package org.apache.nifi.authorization;

import java.lang.reflect.Proxy;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.ClassUtils;
import org.apache.nifi.authorization.AuthorizationResult;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
import org.apache.nifi.authorization.exception.UninheritableAuthorizationsException;

/* loaded from: input_file:org/apache/nifi/authorization/AuthorizerFactory.class */
public final class AuthorizerFactory {
    /* JADX INFO: Access modifiers changed from: private */
    public static boolean policyExists(AccessPolicyProvider accessPolicyProvider, AccessPolicy accessPolicy) {
        for (AccessPolicy accessPolicy2 : accessPolicyProvider.getAccessPolicies()) {
            if (!accessPolicy2.getIdentifier().equals(accessPolicy.getIdentifier()) && accessPolicy2.getResource().equals(accessPolicy.getResource()) && accessPolicy2.getAction().equals(accessPolicy.getAction())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean tenantExists(UserGroupProvider userGroupProvider, String str, String str2) {
        for (User user : userGroupProvider.getUsers()) {
            if (!user.getIdentifier().equals(str) && user.getIdentity().equals(str2)) {
                return true;
            }
        }
        for (Group group : userGroupProvider.getGroups()) {
            if (!group.getIdentifier().equals(str) && group.getName().equals(str2)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean allGroupUsersExist(UserGroupProvider userGroupProvider, Group group) {
        Iterator it = group.getUsers().iterator();
        while (it.hasNext()) {
            if (userGroupProvider.getUser((String) it.next()) == null) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void audit(Authorizer authorizer, AuthorizationRequest authorizationRequest, AuthorizationResult authorizationResult) {
        if ((authorizer instanceof AuthorizationAuditor) && authorizationRequest.isAccessAttempt() && !AuthorizationResult.Result.ResourceNotFound.equals(authorizationResult.getResult())) {
            ((AuthorizationAuditor) authorizer).auditAccessAttempt(authorizationRequest, authorizationResult);
        }
    }

    public static Authorizer installIntegrityChecks(final Authorizer authorizer) {
        ManagedAuthorizer managedAuthorizer;
        if (authorizer instanceof ManagedAuthorizer) {
            final ManagedAuthorizer managedAuthorizer2 = (ManagedAuthorizer) authorizer;
            managedAuthorizer = new ManagedAuthorizer() { // from class: org.apache.nifi.authorization.AuthorizerFactory.1
                public String getFingerprint() throws AuthorizationAccessException {
                    return managedAuthorizer2.getFingerprint();
                }

                public void inheritFingerprint(String str) throws AuthorizationAccessException {
                    managedAuthorizer2.inheritFingerprint(str);
                }

                public void checkInheritability(String str) throws AuthorizationAccessException, UninheritableAuthorizationsException {
                    managedAuthorizer2.checkInheritability(str);
                }

                public AccessPolicyProvider getAccessPolicyProvider() {
                    ConfigurableAccessPolicyProvider accessPolicyProvider = managedAuthorizer2.getAccessPolicyProvider();
                    if (!(accessPolicyProvider instanceof ConfigurableAccessPolicyProvider)) {
                        return accessPolicyProvider;
                    }
                    final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = accessPolicyProvider;
                    return new ConfigurableAccessPolicyProvider() { // from class: org.apache.nifi.authorization.AuthorizerFactory.1.1
                        public String getFingerprint() throws AuthorizationAccessException {
                            return configurableAccessPolicyProvider.getFingerprint();
                        }

                        public void inheritFingerprint(String str) throws AuthorizationAccessException {
                            configurableAccessPolicyProvider.inheritFingerprint(str);
                        }

                        public void checkInheritability(String str) throws AuthorizationAccessException, UninheritableAuthorizationsException {
                            configurableAccessPolicyProvider.checkInheritability(str);
                        }

