package org.jenkinsci.plugins.matrixauth;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Functions;
import hudson.security.AccessControlled;
import hudson.security.GlobalMatrixAuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.PermissionScope;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:org/jenkinsci/plugins/matrixauth/AuthorizationContainerDescriptor.class */
public interface AuthorizationContainerDescriptor {
    PermissionScope getPermissionScope();

    @Restricted({DoNotUse.class})
    default String getDescription(Permission permission) {
        Permission permission2;
        String localizable = permission.description == null ? "" : permission.description.toString();
        Permission permission3 = permission.impliedBy;
        while (true) {
            permission2 = permission3;
            if (permission2 == null || permission2.group != PermissionGroup.get(Permission.class) || permission2.impliedBy == null) {
                break;
            }
            permission3 = permission2.impliedBy;
        }
        if (permission != Jenkins.ADMINISTER) {
            if (permission2 == null) {
                if (localizable.length() > 0) {
                    localizable = localizable + "<br/><br/>";
                }
                localizable = localizable + Messages.GlobalMatrixAuthorizationStrategy_PermissionNotImpliedBy();
            } else if (permission2 != Jenkins.ADMINISTER) {
                if (localizable.length() > 0) {
                    localizable = localizable + "<br/><br/>";
                }
                localizable = localizable + Messages.GlobalMatrixAuthorizationStrategy_PermissionImpliedBy(permission2.group.title, permission2.name);
            }
        }
        return localizable;
    }

    @Restricted({DoNotUse.class})
    default List<PermissionGroup> getAllGroups() {
        ArrayList arrayList = new ArrayList();
        for (PermissionGroup permissionGroup : PermissionGroup.getAll()) {
            if (permissionGroup != PermissionGroup.get(Permission.class) && permissionGroup.hasPermissionContainedBy(getPermissionScope())) {
                Iterator it = permissionGroup.getPermissions().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((Permission) it.next()).getEnabled()) {
                        arrayList.add(permissionGroup);
                        break;
                    }
                }
            }
        }
        return arrayList;
    }

    @Restricted({NoExternalUse.class})
    default String impliedByList(Permission permission) {
        ArrayList arrayList = new ArrayList();
        while (permission.impliedBy != null) {
            permission = permission.impliedBy;
            arrayList.add(permission);
        }
        return StringUtils.join((Collection) arrayList.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toList()), " ");
    }

    @Restricted({DoNotUse.class})
    default boolean showPermission(Permission permission) {
        return permission.getEnabled() && permission.isContainedBy(getPermissionScope()) && !GlobalMatrixAuthorizationStrategy.DANGEROUS_PERMISSIONS.contains(permission);
    }

    @Restricted({DoNotUse.class})
    default boolean hasAmbiguousEntries(AuthorizationContainer<?> authorizationContainer) {
        if (authorizationContainer == null) {
            return false;
        }
        return authorizationContainer.getAllPermissionEntries().stream().anyMatch(permissionEntry -> {
            return permissionEntry.getType() == AuthorizationType.EITHER;
        });
    }

    @Restricted({DoNotUse.class})
    default PermissionEntry entryFor(String str, String str2) {
        if (str == null) {
            return null;
        }
        return new PermissionEntry(AuthorizationType.valueOf(str), str2);
    }

    @Restricted({DoNotUse.class})
    default String getTypeLabel(String str) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
        return str == null ? "__TYPE__" : Messages.class.getMethod("TypeLabel_" + str, new Class[0]).invoke(null, new Object[0]).toString();
    }

    @Restricted({NoExternalUse.class})
    default FormValidation doCheckName_(@NonNull String str, @NonNull AccessControlled accessControlled, @NonNull Permission permission) {
        String substring = str.substring(1, str.length() - 1);
        int indexOf = substring.indexOf(58);
        if (indexOf < 0) {
            return FormValidation.error("No type prefix: " + substring);
        }
        try {
            AuthorizationType valueOf = AuthorizationType.valueOf(substring.substring(0, indexOf));
            String substring2 = substring.substring(indexOf + 1);
            String escape = Functions.escape(substring2);
            if (!accessControlled.hasPermission(permission)) {
                return valueOf == AuthorizationType.USER ? FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse(AuthorizationType.USER, escape, "User may or may not exist")) : valueOf == AuthorizationType.GROUP ? FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse(AuthorizationType.GROUP, escape, "Group may or may not exist")) : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("", escape, "Permissions would be granted to a user or group of this name", true));
            }
            SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
            if (substring2.equals("authenticated") && valueOf == AuthorizationType.EITHER) {
                return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse(AuthorizationType.GROUP, escape, "Internal group found; but permissions would also be granted to a user of this name", true));
            }
            if (substring2.equals("anonymous") && valueOf == AuthorizationType.EITHER) {
                return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse(AuthorizationType.USER, escape, "Internal user found; but permissions would also be granted to a group of this name", true));
            }
            try {
                switch (valueOf) {
                    case GROUP:
                        FormValidation validateGroup = ValidationUtil.validateGroup(substring2, securityRealm, false);
                        return validateGroup != null ? validateGroup : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatNonExistentUserGroupValidationResponse(escape, "Group not found"));
                    case USER:
                        FormValidation validateUser = ValidationUtil.validateUser(substring2, securityRealm, false);
                        return validateUser != null ? validateUser : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatNonExistentUserGroupValidationResponse(escape, "User not found"));
                    case EITHER:
                        FormValidation validateUser2 = ValidationUtil.validateUser(substring2, securityRealm, true);
                        if (validateUser2 != null) {
                            return validateUser2;
                        }
                        FormValidation validateGroup2 = ValidationUtil.validateGroup(substring2, securityRealm, true);
                        return validateGroup2 != null ? validateGroup2 : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatNonExistentUserGroupValidationResponse(escape, "User or group not found", true));
                    default:
                        return FormValidation.error("Unexpected type: " + valueOf);
                }
            } catch (Exception e) {
                return FormValidation.error(e, escape);
            }
        } catch (Exception e2) {
            return FormValidation.error("Invalid type prefix: " + substring);
        }
    }
}
