package io.jenkins.plugins.folderauth;

import com.cloudbees.hudson.plugins.folder.AbstractFolder;
import hudson.Extension;
import hudson.model.Api;
import hudson.model.Computer;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.ManagementLink;
import hudson.model.Run;
import hudson.model.View;
import hudson.scm.SCM;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import io.jenkins.plugins.folderauth.misc.AgentRoleCreationRequest;
import io.jenkins.plugins.folderauth.misc.FolderRoleCreationRequest;
import io.jenkins.plugins.folderauth.misc.GlobalRoleCreationRequest;
import io.jenkins.plugins.folderauth.misc.PermissionWrapper;
import io.jenkins.plugins.folderauth.roles.AgentRole;
import io.jenkins.plugins.folderauth.roles.FolderRole;
import io.jenkins.plugins.folderauth.roles.GlobalRole;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.ParametersAreNonnullByDefault;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import net.sf.json.JSONArray;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.export.ExportedBean;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.kohsuke.stapler.json.JsonBody;
import org.kohsuke.stapler.verb.GET;

@Extension
@ExportedBean
@ParametersAreNonnullByDefault
/* loaded from: input_file:io/jenkins/plugins/folderauth/FolderAuthorizationStrategyManagementLink.class */
public class FolderAuthorizationStrategyManagementLink extends ManagementLink {
    private static final Logger LOGGER = Logger.getLogger(FolderAuthorizationStrategyManagementLink.class.getName());

    @CheckForNull
    public String getIconFileName() {
        if (Jenkins.get().getAuthorizationStrategy() instanceof FolderBasedAuthorizationStrategy) {
            return "lock.png";
        }
        return null;
    }

    @Nonnull
    public String getDescription() {
        return Messages.FolderBasedAuthorizationStrategy_Description();
    }

    @CheckForNull
    public String getUrlName() {
        return "folder-auth";
    }

    @CheckForNull
    public String getDisplayName() {
        return Messages.FolderBasedAuthorizationStrategy_DisplayName();
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public Set<Permission> getGlobalPermissions() {
        HashSet hashSet = new HashSet(PermissionGroup.getAll());
        hashSet.remove(PermissionGroup.get(Permission.class));
        return getSafePermissions(hashSet);
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public Set<Permission> getFolderPermissions() {
        HashSet hashSet = new HashSet(PermissionGroup.getAll());
        hashSet.remove(PermissionGroup.get(Hudson.class));
        hashSet.remove(PermissionGroup.get(Computer.class));
        hashSet.remove(PermissionGroup.get(Permission.class));
        return getSafePermissions(hashSet);
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public Set<Permission> getAgentPermissions() {
        HashSet hashSet = new HashSet(PermissionGroup.getAll());
        hashSet.remove(PermissionGroup.get(Run.class));
        hashSet.remove(PermissionGroup.get(SCM.class));
        hashSet.remove(PermissionGroup.get(View.class));
        hashSet.remove(PermissionGroup.get(Item.class));
        hashSet.remove(PermissionGroup.get(Hudson.class));
        hashSet.remove(PermissionGroup.get(Permission.class));
        return getSafePermissions(hashSet);
    }

    public Api getApi() {
        return new Api(this);
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAddGlobalRole(@JsonBody GlobalRoleCreationRequest globalRoleCreationRequest) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.addGlobalRole(globalRoleCreationRequest.getGlobalRole());
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAssignSidToGlobalRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.assignSidToGlobalRole(str2, str);
        redirect();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAddFolderRole(@JsonBody FolderRoleCreationRequest folderRoleCreationRequest) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.addFolderRole(folderRoleCreationRequest.getFolderRole());
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAddAgentRole(@JsonBody AgentRoleCreationRequest agentRoleCreationRequest) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.addAgentRole(agentRoleCreationRequest.getAgentRole());
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAssignSidToFolderRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.assignSidToFolderRole(str2, str);
        redirect();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAssignSidToAgentRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.assignSidToAgentRole(str2, str);
        redirect();
    }

