package com.michelin.cio.hudson.plugins.rolestrategy;

import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.model.AbstractItem;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.View;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.GlobalMatrixAuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.SidACL;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import javax.servlet.ServletException;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

/* loaded from: input_file:WEB-INF/classes/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.class */
public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy {
    public static final String GLOBAL = "globalRoles";
    public static final String PROJECT = "projectRoles";
    private final Map<String, RoleMap> grantedRoles = new HashMap();

    @Extension
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();

    /* loaded from: input_file:WEB-INF/classes/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy$ConverterImpl.class */
    public static class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == RoleBasedAuthorizationStrategy.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            for (Map.Entry entry : ((RoleBasedAuthorizationStrategy) obj).getRoleMaps().entrySet()) {
                RoleMap roleMap = (RoleMap) entry.getValue();
                hierarchicalStreamWriter.startNode("roleMap");
                hierarchicalStreamWriter.addAttribute("type", (String) entry.getKey());
                for (Map.Entry<Role, Set<String>> entry2 : roleMap.getGrantedRoles().entrySet()) {
                    Role key = entry2.getKey();
                    if (key != null) {
                        hierarchicalStreamWriter.startNode("role");
                        hierarchicalStreamWriter.addAttribute("name", key.getName());
                        hierarchicalStreamWriter.addAttribute("pattern", key.getPattern().pattern());
                        hierarchicalStreamWriter.startNode("permissions");
                        for (Permission permission : key.getPermissions()) {
                            hierarchicalStreamWriter.startNode("permission");
                            hierarchicalStreamWriter.setValue(permission.getId());
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.startNode("assignedSIDs");
                        for (String str : entry2.getValue()) {
                            hierarchicalStreamWriter.startNode("sid");
                            hierarchicalStreamWriter.setValue(str);
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.endNode();
                    }
                }
                hierarchicalStreamWriter.endNode();
            }
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            RoleBasedAuthorizationStrategy create = create();
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                if (hierarchicalStreamReader.getNodeName().equals("roleMap")) {
                    String attribute = hierarchicalStreamReader.getAttribute("type");
                    RoleMap roleMap = new RoleMap();
                    while (hierarchicalStreamReader.hasMoreChildren()) {
                        hierarchicalStreamReader.moveDown();
                        String attribute2 = hierarchicalStreamReader.getAttribute("name");
                        String attribute3 = hierarchicalStreamReader.getAttribute("pattern");
                        HashSet hashSet = new HashSet();
                        String peekNextChild = hierarchicalStreamReader.peekNextChild();
                        if (peekNextChild != null && peekNextChild.equals("permissions")) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                hashSet.add(Permission.fromId(hierarchicalStreamReader.getValue()));
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        Role role = new Role(attribute2, attribute3, hashSet);
                        roleMap.addRole(role);
                        String peekNextChild2 = hierarchicalStreamReader.peekNextChild();
                        if (peekNextChild2 != null && peekNextChild2.equals("assignedSIDs")) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                roleMap.assignRole(role, hierarchicalStreamReader.getValue());
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        hierarchicalStreamReader.moveUp();
                    }
                    create.grantedRoles.put(attribute, roleMap);
                }
                hierarchicalStreamReader.moveUp();
            }
            return create;
        }

        protected RoleBasedAuthorizationStrategy create() {
            return new RoleBasedAuthorizationStrategy();
        }
    }

    /* loaded from: input_file:WEB-INF/classes/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy$DescriptorImpl.class */
    public static final class DescriptorImpl extends GlobalMatrixAuthorizationStrategy.DescriptorImpl {
        public String getDisplayName() {
            return Messages.RoleBasedAuthorizationStrategy_DisplayName();
        }

        public void doRolesSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws UnsupportedEncodingException, ServletException, Descriptor.FormException, IOException {
            Hudson.getInstance().checkPermission(Hudson.ADMINISTER);
            staplerRequest.setCharacterEncoding("UTF-8");
            Hudson.getInstance().setAuthorizationStrategy(m3newInstance(staplerRequest, staplerRequest.getSubmittedForm()));
            Hudson.getInstance().save();
        }

