public class WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource extends org.apache.nifi.registry.web.api.ApplicationResource { private static final org.slf4j.Logger logger; private static final java.lang.String OIDC_REQUEST_IDENTIFIER; private static final java.lang.String OIDC_ERROR_TITLE; private static final java.lang.String REVOKE_ACCESS_TOKEN_LOGOUT; private static final java.lang.String ID_TOKEN_LOGOUT; private static final java.lang.String STANDARD_LOGOUT; private org.apache.nifi.registry.properties.NiFiRegistryProperties properties; private org.apache.nifi.registry.web.security.authentication.jwt.JwtService jwtService; private org.apache.nifi.registry.web.security.authentication.oidc.OidcService oidcService; private org.apache.nifi.registry.web.security.authentication.x.X509IdentityProvider x509IdentityProvider; private org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider kerberosSpnegoIdentityProvider; private org.apache.nifi.registry.security.authentication.IdentityProvider identityProvider; protected javax.ws.rs.core.UriInfo uriInfo; public void (org.apache.nifi.registry.properties.NiFiRegistryProperties, org.apache.nifi.registry.web.security.authentication.jwt.JwtService, org.apache.nifi.registry.web.security.authentication.x.X509IdentityProvider, org.apache.nifi.registry.web.security.authentication.oidc.OidcService, org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider, org.apache.nifi.registry.security.authentication.IdentityProvider, org.apache.nifi.registry.web.service.ServiceFacade, org.apache.nifi.registry.event.EventService) { org.apache.nifi.registry.web.security.authentication.x.X509IdentityProvider v; org.apache.nifi.registry.web.service.ServiceFacade v; org.apache.nifi.registry.web.security.authentication.jwt.JwtService v; org.apache.nifi.registry.event.EventService v; org.apache.nifi.registry.security.authentication.IdentityProvider v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; org.apache.nifi.registry.properties.NiFiRegistryProperties v; org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: org.apache.nifi.registry.properties.NiFiRegistryProperties; v := @parameter: org.apache.nifi.registry.web.security.authentication.jwt.JwtService; v := @parameter: org.apache.nifi.registry.web.security.authentication.x.X509IdentityProvider; v := @parameter: org.apache.nifi.registry.web.security.authentication.oidc.OidcService; v := @parameter: org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider; v := @parameter: org.apache.nifi.registry.security.authentication.IdentityProvider; v := @parameter: org.apache.nifi.registry.web.service.ServiceFacade; v := @parameter: org.apache.nifi.registry.event.EventService; specialinvoke v.(org.apache.nifi.registry.web.service.ServiceFacade,org.apache.nifi.registry.event.EventService)>(v, v); v. = v; v. = v; v. = v; v. = v; v. = v; v. = v; return; } public javax.ws.rs.core.Response getAccessStatus(javax.servlet.http.HttpServletRequest) { java.lang.Throwable v; org.apache.nifi.registry.web.service.ServiceFacade v; org.apache.nifi.registry.security.authorization.user.NiFiUser v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; javax.ws.rs.core.Response v; javax.ws.rs.core.Response$ResponseBuilder v; org.apache.nifi.registry.authorization.CurrentUser v; javax.ws.rs.WebApplicationException v; boolean v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = staticinvoke (); if v != null goto label; v = new javax.ws.rs.WebApplicationException; v = new java.lang.Throwable; specialinvoke v.(java.lang.String)>("Unable to access details for current user."); specialinvoke v.(java.lang.Throwable)>(v); throw v; label: v = v.; v = interfaceinvoke v.(); v = specialinvoke v.(v); virtualinvoke v.(v); v = specialinvoke v.(v); virtualinvoke v.(v); v = virtualinvoke v.(v); v = virtualinvoke v.(); return v; } public javax.ws.rs.core.Response createAccessTokenByTryingAllProviders(javax.servlet.http.HttpServletRequest) { java.lang.IllegalStateException v; java.net.URI v; java.util.stream.Collector v; boolean v, v, v; java.util.function.Predicate v; java.util.List v; java.util.stream.Stream v, v, v, v, v; javax.ws.rs.core.Response v; javax.ws.rs.core.Response$ResponseBuilder v; org.apache.nifi.registry.web.exception.UnauthorizedException v, v; java.lang.Throwable v; java.lang.String[] v; java.util.function.Function v, v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; java.lang.String v, v, v; org.slf4j.Logger v, v; java.util.Iterator v; org.apache.nifi.registry.security.authentication.AuthenticationRequest v; java.lang.Class v; java.lang.Object v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Access tokens are only issued over HTTPS"); throw v; label: v = specialinvoke v.