package org.apache.nifi.authorization;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.AccessPolicy;
import org.apache.nifi.authorization.annotation.AuthorizerContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.file.generated.Authorizations;
import org.apache.nifi.authorization.file.generated.Policies;
import org.apache.nifi.authorization.file.generated.Policy;
import org.apache.nifi.authorization.file.tenants.generated.Group;
import org.apache.nifi.authorization.file.tenants.generated.Groups;
import org.apache.nifi.authorization.file.tenants.generated.Tenants;
import org.apache.nifi.authorization.file.tenants.generated.User;
import org.apache.nifi.authorization.file.tenants.generated.Users;
import org.apache.nifi.authorization.resource.ResourceFactory;
import org.apache.nifi.authorization.resource.ResourceType;
import org.apache.nifi.authorization.util.IdentityMapping;
import org.apache.nifi.authorization.util.IdentityMappingUtil;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.file.FileUtils;
import org.apache.nifi.web.api.dto.PortDTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/nifi/authorization/FileAuthorizer.class */
public class FileAuthorizer extends AbstractPolicyBasedAuthorizer {
    private static final String AUTHORIZATIONS_XSD = "/authorizations.xsd";
    private static final String TENANTS_XSD = "/tenants.xsd";
    private static final String USERS_XSD = "/legacy-users.xsd";
    static final String READ_CODE = "R";
    static final String WRITE_CODE = "W";
    static final String PROP_AUTHORIZATIONS_FILE = "Authorizations File";
    static final String PROP_TENANTS_FILE = "Users File";
    static final String PROP_INITIAL_ADMIN_IDENTITY = "Initial Admin Identity";
    static final String PROP_LEGACY_AUTHORIZED_USERS_FILE = "Legacy Authorized Users File";
    private Schema usersSchema;
    private Schema tenantsSchema;
    private Schema authorizationsSchema;
    private SchemaFactory schemaFactory;
    private NiFiProperties properties;
    private File tenantsFile;
    private File authorizationsFile;
    private File restoreAuthorizationsFile;
    private File restoreTenantsFile;
    private String rootGroupId;
    private String initialAdminIdentity;
    private String legacyAuthorizedUsersFile;
    private Set<String> nodeIdentities;
    private List<IdentityMapping> identityMappings;
    private static final Logger logger = LoggerFactory.getLogger(FileAuthorizer.class);
    private static final String JAXB_AUTHORIZATIONS_PATH = "org.apache.nifi.authorization.file.generated";
    private static final JAXBContext JAXB_AUTHORIZATIONS_CONTEXT = initializeJaxbContext(JAXB_AUTHORIZATIONS_PATH);
    private static final String JAXB_TENANTS_PATH = "org.apache.nifi.authorization.file.tenants.generated";
    private static final JAXBContext JAXB_TENANTS_CONTEXT = initializeJaxbContext(JAXB_TENANTS_PATH);
    private static final String JAXB_USERS_PATH = "org.apache.nifi.user.generated";
    private static final JAXBContext JAXB_USERS_CONTEXT = initializeJaxbContext(JAXB_USERS_PATH);
    static final Pattern NODE_IDENTITY_PATTERN = Pattern.compile("Node Identity \\S+");
    private List<PortDTO> ports = new ArrayList();
    private final AtomicReference<AuthorizationsHolder> authorizationsHolder = new AtomicReference<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.nifi.authorization.FileAuthorizer$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/nifi/authorization/FileAuthorizer$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$nifi$authorization$RequestAction = new int[RequestAction.values().length];

        static {
            try {
                $SwitchMap$org$apache$nifi$authorization$RequestAction[RequestAction.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$nifi$authorization$RequestAction[RequestAction.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    private static JAXBContext initializeJaxbContext(String str) {
        try {
            return JAXBContext.newInstance(str, FileAuthorizer.class.getClassLoader());
        } catch (JAXBException e) {
            throw new RuntimeException("Unable to create JAXBContext.");
        }
    }

