package jenkins.security;

import hudson.Extension;
import hudson.model.AdministrativeMonitor;
import hudson.model.Job;
import hudson.model.Queue;
import hudson.model.queue.QueueListener;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.FullControlOnceLoggedInAuthorizationStrategy;
import hudson.security.LegacyAuthorizationStrategy;
import hudson.util.HttpResponses;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.180-rc28384.57acff334409.jar:jenkins/security/QueueItemAuthenticatorMonitor.class */
public class QueueItemAuthenticatorMonitor extends AdministrativeMonitor {
    private static boolean anyBuildLaunchedAsSystemWithAuthenticatorPresent = false;
    private static final Logger LOGGER = Logger.getLogger(QueueItemAuthenticatorMonitor.class.getName());

    @Extension
    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.180-rc28384.57acff334409.jar:jenkins/security/QueueItemAuthenticatorMonitor$QueueListenerImpl.class */
    public static class QueueListenerImpl extends QueueListener {
        @Override // hudson.model.queue.QueueListener
        public void onLeft(Queue.LeftItem leftItem) {
            if (leftItem.isCancelled()) {
                return;
            }
            String displayName = leftItem.getDisplayName();
            if (displayName == null && leftItem.task != null) {
                displayName = leftItem.task.getFullDisplayName();
            }
            Queue.Executable executable2 = leftItem.getExecutable();
            if (displayName == null && executable2 != null) {
                displayName = executable2.toString();
            }
            if (!(leftItem.task instanceof Job)) {
                QueueItemAuthenticatorMonitor.LOGGER.log(Level.FINE, displayName + " is not a job");
                return;
            }
            if (!(leftItem.authenticate() == ACL.SYSTEM)) {
                QueueItemAuthenticatorMonitor.LOGGER.log(Level.FINE, displayName + " does not run as SYSTEM");
                return;
            }
            QueueItemAuthenticatorMonitor.LOGGER.log(Level.FINE, displayName + " is running as SYSTEM");
            if (QueueItemAuthenticatorMonitor.isQueueItemAuthenticatorConfigured()) {
                boolean unused = QueueItemAuthenticatorMonitor.anyBuildLaunchedAsSystemWithAuthenticatorPresent = true;
            }
        }
    }

    @Override // hudson.model.AdministrativeMonitor
    public boolean isActivated() {
        AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
        if ((authorizationStrategy instanceof AuthorizationStrategy.Unsecured) || (authorizationStrategy instanceof LegacyAuthorizationStrategy) || (authorizationStrategy instanceof FullControlOnceLoggedInAuthorizationStrategy)) {
            return false;
        }
        return (isQueueItemAuthenticatorPresent() && isQueueItemAuthenticatorConfigured() && !isAnyBuildLaunchedAsSystemWithAuthenticatorPresent()) ? false : true;
    }

    @RequirePOST
    public HttpResponse doAct(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3) throws IOException {
        if (str != null) {
            return HttpResponses.redirectTo("https://jenkins.io/redirect/queue-item-security");
        }
        if (str2 != null) {
            disable(true);
        }
        if (str3 != null) {
            anyBuildLaunchedAsSystemWithAuthenticatorPresent = false;
        }
        return HttpResponses.forwardToPreviousPage();
    }

    public static boolean isQueueItemAuthenticatorPresent() {
        return !QueueItemAuthenticatorDescriptor.all().isEmpty();
    }

    public static boolean isQueueItemAuthenticatorConfigured() {
        return !QueueItemAuthenticatorConfiguration.get().getAuthenticators().isEmpty();
    }

    public boolean isAnyBuildLaunchedAsSystemWithAuthenticatorPresent() {
        return anyBuildLaunchedAsSystemWithAuthenticatorPresent;
    }

    @Override // hudson.model.AdministrativeMonitor, hudson.model.ModelObject
    public String getDisplayName() {
        return Messages.QueueItemAuthenticatorMonitor_DisplayName();
    }
}
