package org.apache.nifi.registry.service;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.registry.authorization.AccessPolicy;
import org.apache.nifi.registry.authorization.AccessPolicySummary;
import org.apache.nifi.registry.authorization.CurrentUser;
import org.apache.nifi.registry.authorization.Permissions;
import org.apache.nifi.registry.authorization.Resource;
import org.apache.nifi.registry.authorization.ResourcePermissions;
import org.apache.nifi.registry.authorization.Tenant;
import org.apache.nifi.registry.authorization.User;
import org.apache.nifi.registry.authorization.UserGroup;
import org.apache.nifi.registry.bucket.Bucket;
import org.apache.nifi.registry.exception.ResourceNotFoundException;
import org.apache.nifi.registry.security.authorization.AccessPolicy;
import org.apache.nifi.registry.security.authorization.AccessPolicyProvider;
import org.apache.nifi.registry.security.authorization.AccessPolicyProviderInitializationContext;
import org.apache.nifi.registry.security.authorization.AuthorizableLookup;
import org.apache.nifi.registry.security.authorization.Authorizer;
import org.apache.nifi.registry.security.authorization.AuthorizerCapabilityDetection;
import org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext;
import org.apache.nifi.registry.security.authorization.ConfigurableAccessPolicyProvider;
import org.apache.nifi.registry.security.authorization.ConfigurableUserGroupProvider;
import org.apache.nifi.registry.security.authorization.Group;
import org.apache.nifi.registry.security.authorization.ManagedAuthorizer;
import org.apache.nifi.registry.security.authorization.RequestAction;
import org.apache.nifi.registry.security.authorization.UntrustedProxyException;
import org.apache.nifi.registry.security.authorization.User;
import org.apache.nifi.registry.security.authorization.UserAndGroups;
import org.apache.nifi.registry.security.authorization.UserGroupProvider;
import org.apache.nifi.registry.security.authorization.UserGroupProviderInitializationContext;
import org.apache.nifi.registry.security.authorization.exception.AccessDeniedException;
import org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.registry.security.authorization.resource.Authorizable;
import org.apache.nifi.registry.security.authorization.resource.ResourceFactory;
import org.apache.nifi.registry.security.authorization.resource.ResourceType;
import org.apache.nifi.registry.security.authorization.user.NiFiUser;
import org.apache.nifi.registry.security.authorization.user.NiFiUserUtils;
import org.apache.nifi.registry.security.exception.SecurityProviderCreationException;
import org.apache.nifi.registry.security.exception.SecurityProviderDestructionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/nifi-registry-framework-1.15.0.jar:org/apache/nifi/registry/service/AuthorizationService.class */
public class AuthorizationService {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationService.class);
    public static final String MSG_NON_MANAGED_AUTHORIZER = "This NiFi Registry is not configured to internally manage users, groups, or policies. Please contact your system administrator.";
    public static final String MSG_NON_CONFIGURABLE_POLICIES = "This NiFi Registry is not configured to allow configurable policies. Please contact your system administrator.";
    public static final String MSG_NON_CONFIGURABLE_USERS = "This NiFi Registry is not configured to allow configurable users and groups. Please contact your system administrator.";
    private AuthorizableLookup authorizableLookup;
    private Authorizer authorizer;
    private RegistryService registryService;
    private UserGroupProvider userGroupProvider;
    private AccessPolicyProvider accessPolicyProvider;

    @Autowired
    public AuthorizationService(AuthorizableLookup authorizableLookup, Authorizer authorizer, RegistryService registryService) {
        this.authorizableLookup = authorizableLookup;
        this.authorizer = authorizer;
        this.registryService = registryService;
        if (AuthorizerCapabilityDetection.isManagedAuthorizer(this.authorizer)) {
            this.accessPolicyProvider = ((ManagedAuthorizer) authorizer).getAccessPolicyProvider();
        } else {
            this.accessPolicyProvider = createExceptionThrowingAccessPolicyProvider();
        }
        this.userGroupProvider = this.accessPolicyProvider.getUserGroupProvider();
    }

    public AuthorizableLookup getAuthorizableLookup() {
        return this.authorizableLookup;
    }

    public void authorize(Authorizable authorizable, RequestAction requestAction) throws AccessDeniedException {
        authorizable.authorize(this.authorizer, requestAction, NiFiUserUtils.getNiFiUser());
    }