    public void initialize(AuthorizerInitializationContext authorizerInitializationContext) throws AuthorizerCreationException {
        try {
            this.schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
            this.tenantsSchema = this.schemaFactory.newSchema(FileAuthorizer.class.getResource(TENANTS_XSD));
            this.authorizationsSchema = this.schemaFactory.newSchema(FileAuthorizer.class.getResource(AUTHORIZATIONS_XSD));
            this.usersSchema = this.schemaFactory.newSchema(FileAuthorizer.class.getResource(USERS_XSD));
        } catch (Exception e) {
            throw new AuthorizerCreationException(e);
        }
    }

    public void doOnConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
        try {
            PropertyValue property = authorizerConfigurationContext.getProperty(PROP_TENANTS_FILE);
            if (StringUtils.isBlank(property.getValue())) {
                throw new AuthorizerCreationException("The users file must be specified.");
            }
            this.tenantsFile = new File(property.getValue());
            if (!this.tenantsFile.exists()) {
                logger.info("Creating new users file at {}", new Object[]{this.tenantsFile.getAbsolutePath()});
                saveTenants(new Tenants());
            }
            PropertyValue property2 = authorizerConfigurationContext.getProperty(PROP_AUTHORIZATIONS_FILE);
            if (StringUtils.isBlank(property2.getValue())) {
                throw new AuthorizerCreationException("The authorizations file must be specified.");
            }
            this.authorizationsFile = new File(property2.getValue());
            if (!this.authorizationsFile.exists()) {
                logger.info("Creating new authorizations file at {}", new Object[]{this.authorizationsFile.getAbsolutePath()});
                saveAuthorizations(new Authorizations());
            }
            File parentFile = this.authorizationsFile.getAbsoluteFile().getParentFile();
            File parentFile2 = this.tenantsFile.getAbsoluteFile().getParentFile();
            File restoreDirectory = this.properties.getRestoreDirectory();
            if (restoreDirectory != null) {
                FileUtils.ensureDirectoryExistAndCanAccess(restoreDirectory);
                if (parentFile.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
                    throw new AuthorizerCreationException(String.format("Authorizations file directory '%s' is the same as restore directory '%s' ", parentFile.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
                }
                if (parentFile2.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
                    throw new AuthorizerCreationException(String.format("Users file directory '%s' is the same as restore directory '%s' ", parentFile2.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
                }
                this.restoreAuthorizationsFile = new File(restoreDirectory, this.authorizationsFile.getName());
                this.restoreTenantsFile = new File(restoreDirectory, this.tenantsFile.getName());
                try {
                    FileUtils.syncWithRestore(this.authorizationsFile, this.restoreAuthorizationsFile, logger);
                    FileUtils.syncWithRestore(this.tenantsFile, this.restoreTenantsFile, logger);
                } catch (IOException | IllegalStateException e) {
                    throw new AuthorizerCreationException(e);
                }
            }
            this.identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(this.properties));
            PropertyValue property3 = authorizerConfigurationContext.getProperty(PROP_INITIAL_ADMIN_IDENTITY);
            this.initialAdminIdentity = property3 == null ? null : IdentityMappingUtil.mapIdentity(property3.getValue(), this.identityMappings);
            PropertyValue property4 = authorizerConfigurationContext.getProperty(PROP_LEGACY_AUTHORIZED_USERS_FILE);
            this.legacyAuthorizedUsersFile = property4 == null ? null : property4.getValue();
            this.nodeIdentities = new HashSet();
            for (Map.Entry entry : authorizerConfigurationContext.getProperties().entrySet()) {
                if (NODE_IDENTITY_PATTERN.matcher((CharSequence) entry.getKey()).matches() && !StringUtils.isBlank((CharSequence) entry.getValue())) {
                    this.nodeIdentities.add(IdentityMappingUtil.mapIdentity((String) entry.getValue(), this.identityMappings));
                }
            }
            load();
            if (this.restoreAuthorizationsFile != null) {
                FileUtils.copyFile(this.authorizationsFile, this.restoreAuthorizationsFile, false, false, logger);
            }
            if (this.restoreTenantsFile != null) {
                FileUtils.copyFile(this.tenantsFile, this.restoreTenantsFile, false, false, logger);
            }
            logger.info(String.format("Authorizations file loaded at %s", new Date().toString()));
        } catch (IOException | AuthorizerCreationException | JAXBException | IllegalStateException | SAXException e2) {
            throw new AuthorizerCreationException(e2);
        }
    }

