package jenkins.security.stapler;

import com.google.common.annotations.VisibleForTesting;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.BulkChange;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.Util;
import hudson.model.Saveable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Stream;
import jenkins.model.Jenkins;
import jenkins.security.stapler.RoutingDecisionProvider;
import jenkins.util.SystemProperties;
import org.apache.commons.io.IOUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.WebApp;

@Extension
@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.396-rc33464.048fa_e6e95ef.jar:jenkins/security/stapler/StaticRoutingDecisionProvider.class */
public class StaticRoutingDecisionProvider extends RoutingDecisionProvider implements Saveable {
    private Set<String> whitelistSignaturesFromFixedList;
    private Set<String> whitelistSignaturesFromUserControlledList;
    private Set<String> blacklistSignaturesFromFixedList;
    private Set<String> blacklistSignaturesFromUserControlledList;
    private static final Logger LOGGER = Logger.getLogger(StaticRoutingDecisionProvider.class.getName());

    @SuppressFBWarnings(value = {"MS_SHOULD_BE_FINAL"}, justification = "for script console")
    public static String WHITELIST_PATH = SystemProperties.getString(StaticRoutingDecisionProvider.class.getName() + ".whitelist");

    public StaticRoutingDecisionProvider() {
        reload();
    }

    public static StaticRoutingDecisionProvider get() {
        return (StaticRoutingDecisionProvider) ExtensionList.lookupSingleton(StaticRoutingDecisionProvider.class);
    }

    @Override // jenkins.security.stapler.RoutingDecisionProvider
    @NonNull
    public synchronized RoutingDecisionProvider.Decision decide(@NonNull String str) {
        if (this.whitelistSignaturesFromFixedList == null || this.whitelistSignaturesFromUserControlledList == null || this.blacklistSignaturesFromFixedList == null || this.blacklistSignaturesFromUserControlledList == null) {
            reload();
        }
        LOGGER.log(Level.CONFIG, "Checking whitelist for " + str);
        return (this.blacklistSignaturesFromFixedList.contains(str) || this.blacklistSignaturesFromUserControlledList.contains(str)) ? RoutingDecisionProvider.Decision.REJECTED : (this.whitelistSignaturesFromFixedList.contains(str) || this.whitelistSignaturesFromUserControlledList.contains(str)) ? RoutingDecisionProvider.Decision.ACCEPTED : RoutingDecisionProvider.Decision.UNKNOWN;
    }

    public synchronized void reload() {
        reloadFromDefault();
        reloadFromUserControlledList();
        resetMetaClassCache();
    }

    @VisibleForTesting
    synchronized void resetAndSave() {
        this.whitelistSignaturesFromFixedList = new HashSet();
        this.whitelistSignaturesFromUserControlledList = new HashSet();
        this.blacklistSignaturesFromFixedList = new HashSet();
        this.blacklistSignaturesFromUserControlledList = new HashSet();
        save();
    }

    private void resetMetaClassCache() {
        WebApp.get(Jenkins.get().servletContext).clearMetaClassCache();
    }

    private synchronized void reloadFromDefault() {
        try {
            InputStream resourceAsStream = StaticRoutingDecisionProvider.class.getResourceAsStream("default-whitelist.txt");
            try {
                this.whitelistSignaturesFromFixedList = new HashSet();
                this.blacklistSignaturesFromFixedList = new HashSet();
                parseFileIntoList(IOUtils.readLines(resourceAsStream, StandardCharsets.UTF_8), this.whitelistSignaturesFromFixedList, this.blacklistSignaturesFromFixedList);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                LOGGER.log(Level.FINE, "Found {0} getter in the standard whitelist", Integer.valueOf(this.whitelistSignaturesFromFixedList.size()));
            } finally {
            }
        } catch (IOException e) {
            throw new ExceptionInInitializerError(e);
        }
    }

    public synchronized StaticRoutingDecisionProvider add(@NonNull String str) {
        if (this.whitelistSignaturesFromUserControlledList.add(str)) {
            LOGGER.log(Level.INFO, "Signature [{0}] added to the whitelist", str);
            save();
            resetMetaClassCache();
        } else {
            LOGGER.log(Level.INFO, "Signature [{0}] was already present in the whitelist", str);
        }
        return this;
    }

