package org.jenkinsci.plugins.matrixauth;

import hudson.init.InitMilestone;
import hudson.model.Descriptor;
import hudson.security.Permission;
import hudson.security.SecurityRealm;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import jenkins.model.IdStrategy;
import jenkins.model.Jenkins;
import org.jenkinsci.plugins.matrixauth.integrations.PermissionFinder;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:org/jenkinsci/plugins/matrixauth/AuthorizationContainer.class */
public interface AuthorizationContainer {
    public static final Logger LOGGER = Logger.getLogger(AuthorizationContainer.class.getName());

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:org/jenkinsci/plugins/matrixauth/AuthorizationContainer$IdStrategyComparator.class */
    public static class IdStrategyComparator implements Comparator<String> {
        private final SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        private final IdStrategy groupIdStrategy = this.securityRealm.getGroupIdStrategy();
        private final IdStrategy userIdStrategy = this.securityRealm.getUserIdStrategy();

        @Override // java.util.Comparator
        public int compare(String str, String str2) {
            int compare = this.userIdStrategy.compare(str, str2);
            if (compare == 0) {
                compare = this.groupIdStrategy.compare(str, str2);
            }
            return compare;
        }
    }

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:org/jenkinsci/plugins/matrixauth/AuthorizationContainer$PermissionEntryComparator.class */
    public static class PermissionEntryComparator implements Comparator<PermissionEntry> {
        private final SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        private final IdStrategy groupIdStrategy = this.securityRealm.getGroupIdStrategy();
        private final IdStrategy userIdStrategy = this.securityRealm.getUserIdStrategy();
        private final IdStrategyComparator eitherComparator = new IdStrategyComparator();

        @Override // java.util.Comparator
        public int compare(PermissionEntry permissionEntry, PermissionEntry permissionEntry2) {
            int compareTo = permissionEntry.getType().compareTo(permissionEntry2.getType());
            if (compareTo != 0) {
                return compareTo;
            }
            switch (permissionEntry.getType()) {
                case USER:
                    return this.userIdStrategy.compare(permissionEntry.getSid(), permissionEntry2.getSid());
                case GROUP:
                    return this.groupIdStrategy.compare(permissionEntry.getSid(), permissionEntry2.getSid());
                case EITHER:
                    return this.eitherComparator.compare(permissionEntry.getSid(), permissionEntry2.getSid());
                default:
                    throw new IllegalArgumentException("Unexpected arguments o1: " + permissionEntry + ", o2: " + permissionEntry2);
            }
        }
    }

    @Deprecated
    default void add(Permission permission, String str) {
        DeprecationUtil.logDeprecationMessage();
        add(permission, new PermissionEntry(AuthorizationType.EITHER, str));
    }

    default void add(Permission permission, PermissionEntry permissionEntry) {
        if (permission == null) {
            throw new IllegalArgumentException("Permission cannot be null for: " + permissionEntry);
        }
        LOGGER.log(Level.FINE, "Grant permission \"{0}\" to \"{1}\")", new Object[]{permission, permissionEntry});
        getGrantedPermissionEntries().computeIfAbsent(permission, permission2 -> {
            return new HashSet();
        }).add(permissionEntry);
        if (permissionEntry.getType() != AuthorizationType.USER) {
            recordGroup(permissionEntry.getSid());
        }
    }

    @Deprecated
    default Map<Permission, Set<String>> getGrantedPermissions() {
        DeprecationUtil.logDeprecationMessage();
        HashMap hashMap = new HashMap();
        for (Map.Entry<Permission, Set<PermissionEntry>> entry : getGrantedPermissionEntries().entrySet()) {
            Set set = (Set) entry.getValue().stream().filter(permissionEntry -> {
                return permissionEntry.getType() == AuthorizationType.EITHER;
            }).map((v0) -> {
                return v0.getSid();
            }).collect(Collectors.toSet());
            if (set.size() > 0) {
                hashMap.put(entry.getKey(), set);
            }
        }
        return hashMap;
    }

    Map<Permission, Set<PermissionEntry>> getGrantedPermissionEntries();

    /* renamed from: getGroups */
    Set<String> mo7getGroups();

    void recordGroup(String str);

    Descriptor getDescriptor();

