package org.apache.nifi.web.api;

import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
import java.util.HashMap;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.AuthorizationRequest;
import org.apache.nifi.authorization.AuthorizationResult;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.UserContextKeys;
import org.apache.nifi.authorization.resource.ResourceFactory;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.api.dto.ResourceDTO;
import org.apache.nifi.web.api.entity.ResourcesEntity;

@Path("/resources")
@Api(value = "/resources", description = "Provides the resources in this NiFi that can have access/authorization policies.")
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/ResourceResource.class */
public class ResourceResource extends ApplicationResource {
    private NiFiServiceFacade serviceFacade;
    private Authorizer authorizer;

    private void authorizeResource() {
        HashMap hashMap;
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        if (StringUtils.isBlank(niFiUser.getClientAddress())) {
            hashMap = null;
        } else {
            hashMap = new HashMap();
            hashMap.put(UserContextKeys.CLIENT_ADDRESS.name(), niFiUser.getClientAddress());
        }
        AuthorizationResult authorize = this.authorizer.authorize(new AuthorizationRequest.Builder().resource(ResourceFactory.getResourceResource()).identity(niFiUser.getIdentity()).anonymous(Boolean.valueOf(niFiUser.isAnonymous())).accessAttempt(true).action(RequestAction.READ).userContext(hashMap).explanationSupplier(() -> {
            return "Unable to retrieve resources.";
        }).build());
        if (!AuthorizationResult.Result.Approved.equals(authorize.getResult())) {
            throw new AccessDeniedException(authorize.getExplanation());
        }
    }

    @GET
    @Consumes({"*/*"})
    @ApiOperation(value = "Gets the available resources that support access/authorization policies", response = ResourcesEntity.class, authorizations = {@Authorization(value = "Read - /resources", type = "")})
    @ApiResponses({@ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request.")})
    @Produces({"application/json"})
    public Response getResources() {
        authorizeResource();
        if (isReplicateRequest()) {
            return replicate("GET");
        }
        List<ResourceDTO> resources = this.serviceFacade.getResources();
        ResourcesEntity resourcesEntity = new ResourcesEntity();
        resourcesEntity.setResources(resources);
        return clusterContext(generateOkResponse(resourcesEntity)).build();
    }

    public void setServiceFacade(NiFiServiceFacade niFiServiceFacade) {
        this.serviceFacade = niFiServiceFacade;
    }

    public void setAuthorizer(Authorizer authorizer) {
        this.authorizer = authorizer;
    }
}