(); v = null; v = interfaceinvoke v.(); label: v = interfaceinvoke v.(); if v == 0 goto label; v = interfaceinvoke v.(); v = interfaceinvoke v.(v); if v == null goto label; label: v = specialinvoke v.(v, v); label: goto label; label: v := @caughtexception; v = ; v = virtualinvoke v.(); v = virtualinvoke v.(); interfaceinvoke v.("{}: the supplied client credentials are invalid.", v); v = ; interfaceinvoke v.("", v); goto label; label: v = staticinvoke (v); if v == 0 goto label; v = interfaceinvoke v.(); v = staticinvoke (); v = interfaceinvoke v.(v); v = staticinvoke (); v = interfaceinvoke v.(v); v = staticinvoke (); v = interfaceinvoke v.(v); v = interfaceinvoke v.(); v = staticinvoke (); v = interfaceinvoke v.(v); v = new org.apache.nifi.registry.web.exception.UnauthorizedException; specialinvoke v.(java.lang.String)>("Client credentials are missing or invalid according to all configured identity providers."); v = virtualinvoke v.(v); throw v; label: v = newarray (java.lang.String)[2]; v[0] = "access"; v[1] = "token"; v = virtualinvoke v.(v); v = staticinvoke (v); v = virtualinvoke v.(v, v); v = virtualinvoke v.(); return v; catch org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException from label to label with label; } public javax.ws.rs.core.Response createAccessTokenUsingBasicAuthCredentials(javax.servlet.http.HttpServletRequest) { java.lang.Throwable v; java.lang.IllegalStateException v, v, v; java.lang.String[] v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; java.lang.String v, v; java.net.URI v; boolean v, v; org.slf4j.Logger v, v; org.apache.nifi.registry.security.authentication.IdentityProvider v, v, v, v; org.apache.nifi.registry.security.authentication.AuthenticationRequest v; javax.ws.rs.core.Response v; javax.ws.rs.core.Response$ResponseBuilder v; org.apache.nifi.registry.web.exception.UnauthorizedException v, v, v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage$AuthType v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Access tokens are only issued over HTTPS"); throw v; label: v = v.; if v != null goto label; v = ; interfaceinvoke v.("An Identity Provider must be configured to use this endpoint. Please consult the administration guide."); v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Username/Password login not supported by this NiFi. Contact System Administrator."); throw v; label: v = v.; v = v instanceof org.apache.nifi.registry.security.authentication.BasicAuthIdentityProvider; if v != 0 goto label; v = ; interfaceinvoke v.("An Identity Provider is configured, but it does not support HTTP Basic Auth authentication. The configured Identity Provider must extend {}", class "Lorg/apache/nifi/registry/security/authentication/BasicAuthIdentityProvider;"); v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Username/Password login not supported by this NiFi. Contact System Administrator."); throw v; label: v = v.; v = interfaceinvoke v.(v); if v != null goto label; v = new org.apache.nifi.registry.web.exception.UnauthorizedException; specialinvoke v.(java.lang.String)>("The client credentials are missing from the request."); v = ; v = virtualinvoke v.(v); throw v; label: v = v.; v = specialinvoke v.(v, v); label: goto label; label: v := @caughtexception; v = new org.apache.nifi.registry.web.exception.UnauthorizedException; specialinvoke v.(java.lang.String,java.lang.Throwable)>("The supplied client credentials are not valid.", v); v = ; v = virtualinvoke v.(v); throw v; label: v = newarray (java.lang.String)[2]; v[0] = "access"; v[1] = "token"; v = virtualinvoke v.(v); v = staticinvoke (v); v = virtualinvoke v.(v, v); v = virtualinvoke v.(); return v; catch org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException from label to label with label; } public javax.ws.rs.core.Response logout(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) { java.lang.Throwable v; java.lang.IllegalStateException v; org.apache.nifi.registry.web.security.authentication.jwt.JwtService v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; java.lang.String v, v, v, v; boolean v, v; org.slf4j.Logger v, v; javax.servlet.http.HttpServletResponse v; javax.ws.rs.core.Response v, v, v; javax.ws.rs.core.Response$ResponseBuilder v, v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("User authentication/authorization is only supported when running over HTTPS."); throw v; label: v = staticinvoke (); if v == null goto label; v = virtualinvoke v.