package org.apache.nifi.authorization;

import java.io.File;
import java.io.FilenameFilter;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URLClassLoader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.annotation.AuthorizerContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
import org.apache.nifi.authorization.generated.AccessPolicyProvider;
import org.apache.nifi.authorization.generated.Authorizer;
import org.apache.nifi.authorization.generated.Authorizers;
import org.apache.nifi.authorization.generated.Property;
import org.apache.nifi.authorization.generated.UserGroupProvider;
import org.apache.nifi.bundle.Bundle;
import org.apache.nifi.nar.ExtensionManager;
import org.apache.nifi.properties.SensitivePropertyProviderFactory;
import org.apache.nifi.properties.scheme.ProtectionSchemeResolver;
import org.apache.nifi.property.protection.loader.PropertyProtectionURLClassLoader;
import org.apache.nifi.property.protection.loader.PropertyProviderFactoryLoader;
import org.apache.nifi.property.protection.loader.ProtectionSchemeResolverLoader;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.file.classloader.ClassLoaderUtils;
import org.apache.nifi.xml.processing.ProcessingException;
import org.apache.nifi.xml.processing.stream.StandardXMLStreamReaderProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.FactoryBean;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/nifi/authorization/AuthorizerFactoryBean.class */
public class AuthorizerFactoryBean implements FactoryBean<Authorizer>, DisposableBean, UserGroupProviderLookup, AccessPolicyProviderLookup, AuthorizerLookup {
    private static final String AUTHORIZERS_XSD = "/authorizers.xsd";
    private static final String JAXB_GENERATED_PATH = "org.apache.nifi.authorization.generated";
    private NiFiProperties properties;
    private Authorizer authorizer;
    private ExtensionManager extensionManager;
    private final Map<String, UserGroupProvider> userGroupProviders = new HashMap();
    private final Map<String, AccessPolicyProvider> accessPolicyProviders = new HashMap();
    private final Map<String, Authorizer> authorizers = new HashMap();
    private static final Logger logger = LoggerFactory.getLogger(AuthorizerFactoryBean.class);
    private static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();

    private static JAXBContext initializeJaxbContext() {
        try {
            return JAXBContext.newInstance(JAXB_GENERATED_PATH, AuthorizerFactoryBean.class.getClassLoader());
        } catch (JAXBException e) {
            throw new RuntimeException("Unable to create JAXBContext.");
        }
    }

    public void setProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    public UserGroupProvider getUserGroupProvider(String str) {
        return this.userGroupProviders.get(str);
    }

    public AccessPolicyProvider getAccessPolicyProvider(String str) {
        return this.accessPolicyProviders.get(str);
    }

    public Authorizer getAuthorizer(String str) {
        return this.authorizers.get(str);
    }

    /* renamed from: getObject, reason: merged with bridge method [inline-methods] */
    public Authorizer m3getObject() throws Exception {
        if (this.authorizer == null) {
            if (this.properties.getSslPort() == null) {
                this.authorizer = createDefaultAuthorizer();
            } else {
                String property = this.properties.getProperty("nifi.security.user.authorizer");
                if (StringUtils.isBlank(property)) {
                    throw new Exception("When running securely, the authorizer identifier must be specified in the nifi properties file.");
                }
                Authorizers loadAuthorizersConfiguration = loadAuthorizersConfiguration();
                for (UserGroupProvider userGroupProvider : loadAuthorizersConfiguration.getUserGroupProvider()) {
                    if (this.userGroupProviders.containsKey(userGroupProvider.getIdentifier())) {
                        throw new Exception("Duplicate User Group Provider identifier in Authorizers configuration: " + userGroupProvider.getIdentifier());
                    }
                    this.userGroupProviders.put(userGroupProvider.getIdentifier(), createUserGroupProvider(userGroupProvider.getIdentifier(), userGroupProvider.getClazz()));
                }
                for (AccessPolicyProvider accessPolicyProvider : loadAuthorizersConfiguration.getAccessPolicyProvider()) {
                    if (this.accessPolicyProviders.containsKey(accessPolicyProvider.getIdentifier())) {
                        throw new Exception("Duplicate Access Policy Provider identifier in Authorizers configuration: " + accessPolicyProvider.getIdentifier());
                    }
                    this.accessPolicyProviders.put(accessPolicyProvider.getIdentifier(), createAccessPolicyProvider(accessPolicyProvider.getIdentifier(), accessPolicyProvider.getClazz()));
                }
                for (Authorizer authorizer : loadAuthorizersConfiguration.getAuthorizer()) {
                    if (this.authorizers.containsKey(authorizer.getIdentifier())) {
                        throw new Exception("Duplicate Authorizer identifier in Authorizers configuration: " + authorizer.getIdentifier());
                    }
                    this.authorizers.put(authorizer.getIdentifier(), createAuthorizer(authorizer.getIdentifier(), authorizer.getClazz(), authorizer.getClasspath()));
                }
                this.authorizer = getAuthorizer(property);
                if (this.authorizer == null) {
                    throw new Exception(String.format("The specified authorizer '%s' could not be found.", property));
                }
                this.authorizer = AuthorizerFactory.installIntegrityChecks(this.authorizer);
                loadProviderProperties(loadAuthorizersConfiguration, property);
            }
        }
        return this.authorizer;
    }

