package hudson.plugins.collabnet.auth;

import com.collabnet.ce.webservices.CTFList;
import com.collabnet.ce.webservices.CTFRole;
import hudson.model.AbstractProject;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.plugins.collabnet.util.CommonUtil;
import hudson.plugins.promoted_builds.Promotion;
import hudson.scm.SCM;
import hudson.security.ACL;
import hudson.security.Permission;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import org.acegisecurity.Authentication;

/* loaded from: input_file:WEB-INF/lib/CollabNet-2.0.4.jar:hudson/plugins/collabnet/auth/CNProjectACL.class */
public class CNProjectACL extends ACL {
    private String projectId;
    private static Logger log = Logger.getLogger("CNProjectACL");

    /* loaded from: input_file:WEB-INF/lib/CollabNet-2.0.4.jar:hudson/plugins/collabnet/auth/CNProjectACL$CollabNetRoles.class */
    public static class CollabNetRoles {
        private static Collection<CollabNetRole> roles = Collections.emptyList();
        public static final CollabNetRole HUDSON_READ_ROLE = new CollabNetRole("Hudson Read", "Allows users read-access to Jenkins jobs.", Hudson.READ, Item.READ);
        public static final CollabNetRole HUDSON_BUILD_ROLE = new CollabNetRole("Hudson Build/Cancel", "Allow users to start a new build, or to cancel a build.", AbstractProject.BUILD, AbstractProject.ABORT, AbstractProject.WORKSPACE, Item.BUILD, SCM.TAG);
        public static final CollabNetRole HUDSON_CONFIGURE_ROLE = new CollabNetRole("Hudson Configure", "Allow users to configure a build.", Item.CONFIGURE);
        public static final CollabNetRole HUDSON_DELETE_ROLE = new CollabNetRole("Hudson Delete", "Allow users to delete builds.", Item.DELETE);

        public static Collection<CollabNetRole> getMatchingRoles(CTFList<CTFRole> cTFList) {
            ArrayList arrayList = new ArrayList();
            for (CollabNetRole collabNetRole : getAllRoles()) {
                if (cTFList.getTitles().contains(collabNetRole.getName())) {
                    arrayList.add(collabNetRole);
                }
            }
            return arrayList;
        }

        public static Collection<CollabNetRole> getAllRoles() {
            if (roles.isEmpty()) {
                roles = new ArrayList();
                roles.add(HUDSON_READ_ROLE);
                roles.add(HUDSON_BUILD_ROLE);
                roles.add(HUDSON_CONFIGURE_ROLE);
                roles.add(HUDSON_DELETE_ROLE);
                if (Hudson.getInstance().getPlugin("promoted-builds") != null) {
                    Field field = null;
                    Field[] fields = Promotion.class.getFields();
                    int length = fields.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        Field field2 = fields[i];
                        if (field2.getName().equals("PROMOTE")) {
                            field = field2;
                            break;
                        }
                        i++;
                    }
                    Permission permission = null;
                    if (field != null) {
                        try {
                            permission = (Permission) field.get(null);
                        } catch (IllegalAccessException e) {
                        }
                    }
                    roles.add(new CollabNetRole("Hudson Promote", "Allow users to promote builds.", permission != null ? new Permission[]{permission} : new Permission[0]));
                }
            }
            return roles;
        }

        public static List<String> getNames() {
            ArrayList arrayList = new ArrayList();
            Iterator<CollabNetRole> it = getAllRoles().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getName());
            }
            return arrayList;
        }

        public static CollabNetRole getGrantingRole(Permission permission) {
            Collection<Permission> expandPermissions = expandPermissions(permission);
            for (CollabNetRole collabNetRole : getAllRoles()) {
                Iterator<Permission> it = expandPermissions.iterator();
                while (it.hasNext()) {
                    if (collabNetRole.hasPermission(it.next())) {
                        return collabNetRole;
                    }
                }
            }
            return null;
        }

        private static Collection<Permission> expandPermissions(Permission permission) {
            ArrayList arrayList = new ArrayList();
            Permission permission2 = permission;
            while (true) {
                Permission permission3 = permission2;
                if (permission3 == null) {
                    return arrayList;
                }
                arrayList.add(permission3);
                permission2 = permission.impliedBy;
            }
        }
    }

    public CNProjectACL(String str) {
        this.projectId = null;
        this.projectId = str;
    }

    public boolean hasPermission(Authentication authentication, Permission permission) {
        if (!(authentication instanceof CNAuthentication)) {
            log.severe("Improper Authentication type used with CNAuthorizationStrategy!  CNAuthorization strategy cannot be used without CNAuthentication.  Please re-configure your Jenkins instance.");
            return false;
        }
        if (CommonUtil.isEmpty(this.projectId)) {
            log.severe("hasPerission: project id could not be found for project: " + this.projectId + ".");
            return false;
        }
        CNAuthentication cNAuthentication = (CNAuthentication) authentication;
        Set<Permission> userProjectPermSet = cNAuthentication.getUserProjectPermSet(cNAuthentication.m598getPrincipal(), this.projectId);
        while (permission != null) {
            if (userProjectPermSet.contains(permission)) {
                return true;
            }
            permission = permission.impliedBy;
        }
        return false;
    }
}