                        public AccessPolicy addAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
                            if (AuthorizerFactory.policyExists(configurableAccessPolicyProvider, accessPolicy)) {
                                throw new IllegalStateException(String.format("Found multiple policies for '%s' with '%s'.", accessPolicy.getResource(), accessPolicy.getAction()));
                            }
                            return configurableAccessPolicyProvider.addAccessPolicy(accessPolicy);
                        }

                        public boolean isConfigurable(AccessPolicy accessPolicy) {
                            return configurableAccessPolicyProvider.isConfigurable(accessPolicy);
                        }

                        public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
                            if (configurableAccessPolicyProvider.isConfigurable(accessPolicy)) {
                                return configurableAccessPolicyProvider.updateAccessPolicy(accessPolicy);
                            }
                            throw new IllegalArgumentException("The specified access policy is not support modification.");
                        }

                        public AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
                            if (configurableAccessPolicyProvider.isConfigurable(accessPolicy)) {
                                return configurableAccessPolicyProvider.deleteAccessPolicy(accessPolicy);
                            }
                            throw new IllegalArgumentException("The specified access policy is not support modification.");
                        }

                        public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
                            return configurableAccessPolicyProvider.getAccessPolicies();
                        }

                        public AccessPolicy getAccessPolicy(String str) throws AuthorizationAccessException {
                            return configurableAccessPolicyProvider.getAccessPolicy(str);
                        }

                        public AccessPolicy getAccessPolicy(String str, RequestAction requestAction) throws AuthorizationAccessException {
                            return configurableAccessPolicyProvider.getAccessPolicy(str, requestAction);
                        }

                        public UserGroupProvider getUserGroupProvider() {
                            ConfigurableUserGroupProvider userGroupProvider = configurableAccessPolicyProvider.getUserGroupProvider();
                            if (!(userGroupProvider instanceof ConfigurableUserGroupProvider)) {
                                return userGroupProvider;
                            }
                            final ConfigurableUserGroupProvider configurableUserGroupProvider = userGroupProvider;
                            return new ConfigurableUserGroupProvider() { // from class: org.apache.nifi.authorization.AuthorizerFactory.1.1.1
                                public String getFingerprint() throws AuthorizationAccessException {
                                    return configurableUserGroupProvider.getFingerprint();
                                }

                                public void inheritFingerprint(String str) throws AuthorizationAccessException {
                                    configurableUserGroupProvider.inheritFingerprint(str);
                                }

                                public void checkInheritability(String str) throws AuthorizationAccessException, UninheritableAuthorizationsException {
                                    configurableUserGroupProvider.checkInheritability(str);
                                }

                                public User addUser(User user) throws AuthorizationAccessException {
                                    if (AuthorizerFactory.tenantExists(configurableUserGroupProvider, user.getIdentifier(), user.getIdentity())) {
                                        throw new IllegalStateException(String.format("User/user group already exists with the identity '%s'.", user.getIdentity()));
                                    }
                                    return configurableUserGroupProvider.addUser(user);
                                }

                                public boolean isConfigurable(User user) {
                                    return configurableUserGroupProvider.isConfigurable(user);
                                }

                                public User updateUser(User user) throws AuthorizationAccessException {
                                    if (AuthorizerFactory.tenantExists(configurableUserGroupProvider, user.getIdentifier(), user.getIdentity())) {
                                        throw new IllegalStateException(String.format("User/user group already exists with the identity '%s'.", user.getIdentity()));
                                    }
                                    if (configurableUserGroupProvider.isConfigurable(user)) {
                                        return configurableUserGroupProvider.updateUser(user);
                                    }
                                    throw new IllegalArgumentException("The specified user does not support modification.");
                                }

                                public User deleteUser(User user) throws AuthorizationAccessException {
                                    if (configurableUserGroupProvider.isConfigurable(user)) {
                                        return configurableUserGroupProvider.deleteUser(user);
                                    }
                                    throw new IllegalArgumentException("The specified user does not support modification.");
                                }