        public void doAssignSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws UnsupportedEncodingException, ServletException, Descriptor.FormException, IOException {
            Role role;
            Hudson.getInstance().checkPermission(Hudson.ADMINISTER);
            staplerRequest.setCharacterEncoding("UTF-8");
            JSONObject submittedForm = staplerRequest.getSubmittedForm();
            AuthorizationStrategy authorizationStrategy = Hudson.getInstance().getAuthorizationStrategy();
            if (submittedForm.has(RoleBasedAuthorizationStrategy.GLOBAL) && submittedForm.has(RoleBasedAuthorizationStrategy.PROJECT) && (authorizationStrategy instanceof RoleBasedAuthorizationStrategy)) {
                for (Map.Entry entry : ((RoleBasedAuthorizationStrategy) authorizationStrategy).getRoleMaps().entrySet()) {
                    RoleMap roleMap = (RoleMap) entry.getValue();
                    roleMap.clearSids();
                    for (Map.Entry entry2 : submittedForm.getJSONObject((String) entry.getKey()).getJSONObject("data").entrySet()) {
                        String str = (String) entry2.getKey();
                        for (Map.Entry entry3 : ((JSONObject) entry2.getValue()).entrySet()) {
                            if (((Boolean) entry3.getValue()).booleanValue() && (role = roleMap.getRole((String) entry3.getKey())) != null && str != null && !str.equals("")) {
                                roleMap.assignRole(role, str);
                            }
                        }
                    }
                }
                Hudson.getInstance().save();
            }
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public AuthorizationStrategy m3newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy;
            Set<String> sidsForRole;
            Set<String> sidsForRole2;
            AuthorizationStrategy authorizationStrategy = Hudson.getInstance().getAuthorizationStrategy();
            if (jSONObject.has(RoleBasedAuthorizationStrategy.GLOBAL) && jSONObject.has(RoleBasedAuthorizationStrategy.PROJECT) && (authorizationStrategy instanceof RoleBasedAuthorizationStrategy)) {
                roleBasedAuthorizationStrategy = new RoleBasedAuthorizationStrategy();
                for (Map.Entry entry : jSONObject.getJSONObject(RoleBasedAuthorizationStrategy.GLOBAL).getJSONObject("data").entrySet()) {
                    String str = (String) entry.getKey();
                    HashSet hashSet = new HashSet();
                    for (Map.Entry entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                        if (((Boolean) entry2.getValue()).booleanValue()) {
                            hashSet.add(Permission.fromId((String) entry2.getKey()));
                        }
                    }
                    Role role = new Role(str, hashSet);
                    roleBasedAuthorizationStrategy.addRole(RoleBasedAuthorizationStrategy.GLOBAL, role);
                    RoleMap roleMap = ((RoleBasedAuthorizationStrategy) authorizationStrategy).getRoleMap(RoleBasedAuthorizationStrategy.GLOBAL);
                    if (roleMap != null && (sidsForRole2 = roleMap.getSidsForRole(str)) != null) {
                        Iterator<String> it = sidsForRole2.iterator();
                        while (it.hasNext()) {
                            roleBasedAuthorizationStrategy.assignRole(RoleBasedAuthorizationStrategy.GLOBAL, role, it.next());
                        }
                    }
                }
                for (Map.Entry entry3 : jSONObject.getJSONObject(RoleBasedAuthorizationStrategy.PROJECT).getJSONObject("data").entrySet()) {
                    String str2 = (String) entry3.getKey();
                    HashSet hashSet2 = new HashSet();
                    String string = ((JSONObject) entry3.getValue()).getString("pattern");
                    if (string != null) {
                        ((JSONObject) entry3.getValue()).remove("pattern");
                    } else {
                        string = ".*";
                    }
                    for (Map.Entry entry4 : ((JSONObject) entry3.getValue()).entrySet()) {
                        if (((Boolean) entry4.getValue()).booleanValue()) {
                            hashSet2.add(Permission.fromId((String) entry4.getKey()));
                        }
                    }
                    Role role2 = new Role(str2, string, hashSet2);
                    roleBasedAuthorizationStrategy.addRole(RoleBasedAuthorizationStrategy.PROJECT, role2);
                    RoleMap roleMap2 = ((RoleBasedAuthorizationStrategy) authorizationStrategy).getRoleMap(RoleBasedAuthorizationStrategy.PROJECT);
                    if (roleMap2 != null && (sidsForRole = roleMap2.getSidsForRole(str2)) != null) {
                        Iterator<String> it2 = sidsForRole.iterator();
                        while (it2.hasNext()) {
                            roleBasedAuthorizationStrategy.assignRole(RoleBasedAuthorizationStrategy.PROJECT, role2, it2.next());
                        }
                    }
                }
            } else if (authorizationStrategy instanceof RoleBasedAuthorizationStrategy) {
                roleBasedAuthorizationStrategy = (RoleBasedAuthorizationStrategy) authorizationStrategy;
            } else {
                roleBasedAuthorizationStrategy = new RoleBasedAuthorizationStrategy();
                Role createAdminRole = createAdminRole();
                roleBasedAuthorizationStrategy.addRole(RoleBasedAuthorizationStrategy.GLOBAL, createAdminRole);
                roleBasedAuthorizationStrategy.assignRole(RoleBasedAuthorizationStrategy.GLOBAL, createAdminRole, getCurrentUser());
            }
            return roleBasedAuthorizationStrategy;
        }