    public boolean isManagedAuthorizer() {
        return AuthorizerCapabilityDetection.isManagedAuthorizer(this.authorizer);
    }

    public boolean isConfigurableUserGroupProvider() {
        return AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(this.authorizer);
    }

    public boolean isConfigurableAccessPolicyProvider() {
        return AuthorizerCapabilityDetection.isConfigurableAccessPolicyProvider(this.authorizer);
    }

    public void verifyAuthorizerIsManaged() {
        if (!isManagedAuthorizer()) {
            throw new IllegalStateException(MSG_NON_MANAGED_AUTHORIZER);
        }
    }

    public void verifyAuthorizerSupportsConfigurablePolicies() {
        if (isConfigurableAccessPolicyProvider()) {
            return;
        }
        verifyAuthorizerIsManaged();
        throw new IllegalStateException(MSG_NON_CONFIGURABLE_POLICIES);
    }

    public void verifyAuthorizerSupportsConfigurableUserGroups() {
        if (!isConfigurableUserGroupProvider()) {
            throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS);
        }
    }

    public CurrentUser getCurrentUser() {
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        CurrentUser currentUser = new CurrentUser();
        currentUser.setIdentity(niFiUser.getIdentity());
        currentUser.setAnonymous(niFiUser.isAnonymous());
        currentUser.setResourcePermissions(getTopLevelPermissions());
        return currentUser;
    }

    public Permissions getPermissionsForResource(Authorizable authorizable) {
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        Permissions permissions = new Permissions();
        permissions.setCanRead(authorizable.isAuthorized(this.authorizer, RequestAction.READ, niFiUser));
        permissions.setCanWrite(authorizable.isAuthorized(this.authorizer, RequestAction.WRITE, niFiUser));
        permissions.setCanDelete(authorizable.isAuthorized(this.authorizer, RequestAction.DELETE, niFiUser));
        return permissions;
    }

    public Permissions getPermissionsForResource(Authorizable authorizable, Permissions permissions) {
        if (permissions == null) {
            return getPermissionsForResource(authorizable);
        }
        Permissions permissions2 = new Permissions(permissions);
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        if (!permissions2.getCanRead()) {
            permissions2.setCanRead(authorizable.isAuthorized(this.authorizer, RequestAction.READ, niFiUser));
        }
        if (!permissions2.getCanWrite()) {
            permissions2.setCanWrite(authorizable.isAuthorized(this.authorizer, RequestAction.WRITE, niFiUser));
        }
        if (!permissions2.getCanDelete()) {
            permissions2.setCanDelete(authorizable.isAuthorized(this.authorizer, RequestAction.DELETE, niFiUser));
        }
        return permissions2;
    }

    private ResourcePermissions getTopLevelPermissions() {
        NiFiUserUtils.getNiFiUser();
        ResourcePermissions resourcePermissions = new ResourcePermissions();
        resourcePermissions.setBuckets(getPermissionsForResource(this.authorizableLookup.getBucketsAuthorizable()));
        resourcePermissions.setPolicies(getPermissionsForResource(this.authorizableLookup.getPoliciesAuthorizable()));
        resourcePermissions.setTenants(getPermissionsForResource(this.authorizableLookup.getTenantsAuthorizable()));
        resourcePermissions.setProxy(getPermissionsForResource(this.authorizableLookup.getProxyAuthorizable()));
        return resourcePermissions;
    }

    public User createUser(User user) {
        verifyUserGroupProviderIsConfigurable();
        if (StringUtils.isBlank(user.getIdentity())) {
            throw new IllegalArgumentException("User identity must be specified when creating a new user.");
        }
        return userToDTO(configurableUserGroupProvider().addUser(userFromDTO(user)));
    }

    public List<User> getUsers() {
        return (List) this.userGroupProvider.getUsers().stream().map(this::userToDTO).collect(Collectors.toList());
    }

    public User getUser(String str) {
        org.apache.nifi.registry.security.authorization.User user = this.userGroupProvider.getUser(str);
        if (user != null) {
            return userToDTO(user);
        }
        LOGGER.warn("The specified user id [{}] does not exist.", str);
        throw new ResourceNotFoundException("The specified user ID does not exist in this registry.");
    }