    private synchronized void load() throws JAXBException, IOException, IllegalStateException, SAXException {
        Authorizations unmarshallAuthorizations = unmarshallAuthorizations();
        if (unmarshallAuthorizations.getPolicies() == null) {
            unmarshallAuthorizations.setPolicies(new Policies());
        }
        Tenants unmarshallTenants = unmarshallTenants();
        if (unmarshallTenants.getUsers() == null) {
            unmarshallTenants.setUsers(new Users());
        }
        if (unmarshallTenants.getGroups() == null) {
            unmarshallTenants.setGroups(new Groups());
        }
        AuthorizationsHolder authorizationsHolder = new AuthorizationsHolder(unmarshallAuthorizations, unmarshallTenants);
        boolean isEmpty = authorizationsHolder.getAllPolicies().isEmpty();
        boolean z = (this.initialAdminIdentity == null || StringUtils.isBlank(this.initialAdminIdentity)) ? false : true;
        boolean z2 = (this.legacyAuthorizedUsersFile == null || StringUtils.isBlank(this.legacyAuthorizedUsersFile)) ? false : true;
        if (!isEmpty) {
            this.authorizationsHolder.set(authorizationsHolder);
            return;
        }
        parseFlow();
        if (z && z2) {
            throw new AuthorizerCreationException("Cannot provide an Initial Admin Identity and a Legacy Authorized Users File");
        }
        if (z) {
            logger.info("Populating authorizations for Initial Admin: " + this.initialAdminIdentity);
            populateInitialAdmin(unmarshallAuthorizations, unmarshallTenants);
        } else if (z2) {
            logger.info("Converting " + this.legacyAuthorizedUsersFile + " to new authorizations model");
            convertLegacyAuthorizedUsers(unmarshallAuthorizations, unmarshallTenants);
        }
        populateNodes(unmarshallAuthorizations, unmarshallTenants);
        saveAndRefreshHolder(unmarshallAuthorizations, unmarshallTenants);
    }

    private Authorizations unmarshallAuthorizations() throws JAXBException {
        Unmarshaller createUnmarshaller = JAXB_AUTHORIZATIONS_CONTEXT.createUnmarshaller();
        createUnmarshaller.setSchema(this.authorizationsSchema);
        return (Authorizations) createUnmarshaller.unmarshal(new StreamSource(this.authorizationsFile), Authorizations.class).getValue();
    }

    private Tenants unmarshallTenants() throws JAXBException {
        Unmarshaller createUnmarshaller = JAXB_TENANTS_CONTEXT.createUnmarshaller();
        createUnmarshaller.setSchema(this.tenantsSchema);
        return (Tenants) createUnmarshaller.unmarshal(new StreamSource(this.tenantsFile), Tenants.class).getValue();
    }

    private void parseFlow() throws SAXException {
        FlowInfo parse = new FlowParser().parse(this.properties.getFlowConfigurationFile());
        if (parse != null) {
            this.rootGroupId = parse.getRootGroupId();
            this.ports = parse.getPorts() == null ? new ArrayList<>() : parse.getPorts();
        }
    }

