package org.apache.nifi.audit;

import java.text.Collator;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
import org.apache.nifi.action.Operation;
import org.apache.nifi.action.details.ActionDetails;
import org.apache.nifi.action.details.FlowChangeConfigureDetails;
import org.apache.nifi.authorization.AccessPolicy;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.web.api.dto.AccessPolicyDTO;
import org.apache.nifi.web.dao.AccessPolicyDAO;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Aspect
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/audit/AccessPolicyAuditor.class */
public class AccessPolicyAuditor extends NiFiAuditor {
    private static final Logger logger = LoggerFactory.getLogger(AccessPolicyAuditor.class);
    private static final String USERS = "Users";
    private static final String USER_GROUPS = "User Groups";

    @Around("within(org.apache.nifi.web.dao.AccessPolicyDAO+) && execution(org.apache.nifi.authorization.AccessPolicy createAccessPolicy(org.apache.nifi.web.api.dto.AccessPolicyDTO))")
    public AccessPolicy createAccessPolicyAdvice(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        AccessPolicy accessPolicy = (AccessPolicy) proceedingJoinPoint.proceed();
        Action generateAuditRecord = generateAuditRecord(accessPolicy, Operation.Add);
        if (generateAuditRecord != null) {
            saveAction(generateAuditRecord, logger);
        }
        return accessPolicy;
    }

    @Around("within(org.apache.nifi.web.dao.AccessPolicyDAO+) && execution(org.apache.nifi.authorization.AccessPolicy updateAccessPolicy(org.apache.nifi.web.api.dto.AccessPolicyDTO)) && args(accessPolicyDTO) && target(accessPolicyDAO)")
    public AccessPolicy updateAccessPolicyAdvice(ProceedingJoinPoint proceedingJoinPoint, AccessPolicyDTO accessPolicyDTO, AccessPolicyDAO accessPolicyDAO) throws Throwable {
        Map<String, String> extractConfiguredPropertyValues = extractConfiguredPropertyValues(accessPolicyDAO.getAccessPolicy(accessPolicyDTO.getId()), accessPolicyDTO);
        AccessPolicy accessPolicy = (AccessPolicy) proceedingJoinPoint.proceed();
        AccessPolicy accessPolicy2 = accessPolicyDAO.getAccessPolicy(accessPolicy.getIdentifier());
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        if (niFiUser != null) {
            Map<String, String> extractConfiguredPropertyValues2 = extractConfiguredPropertyValues(accessPolicy2, accessPolicyDTO);
            Date date = new Date();
            ArrayList arrayList = new ArrayList();
            for (String str : extractConfiguredPropertyValues2.keySet()) {
                String str2 = extractConfiguredPropertyValues2.get(str);
                String str3 = extractConfiguredPropertyValues.get(str);
                Operation operation = (str3 == null || str2 == null || !str2.equals(str3)) ? Operation.Configure : null;
                if (operation != null) {
                    FlowChangeConfigureDetails flowChangeConfigureDetails = new FlowChangeConfigureDetails();
                    flowChangeConfigureDetails.setName(str);
                    flowChangeConfigureDetails.setValue(str2);
                    flowChangeConfigureDetails.setPreviousValue(str3);
                    FlowChangeAction flowChangeAction = new FlowChangeAction();
                    flowChangeAction.setUserIdentity(niFiUser.getIdentity());
                    flowChangeAction.setOperation(operation);
                    flowChangeAction.setTimestamp(date);
                    flowChangeAction.setSourceId(accessPolicy2.getIdentifier());
                    flowChangeAction.setSourceName(formatPolicyName(accessPolicy2));
                    flowChangeAction.setSourceType(Component.AccessPolicy);
                    flowChangeAction.setActionDetails(flowChangeConfigureDetails);
                    arrayList.add(flowChangeAction);
                }
            }
            if (!arrayList.isEmpty()) {
                saveActions(arrayList, logger);
            }
        }
        return accessPolicy;
    }

    @Around("within(org.apache.nifi.web.dao.AccessPolicyDAO+) && execution(org.apache.nifi.authorization.AccessPolicy deleteAccessPolicy(java.lang.String)) && args(policyId) && target(accessPolicyDAO)")
    public AccessPolicy removePolicyAdvice(ProceedingJoinPoint proceedingJoinPoint, String str, AccessPolicyDAO accessPolicyDAO) throws Throwable {
        AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(str);
        AccessPolicy accessPolicy2 = (AccessPolicy) proceedingJoinPoint.proceed();
        Action generateAuditRecord = generateAuditRecord(accessPolicy, Operation.Remove);
        if (generateAuditRecord != null) {
            saveAction(generateAuditRecord, logger);
        }
        return accessPolicy2;
    }

    public Action generateAuditRecord(AccessPolicy accessPolicy, Operation operation) {
        return generateAuditRecord(accessPolicy, operation, null);
    }

    public Action generateAuditRecord(AccessPolicy accessPolicy, Operation operation, ActionDetails actionDetails) {
        FlowChangeAction flowChangeAction = null;
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();
        if (niFiUser != null) {
            flowChangeAction = new FlowChangeAction();
            flowChangeAction.setUserIdentity(niFiUser.getIdentity());
            flowChangeAction.setOperation(operation);
            flowChangeAction.setTimestamp(new Date());
            flowChangeAction.setSourceId(accessPolicy.getIdentifier());
            flowChangeAction.setSourceName(formatPolicyName(accessPolicy));
            flowChangeAction.setSourceType(Component.AccessPolicy);
            if (actionDetails != null) {
                flowChangeAction.setActionDetails(actionDetails);
            }
        }
        return flowChangeAction;
    }

    private String formatPolicyName(AccessPolicy accessPolicy) {
        return accessPolicy.getAction().toString() + " " + accessPolicy.getResource();
    }

    private Map<String, String> extractConfiguredPropertyValues(AccessPolicy accessPolicy, AccessPolicyDTO accessPolicyDTO) {
        HashMap hashMap = new HashMap();
        if (accessPolicyDTO.getUsers() != null) {
            ArrayList arrayList = new ArrayList(accessPolicy.getUsers());
            Collections.sort(arrayList, Collator.getInstance(Locale.US));
            hashMap.put(USERS, StringUtils.join(arrayList, ", "));
        }
        if (accessPolicyDTO.getUserGroups() != null) {
            ArrayList arrayList2 = new ArrayList(accessPolicy.getGroups());
            Collections.sort(arrayList2, Collator.getInstance(Locale.US));
            hashMap.put(USER_GROUPS, StringUtils.join(arrayList2, ", "));
        }
        return hashMap;
    }
}
