package jenkins.plugins.ssh2easy.acl;

import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.View;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.GlobalMatrixAuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.SidACL;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

/* loaded from: input_file:jenkins/plugins/ssh2easy/acl/CloudCIAuthorizationStrategy.class */
public class CloudCIAuthorizationStrategy extends AuthorizationStrategy {
    private final Map<AclType, CloudProject> cloudProjects = new HashMap();
    public static final String ACL_MAP = "aclMap";
    public static final String TYPE = "type";
    public static final String CLOUD_PROJECT = "project";
    public static final String PROJECT_NAME = "projectName";
    public static final String PROJECT_VIEW_NAME_PATTERN = "viewNamePattern";
    public static final String PROJECT_JOB_NAME_PATTERN = "jobNamePattern";
    public static final String PERMISSIONS = "permissions";
    public static final String ASSIGNED_MEMBER_IDS = "assignedMembers";
    public static final String PERMISSION = "permission";
    public static final String MEMBER_ID = "userID";
    public static final String GLOBAL = AclType.GLOBAL.getType();
    public static final String PROJECT = AclType.PROJECT.getType();

    @Extension
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jenkins/plugins/ssh2easy/acl/CloudCIAuthorizationStrategy$AclType.class */
    public enum AclType {
        GLOBAL("globalACL"),
        PROJECT("projectACL");

        private String type;

        AclType(String str) {
            this.type = str;
        }

        public String getType() {
            return this.type;
        }

        @Override // java.lang.Enum
        public String toString() {
            return getType();
        }

        public static AclType parseAclType(String str) {
            for (AclType aclType : values()) {
                if (aclType.getType().equals(str)) {
                    return aclType;
                }
            }
            throw new RuntimeException("Read type from persistent can't recongized from config.xml");
        }
    }

    /* loaded from: input_file:jenkins/plugins/ssh2easy/acl/CloudCIAuthorizationStrategy$ConverterImpl.class */
    public static class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == CloudCIAuthorizationStrategy.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            for (Map.Entry entry : ((CloudCIAuthorizationStrategy) obj).getCloudProjectMaps().entrySet()) {
                CloudProject cloudProject = (CloudProject) entry.getValue();
                hierarchicalStreamWriter.startNode(CloudCIAuthorizationStrategy.ACL_MAP);
                hierarchicalStreamWriter.addAttribute(CloudCIAuthorizationStrategy.TYPE, ((AclType) entry.getKey()).getType());
                for (Map.Entry<Project, Set<String>> entry2 : cloudProject.getAllProjectsPlan().entrySet()) {
                    Project key = entry2.getKey();
                    if (key != null) {
                        hierarchicalStreamWriter.startNode(CloudCIAuthorizationStrategy.CLOUD_PROJECT);
                        hierarchicalStreamWriter.addAttribute(CloudCIAuthorizationStrategy.PROJECT_NAME, key.getProjectName());
                        hierarchicalStreamWriter.addAttribute(CloudCIAuthorizationStrategy.PROJECT_VIEW_NAME_PATTERN, key.getViewNamePattern().pattern());
                        hierarchicalStreamWriter.addAttribute(CloudCIAuthorizationStrategy.PROJECT_JOB_NAME_PATTERN, key.getJobNamePattern().pattern());
                        hierarchicalStreamWriter.startNode(CloudCIAuthorizationStrategy.PERMISSIONS);
                        for (Permission permission : key.getPermissions()) {
                            hierarchicalStreamWriter.startNode(CloudCIAuthorizationStrategy.PERMISSION);
                            hierarchicalStreamWriter.setValue(permission.getId());
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.startNode(CloudCIAuthorizationStrategy.ASSIGNED_MEMBER_IDS);
                        for (String str : entry2.getValue()) {
                            hierarchicalStreamWriter.startNode(CloudCIAuthorizationStrategy.MEMBER_ID);
                            hierarchicalStreamWriter.setValue(str);
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.endNode();
                    }
                }
                hierarchicalStreamWriter.endNode();
            }
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            CloudCIAuthorizationStrategy create = create();
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                if (hierarchicalStreamReader.getNodeName().equals(CloudCIAuthorizationStrategy.ACL_MAP)) {
                    String attribute = hierarchicalStreamReader.getAttribute(CloudCIAuthorizationStrategy.TYPE);
                    CloudProject cloudProject = new CloudProject();
                    while (hierarchicalStreamReader.hasMoreChildren()) {
                        hierarchicalStreamReader.moveDown();
                        String attribute2 = hierarchicalStreamReader.getAttribute(CloudCIAuthorizationStrategy.PROJECT_NAME);
                        String attribute3 = hierarchicalStreamReader.getAttribute(CloudCIAuthorizationStrategy.PROJECT_VIEW_NAME_PATTERN);
                        String attribute4 = hierarchicalStreamReader.getAttribute(CloudCIAuthorizationStrategy.PROJECT_JOB_NAME_PATTERN);
                        HashSet hashSet = new HashSet();
                        String peekNextChild = hierarchicalStreamReader.peekNextChild();
                        if (peekNextChild != null && peekNextChild.equals(CloudCIAuthorizationStrategy.PERMISSIONS)) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                hashSet.add(Permission.fromId(hierarchicalStreamReader.getValue()));
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        Project project = new Project(attribute2, attribute3, attribute4, hashSet);
                        cloudProject.addProject(project);
                        String peekNextChild2 = hierarchicalStreamReader.peekNextChild();
                        if (peekNextChild2 != null && peekNextChild2.equals(CloudCIAuthorizationStrategy.ASSIGNED_MEMBER_IDS)) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                cloudProject.addProjectMember(project, hierarchicalStreamReader.getValue());
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        hierarchicalStreamReader.moveUp();
                    }
                    create.cloudProjects.put(AclType.parseAclType(attribute), cloudProject);
                }
                hierarchicalStreamReader.moveUp();
            }
            return create;
        }