(); if v != 0 goto label; label: v = ; v = dynamicinvoke "makeConcatWithConstants" (v) ("Logging out user \u0001"); interfaceinvoke v.(v); v = v.; virtualinvoke v.(v); v = virtualinvoke v.(); v = virtualinvoke v.(); label: return v; label: v := @caughtexception; v = ; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v, v) ("Logout of user \u failed due to: \u0001"); interfaceinvoke v.(v); v = staticinvoke (); v = virtualinvoke v.(); return v; label: v = staticinvoke (401, "Authentication token provided was empty or not in the correct JWT format."); v = virtualinvoke v.(); return v; catch io.jsonwebtoken.JwtException from label to label with label; } public void logoutComplete(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.io.IOException { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; java.lang.IllegalStateException v; javax.servlet.http.HttpServletRequest v; javax.servlet.http.HttpServletResponse v; java.lang.String v; boolean v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("User logout is only supported when running over HTTPS."); throw v; label: v = virtualinvoke v.(); interfaceinvoke v.(v); return; } public javax.ws.rs.core.Response createAccessTokenUsingKerberosTicket(javax.servlet.http.HttpServletRequest) { java.lang.Throwable v; java.lang.IllegalStateException v, v; java.lang.String[] v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; org.apache.nifi.registry.properties.NiFiRegistryProperties v; java.lang.String v, v; java.net.URI v; org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v, v, v, v, v; boolean v, v; org.apache.nifi.registry.security.authentication.AuthenticationRequest v; javax.ws.rs.core.Response v; javax.ws.rs.core.Response$ResponseBuilder v; org.apache.nifi.registry.web.exception.UnauthorizedException v, v, v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage$AuthType v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Access tokens are only issued over HTTPS"); throw v; label: v = v.; v = virtualinvoke v.(); if v == 0 goto label; v = v.; if v != null goto label; label: v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Kerberos service ticket login not supported by this NiFi Registry"); throw v; label: v = v.; v = virtualinvoke v.(v); if v != null goto label; v = new org.apache.nifi.registry.web.exception.UnauthorizedException; specialinvoke v.(java.lang.String)>("The client credentials are missing from the request."); v = v.; v = virtualinvoke v.(); v = interfaceinvoke v.(); v = virtualinvoke v.(v); throw v; label: v = v.; v = specialinvoke v.(v, v); label: goto label; label: v := @caughtexception; v = new org.apache.nifi.registry.web.exception.UnauthorizedException; specialinvoke v.(java.lang.String,java.lang.Throwable)>("The supplied client credentials are not valid.", v); v = v.; v = virtualinvoke v.(); v = interfaceinvoke v.(); v = virtualinvoke v.(v); throw v; label: v = newarray (java.lang.String)[2]; v[0] = "access"; v[1] = "token"; v = virtualinvoke v.(v); v = staticinvoke (v); v = virtualinvoke v.(v, v); v = virtualinvoke v.(); return v; catch org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException from label to label with label; } public javax.ws.rs.core.Response createAccessTokenUsingIdentityProviderCredentials(javax.servlet.http.HttpServletRequest) { java.lang.Throwable v; java.lang.IllegalStateException v, v; java.lang.String[] v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; java.lang.String v, v; java.net.URI v; boolean v; org.apache.nifi.registry.security.authentication.IdentityProvider v, v, v, v, v; org.apache.nifi.registry.security.authentication.AuthenticationRequest v; javax.ws.rs.core.Response v; javax.ws.rs.core.Response$ResponseBuilder v; org.apache.nifi.registry.web.exception.UnauthorizedException v, v, v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage$AuthType v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Access tokens are only issued over HTTPS"); throw v; label: v = v.; if v != null goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Custom login not supported by this NiFi Registry"); throw v; label: v = v.; v = interfaceinvoke v.