    public User getUserByIdentity(String str) {
        org.apache.nifi.registry.security.authorization.User userByIdentity = this.userGroupProvider.getUserByIdentity(str);
        if (userByIdentity != null) {
            return userToDTO(userByIdentity);
        }
        LOGGER.warn("The specified user identity [{}] does not exist.", str);
        throw new ResourceNotFoundException("The specified user ID does not exist in this registry.");
    }

    public void verifyUserExists(String str) {
        if (this.userGroupProvider.getUser(str) == null) {
            LOGGER.warn("The specified user id [{}] does not exist.", str);
            throw new ResourceNotFoundException("The specified user ID does not exist in this registry.");
        }
    }

    public User updateUser(User user) {
        verifyUserGroupProviderIsConfigurable();
        org.apache.nifi.registry.security.authorization.User updateUser = configurableUserGroupProvider().updateUser(userFromDTO(user));
        if (updateUser != null) {
            return userToDTO(updateUser);
        }
        LOGGER.warn("The specified user id [{}] does not exist.", user.getIdentifier());
        throw new ResourceNotFoundException("The specified user ID does not exist in this registry.");
    }

    public User deleteUser(String str) {
        verifyUserGroupProviderIsConfigurable();
        org.apache.nifi.registry.security.authorization.User user = this.userGroupProvider.getUser(str);
        if (user == null) {
            LOGGER.warn("The specified user id [{}] does not exist.", str);
            throw new ResourceNotFoundException("The specified user ID does not exist in this registry.");
        }
        configurableUserGroupProvider().deleteUser(user);
        return userToDTO(user);
    }

    public UserGroup createUserGroup(UserGroup userGroup) {
        verifyUserGroupProviderIsConfigurable();
        if (StringUtils.isBlank(userGroup.getIdentity())) {
            throw new IllegalArgumentException("User group identity must be specified when creating a new group.");
        }
        return userGroupToDTO(configurableUserGroupProvider().addGroup(userGroupFromDTO(userGroup)));
    }

    public List<UserGroup> getUserGroups() {
        return (List) this.userGroupProvider.getGroups().stream().map(this::userGroupToDTO).collect(Collectors.toList());
    }

    public UserGroup getUserGroup(String str) {
        Group group = this.userGroupProvider.getGroup(str);
        if (group != null) {
            return userGroupToDTO(group);
        }
        LOGGER.warn("The specified user group id [{}] does not exist.", str);
        throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
    }

    public void verifyUserGroupExists(String str) {
        if (this.userGroupProvider.getGroup(str) == null) {
            LOGGER.warn("The specified user group id [{}] does not exist.", str);
            throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
        }
    }

    public UserGroup updateUserGroup(UserGroup userGroup) {
        verifyUserGroupProviderIsConfigurable();
        Group updateGroup = configurableUserGroupProvider().updateGroup(userGroupFromDTO(userGroup));
        if (updateGroup != null) {
            return userGroupToDTO(updateGroup);
        }
        LOGGER.warn("The specified user group id [{}] does not exist.", userGroup.getIdentifier());
        throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
    }

    public UserGroup deleteUserGroup(String str) {
        verifyUserGroupProviderIsConfigurable();
        Group group = this.userGroupProvider.getGroup(str);
        if (group == null) {
            LOGGER.warn("The specified user group id [{}] does not exist.", group.getIdentifier());
            throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
        }
        configurableUserGroupProvider().deleteGroup(group);
        return userGroupToDTO(group);
    }

    public AccessPolicy createAccessPolicy(AccessPolicy accessPolicy) {
        verifyAccessPolicyProviderIsConfigurable();
        if (accessPolicy.getResource() == null) {
            throw new IllegalArgumentException("Resource must be specified when creating a new access policy.");
        }
        RequestAction.valueOfValue(accessPolicy.getAction());
        return accessPolicyToDTO(configurableAccessPolicyProvider().addAccessPolicy(accessPolicyFromDTO(accessPolicy)));
    }

    public AccessPolicy getAccessPolicy(String str) {
        org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy = this.accessPolicyProvider.getAccessPolicy(str);
        if (accessPolicy != null) {
            return accessPolicyToDTO(accessPolicy);
        }
        LOGGER.warn("The specified access policy id [{}] does not exist.", str);
        throw new ResourceNotFoundException("The specified policy does not exist in this registry.");
    }

