package org.apache.nifi.registry.ranger;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
import java.net.MalformedURLException;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.regex.Pattern;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.nifi.deprecation.log.DeprecationLogger;
import org.apache.nifi.deprecation.log.DeprecationLoggerFactory;
import org.apache.nifi.registry.properties.NiFiRegistryProperties;
import org.apache.nifi.registry.security.authorization.AccessPolicy;
import org.apache.nifi.registry.security.authorization.AccessPolicyProvider;
import org.apache.nifi.registry.security.authorization.AccessPolicyProviderInitializationContext;
import org.apache.nifi.registry.security.authorization.AuthorizationAuditor;
import org.apache.nifi.registry.security.authorization.AuthorizationRequest;
import org.apache.nifi.registry.security.authorization.AuthorizationResult;
import org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext;
import org.apache.nifi.registry.security.authorization.AuthorizerInitializationContext;
import org.apache.nifi.registry.security.authorization.ConfigurableUserGroupProvider;
import org.apache.nifi.registry.security.authorization.ManagedAuthorizer;
import org.apache.nifi.registry.security.authorization.RequestAction;
import org.apache.nifi.registry.security.authorization.UserContextKeys;
import org.apache.nifi.registry.security.authorization.UserGroupProvider;
import org.apache.nifi.registry.security.authorization.UserGroupProviderLookup;
import org.apache.nifi.registry.security.authorization.annotation.AuthorizerContext;
import org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.registry.security.authorization.exception.UninheritableAuthorizationsException;
import org.apache.nifi.registry.security.exception.SecurityProviderCreationException;
import org.apache.nifi.registry.util.PropertyValue;
import org.apache.nifi.xml.processing.ProcessingException;
import org.apache.nifi.xml.processing.parsers.StandardDocumentProvider;
import org.apache.nifi.xml.processing.transform.StandardTransformProvider;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/nifi/registry/ranger/RangerAuthorizer.class */
public class RangerAuthorizer implements ManagedAuthorizer, AuthorizationAuditor {
    private static final String USER_GROUP_PROVIDER_ELEMENT = "userGroupProvider";
    static final String USER_GROUP_PROVIDER = "User Group Provider";
    static final String RANGER_AUDIT_PATH_PROP = "Ranger Audit Config Path";
    static final String RANGER_SECURITY_PATH_PROP = "Ranger Security Config Path";
    static final String RANGER_KERBEROS_ENABLED_PROP = "Ranger Kerberos Enabled";
    static final String RANGER_SERVICE_TYPE_PROP = "Ranger Service Type";
    static final String RANGER_APP_ID_PROP = "Ranger Application Id";
    static final String RANGER_ADMIN_IDENTITY_PROP_PREFIX = "Ranger Admin Identity";
    static final String RANGER_NIFI_REG_RESOURCE_NAME = "nifi-registry-resource";
    private static final String DEFAULT_SERVICE_TYPE = "nifi-registry";
    private static final String DEFAULT_APP_ID = "nifi-registry";
    static final String RESOURCES_RESOURCE = "/policies";
    static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication";
    private static final String KERBEROS_AUTHENTICATION = "kerberos";
    private volatile NiFiRegistryProperties registryProperties;
    private UserGroupProviderLookup userGroupProviderLookup;
    private UserGroupProvider userGroupProvider;
    private static final Logger logger = LoggerFactory.getLogger(RangerAuthorizer.class);
    static final Pattern RANGER_ADMIN_IDENTITY_PATTERN = Pattern.compile("Ranger Admin Identity\\s?\\S*");
    private final Map<AuthorizationRequest, RangerAccessResult> resultLookup = new WeakHashMap();
    private volatile RangerBasePluginWithPolicies rangerPlugin = null;
    private volatile RangerDefaultAuditHandler defaultAuditHandler = null;
    private volatile Set<String> rangerAdminIdentity = null;
    private final DeprecationLogger deprecationLogger = DeprecationLoggerFactory.getLogger(getClass());