    private void redirect() {
        try {
            Stapler.getCurrentResponse().forwardToPreviousPage(Stapler.getCurrentRequest());
        } catch (ServletException | IOException e) {
            LOGGER.log(Level.WARNING, "Unable to redirect to previous page.");
        }
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public Set<GlobalRole> getGlobalRoles() {
        AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
        if (authorizationStrategy instanceof FolderBasedAuthorizationStrategy) {
            return ((FolderBasedAuthorizationStrategy) authorizationStrategy).getGlobalRoles();
        }
        throw new IllegalStateException(Messages.FolderBasedAuthorizationStrategy_NotCurrentStrategy());
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    @GET
    public JSONArray doGetAllFolders() {
        Jenkins jenkins = Jenkins.get();
        jenkins.checkPermission(Jenkins.ADMINISTER);
        ACLContext as = ACL.as(ACL.SYSTEM);
        Throwable th = null;
        try {
            try {
                List allItems = jenkins.getAllItems(AbstractFolder.class);
                if (as != null) {
                    if (0 != 0) {
                        try {
                            as.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        as.close();
                    }
                }
                return JSONArray.fromObject(allItems.stream().map((v0) -> {
                    return v0.getFullName();
                }).collect(Collectors.toList()));
            } finally {
            }
        } catch (Throwable th3) {
            if (as != null) {
                if (th != null) {
                    try {
                        as.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    as.close();
                }
            }
            throw th3;
        }
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public List<Computer> getAllComputers() {
        Jenkins jenkins = Jenkins.get();
        jenkins.checkPermission(Jenkins.ADMINISTER);
        ACLContext as = ACL.as(ACL.SYSTEM);
        Throwable th = null;
        try {
            try {
                Computer[] computers = jenkins.getComputers();
                if (as != null) {
                    if (0 != 0) {
                        try {
                            as.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        as.close();
                    }
                }
                return Arrays.asList(computers);
            } finally {
            }
        } catch (Throwable th3) {
            if (as != null) {
                if (th != null) {
                    try {
                        as.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    as.close();
                }
            }
            throw th3;
        }
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public Set<FolderRole> getFolderRoles() {
        AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
        if (authorizationStrategy instanceof FolderBasedAuthorizationStrategy) {
            return ((FolderBasedAuthorizationStrategy) authorizationStrategy).getFolderRoles();
        }
        throw new IllegalStateException(Messages.FolderBasedAuthorizationStrategy_NotCurrentStrategy());
    }

    @Nonnull
    @Restricted({NoExternalUse.class})
    public Set<AgentRole> getAgentRoles() {
        AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
        if (authorizationStrategy instanceof FolderBasedAuthorizationStrategy) {
            return ((FolderBasedAuthorizationStrategy) authorizationStrategy).getAgentRoles();
        }
        throw new IllegalStateException(Messages.FolderBasedAuthorizationStrategy_NotCurrentStrategy());
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doDeleteGlobalRole(@QueryParameter(required = true) String str) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.deleteGlobalRole(str);
        redirect();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doDeleteFolderRole(@QueryParameter(required = true) String str) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.deleteFolderRole(str);
        redirect();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doDeleteAgentRole(@QueryParameter(required = true) String str) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        FolderAuthorizationStrategyAPI.deleteAgentRole(str);
        redirect();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static Set<Permission> getSafePermissions(Set<PermissionGroup> set) {
        TreeSet treeSet = new TreeSet(Permission.ID_COMPARATOR);
        Stream<R> map = set.stream().map((v0) -> {
            return v0.getPermissions();
        });
        treeSet.getClass();
        map.forEach((v1) -> {
            r1.addAll(v1);
        });
        treeSet.removeAll(PermissionWrapper.DANGEROUS_PERMISSIONS);
        return treeSet;
    }
}