    public AccessPolicy getAccessPolicy(String str, RequestAction requestAction) {
        org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy = this.accessPolicyProvider.getAccessPolicy(str, requestAction);
        if (accessPolicy == null) {
            throw new ResourceNotFoundException("No policy found for action='" + requestAction + "', resource='" + str + "'");
        }
        return accessPolicyToDTO(accessPolicy);
    }

    public List<AccessPolicy> getAccessPolicies() {
        return (List) this.accessPolicyProvider.getAccessPolicies().stream().map(this::accessPolicyToDTO).collect(Collectors.toList());
    }

    public List<AccessPolicySummary> getAccessPolicySummaries() {
        return (List) this.accessPolicyProvider.getAccessPolicies().stream().map(this::accessPolicyToSummaryDTO).collect(Collectors.toList());
    }

    private List<AccessPolicySummary> getAccessPolicySummariesForUser(String str) {
        return (List) this.accessPolicyProvider.getAccessPolicies().stream().filter(accessPolicy -> {
            if (accessPolicy.getUsers().contains(str)) {
                return true;
            }
            return accessPolicy.getGroups().stream().anyMatch(str2 -> {
                Group group = this.userGroupProvider.getGroup(str2);
                return group != null && group.getUsers().contains(str);
            });
        }).map(this::accessPolicyToSummaryDTO).collect(Collectors.toList());
    }

    private List<AccessPolicySummary> getAccessPolicySummariesForUserGroup(String str) {
        return (List) this.accessPolicyProvider.getAccessPolicies().stream().filter(accessPolicy -> {
            return accessPolicy.getGroups().contains(str);
        }).map(this::accessPolicyToSummaryDTO).collect(Collectors.toList());
    }

    public void verifyAccessPolicyExists(String str) {
        if (this.accessPolicyProvider.getAccessPolicy(str) == null) {
            LOGGER.warn("The specified access policy id [{}] does not exist.", str);
            throw new ResourceNotFoundException("The specified policy does not exist in this registry.");
        }
    }

    public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) {
        verifyAccessPolicyProviderIsConfigurable();
        org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy2 = this.accessPolicyProvider.getAccessPolicy(accessPolicy.getIdentifier());
        if (accessPolicy2 == null) {
            LOGGER.warn("The specified access policy id [{}] does not exist.", accessPolicy.getIdentifier());
            throw new ResourceNotFoundException("The specified policy does not exist in this registry.");
        }
        accessPolicy.setResource(accessPolicy2.getResource());
        accessPolicy.setAction(accessPolicy2.getAction().toString());
        org.apache.nifi.registry.security.authorization.AccessPolicy updateAccessPolicy = configurableAccessPolicyProvider().updateAccessPolicy(accessPolicyFromDTO(accessPolicy));
        if (updateAccessPolicy != null) {
            return accessPolicyToDTO(updateAccessPolicy);
        }
        LOGGER.warn("The specified access policy id [{}] does not exist.", accessPolicy.getIdentifier());
        throw new ResourceNotFoundException("The specified policy does not exist in this registry.");
    }

    public AccessPolicy deleteAccessPolicy(String str) {
        verifyAccessPolicyProviderIsConfigurable();
        org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy = this.accessPolicyProvider.getAccessPolicy(str);
        if (accessPolicy == null) {
            LOGGER.warn("The specified access policy id [{}] does not exist.", str);
            throw new ResourceNotFoundException("The specified policy does not exist in this registry.");
        }
        configurableAccessPolicyProvider().deleteAccessPolicy(accessPolicy);
        return accessPolicyToDTO(accessPolicy);
    }

    public List<Resource> getResources() {
        return (List) getAuthorizableResources().stream().map(AuthorizationService::resourceToDTO).collect(Collectors.toList());
    }

    public List<Resource> getAuthorizedResources(RequestAction requestAction) {
        return getAuthorizedResources(requestAction, null);
    }

    public List<Resource> getAuthorizedResources(RequestAction requestAction, ResourceType resourceType) {
        return (List) getAuthorizableResources(resourceType).stream().filter(resource -> {
            resource.getIdentifier();
            try {
                this.authorizableLookup.getAuthorizableByResource(resource.getIdentifier()).authorize(this.authorizer, requestAction, NiFiUserUtils.getNiFiUser());
                return true;
            } catch (AccessDeniedException | UntrustedProxyException e) {
                return false;
            }
        }).map(AuthorizationService::resourceToDTO).collect(Collectors.toList());
    }