    public void initialize(AuthorizerInitializationContext authorizerInitializationContext) throws SecurityProviderCreationException {
        this.userGroupProviderLookup = authorizerInitializationContext.getUserGroupProviderLookup();
        this.deprecationLogger.warn("Apache Ranger integration does not support Jetty 12 and related libraries required for NiFi 2.0", new Object[0]);
    }

    public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws SecurityProviderCreationException {
        String value = authorizerConfigurationContext.getProperty(USER_GROUP_PROVIDER).getValue();
        if (StringUtils.isEmpty(value)) {
            throw new SecurityProviderCreationException("User Group Provider must be specified.");
        }
        this.userGroupProvider = this.userGroupProviderLookup.getUserGroupProvider(value);
        if (this.userGroupProvider == null) {
            throw new SecurityProviderCreationException(String.format("Unable to locate configured User Group Provider: %s", value));
        }
        try {
            if (this.rangerPlugin == null) {
                logger.info("initializing base plugin");
                this.rangerPlugin = createRangerBasePlugin(getConfigValue(authorizerConfigurationContext, RANGER_SERVICE_TYPE_PROP, "nifi-registry"), getConfigValue(authorizerConfigurationContext, RANGER_APP_ID_PROP, "nifi-registry"));
                RangerPluginConfig config = this.rangerPlugin.getConfig();
                addRequiredResource(RANGER_SECURITY_PATH_PROP, authorizerConfigurationContext.getProperty(RANGER_SECURITY_PATH_PROP), config);
                addRequiredResource(RANGER_AUDIT_PATH_PROP, authorizerConfigurationContext.getProperty(RANGER_AUDIT_PATH_PROP), config);
                if (Boolean.valueOf(getConfigValue(authorizerConfigurationContext, RANGER_KERBEROS_ENABLED_PROP, Boolean.FALSE.toString())).booleanValue()) {
                    Configuration configuration = new Configuration();
                    configuration.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS_AUTHENTICATION);
                    UserGroupInformation.setConfiguration(configuration);
                    String kerberosServicePrincipal = this.registryProperties.getKerberosServicePrincipal();
                    String kerberosServiceKeytabLocation = this.registryProperties.getKerberosServiceKeytabLocation();
                    if (StringUtils.isBlank(kerberosServicePrincipal) || StringUtils.isBlank(kerberosServiceKeytabLocation)) {
                        throw new SecurityProviderCreationException("Principal and Keytab must be provided when Kerberos is enabled");
                    }
                    UserGroupInformation.loginUserFromKeytab(kerberosServicePrincipal.trim(), kerberosServiceKeytabLocation.trim());
                }
                this.rangerPlugin.init();
                this.defaultAuditHandler = new RangerDefaultAuditHandler();
                this.rangerAdminIdentity = getConfigValues(authorizerConfigurationContext, RANGER_ADMIN_IDENTITY_PATTERN, null);
            } else {
                logger.info("base plugin already initialized");
            }
        } catch (Throwable th) {
            throw new SecurityProviderCreationException("Error creating RangerBasePlugin", th);
        }
    }

    protected RangerBasePluginWithPolicies createRangerBasePlugin(String str, String str2) {
        return new RangerBasePluginWithPolicies(str, str2, this.userGroupProvider);
    }