    private void populateInitialAdmin(Authorizations authorizations, Tenants tenants) {
        User orCreateUser = getOrCreateUser(tenants, this.initialAdminIdentity);
        addAccessPolicy(authorizations, ResourceType.Flow.getValue(), orCreateUser.getIdentifier(), READ_CODE);
        if (this.rootGroupId != null) {
            addAccessPolicy(authorizations, ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + this.rootGroupId, orCreateUser.getIdentifier(), READ_CODE);
            addAccessPolicy(authorizations, ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + this.rootGroupId, orCreateUser.getIdentifier(), WRITE_CODE);
            addAccessPolicy(authorizations, ResourceType.ProcessGroup.getValue() + "/" + this.rootGroupId, orCreateUser.getIdentifier(), READ_CODE);
            addAccessPolicy(authorizations, ResourceType.ProcessGroup.getValue() + "/" + this.rootGroupId, orCreateUser.getIdentifier(), WRITE_CODE);
        }
        addAccessPolicy(authorizations, ResourceType.Tenant.getValue(), orCreateUser.getIdentifier(), READ_CODE);
        addAccessPolicy(authorizations, ResourceType.Tenant.getValue(), orCreateUser.getIdentifier(), WRITE_CODE);
        addAccessPolicy(authorizations, ResourceType.Policy.getValue(), orCreateUser.getIdentifier(), READ_CODE);
        addAccessPolicy(authorizations, ResourceType.Policy.getValue(), orCreateUser.getIdentifier(), WRITE_CODE);
        addAccessPolicy(authorizations, ResourceType.Controller.getValue(), orCreateUser.getIdentifier(), READ_CODE);
        addAccessPolicy(authorizations, ResourceType.Controller.getValue(), orCreateUser.getIdentifier(), WRITE_CODE);
    }

    private void populateNodes(Authorizations authorizations, Tenants tenants) {
        Iterator<String> it = this.nodeIdentities.iterator();
        while (it.hasNext()) {
            User orCreateUser = getOrCreateUser(tenants, it.next());
            addAccessPolicy(authorizations, ResourceType.Proxy.getValue(), orCreateUser.getIdentifier(), READ_CODE);
            addAccessPolicy(authorizations, ResourceType.Proxy.getValue(), orCreateUser.getIdentifier(), WRITE_CODE);
            if (this.rootGroupId != null) {
                addAccessPolicy(authorizations, ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + this.rootGroupId, orCreateUser.getIdentifier(), READ_CODE);
                addAccessPolicy(authorizations, ResourceType.Data.getValue() + ResourceType.ProcessGroup.getValue() + "/" + this.rootGroupId, orCreateUser.getIdentifier(), WRITE_CODE);
            }
        }
    }

