package jenkins.security.stapler;

import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.ExtensionList;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.security.stapler.RoutingDecisionProvider;
import jenkins.util.SystemProperties;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.Function;
import org.kohsuke.stapler.FunctionList;
import org.kohsuke.stapler.StaplerFallback;
import org.kohsuke.stapler.StaplerOverridable;
import org.kohsuke.stapler.StaplerProxy;
import org.kohsuke.stapler.WebApp;
import org.kohsuke.stapler.interceptor.InterceptorAnnotation;
import org.kohsuke.stapler.lang.FieldRef;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.431-rc34365.9a_9803809537.jar:jenkins/security/stapler/TypedFilter.class */
public class TypedFilter implements FieldRef.Filter, FunctionList.Filter {
    private static final Logger LOGGER = Logger.getLogger(TypedFilter.class.getName());
    private static final Map<Class<?>, Boolean> staplerCache = new HashMap();

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"MS_SHOULD_BE_FINAL"}, justification = "for script console")
    public static boolean SKIP_TYPE_CHECK = SystemProperties.getBoolean(TypedFilter.class.getName() + ".skipTypeCheck");

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"MS_SHOULD_BE_FINAL"}, justification = "for script console")
    public static boolean PROHIBIT_STATIC_ACCESS = SystemProperties.getBoolean(TypedFilter.class.getName() + ".prohibitStaticAccess", true);

    private boolean isClassAcceptable(Class<?> cls) {
        if (!cls.isArray()) {
            return SKIP_TYPE_CHECK || isStaplerRelevantCached(cls);
        }
        Class<?> componentType = cls.getComponentType();
        if (isClassAcceptable(componentType)) {
            LOGGER.log(Level.FINE, "Class {0} is acceptable because it is an Array of acceptable elements {1}", new Object[]{cls.getName(), componentType.getName()});
            return true;
        }
        LOGGER.log(Level.FINE, "Class {0} is not acceptable because it is an Array of non-acceptable elements {1}", new Object[]{cls.getName(), componentType.getName()});
        return false;
    }

    private static boolean isStaplerRelevantCached(@NonNull Class<?> cls) {
        if (staplerCache.containsKey(cls)) {
            return staplerCache.get(cls).booleanValue();
        }
        boolean isStaplerRelevant = isStaplerRelevant(cls);
        staplerCache.put(cls, Boolean.valueOf(isStaplerRelevant));
        return isStaplerRelevant;
    }

    @Restricted({NoExternalUse.class})
    public static boolean isStaplerRelevant(@NonNull Class<?> cls) {
        return isSpecificClassStaplerRelevant(cls) || isSuperTypesStaplerRelevant(cls);
    }

    private static boolean isSuperTypesStaplerRelevant(@NonNull Class<?> cls) {
        Class<? super Object> superclass = cls.getSuperclass();
        if (superclass != null && isStaplerRelevantCached(superclass)) {
            return true;
        }
        for (Class<?> cls2 : cls.getInterfaces()) {
            if (isStaplerRelevantCached(cls2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isSpecificClassStaplerRelevant(@NonNull Class<?> cls) {
        if (cls.isAnnotationPresent(StaplerAccessibleType.class) || StaplerProxy.class.isAssignableFrom(cls) || StaplerFallback.class.isAssignableFrom(cls) || StaplerOverridable.class.isAssignableFrom(cls)) {
            return true;
        }
        for (Method method : cls.getMethods()) {
            if (isRoutableMethod(method)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isRoutableMethod(@NonNull Method method) {
        for (Annotation annotation : method.getDeclaredAnnotations()) {
            if (WebMethodConstants.WEB_METHOD_ANNOTATION_NAMES.contains(annotation.annotationType().getName()) || annotation.annotationType().isAnnotationPresent(InterceptorAnnotation.class)) {
                return true;
            }
        }
        for (Annotation[] annotationArr : method.getParameterAnnotations()) {
            for (Annotation annotation2 : annotationArr) {
                if (WebMethodConstants.WEB_METHOD_PARAMETER_ANNOTATION_NAMES.contains(annotation2.annotationType().getName())) {
                    return true;
                }
            }
        }
        for (Class<?> cls : method.getParameterTypes()) {
            if (WebMethodConstants.WEB_METHOD_PARAMETERS_NAMES.contains(cls.getName())) {
                return true;
            }
        }
        return WebApp.getCurrent().getFilterForDoActions().keep(new Function.InstanceFunction(method));
    }