    public AuthorizationResult authorize(AuthorizationRequest authorizationRequest) throws SecurityProviderCreationException {
        String identity = authorizationRequest.getIdentity();
        Set groups = authorizationRequest.getGroups();
        String identifier = authorizationRequest.getResource().getIdentifier();
        if (this.rangerAdminIdentity != null && this.rangerAdminIdentity.contains(identity) && identifier.equals(RESOURCES_RESOURCE)) {
            return AuthorizationResult.approved();
        }
        String str = authorizationRequest.getUserContext() != null ? (String) authorizationRequest.getUserContext().get(UserContextKeys.CLIENT_ADDRESS.name()) : null;
        RangerAccessResourceImpl rangerAccessResourceImpl = new RangerAccessResourceImpl();
        rangerAccessResourceImpl.setValue(RANGER_NIFI_REG_RESOURCE_NAME, identifier);
        RangerAccessRequest rangerAccessRequestImpl = new RangerAccessRequestImpl();
        rangerAccessRequestImpl.setResource(rangerAccessResourceImpl);
        rangerAccessRequestImpl.setAction(authorizationRequest.getAction().name());
        rangerAccessRequestImpl.setAccessType(authorizationRequest.getAction().name());
        rangerAccessRequestImpl.setUser(identity);
        rangerAccessRequestImpl.setUserGroups(groups);
        rangerAccessRequestImpl.setAccessTime(new Date());
        if (!StringUtils.isBlank(str)) {
            rangerAccessRequestImpl.setClientIPAddress(str);
        }
        RangerAccessResult isAccessAllowed = this.rangerPlugin.isAccessAllowed(rangerAccessRequestImpl);
        if (authorizationRequest.isAccessAttempt()) {
            synchronized (this.resultLookup) {
                this.resultLookup.put(authorizationRequest, isAccessAllowed);
            }
        }
        if (isAccessAllowed != null && isAccessAllowed.getIsAllowed()) {
            return AuthorizationResult.approved();
        }
        if (!this.rangerPlugin.doesPolicyExist(authorizationRequest.getResource().getIdentifier(), authorizationRequest.getAction())) {
            return AuthorizationResult.resourceNotFound();
        }
        String reason = isAccessAllowed == null ? null : isAccessAllowed.getReason();
        if (reason != null) {
            logger.debug(String.format("Unable to authorize %s due to %s", identity, reason));
        }
        return AuthorizationResult.denied((String) authorizationRequest.getExplanationSupplier().get());
    }

    public void auditAccessAttempt(AuthorizationRequest authorizationRequest, AuthorizationResult authorizationResult) {
        RangerAccessResult remove;
        synchronized (this.resultLookup) {
            remove = this.resultLookup.remove(authorizationRequest);
        }
        if (remove == null || !remove.getIsAudited()) {
            return;
        }
        AuthzAuditEvent authzEvents = this.defaultAuditHandler.getAuthzEvents(remove);
        authzEvents.setResourceType(RANGER_NIFI_REG_RESOURCE_NAME);
        authzEvents.setResourcePath(authorizationRequest.getRequestedResource().getIdentifier());
        this.defaultAuditHandler.logAuthzAudit(authzEvents);
    }

    public void preDestruction() throws SecurityProviderCreationException {
        if (this.rangerPlugin != null) {
            try {
                this.rangerPlugin.cleanup();
                this.rangerPlugin = null;
            } catch (Throwable th) {
                throw new SecurityProviderCreationException("Error cleaning up RangerBasePlugin", th);
            }
        }
    }

    @AuthorizerContext
    public void setRegistryProperties(NiFiRegistryProperties niFiRegistryProperties) {
        this.registryProperties = niFiRegistryProperties;
    }

    private void addRequiredResource(String str, PropertyValue propertyValue, RangerConfiguration rangerConfiguration) {
        if (propertyValue == null || StringUtils.isBlank(propertyValue.getValue())) {
            throw new SecurityProviderCreationException(str + " must be specified.");
        }
        File file = new File(propertyValue.getValue());
        if (!file.exists() || !file.canRead()) {
            throw new SecurityProviderCreationException(propertyValue + " does not exist, or can not be read");
        }
        try {
            rangerConfiguration.addResource(file.toURI().toURL());
        } catch (MalformedURLException e) {
            throw new SecurityProviderCreationException("Error creating URI for " + propertyValue, e);
        }
    }

    private String getConfigValue(AuthorizerConfigurationContext authorizerConfigurationContext, String str, String str2) {
        PropertyValue property = authorizerConfigurationContext.getProperty(str);
        String str3 = str2;
        if (property != null && !StringUtils.isBlank(property.getValue())) {
            str3 = property.getValue();
        }
        return str3;
    }

    private Set<String> getConfigValues(AuthorizerConfigurationContext authorizerConfigurationContext, Pattern pattern, String str) {
        HashSet hashSet = new HashSet();
        for (Map.Entry entry : authorizerConfigurationContext.getProperties().entrySet()) {
            if (pattern.matcher((CharSequence) entry.getKey()).matches() && !StringUtils.isBlank((String) entry.getValue())) {
                hashSet.add(entry.getValue());
            }
        }
        if (hashSet.isEmpty() && str != null) {
            hashSet.add(str);
        }
        return hashSet;
    }