    private void loadProviderProperties(Authorizers authorizers, String str) {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            Thread.currentThread().setContextClassLoader(new PropertyProtectionURLClassLoader(contextClassLoader));
            ProtectionSchemeResolver protectionSchemeResolver = new ProtectionSchemeResolverLoader().getProtectionSchemeResolver();
            SensitivePropertyProviderFactory propertyProviderFactory = new PropertyProviderFactoryLoader().getPropertyProviderFactory();
            for (UserGroupProvider userGroupProvider : authorizers.getUserGroupProvider()) {
                this.userGroupProviders.get(userGroupProvider.getIdentifier()).onConfigured(getConfigurationContext(userGroupProvider.getIdentifier(), userGroupProvider.getProperty(), propertyProviderFactory, protectionSchemeResolver));
            }
            for (AccessPolicyProvider accessPolicyProvider : authorizers.getAccessPolicyProvider()) {
                this.accessPolicyProviders.get(accessPolicyProvider.getIdentifier()).onConfigured(getConfigurationContext(accessPolicyProvider.getIdentifier(), accessPolicyProvider.getProperty(), propertyProviderFactory, protectionSchemeResolver));
            }
            AuthorizerConfigurationContext authorizerConfigurationContext = null;
            for (Authorizer authorizer : authorizers.getAuthorizer()) {
                if (authorizer.getIdentifier().equals(str)) {
                    authorizerConfigurationContext = getConfigurationContext(authorizer.getIdentifier(), authorizer.getProperty(), propertyProviderFactory, protectionSchemeResolver);
                } else {
                    this.authorizers.get(authorizer.getIdentifier()).onConfigured(getConfigurationContext(authorizer.getIdentifier(), authorizer.getProperty(), propertyProviderFactory, protectionSchemeResolver));
                }
            }
            if (authorizerConfigurationContext == null) {
                throw new IllegalStateException("Unable to load configuration for authorizer with id: " + str);
            }
            this.authorizer.onConfigured(authorizerConfigurationContext);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    private Authorizers loadAuthorizersConfiguration() throws Exception {
        File authorizerConfigurationFile = this.properties.getAuthorizerConfigurationFile();
        if (!authorizerConfigurationFile.exists()) {
            throw new Exception("Unable to find the authorizer configuration file at " + authorizerConfigurationFile.getAbsolutePath());
        }
        try {
            Schema newSchema = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(Authorizers.class.getResource(AUTHORIZERS_XSD));
            XMLStreamReader streamReader = new StandardXMLStreamReaderProvider().getStreamReader(new StreamSource(authorizerConfigurationFile));
            Unmarshaller createUnmarshaller = JAXB_CONTEXT.createUnmarshaller();
            createUnmarshaller.setSchema(newSchema);
            return (Authorizers) createUnmarshaller.unmarshal(streamReader, Authorizers.class).getValue();
        } catch (ProcessingException | SAXException | JAXBException e) {
            throw new Exception("Unable to load the authorizer configuration file at: " + authorizerConfigurationFile.getAbsolutePath(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private UserGroupProvider createUserGroupProvider(String str, String str2) throws Exception {
        List bundles = this.extensionManager.getBundles(str2);
        if (bundles.size() == 0) {
            throw new Exception(String.format("The specified user group provider class '%s' is not known to this nifi.", str2));
        }
        if (bundles.size() > 1) {
            throw new Exception(String.format("Multiple bundles found for the specified user group provider class '%s', only one is allowed.", str2));
        }
        ClassLoader classLoader = ((Bundle) bundles.get(0)).getClassLoader();