    private ConfigurableUserGroupProvider configurableUserGroupProvider() {
        return this.userGroupProvider;
    }

    private ConfigurableAccessPolicyProvider configurableAccessPolicyProvider() {
        return this.accessPolicyProvider;
    }

    private void verifyUserGroupProviderIsConfigurable() {
        if (!(this.userGroupProvider instanceof ConfigurableUserGroupProvider)) {
            throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS);
        }
    }

    private void verifyAccessPolicyProviderIsConfigurable() {
        if (!(this.accessPolicyProvider instanceof ConfigurableAccessPolicyProvider)) {
            throw new IllegalStateException(MSG_NON_CONFIGURABLE_POLICIES);
        }
    }

    private ResourcePermissions getTopLevelPermissions(String str) {
        ResourcePermissions resourcePermissions = new ResourcePermissions();
        resourcePermissions.setBuckets(getPermissionsForResource(str, ResourceFactory.getBucketsResource()));
        resourcePermissions.setPolicies(getPermissionsForResource(str, ResourceFactory.getPoliciesResource()));
        resourcePermissions.setTenants(getPermissionsForResource(str, ResourceFactory.getTenantsResource()));
        resourcePermissions.setProxy(getPermissionsForResource(str, ResourceFactory.getProxyResource()));
        return resourcePermissions;
    }

    private Permissions getPermissionsForResource(String str, org.apache.nifi.registry.security.authorization.Resource resource) {
        Permissions permissions = new Permissions();
        permissions.setCanRead(checkTenantBelongsToPolicy(str, resource, RequestAction.READ));
        permissions.setCanWrite(checkTenantBelongsToPolicy(str, resource, RequestAction.WRITE));
        permissions.setCanDelete(checkTenantBelongsToPolicy(str, resource, RequestAction.DELETE));
        return permissions;
    }

    private boolean checkTenantBelongsToPolicy(String str, org.apache.nifi.registry.security.authorization.Resource resource, RequestAction requestAction) {
        org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy = this.accessPolicyProvider.getAccessPolicy(resource.getIdentifier(), requestAction);
        if (accessPolicy == null) {
            return false;
        }
        return accessPolicy.getUsers().contains(str) || accessPolicy.getGroups().contains(str);
    }

    private List<org.apache.nifi.registry.security.authorization.Resource> getAuthorizableResources() {
        return getAuthorizableResources(null);
    }

    private List<org.apache.nifi.registry.security.authorization.Resource> getAuthorizableResources(ResourceType resourceType) {
        ArrayList arrayList = new ArrayList();
        if (resourceType == null || resourceType.equals(ResourceType.Policy)) {
            arrayList.add(ResourceFactory.getPoliciesResource());
        }
        if (resourceType == null || resourceType.equals(ResourceType.Tenant)) {
            arrayList.add(ResourceFactory.getTenantsResource());
        }
        if (resourceType == null || resourceType.equals(ResourceType.Proxy)) {
            arrayList.add(ResourceFactory.getProxyResource());
        }
        if (resourceType == null || resourceType.equals(ResourceType.Actuator)) {
            arrayList.add(ResourceFactory.getActuatorResource());
        }
        if (resourceType == null || resourceType.equals(ResourceType.Swagger)) {
            arrayList.add(ResourceFactory.getSwaggerResource());
        }
        if (resourceType == null || resourceType.equals(ResourceType.Bucket)) {
            arrayList.add(ResourceFactory.getBucketsResource());
            for (Bucket bucket : this.registryService.getBuckets()) {
                arrayList.add(ResourceFactory.getBucketResource(bucket.getIdentifier(), bucket.getName()));
            }
        }
        return arrayList;
    }

