package org.apache.nifi.web.dao.impl;

import java.util.Set;
import java.util.stream.Collectors;
import org.apache.nifi.authorization.AbstractPolicyBasedAuthorizer;
import org.apache.nifi.authorization.AccessPolicy;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.AuthorizerConfigurationContext;
import org.apache.nifi.authorization.AuthorizerInitializationContext;
import org.apache.nifi.authorization.Group;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.User;
import org.apache.nifi.authorization.UsersAndAccessPolicies;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
import org.apache.nifi.authorization.resource.Authorizable;
import org.apache.nifi.web.ResourceNotFoundException;
import org.apache.nifi.web.api.dto.AccessPolicyDTO;
import org.apache.nifi.web.api.dto.UserDTO;
import org.apache.nifi.web.api.dto.UserGroupDTO;
import org.apache.nifi.web.dao.AccessPolicyDAO;
import org.apache.nifi.web.dao.UserDAO;
import org.apache.nifi.web.dao.UserGroupDAO;

/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.class */
public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGroupDAO, UserDAO {
    private final AbstractPolicyBasedAuthorizer authorizer;
    private final boolean supportsConfigurableAuthorizer;

    public StandardPolicyBasedAuthorizerDAO(Authorizer authorizer) {
        if (authorizer instanceof AbstractPolicyBasedAuthorizer) {
            this.authorizer = (AbstractPolicyBasedAuthorizer) authorizer;
            this.supportsConfigurableAuthorizer = true;
        } else {
            this.authorizer = new AbstractPolicyBasedAuthorizer() { // from class: org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO.1
                public Group doAddGroup(Group group) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public Group getGroup(String str) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public Group doUpdateGroup(Group group) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public Group deleteGroup(Group group) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public Set<Group> getGroups() throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public User doAddUser(User user) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public User getUser(String str) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public User getUserByIdentity(String str) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public User doUpdateUser(User user) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public User deleteUser(User user) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public Set<User> getUsers() throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public AccessPolicy doAddAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public AccessPolicy getAccessPolicy(String str) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public UsersAndAccessPolicies getUsersAndAccessPolicies() throws AuthorizationAccessException {
                    throw new IllegalStateException(AccessPolicyDAO.MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER);
                }

                public void initialize(AuthorizerInitializationContext authorizerInitializationContext) throws AuthorizerCreationException {
                }

                public void doOnConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
                }

                public void preDestruction() throws AuthorizerDestructionException {
                }
            };
            this.supportsConfigurableAuthorizer = false;
        }
    }

    private AccessPolicy findAccessPolicy(RequestAction requestAction, String str) {
        return (AccessPolicy) this.authorizer.getAccessPolicies().stream().filter(accessPolicy -> {
            return accessPolicy.getAction().equals(requestAction) && accessPolicy.getResource().equals(str);
        }).findFirst().orElse(null);
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public boolean supportsConfigurableAuthorizer() {
        return this.supportsConfigurableAuthorizer;
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public boolean hasAccessPolicy(String str) {
        return this.authorizer.getAccessPolicy(str) != null;
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy createAccessPolicy(AccessPolicyDTO accessPolicyDTO) {
        return this.authorizer.addAccessPolicy(buildAccessPolicy(accessPolicyDTO.getId(), accessPolicyDTO.getResource(), RequestAction.valueOfValue(accessPolicyDTO.getAction()), accessPolicyDTO));
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy getAccessPolicy(String str) {
        AccessPolicy accessPolicy = this.authorizer.getAccessPolicy(str);
        if (accessPolicy == null) {
            throw new ResourceNotFoundException(String.format("Unable to find access policy with id '%s'.", str));
        }
        return accessPolicy;
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy getAccessPolicy(RequestAction requestAction, String str) {
        return findAccessPolicy(requestAction, str);
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy getAccessPolicy(RequestAction requestAction, Authorizable authorizable) {
        String identifier = authorizable.getResource().getIdentifier();
        AccessPolicy findAccessPolicy = findAccessPolicy(requestAction, authorizable.getResource().getIdentifier());
        if (findAccessPolicy != null) {
            return findAccessPolicy;
        }
        Authorizable parentAuthorizable = authorizable.getParentAuthorizable();
        if (parentAuthorizable == null) {
            throw new ResourceNotFoundException(String.format("Unable to find access policy for %s on %s", requestAction.toString(), identifier));
        }
        return getAccessPolicy(requestAction, parentAuthorizable);
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy updateAccessPolicy(AccessPolicyDTO accessPolicyDTO) {
        AccessPolicy accessPolicy = getAccessPolicy(accessPolicyDTO.getId());
        return this.authorizer.updateAccessPolicy(buildAccessPolicy(accessPolicy.getIdentifier(), accessPolicy.getResource(), accessPolicy.getAction(), accessPolicyDTO));
    }