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            Thread.currentThread().setContextClassLoader(classLoader);
            Class<?> asSubclass = Class.forName(str2, true, classLoader).asSubclass(UserGroupProvider.class);
            UserGroupProvider userGroupProvider = (UserGroupProvider) asSubclass.getConstructor(new Class[0]).newInstance(new Object[0]);
            performMethodInjection(userGroupProvider, asSubclass);
            performFieldInjection(userGroupProvider, asSubclass);
            userGroupProvider.initialize(new StandardAuthorizerInitializationContext(str, this, this, this));
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            return UserGroupProviderFactory.withNarLoader(userGroupProvider, classLoader);
        } catch (Throwable th) {
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private AccessPolicyProvider createAccessPolicyProvider(String str, String str2) throws Exception {
        List bundles = this.extensionManager.getBundles(str2);
        if (bundles.size() == 0) {
            throw new Exception(String.format("The specified access policy provider class '%s' is not known to this nifi.", str2));
        }
        if (bundles.size() > 1) {
            throw new Exception(String.format("Multiple bundles found for the specified access policy provider class '%s', only one is allowed.", str2));
        }
        ClassLoader classLoader = ((Bundle) bundles.get(0)).getClassLoader();
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            Thread.currentThread().setContextClassLoader(classLoader);
            Class<?> asSubclass = Class.forName(str2, true, classLoader).asSubclass(AccessPolicyProvider.class);
            AccessPolicyProvider accessPolicyProvider = (AccessPolicyProvider) asSubclass.getConstructor(new Class[0]).newInstance(new Object[0]);
            performMethodInjection(accessPolicyProvider, asSubclass);
            performFieldInjection(accessPolicyProvider, asSubclass);
            accessPolicyProvider.initialize(new StandardAuthorizerInitializationContext(str, this, this, this));
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            return AccessPolicyProviderFactory.withNarLoader(accessPolicyProvider, classLoader);
        } catch (Throwable th) {
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Authorizer createAuthorizer(String str, String str2, String str3) throws Exception {
        List bundles = this.extensionManager.getBundles(str2);
        if (bundles.size() == 0) {
            throw new Exception(String.format("The specified authorizer class '%s' is not known to this nifi.", str2));
        }
        if (bundles.size() > 1) {
            throw new Exception(String.format("Multiple bundles found for the specified authorizer class '%s', only one is allowed.", str2));
        }
        ClassLoader classLoader = ((Bundle) bundles.get(0)).getClassLoader();
        if (StringUtils.isNotEmpty(str3)) {
            logger.info(String.format("Replacing Authorizer ClassLoader for '%s' to include additional resources: %s", str, str3));
            classLoader = new URLClassLoader(ClassLoaderUtils.getURLsForClasspath(str3, (FilenameFilter) null, true), classLoader);
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            Thread.currentThread().setContextClassLoader(classLoader);
            Class<?> asSubclass = Class.forName(str2, true, classLoader).asSubclass(Authorizer.class);
            Authorizer authorizer = (Authorizer) asSubclass.getConstructor(new Class[0]).newInstance(new Object[0]);
            performMethodInjection(authorizer, asSubclass);
            performFieldInjection(authorizer, asSubclass);
            authorizer.initialize(new StandardAuthorizerInitializationContext(str, this, this, this));
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            return AuthorizerFactory.withNarLoader(authorizer, classLoader);
        } catch (Throwable th) {
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            throw th;
        }
    }

