package com.michelin.cio.hudson.plugins.rolestrategy;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro;
import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleMacroExtension;
import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.security.AccessControlled;
import hudson.security.Permission;
import hudson.security.SidACL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.SortedSet;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.acls.sid.Sid;
import org.acegisecurity.userdetails.UserDetails;
import org.jenkinsci.plugins.rolestrategy.Settings;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:WEB-INF/lib/role-strategy.jar:com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.class */
public class RoleMap {
    private final SortedMap<Role, Set<String>> grantedRoles;
    private static final Logger LOGGER = Logger.getLogger(RoleMap.class.getName());
    private final Cache<String, UserDetails> cache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/role-strategy.jar:com/michelin/cio/hudson/plugins/rolestrategy/RoleMap$AclImpl.class */
    public final class AclImpl extends SidACL {
        AccessControlled item;
        RoleType roleType;

        public AclImpl(RoleType roleType, AccessControlled accessControlled) {
            this.item = accessControlled;
            this.roleType = roleType;
        }

        @SuppressFBWarnings(value = {"NP_BOOLEAN_RETURN_NULL"}, justification = "As declared in Jenkins API")
        protected Boolean hasPermission(Sid sid, Permission permission) {
            return RoleMap.this.hasPermission(toString(sid), permission, this.roleType, this.item) ? true : null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/role-strategy.jar:com/michelin/cio/hudson/plugins/rolestrategy/RoleMap$RoleWalker.class */
    private abstract class RoleWalker {
        RoleWalker() {
            walk();
        }

        public void walk() {
            Iterator<Role> it = RoleMap.this.getRoles().iterator();
            while (it.hasNext()) {
                perform(it.next());
            }
        }

        public abstract void perform(Role role);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleMap() {
        this.cache = CacheBuilder.newBuilder().softValues().maximumSize(Settings.USER_DETAILS_CACHE_MAX_SIZE).expireAfterWrite(Settings.USER_DETAILS_CACHE_EXPIRATION_TIME_SEC, TimeUnit.SECONDS).build();
        this.grantedRoles = new TreeMap();
    }

    RoleMap(SortedMap<Role, Set<String>> sortedMap) {
        this.cache = CacheBuilder.newBuilder().softValues().maximumSize(Settings.USER_DETAILS_CACHE_MAX_SIZE).expireAfterWrite(Settings.USER_DETAILS_CACHE_EXPIRATION_TIME_SEC, TimeUnit.SECONDS).build();
        this.grantedRoles = sortedMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasPermission(String str, Permission permission, RoleType roleType, AccessControlled accessControlled) {
        for (Role role : getRolesHavingPermission(permission)) {
            if (this.grantedRoles.get(role).contains(str)) {
                if (!Macro.isMacro(role)) {
                    return true;
                }
                Macro macro = RoleMacroExtension.getMacro(role.getName());
                if (macro != null) {
                    RoleMacroExtension macroExtension = RoleMacroExtension.getMacroExtension(macro.getName());
                    if (macroExtension.IsApplicable(roleType) && macroExtension.hasPermission(str, permission, roleType, accessControlled, macro)) {
                        return true;
                    }
                } else {
                    continue;
                }
            } else if (Settings.TREAT_USER_AUTHORITIES_AS_ROLES) {
                try {
                    UserDetails userDetails = (UserDetails) this.cache.getIfPresent(str);
                    if (userDetails == null) {
                        userDetails = Jenkins.getInstance().getSecurityRealm().loadUserByUsername(str);
                        this.cache.put(str, userDetails);
                    }
                    for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()) {
                        if (grantedAuthority.getAuthority().equals(role.getName())) {
                            return true;
                        }
                    }
                } catch (RuntimeException e) {
                    LOGGER.log(Level.WARNING, "Unhandled exception during user authorities processing", (Throwable) e);
                } catch (BadCredentialsException e2) {
                    LOGGER.log(Level.FINE, "Bad credentials", e2);
                } catch (DataAccessException e3) {
                    LOGGER.log(Level.FINE, "failed to access the data", e3);
                }
            } else {
                continue;
            }
        }
        return false;
    }

    public boolean hasRole(Role role) {
        return this.grantedRoles.containsKey(role);
    }

    public SidACL getACL(RoleType roleType, AccessControlled accessControlled) {
        return new AclImpl(roleType, accessControlled);
    }

    public void addRole(Role role) {
        if (getRole(role.getName()) == null) {
            this.grantedRoles.put(role, new HashSet());
        }
    }

    public void assignRole(Role role, String str) {
        if (hasRole(role)) {
            this.grantedRoles.get(role).add(str);
        }
    }

    public void clearSidsForRole(Role role) {
        if (hasRole(role)) {
            this.grantedRoles.get(role).clear();
        }
    }

    public void clearSids() {
        Iterator<Map.Entry<Role, Set<String>>> it = this.grantedRoles.entrySet().iterator();
        while (it.hasNext()) {
            clearSidsForRole(it.next().getKey());
        }
    }

    public Role getRole(String str) {
        for (Role role : getRoles()) {
            if (role.getName().equals(str)) {
                return role;
            }
        }
        return null;
    }

    public SortedMap<Role, Set<String>> getGrantedRoles() {
        return Collections.unmodifiableSortedMap(this.grantedRoles);
    }

    public Set<Role> getRoles() {
        return Collections.unmodifiableSet(this.grantedRoles.keySet());
    }

    public SortedSet<String> getSids() {
        return getSids(false);
    }

    public SortedSet<String> getSids(Boolean bool) {
        TreeSet treeSet = new TreeSet();
        Iterator<Map.Entry<Role, Set<String>>> it = this.grantedRoles.entrySet().iterator();
        while (it.hasNext()) {
            treeSet.addAll(it.next().getValue());
        }
        if (!bool.booleanValue()) {
            treeSet.remove("anonymous");
        }
        return Collections.unmodifiableSortedSet(treeSet);
    }

    public Set<String> getSidsForRole(String str) {
        Role role = getRole(str);
        if (role != null) {
            return Collections.unmodifiableSet(this.grantedRoles.get(role));
        }
        return null;
    }

    public RoleMap newMatchingRoleMap(String str) {
        Set<Role> matchingRoles = getMatchingRoles(str);
        TreeMap treeMap = new TreeMap();
        for (Role role : matchingRoles) {
            treeMap.put(role, this.grantedRoles.get(role));
        }
        return new RoleMap(treeMap);
    }

    private Set<Role> getRolesHavingPermission(Permission permission) {
        final HashSet hashSet = new HashSet();
        final HashSet hashSet2 = new HashSet();
        Permission permission2 = permission;
        while (true) {
            Permission permission3 = permission2;
            if (permission3 == null) {
                new RoleWalker() { // from class: com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super();
                    }

                    @Override // com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.RoleWalker
                    public void perform(Role role) {
                        if (role.hasAnyPermission(hashSet2).booleanValue()) {
                            hashSet.add(role);
                        }
                    }
                };
                return hashSet;
            }
            hashSet2.add(permission3);
            permission2 = permission3.impliedBy;
        }
    }

    private Set<Role> getMatchingRoles(final String str) {
        final HashSet hashSet = new HashSet();
        new RoleWalker() { // from class: com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.RoleWalker
            public void perform(Role role) {
                if (role.getPattern().matcher(str).matches()) {
                    hashSet.add(role);
                }
            }
        };
        return hashSet;
    }
}
