizationAccessException {
        Validate.notNull(user);
        this.jdbcTemplate.update("DELETE FROM UGP_USER_GROUP WHERE USER_IDENTIFIER = ?", user.getIdentifier());
        if (this.jdbcTemplate.update("DELETE FROM UGP_USER WHERE IDENTIFIER = ?", user.getIdentifier()) <= 0) {
            return null;
        }
        return user;
    }

    private DatabaseUser getDatabaseUser(String str) {
        return (DatabaseUser) queryForObject("SELECT * FROM UGP_USER WHERE IDENTIFIER = ?", new Object[]{str}, new DatabaseUserRowMapper());
    }

    private User mapToUser(DatabaseUser databaseUser) {
        return new User.Builder().identifier(databaseUser.getIdentifier()).identity(databaseUser.getIdentity()).build();
    }

    public Group addGroup(Group group) throws AuthorizationAccessException {
        Validate.notNull(group);
        this.jdbcTemplate.update("INSERT INTO UGP_GROUP(IDENTIFIER, IDENTITY) VALUES (?, ?)", group.getIdentifier(), group.getName());
        createUserGroups(group);
        return group;
    }

    public Group updateGroup(Group group) throws AuthorizationAccessException {
        Validate.notNull(group);
        if (this.jdbcTemplate.update("UPDATE UGP_GROUP SET IDENTITY = ? WHERE IDENTIFIER = ?", group.getName(), group.getIdentifier()) <= 0) {
            return null;
        }
        this.jdbcTemplate.update("DELETE FROM UGP_USER_GROUP WHERE GROUP_IDENTIFIER = ?", group.getIdentifier());
        createUserGroups(group);
        return group;
    }

    public Set<Group> getGroups() throws AuthorizationAccessException {
        List query = this.jdbcTemplate.query("SELECT * FROM UGP_GROUP", new DatabaseGroupRowMapper());
        HashMap hashMap = new HashMap();
        this.jdbcTemplate.query("SELECT * FROM UGP_USER_GROUP", resultSet -> {
            String string = resultSet.getString("GROUP_IDENTIFIER");
            ((Set) hashMap.computeIfAbsent(string, str -> {
                return new HashSet();
            })).add(resultSet.getString("USER_IDENTIFIER"));
        });
        HashSet hashSet = new HashSet();
        query.forEach(databaseGroup -> {
            hashSet.add(mapToGroup(databaseGroup, (Set) hashMap.get(databaseGroup.getIdentifier())));
        });
        return hashSet;
    }

    public Group getGroup(String str) throws AuthorizationAccessException {
        Validate.notBlank(str);
        DatabaseGroup databaseGroup = getDatabaseGroup(str);
        if (databaseGroup == null) {
            return null;
        }
        return mapToGroup(databaseGroup, getUserIdentifiers(str));
    }

    public Group deleteGroup(Group group) throws AuthorizationAccessException {
        Validate.notNull(group);
        if (this.jdbcTemplate.update("DELETE FROM UGP_GROUP WHERE IDENTIFIER = ?", group.getIdentifier()) <= 0) {
            return null;
        }
        return group;
    }

    private void createUserGroups(Group group) {
        if (group.getUsers() != null) {
            Iterator it = group.getUsers().iterator();
            while (it.hasNext()) {
                this.jdbcTemplate.update("INSERT INTO UGP_USER_GROUP (USER_IDENTIFIER, GROUP_IDENTIFIER) VALUES (?, ?)", (String) it.next(), group.getIdentifier());
            }
        }
    }

    private DatabaseGroup getDatabaseGroup(String str) {
        return (DatabaseGroup) queryForObject("SELECT * FROM UGP_GROUP WHERE IDENTIFIER = ?", new Object[]{str}, new DatabaseGroupRowMapper());
    }

    private Set<String> getUserIdentifiers(String str) {
        HashSet hashSet = new HashSet();
        this.jdbcTemplate.query("SELECT * FROM UGP_USER_GROUP WHERE GROUP_IDENTIFIER = ?", new Object[]{str}, resultSet -> {
            hashSet.add(resultSet.getString("USER_IDENTIFIER"));
        });
        return hashSet;
    }

    private Group mapToGroup(DatabaseGroup databaseGroup, Set<String> set) {
        return new Group.Builder().identifier(databaseGroup.getIdentifier()).name(databaseGroup.getIdentity()).addUsers(set == null ? Collections.emptySet() : set).build();
    }

    private <T> T queryForObject(String str, Object[] objArr, RowMapper<T> rowMapper) {
        try {
            return (T) this.jdbcTemplate.queryForObject(str, objArr, rowMapper);
        } catch (EmptyResultDataAccessException e) {
            return null;
        }
    }
}