    private void convertLegacyAuthorizedUsers(Authorizations authorizations, Tenants tenants) throws AuthorizerCreationException, JAXBException {
        File file = new File(this.legacyAuthorizedUsersFile);
        if (!file.exists()) {
            throw new AuthorizerCreationException("Legacy Authorized Users File '" + this.legacyAuthorizedUsersFile + "' does not exists");
        }
        Unmarshaller createUnmarshaller = JAXB_USERS_CONTEXT.createUnmarshaller();
        createUnmarshaller.setSchema(this.usersSchema);
        org.apache.nifi.user.generated.Users users = (org.apache.nifi.user.generated.Users) createUnmarshaller.unmarshal(new StreamSource(file), org.apache.nifi.user.generated.Users.class).getValue();
        if (users.getUser().isEmpty()) {
            logger.info("Legacy Authorized Users File contained no users, nothing to convert");
            return;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<org.apache.nifi.user.generated.User> it = users.getUser().iterator();
        while (it.hasNext()) {
            arrayList.add(IdentityMappingUtil.mapIdentity(it.next().getDn(), this.identityMappings));
        }
        Collections.sort(arrayList);
        String str = (String) arrayList.get(0);
        Map<Role, Set<RoleAccessPolicy>> mappings = RoleAccessPolicy.getMappings(this.rootGroupId);
        ArrayList arrayList2 = new ArrayList();
        for (org.apache.nifi.user.generated.User user : users.getUser()) {
            User orCreateUser = getOrCreateUser(tenants, IdentityMappingUtil.mapIdentity(user.getDn(), this.identityMappings));
            Group orCreateGroup = getOrCreateGroup(tenants, user.getGroup());
            if (orCreateGroup != null) {
                Group.User user2 = new Group.User();
                user2.setIdentifier(orCreateUser.getIdentifier());
                orCreateGroup.getUser().add(user2);
            }
            Iterator<org.apache.nifi.user.generated.Role> it2 = user.getRole().iterator();
            while (it2.hasNext()) {
                for (RoleAccessPolicy roleAccessPolicy : mappings.get(Role.valueOf(it2.next().getName()))) {
                    addUserToPolicy(orCreateUser.getIdentifier(), getOrCreatePolicy(arrayList2, str, roleAccessPolicy.getResource(), roleAccessPolicy.getAction()));
                }
            }
        }
        for (PortDTO portDTO : this.ports) {
            Resource dataTransferResource = ResourceFactory.getDataTransferResource(portDTO.getType() != null && portDTO.getType().equals("inputPort"), portDTO.getId(), portDTO.getName());
            if (portDTO.getUserAccessControl() != null) {
                Iterator it3 = portDTO.getUserAccessControl().iterator();
                while (it3.hasNext()) {
                    String mapIdentity = IdentityMappingUtil.mapIdentity((String) it3.next(), this.identityMappings);
                    User user3 = null;
                    Iterator<User> it4 = tenants.getUsers().getUser().iterator();
                    while (true) {
                        if (!it4.hasNext()) {
                            break;
                        }
                        User next = it4.next();
                        if (next.getIdentity().equals(mapIdentity)) {
                            user3 = next;
                            break;
                        }
                    }
                    if (user3 == null) {
                        logger.warn("Found port with user access control for {} but no user exists with this identity, skipping...", new Object[]{mapIdentity});
                    } else {
                        addUserToPolicy(user3.getIdentifier(), getOrCreatePolicy(arrayList2, str, dataTransferResource.getIdentifier(), WRITE_CODE));
                    }
                }
            }
            if (portDTO.getGroupAccessControl() != null) {
                for (String str2 : portDTO.getGroupAccessControl()) {
                    Group group = null;
                    Iterator<Group> it5 = tenants.getGroups().getGroup().iterator();
                    while (true) {
                        if (!it5.hasNext()) {
                            break;
                        }
                        Group next2 = it5.next();
                        if (next2.getName().equals(str2)) {
                            group = next2;
                            break;
                        }
                    }
                    if (group == null) {
                        logger.warn("Found port with group access control for {} but no group exists with this name, skipping...", new Object[]{str2});
                    } else {
                        addGroupToPolicy(group.getIdentifier(), getOrCreatePolicy(arrayList2, str, dataTransferResource.getIdentifier(), WRITE_CODE));
                    }
                }
            }
        }
        authorizations.getPolicies().getPolicy().addAll(arrayList2);
    }

    private void addUserToPolicy(String str, Policy policy) {
        boolean z = false;
        Iterator<Policy.User> it = policy.getUser().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().getIdentifier().equals(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        Policy.User user = new Policy.User();
        user.setIdentifier(str);
        policy.getUser().add(user);
    }

    private void addGroupToPolicy(String str, Policy policy) {
        boolean z = false;
        Iterator<Policy.Group> it = policy.getGroup().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().getIdentifier().equals(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        Policy.Group group = new Policy.Group();
        group.setIdentifier(str);
        policy.getGroup().add(group);
    }

    private User getOrCreateUser(Tenants tenants, String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        User user = null;
        Iterator<User> it = tenants.getUsers().getUser().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            User next = it.next();
            if (next.getIdentity().equals(str)) {
                user = next;
                break;
            }
        }
        if (user == null) {
            String uuid = UUID.nameUUIDFromBytes(str.getBytes(StandardCharsets.UTF_8)).toString();
            user = new User();
            user.setIdentifier(uuid);
            user.setIdentity(str);
            tenants.getUsers().getUser().add(user);
        }
        return user;
    }

    private Group getOrCreateGroup(Tenants tenants, String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        Group group = null;
        Iterator<Group> it = tenants.getGroups().getGroup().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Group next = it.next();
            if (next.getName().equals(str)) {
                group = next;
                break;
            }
        }
        if (group == null) {
            UUID nameUUIDFromBytes = UUID.nameUUIDFromBytes(str.getBytes(StandardCharsets.UTF_8));
            group = new Group();
            group.setIdentifier(nameUUIDFromBytes.toString());
            group.setName(str);
            tenants.getGroups().getGroup().add(group);
        }
        return group;
    }