        private Role createAdminRole() {
            HashSet hashSet = new HashSet();
            Iterator<PermissionGroup> it = getGroups(RoleBasedAuthorizationStrategy.GLOBAL).iterator();
            while (it.hasNext()) {
                Iterator it2 = it.next().iterator();
                while (it2.hasNext()) {
                    hashSet.add((Permission) it2.next());
                }
            }
            return new Role("admin", hashSet);
        }

        private String getCurrentUser() {
            return new PrincipalSid(Hudson.getAuthentication()).getPrincipal();
        }

        public List<PermissionGroup> getGroups(String str) {
            ArrayList arrayList;
            if (str.equals(RoleBasedAuthorizationStrategy.GLOBAL)) {
                arrayList = new ArrayList(PermissionGroup.getAll());
                arrayList.remove(PermissionGroup.get(Permission.class));
            } else if (str.equals(RoleBasedAuthorizationStrategy.PROJECT)) {
                arrayList = new ArrayList(PermissionGroup.getAll());
                arrayList.remove(PermissionGroup.get(Permission.class));
                arrayList.remove(PermissionGroup.get(Hudson.class));
                arrayList.remove(PermissionGroup.get(Computer.class));
                arrayList.remove(PermissionGroup.get(View.class));
            } else {
                arrayList = null;
            }
            return arrayList;
        }

        public boolean showPermission(String str, Permission permission) {
            return str.equals(RoleBasedAuthorizationStrategy.GLOBAL) ? showPermission(permission) : str.equals(RoleBasedAuthorizationStrategy.PROJECT) && permission != Item.CREATE && permission.getEnabled();
        }
    }

    /* renamed from: getRootACL, reason: merged with bridge method [inline-methods] */
    public SidACL m2getRootACL() {
        return getRoleMap(GLOBAL).getACL();
    }

    public ACL getACL(Job<?, ?> job) {
        return getACL((AbstractItem) job);
    }

    public ACL getACL(AbstractItem abstractItem) {
        RoleMap roleMap = this.grantedRoles.get(PROJECT);
        return roleMap == null ? m2getRootACL() : roleMap.newMatchingRoleMap(abstractItem.getFullName()).getACL().newInheritingACL(m2getRootACL());
    }

    public Collection<String> getGroups() {
        HashSet hashSet = new HashSet();
        Iterator<Map.Entry<String, RoleMap>> it = this.grantedRoles.entrySet().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getValue().getSids(true));
        }
        return hashSet;
    }

    public SortedMap<Role, Set<String>> getGrantedRoles(String str) {
        RoleMap roleMap = getRoleMap(str);
        if (roleMap != null) {
            return roleMap.getGrantedRoles();
        }
        return null;
    }

    public Set<String> getSIDs(String str) {
        RoleMap roleMap = getRoleMap(str);
        if (roleMap != null) {
            return roleMap.getSids();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RoleMap getRoleMap(String str) {
        RoleMap roleMap;
        if (this.grantedRoles.containsKey(str)) {
            roleMap = this.grantedRoles.get(str);
        } else {
            roleMap = new RoleMap();
            this.grantedRoles.put(str, roleMap);
        }
        return roleMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, RoleMap> getRoleMaps() {
        return this.grantedRoles;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addRole(String str, Role role) {
        RoleMap roleMap = this.grantedRoles.get(str);
        if (roleMap != null) {
            roleMap.addRole(role);
            return;
        }
        RoleMap roleMap2 = new RoleMap();
        roleMap2.addRole(role);
        this.grantedRoles.put(str, roleMap2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void assignRole(String str, Role role, String str2) {
        RoleMap roleMap = this.grantedRoles.get(str);
        if (roleMap == null || !roleMap.hasRole(role)) {
            return;
        }
        roleMap.assignRole(role, str2);
    }
}