        protected CloudCIAuthorizationStrategy create() {
            return new CloudCIAuthorizationStrategy();
        }
    }

    /* loaded from: input_file:jenkins/plugins/ssh2easy/acl/CloudCIAuthorizationStrategy$DescriptorImpl.class */
    public static final class DescriptorImpl extends GlobalMatrixAuthorizationStrategy.DescriptorImpl {
        public String getDisplayName() {
            return Messages.CloudCIAuthorizationStrategy_DisplayName();
        }

        public void doProjectsSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws UnsupportedEncodingException, ServletException, Descriptor.FormException, IOException {
            Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
            staplerRequest.setCharacterEncoding("UTF-8");
            Jenkins.getInstance().setAuthorizationStrategy(m4newInstance(staplerRequest, staplerRequest.getSubmittedForm()));
            Jenkins.getInstance().save();
        }

        public void doAssignSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws UnsupportedEncodingException, ServletException, Descriptor.FormException, IOException {
            Project project;
            Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
            staplerRequest.setCharacterEncoding("UTF-8");
            JSONObject submittedForm = staplerRequest.getSubmittedForm();
            AuthorizationStrategy authorizationStrategy = Jenkins.getInstance().getAuthorizationStrategy();
            if (submittedForm.has(AclType.GLOBAL.getType()) && submittedForm.has(AclType.PROJECT.getType()) && (authorizationStrategy instanceof CloudCIAuthorizationStrategy)) {
                for (Map.Entry entry : ((CloudCIAuthorizationStrategy) authorizationStrategy).getCloudProjectMaps().entrySet()) {
                    CloudProject cloudProject = (CloudProject) entry.getValue();
                    cloudProject.clearAllProjectMembers();
                    for (Map.Entry entry2 : submittedForm.getJSONObject(((AclType) entry.getKey()).getType()).getJSONObject("data").entrySet()) {
                        String str = (String) entry2.getKey();
                        for (Map.Entry entry3 : ((JSONObject) entry2.getValue()).entrySet()) {
                            if (((Boolean) entry3.getValue()).booleanValue() && (project = cloudProject.getProject((String) entry3.getKey())) != null && str != null && !str.equals("")) {
                                cloudProject.addProjectMember(project, str);
                            }
                        }
                    }
                }
                Jenkins.getInstance().save();
            }
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public AuthorizationStrategy m4newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            CloudCIAuthorizationStrategy cloudCIAuthorizationStrategy;
            Set<String> listProjectMembers;
            Set<String> listProjectMembers2;
            AuthorizationStrategy authorizationStrategy = Jenkins.getInstance().getAuthorizationStrategy();
            if (jSONObject.has(AclType.GLOBAL.getType()) && jSONObject.has(AclType.PROJECT.getType()) && (authorizationStrategy instanceof CloudCIAuthorizationStrategy)) {
                cloudCIAuthorizationStrategy = new CloudCIAuthorizationStrategy();
                for (Map.Entry entry : jSONObject.getJSONObject(AclType.GLOBAL.getType()).getJSONObject("data").entrySet()) {
                    String str = (String) entry.getKey();
                    HashSet hashSet = new HashSet();
                    for (Map.Entry entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                        if (((Boolean) entry2.getValue()).booleanValue()) {
                            hashSet.add(Permission.fromId((String) entry2.getKey()));
                        }
                    }
                    Project project = new Project(str, hashSet);
                    cloudCIAuthorizationStrategy.addProject(AclType.GLOBAL, project);
