package org.jenkinsci.plugins.matrixauth;

import hudson.model.Descriptor;
import hudson.security.Permission;
import hudson.security.SecurityRealm;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.IdStrategy;
import jenkins.model.Jenkins;
import org.jenkinsci.plugins.matrixauth.integrations.PermissionFinder;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationContainer.class */
public interface AuthorizationContainer {

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationContainer$IdStrategyComparator.class */
    public static class IdStrategyComparator implements Comparator<String> {
        private final SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        private final IdStrategy groupIdStrategy = this.securityRealm.getGroupIdStrategy();
        private final IdStrategy userIdStrategy = this.securityRealm.getUserIdStrategy();

        @Override // java.util.Comparator
        public int compare(String str, String str2) {
            int compare = this.userIdStrategy.compare(str, str2);
            if (compare == 0) {
                compare = this.groupIdStrategy.compare(str, str2);
            }
            return compare;
        }
    }

    void add(Permission permission, String str);

    Map<Permission, Set<String>> getGrantedPermissions();

    Descriptor getDescriptor();

    @Restricted({NoExternalUse.class})
    default void add(String str) {
        int indexOf = str.indexOf(58);
        String substring = str.substring(0, indexOf);
        Permission fromId = Permission.fromId(substring);
        if (fromId == null) {
            fromId = PermissionFinder.findPermission(substring);
        }
        if (fromId == null) {
            throw new IllegalArgumentException("Failed to parse '" + str + "' --- no such permission");
        }
        String substring2 = str.substring(indexOf + 1);
        if (fromId.isContainedBy(getDescriptor().getPermissionScope())) {
            add(fromId, str.substring(indexOf + 1));
        } else {
            Logger.getLogger(AuthorizationContainer.class.getName()).log(Level.WARNING, "Tried to add inapplicable permission " + fromId + " for " + substring2 + " in " + this + ", skipping");
        }
    }

    default List<String> getAllSIDs() {
        TreeSet treeSet = new TreeSet(new IdStrategyComparator());
        Iterator<Set<String>> it = getGrantedPermissions().values().iterator();
        while (it.hasNext()) {
            treeSet.addAll(it.next());
        }
        treeSet.remove("anonymous");
        String[] strArr = (String[]) treeSet.toArray(new String[treeSet.size()]);
        Arrays.sort(strArr);
        return Arrays.asList(strArr);
    }

    default boolean hasPermission(String str, Permission permission) {
        Set<String> set;
        SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        IdStrategy groupIdStrategy = securityRealm.getGroupIdStrategy();
        IdStrategy userIdStrategy = securityRealm.getUserIdStrategy();
        while (permission != null) {
            if (permission.getEnabled() && (set = getGrantedPermissions().get(permission)) != null) {
                if (set.contains(str)) {
                    return true;
                }
                for (String str2 : set) {
                    if (userIdStrategy.equals(str2, str) || groupIdStrategy.equals(str2, str)) {
                        return true;
                    }
                }
            }
            permission = permission.impliedBy;
        }
        return false;
    }

    default boolean hasPermission(String str, Permission permission, boolean z) {
        Set<String> set;
        SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        IdStrategy userIdStrategy = z ? securityRealm.getUserIdStrategy() : securityRealm.getGroupIdStrategy();
        while (permission != null) {
            if (permission.getEnabled() && (set = getGrantedPermissions().get(permission)) != null) {
                if (set.contains(str)) {
                    return true;
                }
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    if (userIdStrategy.equals(it.next(), str)) {
                        return true;
                    }
                }
            }
            permission = permission.impliedBy;
        }
        return false;
    }

    default boolean hasExplicitPermission(String str, Permission permission) {
        Set<String> set;
        if (str == null || (set = getGrantedPermissions().get(permission)) == null || !permission.getEnabled()) {
            return false;
        }
        if (set.contains(str)) {
            return true;
        }
        SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        IdStrategy groupIdStrategy = securityRealm.getGroupIdStrategy();
        IdStrategy userIdStrategy = securityRealm.getUserIdStrategy();
        for (String str2 : set) {
            if (userIdStrategy.equals(str2, str) || groupIdStrategy.equals(str2, str)) {
                return true;
            }
        }
        return false;
    }
}