    @Override // org.kohsuke.stapler.lang.FieldRef.Filter
    public boolean keep(@NonNull FieldRef fieldRef) {
        if (fieldRef.getAnnotation(StaplerNotDispatchable.class) != null) {
            return false;
        }
        if (fieldRef.getAnnotation(StaplerDispatchable.class) != null) {
            return true;
        }
        String signature = fieldRef.getSignature();
        ExtensionList lookup = ExtensionList.lookup(RoutingDecisionProvider.class);
        if (lookup.size() > 0) {
            Iterator it = lookup.iterator();
            while (it.hasNext()) {
                RoutingDecisionProvider routingDecisionProvider = (RoutingDecisionProvider) it.next();
                RoutingDecisionProvider.Decision decide = routingDecisionProvider.decide(signature);
                if (decide == RoutingDecisionProvider.Decision.ACCEPTED) {
                    LOGGER.log(Level.CONFIG, "Field {0} is acceptable because it is whitelisted by {1}", new Object[]{signature, routingDecisionProvider});
                    return true;
                }
                if (decide == RoutingDecisionProvider.Decision.REJECTED) {
                    LOGGER.log(Level.CONFIG, "Field {0} is not acceptable because it is blacklisted by {1}", new Object[]{signature, routingDecisionProvider});
                    return false;
                }
                Class<?> returnType = fieldRef.getReturnType();
                if (returnType != null) {
                    RoutingDecisionProvider.Decision decide2 = routingDecisionProvider.decide("class " + returnType.getCanonicalName());
                    if (decide2 == RoutingDecisionProvider.Decision.ACCEPTED) {
                        LOGGER.log(Level.CONFIG, "Field {0} is acceptable because its type is whitelisted by {1}", new Object[]{signature, routingDecisionProvider});
                        return true;
                    }
                    if (decide2 == RoutingDecisionProvider.Decision.REJECTED) {
                        LOGGER.log(Level.CONFIG, "Field {0} is not acceptable because its type is blacklisted by {1}", new Object[]{signature, routingDecisionProvider});
                        return false;
                    }
                }
            }
        }
        if (PROHIBIT_STATIC_ACCESS && fieldRef.isStatic()) {
            return false;
        }
        boolean isClassAcceptable = isClassAcceptable(fieldRef.getReturnType());
        LOGGER.log(Level.FINE, "Field analyzed: {0} => {1}", new Object[]{fieldRef.getName(), Boolean.valueOf(isClassAcceptable)});
        return isClassAcceptable;
    }

    @Override // org.kohsuke.stapler.FunctionList.Filter
    public boolean keep(@NonNull Function function) {
        if (function.getAnnotation(StaplerNotDispatchable.class) != null) {
            return false;
        }
        if (function.getAnnotation(StaplerDispatchable.class) != null) {
            return true;
        }
        String signature = function.getSignature();
        ExtensionList lookup = ExtensionList.lookup(RoutingDecisionProvider.class);
        if (lookup.size() > 0) {
            Iterator it = lookup.iterator();
            while (it.hasNext()) {
                RoutingDecisionProvider routingDecisionProvider = (RoutingDecisionProvider) it.next();
                RoutingDecisionProvider.Decision decide = routingDecisionProvider.decide(signature);
                if (decide == RoutingDecisionProvider.Decision.ACCEPTED) {
                    LOGGER.log(Level.CONFIG, "Function {0} is acceptable because it is whitelisted by {1}", new Object[]{signature, routingDecisionProvider});
                    return true;
                }
                if (decide == RoutingDecisionProvider.Decision.REJECTED) {
                    LOGGER.log(Level.CONFIG, "Function {0} is not acceptable because it is blacklisted by {1}", new Object[]{signature, routingDecisionProvider});
                    return false;
                }
                Class returnType = function.getReturnType();
                if (returnType != null) {
                    RoutingDecisionProvider.Decision decide2 = routingDecisionProvider.decide("class " + returnType.getCanonicalName());
                    if (decide2 == RoutingDecisionProvider.Decision.ACCEPTED) {
                        LOGGER.log(Level.CONFIG, "Function {0} is acceptable because its type is whitelisted by {1}", new Object[]{signature, routingDecisionProvider});
                        return true;
                    }
                    if (decide2 == RoutingDecisionProvider.Decision.REJECTED) {
                        LOGGER.log(Level.CONFIG, "Function {0} is not acceptable because its type is blacklisted by {1}", new Object[]{signature, routingDecisionProvider});
                        return false;
                    }
                }
            }
        }
        if (PROHIBIT_STATIC_ACCESS && function.isStatic()) {
            return false;
        }
        if (function.getName().equals("getDynamic")) {
            Class[] parameterTypes = function.getParameterTypes();
            if (parameterTypes.length > 0 && parameterTypes[0] == String.class) {
                return false;
            }
        }
        if (function.getName().equals("getStaplerFallback") && function.getParameterTypes().length == 0) {
            return false;
        }
        if (function.getName().equals("getTarget") && function.getParameterTypes().length == 0) {
            return false;
        }
        boolean isClassAcceptable = isClassAcceptable(function.getReturnType());
        LOGGER.log(Level.FINE, "Function analyzed: {0} => {1}", new Object[]{signature, Boolean.valueOf(isClassAcceptable)});
        return isClassAcceptable;
    }
}