(v); if v != null goto label; v = new org.apache.nifi.registry.web.exception.UnauthorizedException; specialinvoke v.(java.lang.String)>("The client credentials are missing from the request."); v = v.; v = interfaceinvoke v.(); v = interfaceinvoke v.(); v = virtualinvoke v.(v); throw v; label: v = v.; v = specialinvoke v.(v, v); label: goto label; label: v := @caughtexception; v = new org.apache.nifi.registry.web.exception.UnauthorizedException; specialinvoke v.(java.lang.String,java.lang.Throwable)>("The supplied client credentials are not valid.", v); v = v.; v = interfaceinvoke v.(); v = interfaceinvoke v.(); v = virtualinvoke v.(v); throw v; label: v = newarray (java.lang.String)[2]; v[0] = "access"; v[1] = "token"; v = virtualinvoke v.(v); v = staticinvoke (v); v = virtualinvoke v.(v, v); v = virtualinvoke v.(); return v; catch org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException from label to label with label; } public javax.ws.rs.core.Response getIdentityProviderUsageInstructions(javax.servlet.http.HttpServletRequest) { java.lang.IllegalStateException v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; javax.ws.rs.core.Response$Status v; java.lang.String v, v, v, v, v, v, v; boolean v; org.apache.nifi.registry.security.authentication.IdentityProvider v, v, v, v; java.lang.Exception v; javax.ws.rs.core.Response v, v; javax.ws.rs.core.Response$ResponseBuilder v, v, v; java.lang.Class v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = v.; if v != null goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Custom login not supported by this NiFi Registry"); throw v; label: v = v.; v = virtualinvoke v.(); v = virtualinvoke v.(); v = staticinvoke (v); if v == 0 goto label; v = virtualinvoke v.(); goto label; label: v = virtualinvoke v.(); label: v = dynamicinvoke "makeConcatWithConstants" (v) ("Usage Instructions for \'\u0001\': "); v = v.; v = interfaceinvoke v.(); v = interfaceinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v, v) ("\u0001\u0001"); v = virtualinvoke v.(v); v = virtualinvoke v.(); label: return v; label: v := @caughtexception; v = ; v = staticinvoke (v); v = v.; v = virtualinvoke v.(); v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("The currently configured identity provider, \'\u0001\' does not provide usage instructions."); v = virtualinvoke v.(v); v = virtualinvoke v.(); return v; catch java.lang.Exception from label to label with label; } public javax.ws.rs.core.Response testIdentityProviderRecognizesCredentialsFormat(javax.servlet.http.HttpServletRequest) { java.lang.IllegalStateException v, v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; java.lang.String v, v, v, v, v; boolean v, v; org.apache.nifi.registry.security.authentication.IdentityProvider v, v, v, v, v; org.apache.nifi.registry.security.authentication.AuthenticationRequest v; javax.ws.rs.core.Response v; javax.ws.rs.core.Response$ResponseBuilder v; java.lang.Class v; org.apache.nifi.registry.web.exception.UnauthorizedException v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage v, v; org.apache.nifi.registry.security.authentication.IdentityProviderUsage$AuthType v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Access tokens are only issued over HTTPS"); throw v; label: v = v.; if v != null goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Custom login not supported by this NiFi Registry"); throw v; label: v = v.; v = virtualinvoke v.(); v = virtualinvoke v.(); v = staticinvoke (v); if v == 0 goto label; v = virtualinvoke v.(); goto label; label: v = virtualinvoke v.(); label: v = v.; v = interfaceinvoke v.(v); if v != null goto label; v = new org.apache.nifi.registry.web.exception.UnauthorizedException; v = v.; v = interfaceinvoke v.(); v = interfaceinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v, v) ("The format of the credentials were not recognized by the currently configured identity provider \'\u0001\'. \u0001"); specialinvoke v.(java.lang.String)>(v); v = v.; v = interfaceinvoke v.(); v = interfaceinvoke v.(); v = virtualinvoke v.(v); throw v; label: v = dynamicinvoke "makeConcatWithConstants" (v) ("\u recognized the format of the credentials in the HTTP request."); v = virtualinvoke v.(v); v = virtualinvoke v.