package io.jenkins.plugins.folderauth;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import hudson.Extension;
import hudson.model.AbstractItem;
import hudson.model.Descriptor;
import hudson.model.Job;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.SidACL;
import io.jenkins.plugins.folderauth.acls.GlobalAclImpl;
import io.jenkins.plugins.folderauth.acls.JobAclImpl;
import io.jenkins.plugins.folderauth.misc.PermissionWrapper;
import io.jenkins.plugins.folderauth.roles.FolderRole;
import io.jenkins.plugins.folderauth.roles.GlobalRole;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.ParametersAreNonnullByDefault;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.StaplerRequest;

@ParametersAreNonnullByDefault
/* loaded from: input_file:io/jenkins/plugins/folderauth/FolderBasedAuthorizationStrategy.class */
public class FolderBasedAuthorizationStrategy extends AuthorizationStrategy {
    private static final Logger LOGGER = Logger.getLogger(FolderBasedAuthorizationStrategy.class.getName());
    private static final String ADMIN_ROLE_NAME = "admin";
    private static final String FOLDER_SEPARATOR = "/";
    private Set<GlobalRole> globalRoles;
    private Set<FolderRole> folderRoles;
    private transient GlobalAclImpl globalAcl;
    private transient ConcurrentHashMap<String, JobAclImpl> jobAcls;
    private transient Cache<String, SidACL> aclCache;

    @Extension
    /* loaded from: input_file:io/jenkins/plugins/folderauth/FolderBasedAuthorizationStrategy$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
        @Nonnull
        public String getDisplayName() {
            return Messages.FolderBasedAuthorizationStrategy_DisplayName();
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public FolderBasedAuthorizationStrategy m5newInstance(@Nullable StaplerRequest staplerRequest, @Nonnull JSONObject jSONObject) {
            AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
            if (authorizationStrategy instanceof FolderBasedAuthorizationStrategy) {
                return (FolderBasedAuthorizationStrategy) authorizationStrategy;
            }
            HashSet hashSet = new HashSet(PermissionGroup.getAll());
            hashSet.remove(PermissionGroup.get(Permission.class));
            GlobalRole globalRole = new GlobalRole(FolderBasedAuthorizationStrategy.ADMIN_ROLE_NAME, PermissionWrapper.wrapPermissions(FolderAuthorizationStrategyManagementLink.getSafePermissions(hashSet)));
            globalRole.assignSids(new PrincipalSid(Jenkins.getAuthentication()).getPrincipal());
            return new FolderBasedAuthorizationStrategy((Set<GlobalRole>) Collections.singleton(globalRole), (Set<FolderRole>) Collections.emptySet());
        }
    }

    @DataBoundConstructor
    public FolderBasedAuthorizationStrategy(Set<GlobalRole> set, Set<FolderRole> set2) {
        init(set, set2);
    }

    private FolderBasedAuthorizationStrategy(HashSet<GlobalRole> hashSet, HashSet<FolderRole> hashSet2) {
        this.globalRoles = hashSet;
        this.folderRoles = hashSet2;
    }

    private synchronized void updateJobAcls() {
        this.jobAcls.clear();
        Iterator<FolderRole> it = this.folderRoles.iterator();
        while (it.hasNext()) {
            updateAclForFolderRole(it.next());
        }
    }

    @Nonnull
    /* renamed from: getRootACL, reason: merged with bridge method [inline-methods] */
    public GlobalAclImpl m4getRootACL() {
        return this.globalAcl;
    }

    @Nonnull
    private FolderBasedAuthorizationStrategy readResolve() {
        init(this.globalRoles, this.folderRoles);
        return this;
    }

    @Nonnull
    private FolderBasedAuthorizationStrategy writeReplace() {
        return new FolderBasedAuthorizationStrategy((HashSet<GlobalRole>) new HashSet(this.globalRoles), (HashSet<FolderRole>) new HashSet(this.folderRoles));
    }

    @Nonnull
    public SidACL getACL(@Nonnull Job<?, ?> job) {
        return m2getACL((AbstractItem) job);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v32, types: [hudson.security.SidACL] */
    @Nonnull
    /* renamed from: getACL, reason: merged with bridge method [inline-methods] */
    public SidACL m2getACL(@Nonnull AbstractItem abstractItem) {
        String fullName = abstractItem.getFullName();
        SidACL sidACL = (SidACL) this.aclCache.getIfPresent(fullName);
        if (sidACL != null) {
            return sidACL;
        }
        String[] split = fullName.split(FOLDER_SEPARATOR);
        StringBuilder sb = new StringBuilder(fullName.length());
        GlobalAclImpl globalAclImpl = this.globalAcl;
        for (String str : split) {
            sb.append(str);
            JobAclImpl jobAclImpl = this.jobAcls.get(sb.toString());
            if (jobAclImpl != null) {
                globalAclImpl = globalAclImpl.newInheritingACL(jobAclImpl);
            }
            sb.append(FOLDER_SEPARATOR);
        }
        this.aclCache.put(fullName, globalAclImpl);
        return globalAclImpl;
    }