    private Policy getOrCreatePolicy(List<Policy> list, String str, String str2, String str3) {
        Policy policy = null;
        Iterator<Policy> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Policy next = it.next();
            if (next.getResource().equals(str2) && next.getAction().equals(str3)) {
                policy = next;
                break;
            }
        }
        if (policy == null) {
            UUID nameUUIDFromBytes = UUID.nameUUIDFromBytes((str2 + str3 + str).getBytes(StandardCharsets.UTF_8));
            policy = new Policy();
            policy.setIdentifier(nameUUIDFromBytes.toString());
            policy.setResource(str2);
            policy.setAction(str3);
            list.add(policy);
        }
        return policy;
    }

    private void addAccessPolicy(Authorizations authorizations, String str, String str2, String str3) {
        Policy policy = null;
        Iterator<Policy> it = authorizations.getPolicies().getPolicy().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Policy next = it.next();
            if (next.getResource().equals(str) && next.getAction().equals(str3)) {
                policy = next;
                break;
            }
        }
        if (policy != null) {
            Policy.User user = new Policy.User();
            user.setIdentifier(str2);
            policy.getUser().add(user);
            return;
        }
        AccessPolicy.Builder addUser = new AccessPolicy.Builder().identifier(UUID.nameUUIDFromBytes((str + str2 + str3).getBytes(StandardCharsets.UTF_8)).toString()).resource(str).addUser(str2);
        if (str3.equals(READ_CODE)) {
            addUser.action(RequestAction.READ);
        } else {
            if (!str3.equals(WRITE_CODE)) {
                throw new IllegalStateException("Unknown Policy Action: " + str3);
            }
            addUser.action(RequestAction.WRITE);
        }
        authorizations.getPolicies().getPolicy().add(createJAXBPolicy(addUser.build()));
    }

    private synchronized void saveAndRefreshHolder(Authorizations authorizations, Tenants tenants) throws AuthorizationAccessException {
        try {
            saveTenants(tenants);
            saveAuthorizations(authorizations);
            this.authorizationsHolder.set(new AuthorizationsHolder(authorizations, tenants));
        } catch (JAXBException e) {
            throw new AuthorizationAccessException("Unable to save Authorizations", e);
        }
    }

    private void saveAuthorizations(Authorizations authorizations) throws JAXBException {
        Marshaller createMarshaller = JAXB_AUTHORIZATIONS_CONTEXT.createMarshaller();
        createMarshaller.setSchema(this.authorizationsSchema);
        createMarshaller.setProperty("jaxb.formatted.output", true);
        createMarshaller.marshal(authorizations, this.authorizationsFile);
    }

    private void saveTenants(Tenants tenants) throws JAXBException {
        Marshaller createMarshaller = JAXB_TENANTS_CONTEXT.createMarshaller();
        createMarshaller.setSchema(this.tenantsSchema);
        createMarshaller.setProperty("jaxb.formatted.output", true);
        createMarshaller.marshal(tenants, this.tenantsFile);
    }

    @AuthorizerContext
    public void setNiFiProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    public void preDestruction() {
    }

    public synchronized Group doAddGroup(Group group) throws AuthorizationAccessException {
        if (group == null) {
            throw new IllegalArgumentException("Group cannot be null");
        }
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        checkGroupUsers(group, tenants.getUsers().getUser());
        Group group2 = new Group();
        group2.setIdentifier(group.getIdentifier());
        group2.setName(group.getName());
        for (String str : group.getUsers()) {
            Group.User user = new Group.User();
            user.setIdentifier(str);
            group2.getUser().add(user);
        }
        tenants.getGroups().getGroup().add(group2);
        saveAndRefreshHolder(authorizations, tenants);
        return this.authorizationsHolder.get().getGroupsById().get(group.getIdentifier());
    }

    public Group getGroup(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.authorizationsHolder.get().getGroupsById().get(str);
    }