(); return v; } public void oidcRequest(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.lang.Exception { java.lang.IllegalStateException v, v; javax.servlet.http.HttpServletResponse v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; java.lang.String v, v; java.net.URI v; boolean v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("User authentication/authorization is only supported when running over HTTPS."); throw v; label: v = v.; v = virtualinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("OpenId Connect is not configured."); throw v; label: v = specialinvoke v.(); v = specialinvoke v.(v, v); v = virtualinvoke v.(); interfaceinvoke v.(v); return; } public void oidcCallback(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.lang.Exception { java.lang.IllegalStateException v, v, v, v, v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v, v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; com.nimbusds.openid.connect.sdk.AuthenticationResponse v; java.lang.String v, v, v, v, v, v, v, v, v; java.net.URI v, v; boolean v, v, v; org.slf4j.Logger v; com.nimbusds.oauth.sdk.AuthorizationCodeGrant v; javax.servlet.http.HttpServletResponse v; com.nimbusds.oauth.sdk.ErrorObject v; java.lang.Exception v; com.nimbusds.oauth.sdk.AuthorizationCode v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("User authentication/authorization is only supported when running over HTTPS."); throw v; label: v = v.; v = virtualinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("OpenId Connect is not configured."); throw v; label: v = specialinvoke v.(v); if v != null goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("The login request identifier was not found in the request. Unable to continue."); throw v; label: v = virtualinvoke v.(); v = specialinvoke v.(v, v, 1); v = interfaceinvoke v.(); if v == 0 goto label; specialinvoke v.(v, v, v, 1); label: v = virtualinvoke v.(); v = new com.nimbusds.oauth.sdk.AuthorizationCodeGrant; v = specialinvoke v.(); v = staticinvoke (v); specialinvoke v.(com.nimbusds.oauth.sdk.AuthorizationCode,java.net.URI)>(v, v); v = v.; virtualinvoke v.(v, v); label: goto label; label: v := @caughtexception; v = ; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Unable to exchange authorization for ID token: \u0001"); interfaceinvoke v.(v, v); specialinvoke v.(v); v = new java.lang.IllegalStateException; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Unable to exchange authorization for ID token: \u0001"); specialinvoke v.(java.lang.String)>(v); throw v; label: v = virtualinvoke v.(); interfaceinvoke v.(v); goto label; label: specialinvoke v.(v); v = new java.lang.IllegalStateException; v = virtualinvoke v.(); v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Unsuccessful login attempt: \u0001"); specialinvoke v.(java.lang.String)>(v); throw v; label: return; catch java.lang.Exception from label to label with label; } public javax.ws.rs.core.Response oidcExchange(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.lang.Exception { java.lang.IllegalStateException v, v; javax.servlet.http.HttpServletResponse v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v, v; java.lang.IllegalArgumentException v, v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; javax.ws.rs.core.Response v; javax.ws.rs.core.Response$ResponseBuilder v; java.lang.String v, v; boolean v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("User authentication/authorization is only supported when running over HTTPS."); throw v; label: v = v.; v = virtualinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("OpenId Connect is not configured."); throw v; label: v = specialinvoke v.(v); if v != null goto label; v = new java.lang.IllegalArgumentException; specialinvoke v.(java.lang.String)>("The login request identifier was not found in the request. Unable to continue."); throw v; label: specialinvoke v.(v); v = v.; v = virtualinvoke v.(v); if v != null goto label; v = new java.lang.IllegalArgumentException; specialinvoke v.(java.lang.String)>("A JWT for this login request identifier could not be found. Unable to continue."); throw v; label: v = virtualinvoke v.(v); v = virtualinvoke v.