package hudson.security;

import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.diagnosis.OldDataMonitor;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.JobProperty;
import hudson.model.JobPropertyDescriptor;
import hudson.model.Run;
import hudson.util.FormValidation;
import hudson.util.RobustReflectionConverter;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.Sid;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.tmatesoft.svn.core.internal.wc.admin.SVNLog;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-1.403.jar:hudson/security/AuthorizationMatrixProperty.class */
public class AuthorizationMatrixProperty extends JobProperty<Job<?, ?>> {
    private transient SidACL acl;
    private final Map<Permission, Set<String>> grantedPermissions;
    private Set<String> sids;

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.403.jar:hudson/security/AuthorizationMatrixProperty$AclImpl.class */
    private final class AclImpl extends SidACL {
        private AclImpl() {
        }

        @Override // hudson.security.SidACL
        protected Boolean hasPermission(Sid sid, Permission permission) {
            return AuthorizationMatrixProperty.this.hasPermission(toString(sid), permission) ? true : null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.403.jar:hudson/security/AuthorizationMatrixProperty$ConverterImpl.class */
    public static final class ConverterImpl implements Converter {
        @Override // com.thoughtworks.xstream.converters.ConverterMatcher
        public boolean canConvert(Class cls) {
            return cls == AuthorizationMatrixProperty.class;
        }

        @Override // com.thoughtworks.xstream.converters.Converter
        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            for (Map.Entry entry : ((AuthorizationMatrixProperty) obj).grantedPermissions.entrySet()) {
                String id = ((Permission) entry.getKey()).getId();
                for (String str : (Set) entry.getValue()) {
                    hierarchicalStreamWriter.startNode("permission");
                    hierarchicalStreamWriter.setValue(id + ':' + str);
                    hierarchicalStreamWriter.endNode();
                }
            }
        }

        @Override // com.thoughtworks.xstream.converters.Converter
        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            AuthorizationMatrixProperty authorizationMatrixProperty = new AuthorizationMatrixProperty();
            String peekNextChild = hierarchicalStreamReader.peekNextChild();
            if (peekNextChild != null && peekNextChild.equals("useProjectSecurity")) {
                hierarchicalStreamReader.moveDown();
                hierarchicalStreamReader.getValue();
                hierarchicalStreamReader.moveUp();
            }
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                try {
                    authorizationMatrixProperty.add(hierarchicalStreamReader.getValue());
                } catch (IllegalArgumentException e) {
                    Logger.getLogger(AuthorizationMatrixProperty.class.getName()).log(Level.WARNING, "Skipping a non-existent permission", (Throwable) e);
                    RobustReflectionConverter.addErrorInContext(unmarshallingContext, e);
                }
                hierarchicalStreamReader.moveUp();
            }
            if (GlobalMatrixAuthorizationStrategy.migrateHudson2324(authorizationMatrixProperty.grantedPermissions)) {
                OldDataMonitor.report(unmarshallingContext, "1.301");
            }
            return authorizationMatrixProperty;
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.403.jar:hudson/security/AuthorizationMatrixProperty$DescriptorImpl.class */
    public static class DescriptorImpl extends JobPropertyDescriptor {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // hudson.model.JobPropertyDescriptor, hudson.model.Descriptor
        /* renamed from: newInstance */
        public JobProperty<?> newInstance2(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            JSONObject jSONObject2 = jSONObject.getJSONObject("useProjectSecurity");
            if (jSONObject2.isNullObject()) {
                return null;
            }
            AuthorizationMatrixProperty authorizationMatrixProperty = new AuthorizationMatrixProperty();
            for (Map.Entry<String, Object> entry : jSONObject2.getJSONObject(SVNLog.DATA_ATTR).entrySet()) {
                String key = entry.getKey();
                if (entry.getValue() instanceof JSONObject) {
                    for (Map.Entry<String, Object> entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                        if (((Boolean) entry2.getValue()).booleanValue()) {
                            authorizationMatrixProperty.add(Permission.fromId(entry2.getKey()), key);
                        }
                    }
                }
            }
            return authorizationMatrixProperty;
        }

        @Override // hudson.model.JobPropertyDescriptor
        public boolean isApplicable(Class<? extends Job> cls) {
            return Hudson.getInstance().getAuthorizationStrategy() instanceof ProjectMatrixAuthorizationStrategy;
        }

        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return "Authorization Matrix";
        }

        public List<PermissionGroup> getAllGroups() {
            return Arrays.asList(PermissionGroup.get(Item.class), PermissionGroup.get(Run.class));
        }

        public boolean showPermission(Permission permission) {
            return permission.getEnabled() && permission != Item.CREATE;
        }

        public FormValidation doCheckName(@AncestorInPath Job job, @QueryParameter String str) throws IOException, ServletException {
            return GlobalMatrixAuthorizationStrategy.DESCRIPTOR.doCheckName(str, job, AbstractProject.CONFIGURE);
        }
    }

    private AuthorizationMatrixProperty() {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.sids = new HashSet();
    }

    public AuthorizationMatrixProperty(Map<Permission, Set<String>> map) {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.sids = new HashSet();
        for (Map.Entry<Permission, Set<String>> entry : map.entrySet()) {
            this.grantedPermissions.put(entry.getKey(), new HashSet(entry.getValue()));
        }
    }

    public Set<String> getGroups() {
        return this.sids;
    }

    public List<String> getAllSIDs() {
        HashSet hashSet = new HashSet();
        Iterator<Set<String>> it = this.grantedPermissions.values().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next());
        }
        hashSet.remove("anonymous");
        String[] strArr = (String[]) hashSet.toArray(new String[hashSet.size()]);
        Arrays.sort(strArr);
        return Arrays.asList(strArr);
    }

    public Map<Permission, Set<String>> getGrantedPermissions() {
        return Collections.unmodifiableMap(this.grantedPermissions);
    }

    protected void add(Permission permission, String str) {
        Set<String> set = this.grantedPermissions.get(permission);
        if (set == null) {
            Map<Permission, Set<String>> map = this.grantedPermissions;
            HashSet hashSet = new HashSet();
            set = hashSet;
            map.put(permission, hashSet);
        }
        set.add(str);
        this.sids.add(str);
    }

    public SidACL getACL() {
        return this.acl;
    }

    public boolean hasPermission(String str, Permission permission) {
        while (permission != null) {
            Set<String> set = this.grantedPermissions.get(permission);
            if (set != null && set.contains(str)) {
                return true;
            }
            permission = permission.impliedBy;
        }
        return false;
    }

    public boolean hasExplicitPermission(String str, Permission permission) {
        Set<String> set = this.grantedPermissions.get(permission);
        return set != null && set.contains(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void add(String str) {
        int indexOf = str.indexOf(58);
        Permission fromId = Permission.fromId(str.substring(0, indexOf));
        if (fromId == null) {
            throw new IllegalArgumentException("Failed to parse '" + str + "' --- no such permission");
        }
        add(fromId, str.substring(indexOf + 1));
    }
}