    @Restricted({NoExternalUse.class})
    default void add(String str) {
        AuthorizationType authorizationType;
        String str2;
        String substring;
        int indexOf = str.indexOf(58);
        String substring2 = str.substring(0, indexOf);
        try {
            authorizationType = AuthorizationType.valueOf(substring2);
            int indexOf2 = str.indexOf(58, substring2.length() + 1);
            str2 = str.substring(indexOf + 1, indexOf2);
            substring = str.substring(indexOf2 + 1);
        } catch (IllegalArgumentException e) {
            authorizationType = AuthorizationType.EITHER;
            str2 = substring2;
            substring = str.substring(indexOf + 1);
            LOGGER.log(Jenkins.get().getInitLevel().ordinal() < InitMilestone.COMPLETED.ordinal() ? Level.WARNING : Level.FINE, "Processing a permission assignment in the legacy format (without explicit TYPE prefix): " + str);
        }
        Permission fromId = Permission.fromId(str2);
        if (fromId == null) {
            fromId = PermissionFinder.findPermission(str2);
        }
        if (fromId == null) {
            throw new IllegalArgumentException("Failed to parse '" + str + "' --- no such permission");
        }
        if (fromId.isContainedBy(getDescriptor().getPermissionScope())) {
            add(fromId, new PermissionEntry(authorizationType, substring));
        } else {
            LOGGER.log(Level.WARNING, "Tried to add inapplicable permission " + fromId + " for " + substring + " in " + this + ", skipping");
        }
    }

    @Restricted({NoExternalUse.class})
    Permission getEditingPermission();

    @Deprecated
    default List<String> getAllSIDs() {
        DeprecationUtil.logDeprecationMessage();
        TreeSet treeSet = new TreeSet(new IdStrategyComparator());
        Iterator<Set<String>> it = getGrantedPermissions().values().iterator();
        while (it.hasNext()) {
            treeSet.addAll(it.next());
        }
        treeSet.remove("anonymous");
        String[] strArr = (String[]) treeSet.toArray(new String[treeSet.size()]);
        Arrays.sort(strArr);
        return Arrays.asList(strArr);
    }

    default List<PermissionEntry> getAllPermissionEntries() {
        TreeSet treeSet = new TreeSet(new PermissionEntryComparator());
        Iterator<Set<PermissionEntry>> it = getGrantedPermissionEntries().values().iterator();
        while (it.hasNext()) {
            treeSet.addAll(it.next());
        }
        treeSet.remove(new PermissionEntry(AuthorizationType.USER, "anonymous"));
        return new ArrayList(treeSet);
    }

    @Deprecated
    default boolean hasPermission(String str, Permission permission) {
        Set<String> set;
        SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        IdStrategy groupIdStrategy = securityRealm.getGroupIdStrategy();
        IdStrategy userIdStrategy = securityRealm.getUserIdStrategy();
        while (permission != null) {
            if (permission.getEnabled() && (set = getGrantedPermissions().get(permission)) != null) {
                if (set.contains(str)) {
                    return true;
                }
                for (String str2 : set) {
                    if (userIdStrategy.equals(str2, str) || groupIdStrategy.equals(str2, str)) {
                        return true;
                    }
                }
            }
            permission = permission.impliedBy;
        }
        return false;
    }

    default boolean hasPermission(String str, Permission permission, boolean z) {
        Set<PermissionEntry> set;
        SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        IdStrategy userIdStrategy = z ? securityRealm.getUserIdStrategy() : securityRealm.getGroupIdStrategy();
        while (permission != null) {
            if (permission.getEnabled() && (set = getGrantedPermissionEntries().get(permission)) != null) {
                if (set.contains(new PermissionEntry(AuthorizationType.EITHER, str))) {
                    return true;
                }
                if (set.contains(new PermissionEntry(z ? AuthorizationType.USER : AuthorizationType.GROUP, str))) {
                    return true;
                }
                for (PermissionEntry permissionEntry : set) {
                    if (permissionEntry.isApplicable(z) && userIdStrategy.equals(permissionEntry.getSid(), str)) {
                        return true;
                    }
                }
            }
            permission = permission.impliedBy;
        }
        return false;
    }

    @Deprecated
    default boolean hasExplicitPermission(String str, Permission permission) {
        DeprecationUtil.logDeprecationMessage();
        for (AuthorizationType authorizationType : AuthorizationType.values()) {
            if (hasExplicitPermission(new PermissionEntry(authorizationType, str), permission)) {
                return true;
            }
        }
        return false;
    }

    default boolean hasExplicitPermission(PermissionEntry permissionEntry, Permission permission) {
        Set<PermissionEntry> set;
        if (permissionEntry == null || (set = getGrantedPermissionEntries().get(permission)) == null || !permission.getEnabled()) {
            return false;
        }
        if (set.contains(permissionEntry)) {
            return true;
        }
        SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
        IdStrategy groupIdStrategy = securityRealm.getGroupIdStrategy();
        IdStrategy userIdStrategy = securityRealm.getUserIdStrategy();
        for (PermissionEntry permissionEntry2 : set) {
            if (permissionEntry2.getType() == permissionEntry.getType() && (userIdStrategy.equals(permissionEntry2.getSid(), permissionEntry.getSid()) || groupIdStrategy.equals(permissionEntry2.getSid(), permissionEntry.getSid()))) {
                return true;
            }
        }
        return false;
    }
}