(); return v; } public void oidcLogout(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.lang.Exception { java.lang.IllegalStateException v, v, v; java.lang.Object[] v, v, v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v, v, v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; byte v; int v; javax.ws.rs.core.UriBuilder v, v, v; java.lang.String v, v, v, v, v, v; java.net.URI v, v, v; boolean v, v, v, v; javax.servlet.http.HttpServletResponse v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("User authentication/authorization is only supported when running over HTTPS."); throw v; label: v = v.; v = virtualinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("OpenId Connect is not configured."); throw v; label: v = specialinvoke v.(); v = -1; v = virtualinvoke v.(); lookupswitch(v) { case -1170133298: goto label; case 883140645: goto label; default: goto label; }; label: v = virtualinvoke v.("oidc_access_token_logout"); if v == 0 goto label; v = 0; goto label; label: v = virtualinvoke v.("oidc_id_token_logout"); if v == 0 goto label; v = 1; label: lookupswitch(v) { case 0: goto label; case 1: goto label; default: goto label; }; label: v = specialinvoke v.(); v = specialinvoke v.(v, v); v = virtualinvoke v.(); interfaceinvoke v.(v); goto label; label: v = v.; v = virtualinvoke v.(); if v == null goto label; v = virtualinvoke v.(); v = staticinvoke (v); v = newarray (java.lang.Object)[1]; v[0] = v; v = virtualinvoke v.("post_logout_redirect_uri", v); v = newarray (java.lang.Object)[1]; v = v.; v = virtualinvoke v.(); v[0] = v; v = virtualinvoke v.("client_id", v); v = newarray (java.lang.Object)[0]; v = virtualinvoke v.(v); v = virtualinvoke v.(); interfaceinvoke v.(v); goto label; label: v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Unable to initiate logout: Logout method unrecognized"); throw v; label: return; } public void oidcLogoutCallback(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) throws java.lang.Exception { java.lang.IllegalStateException v, v, v, v, v, v, v, v; byte v; com.nimbusds.openid.connect.sdk.AuthenticationResponse v; javax.ws.rs.core.UriBuilder v, v, v; java.net.URI v, v, v, v, v; boolean v, v, v, v, v; com.nimbusds.oauth.sdk.ErrorObject v; java.lang.Exception v, v, v; java.lang.Object[] v, v, v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v, v, v, v, v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; int v; java.lang.String v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v; org.slf4j.Logger v, v, v, v; com.nimbusds.oauth.sdk.AuthorizationCodeGrant v; javax.servlet.http.HttpServletResponse v; java.io.IOException v; com.nimbusds.oauth.sdk.AuthorizationCode v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v = interfaceinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("User logout is only supported when running over HTTPS."); throw v; label: v = v.; v = virtualinvoke v.(); if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("OpenId Connect is not configured."); throw v; label: v = specialinvoke v.(v); if v != null goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("The OIDC request identifier was not found in the request. Unable to continue."); throw v; label: v = virtualinvoke v.(); v = specialinvoke v.(v, v, 0); v = interfaceinvoke v.(); if v == 0 goto label; specialinvoke v.(v, v, v, 0); label: v = virtualinvoke v.(); v = new com.nimbusds.oauth.sdk.AuthorizationCodeGrant; v = specialinvoke v.(); v = staticinvoke (v); specialinvoke v.(com.nimbusds.oauth.sdk.AuthorizationCode,java.net.URI)>(v, v); v = specialinvoke v.(); v = -1; v = virtualinvoke v.(); lookupswitch(v) { case -1170133298: goto label; case 883140645: goto label; default: goto label; }; label: v = virtualinvoke v.("oidc_access_token_logout"); if v == 0 goto label; v = 0; goto label; label: v = virtualinvoke v.("oidc_id_token_logout"); if v == 0 goto label; v = 1; label: lookupswitch(v) { case 0: goto label; case 1: goto label; default: goto label; }; label: v = v.; v = virtualinvoke v.(v); label: goto label; label: v := @caughtexception; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Unable to exchange authorization for the access token: \u0001"); v = ; interfaceinvoke v.(v, v); v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>(v); throw v; label: v = v.; v = virtualinvoke v.(); label: specialinvoke v.(v, v, v); label: goto label; label: v := @caughtexception; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("There was an error logging out of the OpenID Connect Provider: \u0001"); v = ; interfaceinvoke v.(v, v); v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>(v); throw v; label: v = v.; v = virtualinvoke v.