                                public Group addGroup(Group group) throws AuthorizationAccessException {
                                    if (AuthorizerFactory.tenantExists(configurableUserGroupProvider, group.getIdentifier(), group.getName())) {
                                        throw new IllegalStateException(String.format("User/user group already exists with the identity '%s'.", group.getName()));
                                    }
                                    if (AuthorizerFactory.allGroupUsersExist(configurableUserGroupProvider, group)) {
                                        return configurableUserGroupProvider.addGroup(group);
                                    }
                                    throw new IllegalStateException(String.format("Cannot create group '%s' with users that don't exist.", group.getName()));
                                }

                                public boolean isConfigurable(Group group) {
                                    return configurableUserGroupProvider.isConfigurable(group);
                                }

                                public Group updateGroup(Group group) throws AuthorizationAccessException {
                                    if (AuthorizerFactory.tenantExists(configurableUserGroupProvider, group.getIdentifier(), group.getName())) {
                                        throw new IllegalStateException(String.format("User/user group already exists with the identity '%s'.", group.getName()));
                                    }
                                    if (!AuthorizerFactory.allGroupUsersExist(configurableUserGroupProvider, group)) {
                                        throw new IllegalStateException(String.format("Cannot update group '%s' to add users that don't exist.", group.getName()));
                                    }
                                    if (configurableUserGroupProvider.isConfigurable(group)) {
                                        return configurableUserGroupProvider.updateGroup(group);
                                    }
                                    throw new IllegalArgumentException("The specified group does not support modification.");
                                }

                                public Group deleteGroup(Group group) throws AuthorizationAccessException {
                                    if (configurableUserGroupProvider.isConfigurable(group)) {
                                        return configurableUserGroupProvider.deleteGroup(group);
                                    }
                                    throw new IllegalArgumentException("The specified group does not support modification.");
                                }

                                public Set<User> getUsers() throws AuthorizationAccessException {
                                    return configurableUserGroupProvider.getUsers();
                                }

                                public User getUser(String str) throws AuthorizationAccessException {
                                    return configurableUserGroupProvider.getUser(str);
                                }

                                public User getUserByIdentity(String str) throws AuthorizationAccessException {
                                    return configurableUserGroupProvider.getUserByIdentity(str);
                                }

                                public Set<Group> getGroups() throws AuthorizationAccessException {
                                    return configurableUserGroupProvider.getGroups();
                                }

                                public Group getGroup(String str) throws AuthorizationAccessException {
                                    return configurableUserGroupProvider.getGroup(str);
                                }

                                public UserAndGroups getUserAndGroups(String str) throws AuthorizationAccessException {
                                    return configurableUserGroupProvider.getUserAndGroups(str);
                                }

                                public void initialize(UserGroupProviderInitializationContext userGroupProviderInitializationContext) throws AuthorizerCreationException {
                                    configurableUserGroupProvider.initialize(userGroupProviderInitializationContext);
                                }

                                public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
                                    configurableUserGroupProvider.onConfigured(authorizerConfigurationContext);
                                }

                                public void preDestruction() throws AuthorizerDestructionException {
                                    configurableUserGroupProvider.preDestruction();
                                }
                            };
                        }

                        public void initialize(AccessPolicyProviderInitializationContext accessPolicyProviderInitializationContext) throws AuthorizerCreationException {
                            configurableAccessPolicyProvider.initialize(accessPolicyProviderInitializationContext);
                        }

                        public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
                            configurableAccessPolicyProvider.onConfigured(authorizerConfigurationContext);
                        }