    public synchronized Group doUpdateGroup(Group group) throws AuthorizationAccessException {
        if (group == null) {
            throw new IllegalArgumentException("Group cannot be null");
        }
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        Group group2 = null;
        Iterator<Group> it = tenants.getGroups().getGroup().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Group next = it.next();
            if (next.getIdentifier().equals(group.getIdentifier())) {
                group2 = next;
                break;
            }
        }
        if (group2 == null) {
            return null;
        }
        group2.getUser().clear();
        for (String str : group.getUsers()) {
            Group.User user = new Group.User();
            user.setIdentifier(str);
            group2.getUser().add(user);
        }
        group2.setName(group.getName());
        saveAndRefreshHolder(authorizations, tenants);
        return this.authorizationsHolder.get().getGroupsById().get(group.getIdentifier());
    }

    public synchronized Group deleteGroup(Group group) throws AuthorizationAccessException {
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        List<Group> group2 = tenants.getGroups().getGroup();
        Iterator<Policy> it = authorizations.getPolicies().getPolicy().iterator();
        while (it.hasNext()) {
            Iterator<Policy.Group> it2 = it.next().getGroup().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (it2.next().getIdentifier().equals(group.getIdentifier())) {
                    it2.remove();
                    break;
                }
            }
        }
        boolean z = false;
        Iterator<Group> it3 = group2.iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            }
            if (group.getIdentifier().equals(it3.next().getIdentifier())) {
                it3.remove();
                z = true;
                break;
            }
        }
        if (!z) {
            return null;
        }
        saveAndRefreshHolder(authorizations, tenants);
        return group;
    }

    public Set<Group> getGroups() throws AuthorizationAccessException {
        return this.authorizationsHolder.get().getAllGroups();
    }

    private Set<User> checkGroupUsers(Group group, List<User> list) {
        HashSet hashSet = new HashSet();
        for (String str : group.getUsers()) {
            boolean z = false;
            Iterator<User> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                User next = it.next();
                if (next.getIdentifier().equals(str)) {
                    hashSet.add(next);
                    z = true;
                    break;
                }
            }
            if (!z) {
                throw new IllegalStateException("Unable to add group because user " + str + " does not exist");
            }
        }
        return hashSet;
    }

    public synchronized User doAddUser(User user) throws AuthorizationAccessException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        User createJAXBUser = createJAXBUser(user);
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        tenants.getUsers().getUser().add(createJAXBUser);
        saveAndRefreshHolder(authorizations, tenants);
        return this.authorizationsHolder.get().getUsersById().get(user.getIdentifier());
    }

    private User createJAXBUser(User user) {
        User user2 = new User();
        user2.setIdentifier(user.getIdentifier());
        user2.setIdentity(user.getIdentity());
        return user2;
    }

    public User getUser(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.authorizationsHolder.get().getUsersById().get(str);
    }

    public User getUserByIdentity(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.authorizationsHolder.get().getUsersByIdentity().get(str);
    }

    public synchronized User doUpdateUser(User user) throws AuthorizationAccessException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        User user2 = null;
        Iterator<User> it = tenants.getUsers().getUser().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            User next = it.next();
            if (user.getIdentifier().equals(next.getIdentifier())) {
                user2 = next;
                break;
            }
        }
        if (user2 == null) {
            return null;
        }
        user2.setIdentity(user.getIdentity());
        saveAndRefreshHolder(authorizations, tenants);
        return this.authorizationsHolder.get().getUsersById().get(user.getIdentifier());
    }

    public synchronized User deleteUser(User user) throws AuthorizationAccessException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        List<User> user2 = tenants.getUsers().getUser();
        Iterator<Group> it = tenants.getGroups().getGroup().iterator();
        while (it.hasNext()) {
            Iterator<Group.User> it2 = it.next().getUser().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (it2.next().getIdentifier().equals(user.getIdentifier())) {
                    it2.remove();
                    break;
                }
            }
        }
        Iterator<Policy> it3 = authorizations.getPolicies().getPolicy().iterator();
        while (it3.hasNext()) {
            Iterator<Policy.User> it4 = it3.next().getUser().iterator();
            while (true) {
                if (!it4.hasNext()) {
                    break;
                }
                if (it4.next().getIdentifier().equals(user.getIdentifier())) {
                    it4.remove();
                    break;
                }
            }
        }
        boolean z = false;
        Iterator<User> it5 = user2.iterator();
        while (true) {
            if (!it5.hasNext()) {
                break;
            }
            if (user.getIdentifier().equals(it5.next().getIdentifier())) {
                it5.remove();
                z = true;
                break;
            }
        }
        if (!z) {
            return null;
        }
        saveAndRefreshHolder(authorizations, tenants);
        return user;
    }