    private User userToDTO(org.apache.nifi.registry.security.authorization.User user) {
        if (user == null) {
            return null;
        }
        String identifier = user.getIdentifier();
        Collection<? extends Tenant> collection = (Collection) this.userGroupProvider.getGroups().stream().filter(group -> {
            return group.getUsers().contains(identifier);
        }).map(this::tenantToDTO).collect(Collectors.toList());
        List<AccessPolicySummary> accessPolicySummariesForUser = getAccessPolicySummariesForUser(identifier);
        User user2 = new User(user.getIdentifier(), user.getIdentity());
        user2.setConfigurable(Boolean.valueOf(AuthorizerCapabilityDetection.isUserConfigurable(this.authorizer, user)));
        user2.setResourcePermissions(getTopLevelPermissions(user2.getIdentifier()));
        user2.addUserGroups(collection);
        user2.addAccessPolicies(accessPolicySummariesForUser);
        return user2;
    }

    private UserGroup userGroupToDTO(Group group) {
        if (group == null) {
            return null;
        }
        Collection<? extends Tenant> collection = group.getUsers() != null ? (Collection) group.getUsers().stream().map(this::tenantIdToDTO).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet()) : null;
        List<AccessPolicySummary> accessPolicySummariesForUserGroup = getAccessPolicySummariesForUserGroup(group.getIdentifier());
        UserGroup userGroup = new UserGroup(group.getIdentifier(), group.getName());
        userGroup.setConfigurable(Boolean.valueOf(AuthorizerCapabilityDetection.isGroupConfigurable(this.authorizer, group)));
        userGroup.setResourcePermissions(getTopLevelPermissions(userGroup.getIdentifier()));
        userGroup.addUsers(collection);
        userGroup.addAccessPolicies(accessPolicySummariesForUserGroup);
        return userGroup;
    }

    private AccessPolicy accessPolicyToDTO(org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy) {
        if (accessPolicy == null) {
            return null;
        }
        return accessPolicyToDTO(accessPolicy, accessPolicy.getGroups() != null ? (Collection) accessPolicy.getGroups().stream().map(this::tenantIdToDTO).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()) : null, accessPolicy.getUsers() != null ? (Collection) accessPolicy.getUsers().stream().map(this::tenantIdToDTO).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()) : null, Boolean.valueOf(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(this.authorizer, accessPolicy)));
    }

    private Tenant tenantIdToDTO(String str) {
        org.apache.nifi.registry.security.authorization.User user = this.userGroupProvider.getUser(str);
        return user != null ? tenantToDTO(user) : tenantToDTO(this.userGroupProvider.getGroup(str));
    }

    private AccessPolicySummary accessPolicyToSummaryDTO(org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy) {
        if (accessPolicy == null) {
            return null;
        }
        Boolean valueOf = Boolean.valueOf(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(this.authorizer, accessPolicy));
        AccessPolicySummary accessPolicySummary = new AccessPolicySummary();
        accessPolicySummary.setIdentifier(accessPolicy.getIdentifier());
        accessPolicySummary.setAction(accessPolicy.getAction().toString());
        accessPolicySummary.setResource(accessPolicy.getResource());
        accessPolicySummary.setConfigurable(valueOf);
        return accessPolicySummary;
    }

    private Tenant tenantToDTO(org.apache.nifi.registry.security.authorization.User user) {
        if (user == null) {
            return null;
        }
        Tenant tenant = new Tenant(user.getIdentifier(), user.getIdentity());
        tenant.setConfigurable(Boolean.valueOf(AuthorizerCapabilityDetection.isUserConfigurable(this.authorizer, user)));
        return tenant;
    }

    private Tenant tenantToDTO(Group group) {
        if (group == null) {
            return null;
        }
        Tenant tenant = new Tenant(group.getIdentifier(), group.getName());
        tenant.setConfigurable(Boolean.valueOf(AuthorizerCapabilityDetection.isGroupConfigurable(this.authorizer, group)));
        return tenant;
    }

    private static Resource resourceToDTO(org.apache.nifi.registry.security.authorization.Resource resource) {
        if (resource == null) {
            return null;
        }
        Resource resource2 = new Resource();
        resource2.setIdentifier(resource.getIdentifier());
        resource2.setName(resource.getName());
        return resource2;
    }

    private static org.apache.nifi.registry.security.authorization.User userFromDTO(User user) {
        if (user == null) {
            return null;
        }
        return new User.Builder().identifier(user.getIdentifier()).identity(user.getIdentity()).build();
    }