                        public void preDestruction() throws AuthorizerDestructionException {
                            configurableAccessPolicyProvider.preDestruction();
                        }
                    };
                }

                public AuthorizationResult authorize(AuthorizationRequest authorizationRequest) throws AuthorizationAccessException {
                    AuthorizationResult authorize = authorizer.authorize(authorizationRequest);
                    AuthorizerFactory.audit(authorizer, authorizationRequest, authorize);
                    return authorize;
                }

                public void initialize(AuthorizerInitializationContext authorizerInitializationContext) throws AuthorizerCreationException {
                    managedAuthorizer2.initialize(authorizerInitializationContext);
                }

                public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
                    managedAuthorizer2.onConfigured(authorizerConfigurationContext);
                    AccessPolicyProvider accessPolicyProvider = managedAuthorizer2.getAccessPolicyProvider();
                    UserGroupProvider userGroupProvider = accessPolicyProvider.getUserGroupProvider();
                    for (AccessPolicy accessPolicy : accessPolicyProvider.getAccessPolicies()) {
                        if (AuthorizerFactory.policyExists(accessPolicyProvider, accessPolicy)) {
                            throw new AuthorizerCreationException(String.format("Found multiple policies for '%s' with '%s'.", accessPolicy.getResource(), accessPolicy.getAction()));
                        }
                    }
                    for (User user : userGroupProvider.getUsers()) {
                        if (AuthorizerFactory.tenantExists(userGroupProvider, user.getIdentifier(), user.getIdentity())) {
                            throw new AuthorizerCreationException(String.format("Found multiple users/user groups with identity '%s'.", user.getIdentity()));
                        }
                    }
                    for (Group group : userGroupProvider.getGroups()) {
                        if (AuthorizerFactory.tenantExists(userGroupProvider, group.getIdentifier(), group.getName())) {
                            throw new AuthorizerCreationException(String.format("Found multiple users/user groups with name '%s'.", group.getName()));
                        }
                    }
                }

                public void preDestruction() throws AuthorizerDestructionException {
                    managedAuthorizer2.preDestruction();
                }
            };
        } else {
            managedAuthorizer = new Authorizer() { // from class: org.apache.nifi.authorization.AuthorizerFactory.2
                public AuthorizationResult authorize(AuthorizationRequest authorizationRequest) throws AuthorizationAccessException {
                    AuthorizationResult authorize = authorizer.authorize(authorizationRequest);
                    AuthorizerFactory.audit(authorizer, authorizationRequest, authorize);
                    return authorize;
                }

                public void initialize(AuthorizerInitializationContext authorizerInitializationContext) throws AuthorizerCreationException {
                    authorizer.initialize(authorizerInitializationContext);
                }

                public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
                    authorizer.onConfigured(authorizerConfigurationContext);
                }

                public void preDestruction() throws AuthorizerDestructionException {
                    authorizer.preDestruction();
                }
            };
        }
        if (authorizer instanceof AuthorizationAuditor) {
            AuthorizationAuditorInvocationHandler authorizationAuditorInvocationHandler = new AuthorizationAuditorInvocationHandler(managedAuthorizer, (AuthorizationAuditor) authorizer);
            List allInterfaces = ClassUtils.getAllInterfaces(managedAuthorizer.getClass());
            allInterfaces.add(AuthorizationAuditor.class);
            managedAuthorizer = (Authorizer) Proxy.newProxyInstance(managedAuthorizer.getClass().getClassLoader(), (Class[]) allInterfaces.toArray(new Class[allInterfaces.size()]), authorizationAuditorInvocationHandler);
        }
        return managedAuthorizer;
    }

    public static Authorizer withNarLoader(Authorizer authorizer, ClassLoader classLoader) {
        AuthorizerInvocationHandler authorizerInvocationHandler = new AuthorizerInvocationHandler(authorizer, classLoader);
        List allInterfaces = ClassUtils.getAllInterfaces(authorizer.getClass());
        return (Authorizer) Proxy.newProxyInstance(classLoader, (Class[]) allInterfaces.toArray(new Class[allInterfaces.size()]), authorizerInvocationHandler);
    }

    private AuthorizerFactory() {
    }
}