    @Nonnull
    public Collection<String> getGroups() {
        ConcurrentHashMap.KeySetView newKeySet = ConcurrentHashMap.newKeySet();
        Stream map = ((Stream) this.globalRoles.stream().parallel()).map((v0) -> {
            return v0.getSids();
        });
        newKeySet.getClass();
        map.forEach((v1) -> {
            r1.addAll(v1);
        });
        Stream map2 = ((Stream) this.folderRoles.stream().parallel()).map((v0) -> {
            return v0.getSids();
        });
        newKeySet.getClass();
        map2.forEach((v1) -> {
            r1.addAll(v1);
        });
        return Collections.unmodifiableCollection(newKeySet);
    }

    private synchronized void generateNewGlobalAcl() {
        this.globalAcl = new GlobalAclImpl(this.globalRoles);
    }

    public void addGlobalRole(@Nonnull GlobalRole globalRole) throws IOException {
        this.globalRoles.add(globalRole);
        try {
            try {
                Jenkins.get().save();
                generateNewGlobalAcl();
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, "Unable to save config file, not adding global role", (Throwable) e);
                this.globalRoles.remove(globalRole);
                throw e;
            }
        } catch (Throwable th) {
            generateNewGlobalAcl();
            throw th;
        }
    }

    public Set<GlobalRole> getGlobalRoles() {
        return Collections.unmodifiableSet(this.globalRoles);
    }

    public void assignSidToGlobalRole(String str, String str2) throws IOException {
        GlobalRole orElseThrow = this.globalRoles.stream().filter(globalRole -> {
            return globalRole.getName().equals(str);
        }).findAny().orElseThrow(() -> {
            return new NoSuchElementException("No GlobalRole with the name " + str + "exists.");
        });
        orElseThrow.assignSids(str2);
        try {
            try {
                Jenkins.get().save();
                generateNewGlobalAcl();
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, "Unable to save config file, not assigning the sids.", (Throwable) e);
                orElseThrow.unassignSids(str2);
                throw e;
            }
        } catch (Throwable th) {
            generateNewGlobalAcl();
            throw th;
        }
    }

    public Set<FolderRole> getFolderRoles() {
        return Collections.unmodifiableSet(this.folderRoles);
    }

    public void addFolderRole(@Nonnull FolderRole folderRole) throws IOException {
        this.folderRoles.add(folderRole);
        try {
            try {
                Jenkins.get().save();
                this.aclCache.invalidateAll();
                updateAclForFolderRole(folderRole);
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, "Unable to save configuration when adding folder role.", (Throwable) e);
                this.folderRoles.remove(folderRole);
                throw e;
            }
        } catch (Throwable th) {
            this.aclCache.invalidateAll();
            updateAclForFolderRole(folderRole);
            throw th;
        }
    }

    public void assignSidToFolderRole(String str, String str2) throws IOException {
        FolderRole orElseThrow = this.folderRoles.stream().filter(folderRole -> {
            return folderRole.getName().equals(str);
        }).findAny().orElseThrow(() -> {
            return new NoSuchElementException("No GlobalRole with the name " + str + " exists.");
        });
        orElseThrow.assignSids(str2);
        try {
            try {
                Jenkins.get().save();
                updateAclForFolderRole(orElseThrow);
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, "Unable to save config file, not assigning the sids.", (Throwable) e);
                orElseThrow.unassignSids(str2);
                throw e;
            }
        } catch (Throwable th) {
            updateAclForFolderRole(orElseThrow);
            throw th;
        }
    }

    private void updateAclForFolderRole(@Nonnull FolderRole folderRole) {
        for (String str : folderRole.getFolderNames()) {
            JobAclImpl jobAclImpl = this.jobAcls.get(str);
            if (jobAclImpl == null) {
                jobAclImpl = new JobAclImpl();
            }
            jobAclImpl.assignPermissions(folderRole.getSids(), (Set) folderRole.getPermissions().stream().map((v0) -> {
                return v0.getPermission();
            }).collect(Collectors.toSet()));
            this.jobAcls.put(str, jobAclImpl);
        }
    }

    public void deleteGlobalRole(String str) throws IOException {
        if (str.equals(ADMIN_ROLE_NAME)) {
            throw new IllegalArgumentException("The admin role cannot be deleted.");
        }
        GlobalRole orElseThrow = this.globalRoles.stream().filter(globalRole -> {
            return globalRole.getName().equals(str);
        }).findAny().orElseThrow(() -> {
            return new NoSuchElementException("No GlobalRole with the name " + str + " exists.");
        });
        this.globalRoles.remove(orElseThrow);
        try {
            try {
                Jenkins.get().save();
                generateNewGlobalAcl();
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, "Unable to save the config when deleting global role. The role was not deleted.", (Throwable) e);
                this.globalRoles.add(orElseThrow);
                throw e;
            }
        } catch (Throwable th) {
            generateNewGlobalAcl();
            throw th;
        }
    }

    public void deleteFolderRole(String str) throws IOException {
        FolderRole orElseThrow = this.folderRoles.stream().filter(folderRole -> {
            return folderRole.getName().equals(str);
        }).findAny().orElseThrow(() -> {
            return new NoSuchElementException("No GlobalRole with the name " + str + " exists.");
        });
        this.folderRoles.remove(orElseThrow);
        try {
            try {
                Jenkins.get().save();
                updateJobAcls();
                this.aclCache.invalidateAll();
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, "Unable to save the config when deleting folder role. The role was not deleted.", (Throwable) e);
                this.folderRoles.add(orElseThrow);
                throw e;
            }
        } catch (Throwable th) {
            updateJobAcls();
            this.aclCache.invalidateAll();
            throw th;
        }
    }

    private void init(Set<GlobalRole> set, Set<FolderRole> set2) {
        this.globalRoles = ConcurrentHashMap.newKeySet();
        this.folderRoles = ConcurrentHashMap.newKeySet();
        this.globalRoles.addAll(set);
        this.folderRoles.addAll(set2);
        this.jobAcls = new ConcurrentHashMap<>();
        this.aclCache = CacheBuilder.newBuilder().expireAfterWrite(1L, TimeUnit.HOURS).maximumSize(2048L).build();
        generateNewGlobalAcl();
        updateJobAcls();
    }

    @Nonnull
    /* renamed from: getACL, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ ACL m3getACL(@Nonnull Job job) {
        return getACL((Job<?, ?>) job);
    }
}