    public String getFingerprint() throws AuthorizationAccessException {
        StringWriter stringWriter = new StringWriter();
        try {
            Document newDocument = new StandardDocumentProvider().newDocument();
            Element createElement = newDocument.createElement("managedRangerAuthorizations");
            newDocument.appendChild(createElement);
            Element createElement2 = newDocument.createElement(USER_GROUP_PROVIDER_ELEMENT);
            createElement.appendChild(createElement2);
            if (this.userGroupProvider instanceof ConfigurableUserGroupProvider) {
                createElement2.appendChild(newDocument.createTextNode(this.userGroupProvider.getFingerprint()));
            }
            new StandardTransformProvider().transform(new DOMSource(newDocument), new StreamResult(stringWriter));
            return stringWriter.toString();
        } catch (ProcessingException e) {
            throw new AuthorizationAccessException("Unable to generate fingerprint", e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00a1: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:29:0x00a1 */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x00a5: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:31:0x00a5 */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.io.ByteArrayInputStream] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    private String parseFingerprint(String str) throws AuthorizationAccessException {
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
                Throwable th = null;
                NodeList elementsByTagName = new StandardDocumentProvider().parse(byteArrayInputStream).getDocumentElement().getElementsByTagName(USER_GROUP_PROVIDER_ELEMENT);
                if (elementsByTagName.getLength() != 1) {
                    throw new AuthorizationAccessException(String.format("Only one %s element is allowed: %s", USER_GROUP_PROVIDER_ELEMENT, str));
                }
                String textContent = elementsByTagName.item(0).getTextContent();
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                return textContent;
            } finally {
            }
        } catch (ProcessingException | IOException e) {
            throw new AuthorizationAccessException("Unable to parse fingerprint", e);
        }
    }

    public void inheritFingerprint(String str) throws AuthorizationAccessException {
        if (StringUtils.isBlank(str)) {
            return;
        }
        String parseFingerprint = parseFingerprint(str);
        if (StringUtils.isNotBlank(parseFingerprint) && (this.userGroupProvider instanceof ConfigurableUserGroupProvider)) {
            this.userGroupProvider.inheritFingerprint(parseFingerprint);
        }
    }

    public void checkInheritability(String str) throws AuthorizationAccessException, UninheritableAuthorizationsException {
        String parseFingerprint = parseFingerprint(str);
        if (StringUtils.isNotBlank(parseFingerprint)) {
            if (!(this.userGroupProvider instanceof ConfigurableUserGroupProvider)) {
                throw new UninheritableAuthorizationsException("User/Group fingerprint is not blank and the configured UserGroupProvider does not support fingerprinting.");
            }
            this.userGroupProvider.checkInheritability(parseFingerprint);
        }
    }

    public AccessPolicyProvider getAccessPolicyProvider() {
        return new AccessPolicyProvider() { // from class: org.apache.nifi.registry.ranger.RangerAuthorizer.1
            public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
                return RangerAuthorizer.this.rangerPlugin.getAccessPolicies();
            }

            public AccessPolicy getAccessPolicy(String str) throws AuthorizationAccessException {
                return RangerAuthorizer.this.rangerPlugin.getAccessPolicy(str);
            }

            public AccessPolicy getAccessPolicy(String str, RequestAction requestAction) throws AuthorizationAccessException {
                return RangerAuthorizer.this.rangerPlugin.getAccessPolicy(str, requestAction);
            }

            public UserGroupProvider getUserGroupProvider() {
                return RangerAuthorizer.this.userGroupProvider;
            }

            public void initialize(AccessPolicyProviderInitializationContext accessPolicyProviderInitializationContext) throws SecurityProviderCreationException {
            }

            public void onConfigured(AuthorizerConfigurationContext authorizerConfigurationContext) throws SecurityProviderCreationException {
            }

            public void preDestruction() throws SecurityProviderCreationException {
            }
        };
    }
}