(v); label: goto label; label: v := @caughtexception; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Unable to exchange authorization for the ID token: \u0001"); v = ; interfaceinvoke v.(v, v); v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>(v); throw v; label: v = v.; v = virtualinvoke v.(); v = virtualinvoke v.(); v = staticinvoke (v); v = newarray (java.lang.Object)[1]; v[0] = v; v = virtualinvoke v.("id_token_hint", v); v = newarray (java.lang.Object)[1]; v[0] = v; v = virtualinvoke v.("post_logout_redirect_uri", v); v = newarray (java.lang.Object)[0]; v = virtualinvoke v.(v); v = virtualinvoke v.(); interfaceinvoke v.(v); goto label; label: v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Unable to complete logout: Logout method unrecognized"); throw v; label: v := @caughtexception; v = ; v = virtualinvoke v.(); interfaceinvoke v.(v, v); specialinvoke v.(v); throw v; label: specialinvoke v.(v); v = new java.lang.IllegalStateException; v = virtualinvoke v.(); v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Unsuccessful logout attempt: \u0001"); specialinvoke v.(java.lang.String)>(v); throw v; label: return; catch java.lang.Exception from label to label with label; catch java.io.IOException from label to label with label; catch java.lang.Exception from label to label with label; catch java.lang.Exception from label to label with label; } private java.lang.String getCookieValue(javax.servlet.http.Cookie[], java.lang.String) { javax.servlet.http.Cookie[] v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; int v, v; java.lang.String v, v, v; javax.servlet.http.Cookie v; boolean v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.Cookie[]; v := @parameter: java.lang.String; if v == null goto label; v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = virtualinvoke v.(); v = virtualinvoke v.(v); if v == 0 goto label; v = virtualinvoke v.(); return v; label: v = v + 1; goto label; label: return null; } public void setOidcService(org.apache.nifi.registry.web.security.authentication.oidc.OidcService) { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: org.apache.nifi.registry.web.security.authentication.oidc.OidcService; v. = v; return; } private java.lang.String getOidcCallback() { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; java.lang.String[] v; java.lang.String v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v = newarray (java.lang.String)[3]; v[0] = "access"; v[1] = "oidc"; v[2] = "callback"; v = virtualinvoke v.(v); return v; } private java.lang.String getOidcLogoutCallback() { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; java.lang.String[] v; java.lang.String v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v = newarray (java.lang.String)[4]; v[0] = "access"; v[1] = "oidc"; v[2] = "logout"; v[3] = "callback"; v = virtualinvoke v.(v); return v; } private void removeOidcRequestCookie(javax.servlet.http.HttpServletResponse) { javax.servlet.http.HttpServletResponse v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.Cookie v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletResponse; v = new javax.servlet.http.Cookie; specialinvoke v.(java.lang.String,java.lang.String)>("oidc-request-identifier", null); virtualinvoke v.("/"); virtualinvoke v.(1); virtualinvoke v.(0); virtualinvoke v.(1); interfaceinvoke v.(v); return; } protected java.net.URI getRequestUri() { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; java.net.URI v; javax.ws.rs.core.UriInfo v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v = v.; v = interfaceinvoke v.(); return v; } private void forwardToMessagePage(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String) throws java.lang.Exception { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; javax.servlet.RequestDispatcher v; javax.servlet.http.HttpServletResponse v; javax.servlet.ServletContext v, v; java.lang.String v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v := @parameter: javax.servlet.http.HttpServletResponse; v := @parameter: java.lang.String; interfaceinvoke v.("title", "Unable to continue login sequence"); interfaceinvoke v.("messages", v); v = interfaceinvoke v.(); v = interfaceinvoke v.("/nifi-registry"); v = interfaceinvoke v.("/WEB-INF/pages/message-page.jsp"); interfaceinvoke v.