    private AuthorizerConfigurationContext getConfigurationContext(String str, List<Property> list, SensitivePropertyProviderFactory sensitivePropertyProviderFactory, ProtectionSchemeResolver protectionSchemeResolver) {
        HashMap hashMap = new HashMap();
        for (Property property : list) {
            if (StringUtils.isBlank(property.getEncryption())) {
                hashMap.put(property.getName(), property.getValue());
            } else {
                hashMap.put(property.getName(), getPropertyDecrypted(str, property, sensitivePropertyProviderFactory, protectionSchemeResolver));
            }
        }
        return new StandardAuthorizerConfigurationContext(str, hashMap);
    }

    private String getPropertyDecrypted(String str, Property property, SensitivePropertyProviderFactory sensitivePropertyProviderFactory, ProtectionSchemeResolver protectionSchemeResolver) {
        return sensitivePropertyProviderFactory.getProvider(protectionSchemeResolver.getProtectionScheme(property.getEncryption())).unprotect(property.getValue(), sensitivePropertyProviderFactory.getPropertyContext(str, property.getName()));
    }

    private void performMethodInjection(Object obj, Class<?> cls) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        Method[] methods = cls.getMethods();
        int length = methods.length;
        for (int i = 0; i < length; i++) {
            Method method = methods[i];
            if (method.isAnnotationPresent(AuthorizerContext.class)) {
                boolean isAccessible = method.isAccessible();
                method.setAccessible(true);
                try {
                    Class<?>[] parameterTypes = method.getParameterTypes();
                    if (parameterTypes.length == 1 && NiFiProperties.class.isAssignableFrom(parameterTypes[0])) {
                        method.invoke(obj, this.properties);
                    }
                } finally {
                    method.setAccessible(isAccessible);
                }
            }
        }
        Class<? super Object> superclass = cls.getSuperclass();
        if (superclass == null || !Authorizer.class.isAssignableFrom(superclass)) {
            return;
        }
        performMethodInjection(obj, superclass);
    }

    private void performFieldInjection(Object obj, Class<?> cls) throws IllegalArgumentException, IllegalAccessException {
        Field[] declaredFields = cls.getDeclaredFields();
        int length = declaredFields.length;
        for (int i = 0; i < length; i++) {
            Field field = declaredFields[i];
            if (field.isAnnotationPresent(AuthorizerContext.class)) {
                boolean isAccessible = field.isAccessible();
                field.setAccessible(true);
                try {
                    Class<?> type = field.getType();
                    if (field.get(obj) == null && NiFiProperties.class.isAssignableFrom(type)) {
                        field.set(obj, this.properties);
                    }
                } finally {
                    field.setAccessible(isAccessible);
                }
            }
        }
        Class<? super Object> superclass = cls.getSuperclass();
        if (superclass == null || !Authorizer.class.isAssignableFrom(superclass)) {
            return;
        }
        performFieldInjection(obj, superclass);
    }

    private Authorizer createDefaultAuthorizer() {
        return new Authorizer() { // from class: org.apache.nifi.authorization.AuthorizerFactoryBean.1
            public AuthorizationResult authorize(AuthorizationRequest authorizationRequest) throws AuthorizationAccessException {
                return AuthorizationResult.approved();
            }

            public void initialize(AuthorizerInitializationContext authorizerInitializationContext) throws AuthorizerCreationException {
            }

            public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws AuthorizerCreationException {
            }

            public void preDestruction() throws AuthorizerDestructionException {
            }
        };
    }

    public Class<Authorizer> getObjectType() {
        return Authorizer.class;
    }

    public boolean isSingleton() {
        return true;
    }

    public void destroy() throws Exception {
        ArrayList arrayList = new ArrayList();
        this.authorizers.forEach((str, authorizer) -> {
            try {
                authorizer.preDestruction();
            } catch (Exception e) {
                arrayList.add(e);
                logger.error("Authorizer [{}] destruction failed", str, e);
            }
        });
        this.accessPolicyProviders.forEach((str2, accessPolicyProvider) -> {
            try {
                accessPolicyProvider.preDestruction();
            } catch (Exception e) {
                arrayList.add(e);
                logger.error("Access Policy Provider [{}] destruction failed", str2, e);
            }
        });
        this.userGroupProviders.forEach((str3, userGroupProvider) -> {
            try {
                userGroupProvider.preDestruction();
            } catch (Exception e) {
                arrayList.add(e);
                logger.error("User Group Provider [{}] destruction failed", str3, e);
            }
        });
        if (arrayList.isEmpty()) {
            return;
        }
        throw new AuthorizerDestructionException("One or more providers encountered a pre-destruction error: " + StringUtils.join((List) arrayList.stream().map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toList()), "; "), (Throwable) arrayList.get(0));
    }

    public void setExtensionManager(ExtensionManager extensionManager) {
        this.extensionManager = extensionManager;
    }
}
