package org.jenkinsci.plugins;

import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.model.Descriptor;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.acegisecurity.Authentication;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:WEB-INF/classes/org/jenkinsci/plugins/GithubAuthorizationStrategy.class */
public class GithubAuthorizationStrategy extends AuthorizationStrategy {
    private static final String ORGANIZATION_NAMES = "organizationNames";
    private static final String AUTHENTICATED_USER_READ_PERMISSION = "authenticatedUserReadPermission";
    private static final String ADMIN_USER_NAMES = "adminUserNames";
    private final String adminUserNames;
    private final boolean authenticatedUserReadPermission;
    private final String organizationNames;
    private ACL rootACL;

    /* loaded from: input_file:WEB-INF/classes/org/jenkinsci/plugins/GithubAuthorizationStrategy$ConverterImpl.class */
    public static class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == GithubAuthorizationStrategy.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            GithubAuthorizationStrategy githubAuthorizationStrategy = (GithubAuthorizationStrategy) obj;
            hierarchicalStreamWriter.startNode(GithubAuthorizationStrategy.ADMIN_USER_NAMES);
            hierarchicalStreamWriter.setValue(githubAuthorizationStrategy.getAdminUserNames());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode(GithubAuthorizationStrategy.ORGANIZATION_NAMES);
            hierarchicalStreamWriter.setValue(githubAuthorizationStrategy.getOrganizationNames());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode(GithubAuthorizationStrategy.AUTHENTICATED_USER_READ_PERMISSION);
            hierarchicalStreamWriter.setValue(String.valueOf(githubAuthorizationStrategy.isAuthenticatedUserReadPermission()));
            hierarchicalStreamWriter.endNode();
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            hierarchicalStreamReader.moveDown();
            String value = hierarchicalStreamReader.getValue();
            hierarchicalStreamReader.moveUp();
            hierarchicalStreamReader.moveDown();
            String value2 = hierarchicalStreamReader.getValue();
            hierarchicalStreamReader.moveUp();
            hierarchicalStreamReader.moveDown();
            return new GithubAuthorizationStrategy(value, Boolean.valueOf(hierarchicalStreamReader.getValue()).booleanValue(), value2);
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/classes/org/jenkinsci/plugins/GithubAuthorizationStrategy$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
        public String getDisplayName() {
            return "Github Commiter Authorization Strategy";
        }

        public String getHelpFile() {
            return "/plugin/github-oauth/help/help-authorization-strategy.html";
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/jenkinsci/plugins/GithubAuthorizationStrategy$GithubRequireOrganizationMembershipACL.class */
    private static class GithubRequireOrganizationMembershipACL extends ACL {
        private final List<String> organizationNameList;
        private final List<String> adminUserNameList = new LinkedList();
        private final boolean authenticatedUserReadPermission;

        public boolean hasPermission(Authentication authentication, Permission permission) {
            if (authentication == null || !(authentication instanceof GithubAuthenticationToken)) {
                String name = authentication.getName();
                if (name.equals("anonymous")) {
                    return false;
                }
                if (name.equals(SYSTEM.getPrincipal()) || this.adminUserNameList.contains(name)) {
                    return true;
                }
                if (!this.authenticatedUserReadPermission) {
                    return false;
                }
                String[] split = permission.getId().split("\\.");
                return split[split.length - 1].toLowerCase().equals("read");
            }
            GithubAuthenticationToken githubAuthenticationToken = (GithubAuthenticationToken) authentication;
            String name2 = authentication.getName();
            if (this.adminUserNameList.contains(name2)) {
                return true;
            }
            Iterator<String> it = this.organizationNameList.iterator();
            while (it.hasNext()) {
                if (githubAuthenticationToken.hasOrganizationPermission(name2, it.next())) {
                    String[] split2 = permission.getId().split("\\.");
                    String lowerCase = split2[split2.length - 1].toLowerCase();
                    if (lowerCase.equals("read") || lowerCase.equals("build")) {
                        return true;
                    }
                }
            }
            return false;
        }

        public GithubRequireOrganizationMembershipACL(String str, String str2, boolean z) {
            this.authenticatedUserReadPermission = z;
            for (String str3 : str.split(",")) {
                this.adminUserNameList.add(str3);
            }
            this.organizationNameList = new LinkedList();
            for (String str4 : str2.split(",")) {
                this.organizationNameList.add(str4);
            }
        }
    }

    @DataBoundConstructor
    public GithubAuthorizationStrategy(String str, boolean z, String str2) {
        this.rootACL = null;
        this.adminUserNames = str;
        this.authenticatedUserReadPermission = z;
        this.organizationNames = str2;
        this.rootACL = new GithubRequireOrganizationMembershipACL(this.adminUserNames, this.organizationNames, this.authenticatedUserReadPermission);
    }

    public ACL getRootACL() {
        return this.rootACL;
    }

    public Collection<String> getGroups() {
        return new ArrayList(0);
    }

    public String getAdminUserNames() {
        return this.adminUserNames;
    }

    public boolean isAuthenticatedUserReadPermission() {
        return this.authenticatedUserReadPermission;
    }

    public String getOrganizationNames() {
        return this.organizationNames;
    }
}