(v, v); return; } private java.lang.String createAccessToken(org.apache.nifi.registry.security.authentication.IdentityProvider, org.apache.nifi.registry.security.authentication.AuthenticationRequest) throws org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException, org.apache.nifi.registry.exception.AdministrationException { java.lang.Throwable v; org.apache.nifi.registry.web.security.authentication.jwt.JwtService v; org.apache.nifi.registry.security.authentication.IdentityProvider v; org.apache.nifi.registry.security.authentication.AuthenticationRequest v; org.apache.nifi.registry.exception.AdministrationException v; org.apache.nifi.registry.security.authentication.AuthenticationResponse v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; java.lang.String v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: org.apache.nifi.registry.security.authentication.IdentityProvider; v := @parameter: org.apache.nifi.registry.security.authentication.AuthenticationRequest; label: v = interfaceinvoke v.(v); v = v.; v = virtualinvoke v.(v); label: return v; label: v := @caughtexception; v = new org.apache.nifi.registry.exception.AdministrationException; v = virtualinvoke v.(); specialinvoke v.(java.lang.String)>(v); throw v; catch org.apache.nifi.registry.security.authentication.exception.IdentityAccessException from label to label with label; catch io.jsonwebtoken.JwtException from label to label with label; } private java.util.List generateIdentityProviderWaterfall() { org.apache.nifi.registry.web.security.authentication.x.X509IdentityProvider v, v; org.apache.nifi.registry.security.authentication.IdentityProvider v, v; java.util.ArrayList v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; org.apache.nifi.registry.web.security.authentication.kerberos.KerberosSpnegoIdentityProvider v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v = new java.util.ArrayList; specialinvoke v.()>(); v = v.; if v == null goto label; v = v.; interfaceinvoke v.(v); label: v = v.; if v == null goto label; v = v.; interfaceinvoke v.(v); label: v = v.; if v == null goto label; v = v.; interfaceinvoke v.(v); label: return v; } private boolean isBasicLoginSupported(javax.servlet.http.HttpServletRequest) { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; org.apache.nifi.registry.security.authentication.IdentityProvider v; boolean v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v == 0 goto label; v = v.; if v == null goto label; v = 1; goto label; label: v = 0; label: return v; } private boolean isOIDCLoginSupported(javax.servlet.http.HttpServletRequest) { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.servlet.http.HttpServletRequest v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v, v; boolean v, v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletRequest; v = interfaceinvoke v.(); if v == 0 goto label; v = v.; if v == null goto label; v = v.; v = virtualinvoke v.(); if v == 0 goto label; v = 1; goto label; label: v = 0; label: return v; } private java.lang.String determineLogoutMethod() { WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; java.net.URI v, v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v, v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v = v.; v = virtualinvoke v.(); if v == null goto label; return "oidc_id_token_logout"; label: v = v.; v = virtualinvoke v.(); if v == null goto label; return "oidc_access_token_logout"; label: return "oidc_standard_logout"; } private java.net.URI oidcRequestAuthorizationCode(javax.servlet.http.HttpServletResponse, java.lang.String) { java.lang.Object[] v, v, v, v, v, v; org.apache.nifi.registry.web.security.authentication.oidc.OidcService v, v, v, v; WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource v; javax.ws.rs.core.UriBuilder v, v, v, v, v, v; java.lang.String v, v, v, v, v; java.net.URI v, v; javax.servlet.http.Cookie v; com.nimbusds.oauth.sdk.Scope v; javax.servlet.http.HttpServletResponse v; com.nimbusds.oauth.sdk.id.State v; java.util.UUID v; v := @this: WEB-INF.classes.org.apache.nifi.registry.web.api.AccessResource; v := @parameter: javax.servlet.http.HttpServletResponse; v := @parameter: java.lang.String; v = staticinvoke (); v = virtualinvoke v.(); v = new javax.servlet.http.Cookie; specialinvoke v.(java.lang.String,java.lang.String)>("oidc-request-identifier", v); virtualinvoke v.("/"); virtualinvoke v.(1); virtualinvoke v.(60); virtualinvoke v.(1); interfaceinvoke v.(v); v = v.; v = virtualinvoke v.(v); v = v.; v = virtualinvoke v.(); v = staticinvoke