    public synchronized StaticRoutingDecisionProvider addBlacklistSignature(@NonNull String str) {
        if (this.blacklistSignaturesFromUserControlledList.add(str)) {
            LOGGER.log(Level.INFO, "Signature [{0}] added to the blacklist", str);
            save();
            resetMetaClassCache();
        } else {
            LOGGER.log(Level.INFO, "Signature [{0}] was already present in the blacklist", str);
        }
        return this;
    }

    public synchronized StaticRoutingDecisionProvider remove(@NonNull String str) {
        if (this.whitelistSignaturesFromUserControlledList.remove(str)) {
            LOGGER.log(Level.INFO, "Signature [{0}] removed from the whitelist", str);
            save();
            resetMetaClassCache();
        } else {
            LOGGER.log(Level.INFO, "Signature [{0}] was not present in the whitelist", str);
        }
        return this;
    }

    public synchronized StaticRoutingDecisionProvider removeBlacklistSignature(@NonNull String str) {
        if (this.blacklistSignaturesFromUserControlledList.remove(str)) {
            LOGGER.log(Level.INFO, "Signature [{0}] removed from the blacklist", str);
            save();
            resetMetaClassCache();
        } else {
            LOGGER.log(Level.INFO, "Signature [{0}] was not present in the blacklist", str);
        }
        return this;
    }

    @Override // hudson.model.Saveable
    public synchronized void save() {
        if (BulkChange.contains(this)) {
            return;
        }
        File configFile = getConfigFile();
        try {
            ArrayList arrayList = new ArrayList(this.whitelistSignaturesFromUserControlledList);
            Stream<R> map = this.blacklistSignaturesFromUserControlledList.stream().map(str -> {
                return "!" + str;
            });
            Objects.requireNonNull(arrayList);
            map.forEach((v1) -> {
                r1.add(v1);
            });
            Files.write(Util.fileToPath(configFile), arrayList, StandardCharsets.UTF_8, new OpenOption[0]);
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Failed to save " + configFile.getAbsolutePath(), (Throwable) e);
        }
    }

    private synchronized void reloadFromUserControlledList() {
        File configFile = getConfigFile();
        if (configFile.exists()) {
            LOGGER.log(Level.INFO, "Whitelist source file found at " + configFile);
            try {
                this.whitelistSignaturesFromUserControlledList = new HashSet();
                this.blacklistSignaturesFromUserControlledList = new HashSet();
                parseFileIntoList(Files.readAllLines(Util.fileToPath(configFile), StandardCharsets.UTF_8), this.whitelistSignaturesFromUserControlledList, this.blacklistSignaturesFromUserControlledList);
                return;
            } catch (IOException e) {
                LOGGER.log(Level.WARNING, "Failed to load " + configFile.getAbsolutePath(), (Throwable) e);
                return;
            }
        }
        if ((this.whitelistSignaturesFromUserControlledList != null && this.whitelistSignaturesFromUserControlledList.isEmpty()) || (this.blacklistSignaturesFromUserControlledList != null && this.blacklistSignaturesFromUserControlledList.isEmpty())) {
            LOGGER.log(Level.INFO, "No whitelist source file found at " + configFile + " so resetting user-controlled whitelist");
        }
        this.whitelistSignaturesFromUserControlledList = new HashSet();
        this.blacklistSignaturesFromUserControlledList = new HashSet();
    }

    private File getConfigFile() {
        return new File(WHITELIST_PATH == null ? new File(Jenkins.get().getRootDir(), "stapler-whitelist.txt").toString() : WHITELIST_PATH);
    }

    private void parseFileIntoList(List<String> list, Set<String> set, Set<String> set2) {
        list.stream().filter(str -> {
            return !str.matches("#.*|\\s*");
        }).forEach(str2 -> {
            if (!str2.startsWith("!")) {
                set.add(str2);
                return;
            }
            String substring = str2.substring(1);
            if (substring.isEmpty()) {
                return;
            }
            set2.add(substring);
        });
    }
}