    @Override // org.apache.nifi.web.dao.AccessPolicyDAO
    public AccessPolicy deleteAccessPolicy(String str) {
        return this.authorizer.deleteAccessPolicy(getAccessPolicy(str));
    }

    private AccessPolicy buildAccessPolicy(String str, String str2, RequestAction requestAction, AccessPolicyDTO accessPolicyDTO) {
        Set userGroups = accessPolicyDTO.getUserGroups();
        Set users = accessPolicyDTO.getUsers();
        AccessPolicy.Builder resource = new AccessPolicy.Builder().identifier(str).resource(str2);
        if (userGroups != null) {
            resource.addGroups((Set) userGroups.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        if (users != null) {
            resource.addUsers((Set) users.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        resource.action(requestAction);
        return resource.build();
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public boolean hasUserGroup(String str) {
        return this.authorizer.getGroup(str) != null;
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group createUserGroup(UserGroupDTO userGroupDTO) {
        return this.authorizer.addGroup(buildUserGroup(userGroupDTO.getId(), userGroupDTO));
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group getUserGroup(String str) {
        Group group = this.authorizer.getGroup(str);
        if (group == null) {
            throw new ResourceNotFoundException(String.format("Unable to find user group with id '%s'.", str));
        }
        return group;
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<Group> getUserGroupsForUser(String str) {
        return (Set) this.authorizer.getGroups().stream().filter(group -> {
            return group.getUsers().contains(str);
        }).collect(Collectors.toSet());
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<AccessPolicy> getAccessPoliciesForUser(String str) {
        return (Set) this.authorizer.getAccessPolicies().stream().filter(accessPolicy -> {
            return accessPolicy.getUsers().contains(str) || !((Set) accessPolicy.getGroups().stream().filter(str2 -> {
                return this.authorizer.getGroup(str2).getUsers().contains(str);
            }).collect(Collectors.toSet())).isEmpty();
        }).collect(Collectors.toSet());
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<AccessPolicy> getAccessPoliciesForUserGroup(String str) {
        return (Set) this.authorizer.getAccessPolicies().stream().filter(accessPolicy -> {
            return accessPolicy.getGroups().contains(str);
        }).collect(Collectors.toSet());
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Set<Group> getUserGroups() {
        return this.authorizer.getGroups();
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group updateUserGroup(UserGroupDTO userGroupDTO) {
        return this.authorizer.updateGroup(buildUserGroup(getUserGroup(userGroupDTO.getId()).getIdentifier(), userGroupDTO));
    }

    @Override // org.apache.nifi.web.dao.UserGroupDAO
    public Group deleteUserGroup(String str) {
        return this.authorizer.deleteGroup(getUserGroup(str));
    }

    private Group buildUserGroup(String str, UserGroupDTO userGroupDTO) {
        Set users = userGroupDTO.getUsers();
        Group.Builder name = new Group.Builder().identifier(str).name(userGroupDTO.getIdentity());
        if (users != null) {
            name.addUsers((Set) users.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
        return name.build();
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public boolean hasUser(String str) {
        return this.authorizer.getUser(str) != null;
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User createUser(UserDTO userDTO) {
        return this.authorizer.addUser(buildUser(userDTO.getId(), userDTO));
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User getUser(String str) {
        User user = this.authorizer.getUser(str);
        if (user == null) {
            throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", str));
        }
        return user;
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public Set<User> getUsers() {
        return this.authorizer.getUsers();
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User updateUser(UserDTO userDTO) {
        return this.authorizer.updateUser(buildUser(getUser(userDTO.getId()).getIdentifier(), userDTO));
    }

    @Override // org.apache.nifi.web.dao.UserDAO
    public User deleteUser(String str) {
        return this.authorizer.deleteUser(getUser(str));
    }

    private User buildUser(String str, UserDTO userDTO) {
        return new User.Builder().identifier(str).identity(userDTO.getIdentity()).build();
    }
}
