package org.apache.nifi.authorization.resource;

import java.util.HashMap;
import java.util.Map;
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.AuthorizationAuditor;
import org.apache.nifi.authorization.AuthorizationRequest;
import org.apache.nifi.authorization.AuthorizationResult;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.Resource;
import org.apache.nifi.authorization.UserContextKeys;
import org.apache.nifi.authorization.user.NiFiUser;

/* loaded from: input_file:org/apache/nifi/authorization/resource/Authorizable.class */
public interface Authorizable {
    Authorizable getParentAuthorizable();

    Resource getResource();

    default Resource getRequestedResource() {
        return getResource();
    }

    default boolean isAuthorized(Authorizer authorizer, RequestAction requestAction, NiFiUser niFiUser) {
        return AuthorizationResult.Result.Approved.equals(checkAuthorization(authorizer, requestAction, niFiUser).getResult());
    }

    default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction requestAction, NiFiUser niFiUser, Map<String, String> map) {
        HashMap hashMap;
        if (niFiUser == null) {
            return AuthorizationResult.denied("Unknown user.");
        }
        if (niFiUser.getClientAddress() == null || niFiUser.getClientAddress().trim().isEmpty()) {
            hashMap = null;
        } else {
            hashMap = new HashMap();
            hashMap.put(UserContextKeys.CLIENT_ADDRESS.name(), niFiUser.getClientAddress());
        }
        final Resource resource = getResource();
        final Resource requestedResource = getRequestedResource();
        AuthorizationResult authorize = authorizer.authorize(new AuthorizationRequest.Builder().identity(niFiUser.getIdentity()).groups(niFiUser.getAllGroups()).anonymous(Boolean.valueOf(niFiUser.isAnonymous())).accessAttempt(false).action(requestAction).resource(resource).requestedResource(requestedResource).resourceContext(map).userContext(hashMap).explanationSupplier(() -> {
            StringBuilder sb = new StringBuilder("Unable to ");
            if (RequestAction.READ.equals(requestAction)) {
                sb.append("view ");
            } else {
                sb.append("modify ");
            }
            sb.append(resource.getSafeDescription()).append(".");
            return sb.toString();
        }).build());
        if (!AuthorizationResult.Result.ResourceNotFound.equals(authorize.getResult())) {
            return authorize;
        }
        final Authorizable parentAuthorizable = getParentAuthorizable();
        return parentAuthorizable == null ? AuthorizationResult.denied("No applicable policies could be found.") : new Authorizable(this) { // from class: org.apache.nifi.authorization.resource.Authorizable.1
            @Override // org.apache.nifi.authorization.resource.Authorizable
            public Authorizable getParentAuthorizable() {
                return parentAuthorizable.getParentAuthorizable();
            }

            @Override // org.apache.nifi.authorization.resource.Authorizable
            public Resource getRequestedResource() {
                return requestedResource;
            }

            @Override // org.apache.nifi.authorization.resource.Authorizable
            public Resource getResource() {
                final Resource resource2 = parentAuthorizable.getResource();
                return new Resource() { // from class: org.apache.nifi.authorization.resource.Authorizable.1.1
                    @Override // org.apache.nifi.authorization.Resource
                    public String getIdentifier() {
                        return resource2.getIdentifier();
                    }

                    @Override // org.apache.nifi.authorization.Resource
                    public String getName() {
                        return resource2.getName();
                    }

                    @Override // org.apache.nifi.authorization.Resource
                    public String getSafeDescription() {
                        return resource.getSafeDescription();
                    }
                };
            }
        }.checkAuthorization(authorizer, requestAction, niFiUser, map);
    }

    default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction requestAction, NiFiUser niFiUser) {
        return checkAuthorization(authorizer, requestAction, niFiUser, null);
    }

    default void authorize(Authorizer authorizer, RequestAction requestAction, NiFiUser niFiUser, Map<String, String> map) throws AccessDeniedException {
        HashMap hashMap;
        if (niFiUser == null) {
            throw new AccessDeniedException("Unknown user.");
        }
        if (niFiUser.getClientAddress() == null || niFiUser.getClientAddress().trim().isEmpty()) {
            hashMap = null;
        } else {
            hashMap = new HashMap();
            hashMap.put(UserContextKeys.CLIENT_ADDRESS.name(), niFiUser.getClientAddress());
        }
        final Resource resource = getResource();
        final Resource requestedResource = getRequestedResource();
        AuthorizationRequest build = new AuthorizationRequest.Builder().identity(niFiUser.getIdentity()).groups(niFiUser.getAllGroups()).anonymous(Boolean.valueOf(niFiUser.isAnonymous())).accessAttempt(true).action(requestAction).resource(resource).requestedResource(requestedResource).resourceContext(map).userContext(hashMap).explanationSupplier(() -> {
            StringBuilder sb = new StringBuilder("Unable to ");
            if (RequestAction.READ.equals(requestAction)) {
                sb.append("view ");
            } else {
                sb.append("modify ");
            }
            sb.append(resource.getSafeDescription()).append(".");
            return sb.toString();
        }).build();
        AuthorizationResult authorize = authorizer.authorize(build);
        if (!AuthorizationResult.Result.ResourceNotFound.equals(authorize.getResult())) {
            if (AuthorizationResult.Result.Denied.equals(authorize.getResult())) {
                throw new AccessDeniedException(authorize.getExplanation());
            }
            return;
        }
        final Authorizable parentAuthorizable = getParentAuthorizable();
        if (parentAuthorizable != null) {
            new Authorizable(this) { // from class: org.apache.nifi.authorization.resource.Authorizable.2
                @Override // org.apache.nifi.authorization.resource.Authorizable
                public Authorizable getParentAuthorizable() {
                    return parentAuthorizable.getParentAuthorizable();
                }

                @Override // org.apache.nifi.authorization.resource.Authorizable
                public Resource getRequestedResource() {
                    return requestedResource;
                }

                @Override // org.apache.nifi.authorization.resource.Authorizable
                public Resource getResource() {
                    final Resource resource2 = parentAuthorizable.getResource();
                    return new Resource() { // from class: org.apache.nifi.authorization.resource.Authorizable.2.1
                        @Override // org.apache.nifi.authorization.Resource
                        public String getIdentifier() {
                            return resource2.getIdentifier();
                        }

                        @Override // org.apache.nifi.authorization.Resource
                        public String getName() {
                            return resource2.getName();
                        }

                        @Override // org.apache.nifi.authorization.Resource
                        public String getSafeDescription() {
                            return resource.getSafeDescription();
                        }
                    };
                }
            }.authorize(authorizer, requestAction, niFiUser, map);
            return;
        }
        AuthorizationResult denied = AuthorizationResult.denied("No applicable policies could be found.");
        if (authorizer instanceof AuthorizationAuditor) {
            ((AuthorizationAuditor) authorizer).auditAccessAttempt(build, denied);
        }
        throw new AccessDeniedException(denied.getExplanation());
    }

    default void authorize(Authorizer authorizer, RequestAction requestAction, NiFiUser niFiUser) throws AccessDeniedException {
        authorize(authorizer, requestAction, niFiUser, null);
    }
}