    private static Group userGroupFromDTO(UserGroup userGroup) {
        if (userGroup == null) {
            return null;
        }
        Group.Builder name = new Group.Builder().identifier(userGroup.getIdentifier()).name(userGroup.getIdentity());
        Set<Tenant> users = userGroup.getUsers();
        if (users != null) {
            name.addUsers((Set) users.stream().map((v0) -> {
                return v0.getIdentifier();
            }).collect(Collectors.toSet()));
        }
        return name.build();
    }

    private static org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicyFromDTO(AccessPolicy accessPolicy) {
        AccessPolicy.Builder action = new AccessPolicy.Builder().identifier(accessPolicy.getIdentifier()).resource(accessPolicy.getResource()).action(RequestAction.valueOfValue(accessPolicy.getAction()));
        Set<Tenant> users = accessPolicy.getUsers();
        if (accessPolicy.getUsers() != null) {
            action.addUsers((Set) users.stream().map((v0) -> {
                return v0.getIdentifier();
            }).collect(Collectors.toSet()));
        }
        Set<Tenant> userGroups = accessPolicy.getUserGroups();
        if (userGroups != null) {
            action.addGroups((Set) userGroups.stream().map((v0) -> {
                return v0.getIdentifier();
            }).collect(Collectors.toSet()));
        }
        return action.build();
    }

    private static org.apache.nifi.registry.authorization.AccessPolicy accessPolicyToDTO(org.apache.nifi.registry.security.authorization.AccessPolicy accessPolicy, Collection<? extends Tenant> collection, Collection<? extends Tenant> collection2, Boolean bool) {
        if (accessPolicy == null) {
            return null;
        }
        org.apache.nifi.registry.authorization.AccessPolicy accessPolicy2 = new org.apache.nifi.registry.authorization.AccessPolicy();
        accessPolicy2.setIdentifier(accessPolicy.getIdentifier());
        accessPolicy2.setAction(accessPolicy.getAction().toString());
        accessPolicy2.setResource(accessPolicy.getResource());
        accessPolicy2.setConfigurable(bool);
        accessPolicy2.addUsers(collection2);
        accessPolicy2.addUserGroups(collection);
        return accessPolicy2;
    }

    private static AccessPolicyProvider createExceptionThrowingAccessPolicyProvider() {
        return new AccessPolicyProvider() { // from class: org.apache.nifi.registry.service.AuthorizationService.1
            public Set<org.apache.nifi.registry.security.authorization.AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
                throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
            }

            public org.apache.nifi.registry.security.authorization.AccessPolicy getAccessPolicy(String str) throws AuthorizationAccessException {
                throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
            }

            public org.apache.nifi.registry.security.authorization.AccessPolicy getAccessPolicy(String str, RequestAction requestAction) throws AuthorizationAccessException {
                throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
            }

            public UserGroupProvider getUserGroupProvider() {
                return new UserGroupProvider() { // from class: org.apache.nifi.registry.service.AuthorizationService.1.1
                    public Set<org.apache.nifi.registry.security.authorization.User> getUsers() throws AuthorizationAccessException {
                        throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
                    }

                    public org.apache.nifi.registry.security.authorization.User getUser(String str) throws AuthorizationAccessException {
                        throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
                    }

                    public org.apache.nifi.registry.security.authorization.User getUserByIdentity(String str) throws AuthorizationAccessException {
                        throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
                    }

                    public Set<Group> getGroups() throws AuthorizationAccessException {
                        throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
                    }

                    public Group getGroup(String str) throws AuthorizationAccessException {
                        throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
                    }

                    public UserAndGroups getUserAndGroups(String str) throws AuthorizationAccessException {
                        throw new IllegalStateException(AuthorizationService.MSG_NON_MANAGED_AUTHORIZER);
                    }

                    public void initialize(UserGroupProviderInitializationContext userGroupProviderInitializationContext) throws SecurityProviderCreationException {
                    }

                    public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws SecurityProviderCreationException {
                    }

                    public void preDestruction() throws SecurityProviderDestructionException {
                    }
                };
            }

            public void initialize(AccessPolicyProviderInitializationContext accessPolicyProviderInitializationContext) throws SecurityProviderCreationException {
            }

            public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws SecurityProviderCreationException {
            }

            public void preDestruction() throws SecurityProviderDestructionException {
            }
        };
    }
}