                    CloudProject cloudProjectByType = ((CloudCIAuthorizationStrategy) authorizationStrategy).getCloudProjectByType(AclType.GLOBAL);
                    if (cloudProjectByType != null && (listProjectMembers2 = cloudProjectByType.listProjectMembers(str)) != null) {
                        Iterator<String> it = listProjectMembers2.iterator();
                        while (it.hasNext()) {
                            cloudCIAuthorizationStrategy.assignProjectMember(AclType.GLOBAL, project, it.next());
                        }
                    }
                }
                for (Map.Entry entry3 : jSONObject.getJSONObject(AclType.PROJECT.getType()).getJSONObject("data").entrySet()) {
                    String str2 = (String) entry3.getKey();
                    HashSet hashSet2 = new HashSet();
                    String string = ((JSONObject) entry3.getValue()).getString(CloudCIAuthorizationStrategy.PROJECT_VIEW_NAME_PATTERN);
                    if (string != null) {
                        ((JSONObject) entry3.getValue()).remove(CloudCIAuthorizationStrategy.PROJECT_VIEW_NAME_PATTERN);
                    } else {
                        string = ".*";
                    }
                    String string2 = ((JSONObject) entry3.getValue()).getString(CloudCIAuthorizationStrategy.PROJECT_JOB_NAME_PATTERN);
                    if (string2 != null) {
                        ((JSONObject) entry3.getValue()).remove(CloudCIAuthorizationStrategy.PROJECT_JOB_NAME_PATTERN);
                    } else {
                        string2 = ".*";
                    }
                    for (Map.Entry entry4 : ((JSONObject) entry3.getValue()).entrySet()) {
                        if (((Boolean) entry4.getValue()).booleanValue()) {
                            hashSet2.add(Permission.fromId((String) entry4.getKey()));
                        }
                    }
                    Project project2 = new Project(str2, string, string2, hashSet2);
                    cloudCIAuthorizationStrategy.addProject(AclType.PROJECT, project2);
                    CloudProject cloudProjectByType2 = ((CloudCIAuthorizationStrategy) authorizationStrategy).getCloudProjectByType(AclType.PROJECT);
                    if (cloudProjectByType2 != null && (listProjectMembers = cloudProjectByType2.listProjectMembers(str2)) != null) {
                        Iterator<String> it2 = listProjectMembers.iterator();
                        while (it2.hasNext()) {
                            cloudCIAuthorizationStrategy.assignProjectMember(AclType.PROJECT, project2, it2.next());
                        }
                    }
                }
            } else if (authorizationStrategy instanceof CloudCIAuthorizationStrategy) {
                cloudCIAuthorizationStrategy = (CloudCIAuthorizationStrategy) authorizationStrategy;
            } else {
                cloudCIAuthorizationStrategy = new CloudCIAuthorizationStrategy();
                Project createAdminRole = createAdminRole();
                cloudCIAuthorizationStrategy.addProject(AclType.GLOBAL, createAdminRole);
                cloudCIAuthorizationStrategy.assignProjectMember(AclType.GLOBAL, createAdminRole, getCurrentUser());
            }
            return cloudCIAuthorizationStrategy;
        }

        public static final String getCurrentUser() {
            return new PrincipalSid(Jenkins.getAuthentication()).getPrincipal();
        }

        private Project createAdminRole() {
            HashSet hashSet = new HashSet();
            Iterator<PermissionGroup> it = getGroups(AclType.GLOBAL.getType()).iterator();
            while (it.hasNext()) {
                Iterator it2 = it.next().iterator();
                while (it2.hasNext()) {
                    hashSet.add((Permission) it2.next());
                }
            }
            return new Project("admin", hashSet);
        }

