package jenkins.security.s2m;

import hudson.Extension;
import hudson.FilePath;
import hudson.Functions;
import hudson.Util;
import hudson.util.HttpResponses;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.io.FileUtils;
import org.jenkinsci.remoting.Role;
import org.jenkinsci.remoting.RoleSensitive;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerProxy;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.122-rc15714.904e46cd5f33.jar:jenkins/security/s2m/AdminWhitelistRule.class */
public class AdminWhitelistRule implements StaplerProxy {
    public final CallableRejectionConfig rejected;
    public final CallableWhitelistConfig whitelisted;
    public final FilePathRuleConfig filePathRules;

    /* renamed from: jenkins, reason: collision with root package name */
    private final Jenkins f19jenkins = Jenkins.getInstance();
    private boolean masterKillSwitch;
    private static final Logger LOGGER = Logger.getLogger(AdminWhitelistRule.class.getName());

    public AdminWhitelistRule() throws IOException, InterruptedException {
        placeDefaultRule(new File(this.f19jenkins.getRootDir(), "secrets/whitelisted-callables.d/default.conf"), getClass().getResourceAsStream("callable.conf"));
        placeDefaultRule(new File(this.f19jenkins.getRootDir(), "secrets/filepath-filters.d/30-default.conf"), transformForWindows(getClass().getResourceAsStream("filepath-filter.conf")));
        this.whitelisted = new CallableWhitelistConfig(new File(this.f19jenkins.getRootDir(), "secrets/whitelisted-callables.d/gui.conf"));
        this.rejected = new CallableRejectionConfig(new File(this.f19jenkins.getRootDir(), "secrets/rejected-callables.txt"), this.whitelisted);
        this.filePathRules = new FilePathRuleConfig(new File(this.f19jenkins.getRootDir(), "secrets/filepath-filters.d/50-gui.conf"));
        this.masterKillSwitch = loadMasterKillSwitchFile();
    }

    private boolean loadMasterKillSwitchFile() {
        File masterKillSwitchFile = getMasterKillSwitchFile();
        try {
            if (masterKillSwitchFile.exists()) {
                return Boolean.parseBoolean(FileUtils.readFileToString(masterKillSwitchFile).trim());
            }
            return true;
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Failed to read " + masterKillSwitchFile, (Throwable) e);
            return false;
        }
    }

    private File getMasterKillSwitchFile() {
        return new File(this.f19jenkins.getRootDir(), "secrets/slave-to-master-security-kill-switch");
    }

    private InputStream transformForWindows(InputStream inputStream) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        Throwable th = null;
        while (true) {
            try {
                try {
                    String readLine = bufferedReader.readLine();
                    String str = readLine;
                    if (readLine == null) {
                        break;
                    }
                    if (!str.startsWith("#") && Functions.isWindows()) {
                        str = str.replace("/", "\\\\");
                    }
                    printStream.println(str);
                } finally {
                }
            } catch (Throwable th2) {
                if (printStream != null) {
                    if (th != null) {
                        try {
                            printStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        printStream.close();
                    }
                }
                throw th2;
            }
        }
        if (printStream != null) {
            if (0 != 0) {
                try {
                    printStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                printStream.close();
            }
        }
        return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
    }

    private void placeDefaultRule(File file, InputStream inputStream) throws IOException, InterruptedException {
        try {
            new FilePath(file).copyFrom(inputStream);
        } catch (IOException e) {
            if (file.canWrite()) {
                LOGGER.log(Level.WARNING, "Failed to generate " + file, (Throwable) e);
            }
        }
    }

    public boolean isWhitelisted(RoleSensitive roleSensitive, Collection<Role> collection, Object obj) {
        if (this.masterKillSwitch) {
            return true;
        }
        if (this.whitelisted.contains(roleSensitive.getClass().getName())) {
            return true;
        }
        this.rejected.report(roleSensitive.getClass());
        return false;
    }

    public boolean checkFileAccess(String str, File file) {
        if (this.masterKillSwitch) {
            return true;
        }
        return this.filePathRules.checkFileAccess(str, file);
    }

    @RequirePOST
    public HttpResponse doSubmit(StaplerRequest staplerRequest) throws IOException {
        this.f19jenkins.checkPermission(Jenkins.RUN_SCRIPTS);
        String fixNull = Util.fixNull(staplerRequest.getParameter("whitelist"));
        if (!fixNull.endsWith("\n")) {
            fixNull = fixNull + "\n";
        }
        Enumeration<String> parameterNames = staplerRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String nextElement = parameterNames.nextElement();
            if (nextElement.startsWith("class:")) {
                fixNull = fixNull + nextElement.substring(6) + "\n";
            }
        }
        this.whitelisted.set(fixNull);
        String fixNull2 = Util.fixNull(staplerRequest.getParameter("filePathRules"));
        this.filePathRules.parseTest(fixNull2);
        this.filePathRules.set(fixNull2);
        return HttpResponses.redirectToDot();
    }

    @RequirePOST
    public HttpResponse doApproveAll() throws IOException {
        StringBuilder sb = new StringBuilder();
        Iterator<Class> it = this.rejected.get().iterator();
        while (it.hasNext()) {
            sb.append(it.next().getName()).append('\n');
        }
        this.whitelisted.append(sb.toString());
        return HttpResponses.ok();
    }

    @RequirePOST
    public HttpResponse doApprove(@QueryParameter String str) throws IOException {
        this.whitelisted.append(str);
        return HttpResponses.ok();
    }

    public boolean getMasterKillSwitch() {
        return this.masterKillSwitch;
    }

    public void setMasterKillSwitch(boolean z) {
        try {
            this.f19jenkins.checkPermission(Jenkins.RUN_SCRIPTS);
            FileUtils.writeStringToFile(getMasterKillSwitchFile(), Boolean.toString(z));
            this.masterKillSwitch = loadMasterKillSwitchFile();
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Failed to write master kill switch", (Throwable) e);
        }
    }

    @Override // org.kohsuke.stapler.StaplerProxy
    public Object getTarget() {
        this.f19jenkins.checkPermission(Jenkins.RUN_SCRIPTS);
        return this;
    }
}
