package org.jenkinsci.plugins.securityinspector.impl.users;

import hudson.Extension;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.Run;
import hudson.model.User;
import hudson.model.View;
import hudson.scm.SCM;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.annotation.Nonnull;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.jenkinsci.plugins.securityinspector.Messages;
import org.jenkinsci.plugins.securityinspector.SecurityInspectorAction;
import org.jenkinsci.plugins.securityinspector.UserContext;
import org.jenkinsci.plugins.securityinspector.UserContextCache;
import org.jenkinsci.plugins.securityinspector.model.PermissionReport;
import org.jenkinsci.plugins.securityinspector.model.SecurityInspectorReport;
import org.jenkinsci.plugins.securityinspector.util.ComputerFilter;
import org.jenkinsci.plugins.securityinspector.util.JenkinsHelper;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.StaplerRequest;

@Extension(ordinal = 0.0d)
/* loaded from: input_file:WEB-INF/lib/security-inspector.jar:org/jenkinsci/plugins/securityinspector/impl/users/PermissionsForComputerReportBuilder.class */
public class PermissionsForComputerReportBuilder extends UserReportBuilder {

    /* loaded from: input_file:WEB-INF/lib/security-inspector.jar:org/jenkinsci/plugins/securityinspector/impl/users/PermissionsForComputerReportBuilder$ReportImpl.class */
    public static class ReportImpl extends PermissionReport<Computer, Boolean> {

        @Nonnull
        final User user4report;

        ReportImpl(@Nonnull User user) {
            this.user4report = user;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.jenkinsci.plugins.securityinspector.model.SecurityInspectorReport
        public Boolean getEntryReport(Computer computer, Permission permission) {
            try {
                Authentication impersonate = this.user4report.impersonate();
                SecurityContext securityContext = null;
                AuthorizationStrategy authorizationStrategy = JenkinsHelper.getInstanceOrFail().getAuthorizationStrategy();
                try {
                    securityContext = ACL.impersonate(impersonate);
                    Boolean valueOf = Boolean.valueOf(authorizationStrategy.getACL(computer).hasPermission(permission));
                    if (securityContext != null) {
                        SecurityContextHolder.setContext(securityContext);
                    }
                    return valueOf;
                } catch (Throwable th) {
                    if (securityContext != null) {
                        SecurityContextHolder.setContext(securityContext);
                    }
                    throw th;
                }
            } catch (UsernameNotFoundException e) {
                return Boolean.FALSE;
            }
        }

        public final void generateReport(@Nonnull Set<Computer> set) {
            HashSet hashSet = new HashSet(PermissionGroup.getAll());
            hashSet.remove(PermissionGroup.get(Permission.class));
            hashSet.remove(PermissionGroup.get(Hudson.class));
            hashSet.remove(PermissionGroup.get(View.class));
            hashSet.remove(PermissionGroup.get(Job.class));
            hashSet.remove(PermissionGroup.get(Item.class));
            hashSet.remove(PermissionGroup.get(SCM.class));
            hashSet.remove(PermissionGroup.get(Run.class));
            super.generateReport(set, hashSet);
        }

        public static ReportImpl createReport(@Nonnull Set<Computer> set, @Nonnull User user) {
            ReportImpl reportImpl = new ReportImpl(user);
            reportImpl.generateReport(set);
            return reportImpl;
        }

        @Override // org.jenkinsci.plugins.securityinspector.model.SecurityInspectorReport
        public String getRowColumnHeader() {
            return Messages.SlaveReport_RowColumnHeader();
        }

        @Override // org.jenkinsci.plugins.securityinspector.model.SecurityInspectorReport
        public String getRowTitle(Computer computer) {
            return computer.getDisplayName();
        }

        @Override // org.jenkinsci.plugins.securityinspector.model.SecurityInspectorReport
        public boolean isEntryReportOk(Computer computer, Permission permission, Boolean bool) {
            if (bool != null) {
                return bool.booleanValue();
            }
            return false;
        }
    }

    @Override // org.jenkinsci.plugins.securityinspector.model.ReportBuilder
    public String getIcon() {
        return "fingerprint.png";
    }

    @Override // org.jenkinsci.plugins.securityinspector.model.ReportBuilder
    public String getIndex() {
        return "slave-filter";
    }

    @Override // org.jenkinsci.plugins.securityinspector.model.ReportBuilder
    public String getDisplayName() {
        return "Single user, multiple nodes";
    }

    @Override // org.jenkinsci.plugins.securityinspector.model.ReportBuilder
    public String getDescription() {
        return "Display node permissions for the specified user";
    }

    @Override // org.jenkinsci.plugins.securityinspector.model.ReportBuilder
    public void processParameters(StaplerRequest staplerRequest) throws Descriptor.FormException {
        try {
            Pattern.compile(staplerRequest.getParameter("_.includeRegex4Slave"));
            UserContextCache.updateSearchCache(new ComputerFilter(staplerRequest), staplerRequest.getParameter("selectedUser"));
        } catch (PatternSyntaxException e) {
            throw new Descriptor.FormException(e, "includeRegex4Slave");
        }
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public Set<Computer> getRequestedSlaves() throws HttpResponses.HttpResponseException {
        UserContext userContext = UserContextCache.getInstance().get(SecurityInspectorAction.getSessionId());
        if (userContext == null) {
            throw HttpResponses.error(404, "Context has not been found");
        }
        ComputerFilter slaveFilter = userContext.getSlaveFilter();
        if (slaveFilter == null) {
            throw HttpResponses.error(500, "The retrieved context does not contain slave filter settings");
        }
        List<Computer> doFilter = slaveFilter.doFilter();
        HashSet hashSet = new HashSet(doFilter.size());
        for (Computer computer : doFilter) {
            if (computer != null) {
                hashSet.add(computer);
            }
        }
        return hashSet;
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public SecurityInspectorReport getReportSlave() {
        Set<Computer> requestedSlaves = getRequestedSlaves();
        HashSet hashSet = new HashSet();
        for (Computer computer : requestedSlaves) {
            if (computer.getNode() != null) {
                hashSet.add(computer);
            }
        }
        User requestedUser = getRequestedUser();
        try {
            SecurityContext securityContext = null;
            try {
                securityContext = ACL.impersonate(requestedUser.impersonate());
                ReportImpl createReport = ReportImpl.createReport(hashSet, requestedUser);
                if (securityContext != null) {
                    SecurityContextHolder.setContext(securityContext);
                }
                return createReport;
            } catch (Throwable th) {
                if (securityContext != null) {
                    SecurityContextHolder.setContext(securityContext);
                }
                throw th;
            }
        } catch (UsernameNotFoundException e) {
            return new ReportImpl(requestedUser);
        }
    }
}