        public List<PermissionGroup> getGroups(String str) {
            ArrayList arrayList;
            switch (AclType.parseAclType(str)) {
                case GLOBAL:
                    arrayList = new ArrayList(PermissionGroup.getAll());
                    arrayList.remove(PermissionGroup.get(Permission.class));
                    break;
                case PROJECT:
                    arrayList = new ArrayList(PermissionGroup.getAll());
                    arrayList.remove(PermissionGroup.get(Permission.class));
                    arrayList.remove(PermissionGroup.get(Jenkins.class));
                    arrayList.remove(PermissionGroup.get(Computer.class));
                    arrayList.remove(PermissionGroup.get(View.class));
                    break;
                default:
                    arrayList = null;
                    break;
            }
            return arrayList;
        }

        public boolean showPermission(String str, Permission permission) {
            switch (AclType.parseAclType(str)) {
                case GLOBAL:
                    return showPermission(permission);
                case PROJECT:
                    return permission != Item.CREATE && permission.getEnabled();
                default:
                    return false;
            }
        }
    }

    /* renamed from: getRootACL, reason: merged with bridge method [inline-methods] */
    public SidACL m1getRootACL() {
        return getCloudProjectByType(AclType.GLOBAL).getACL();
    }

    public ACL getACL(final View view) {
        return new ACL() { // from class: jenkins.plugins.ssh2easy.acl.CloudCIAuthorizationStrategy.1
            public boolean hasPermission(Authentication authentication, Permission permission) {
                ACL acl = view.getOwner().getACL();
                CloudProject cloudProject = (CloudProject) CloudCIAuthorizationStrategy.this.cloudProjects.get(AclType.PROJECT);
                if (view == null || null == cloudProject) {
                    return true;
                }
                Set<Project> matchedViewsProjects = cloudProject.getMatchedViewsProjects(view.getViewName());
                String currentUser = DescriptorImpl.getCurrentUser();
                Iterator<Project> it = matchedViewsProjects.iterator();
                while (it.hasNext()) {
                    if (cloudProject.listProjectMembers(it.next().getProjectName()).contains(currentUser)) {
                        return permission == View.READ ? acl.hasPermission(authentication, View.CONFIGURE) || !view.getItems().isEmpty() : acl.hasPermission(authentication, permission);
                    }
                }
                return false;
            }
        };
    }

    public ACL getACL(Job<?, ?> job) {
        CloudProject cloudProject = this.cloudProjects.get(AclType.PROJECT);
        return cloudProject == null ? m1getRootACL() : cloudProject.newAuthorizationStrategyCloudProject(job.getName()).getACL().newInheritingACL(m1getRootACL());
    }

    public Collection<String> getGroups() {
        HashSet hashSet = new HashSet();
        Iterator<Map.Entry<AclType, CloudProject>> it = this.cloudProjects.entrySet().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getValue().getAllMembers(true));
        }
        return hashSet;
    }

    public SortedMap<Project, Set<String>> getProjectPlanMap(String str) {
        CloudProject cloudProjectByType = getCloudProjectByType(AclType.parseAclType(str));
        if (cloudProjectByType != null) {
            return cloudProjectByType.getAllProjectsPlan();
        }
        return null;
    }

    public Set<String> getSIDs(String str) {
        CloudProject cloudProjectByType = getCloudProjectByType(AclType.parseAclType(str));
        if (cloudProjectByType != null) {
            return cloudProjectByType.getAllMembers();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CloudProject getCloudProjectByType(AclType aclType) {
        CloudProject cloudProject;
        if (this.cloudProjects.containsKey(aclType)) {
            cloudProject = this.cloudProjects.get(aclType);
        } else {
            cloudProject = new CloudProject();
            this.cloudProjects.put(aclType, cloudProject);
        }
        return cloudProject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<AclType, CloudProject> getCloudProjectMaps() {
        return this.cloudProjects;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addProject(AclType aclType, Project project) {
        CloudProject cloudProject = this.cloudProjects.get(aclType);
        if (cloudProject != null) {
            cloudProject.addProject(project);
            return;
        }
        CloudProject cloudProject2 = new CloudProject();
        cloudProject2.addProject(project);
        this.cloudProjects.put(aclType, cloudProject2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void assignProjectMember(AclType aclType, Project project, String str) {
        CloudProject cloudProject = this.cloudProjects.get(aclType);
        if (cloudProject == null || !cloudProject.hasProject(project)) {
            return;
        }
        cloudProject.addProjectMember(project, str);
    }
}