    public Set<User> getUsers() throws AuthorizationAccessException {
        return this.authorizationsHolder.get().getAllUsers();
    }

    public synchronized AccessPolicy doAddAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
        if (accessPolicy == null) {
            throw new IllegalArgumentException("AccessPolicy cannot be null");
        }
        Policy createJAXBPolicy = createJAXBPolicy(accessPolicy);
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        authorizations.getPolicies().getPolicy().add(createJAXBPolicy);
        saveAndRefreshHolder(authorizations, tenants);
        return this.authorizationsHolder.get().getPoliciesById().get(accessPolicy.getIdentifier());
    }

    private Policy createJAXBPolicy(AccessPolicy accessPolicy) {
        Policy policy = new Policy();
        policy.setIdentifier(accessPolicy.getIdentifier());
        policy.setResource(accessPolicy.getResource());
        switch (AnonymousClass1.$SwitchMap$org$apache$nifi$authorization$RequestAction[accessPolicy.getAction().ordinal()]) {
            case 1:
                policy.setAction(READ_CODE);
                break;
            case 2:
                policy.setAction(WRITE_CODE);
                break;
        }
        transferUsersAndGroups(accessPolicy, policy);
        return policy;
    }

    public AccessPolicy getAccessPolicy(String str) throws AuthorizationAccessException {
        if (str == null) {
            return null;
        }
        return this.authorizationsHolder.get().getPoliciesById().get(str);
    }

    public synchronized AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
        if (accessPolicy == null) {
            throw new IllegalArgumentException("AccessPolicy cannot be null");
        }
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        Policy policy = null;
        Iterator<Policy> it = authorizations.getPolicies().getPolicy().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Policy next = it.next();
            if (next.getIdentifier().equals(accessPolicy.getIdentifier())) {
                policy = next;
                break;
            }
        }
        if (policy == null) {
            return null;
        }
        transferUsersAndGroups(accessPolicy, policy);
        saveAndRefreshHolder(authorizations, tenants);
        return this.authorizationsHolder.get().getPoliciesById().get(accessPolicy.getIdentifier());
    }

    public synchronized AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
        if (accessPolicy == null) {
            throw new IllegalArgumentException("AccessPolicy cannot be null");
        }
        AuthorizationsHolder authorizationsHolder = this.authorizationsHolder.get();
        Tenants tenants = authorizationsHolder.getTenants();
        Authorizations authorizations = authorizationsHolder.getAuthorizations();
        boolean z = false;
        Iterator<Policy> it = authorizations.getPolicies().getPolicy().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().getIdentifier().equals(accessPolicy.getIdentifier())) {
                it.remove();
                z = true;
                break;
            }
        }
        if (!z) {
            return null;
        }
        saveAndRefreshHolder(authorizations, tenants);
        return accessPolicy;
    }

    public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
        return this.authorizationsHolder.get().getAllPolicies();
    }

    public UsersAndAccessPolicies getUsersAndAccessPolicies() throws AuthorizationAccessException {
        return this.authorizationsHolder.get();
    }

    private void transferUsersAndGroups(AccessPolicy accessPolicy, Policy policy) {
        policy.getUser().clear();
        for (String str : accessPolicy.getUsers()) {
            Policy.User user = new Policy.User();
            user.setIdentifier(str);
            policy.getUser().add(user);
        }
        policy.getGroup().clear();
        for (String str2 : accessPolicy.getGroups()) {
            Policy.Group group = new Policy.Group();
            group.setIdentifier(str2);
            policy.getGroup().add(group);
        }
    }
}
