package jenkins.security.stapler;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.ExtensionList;
import java.lang.annotation.Annotation;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import jenkins.security.stapler.RoutingDecisionProvider;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.Function;
import org.kohsuke.stapler.FunctionList;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.interceptor.InterceptorAnnotation;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.424-rc34189.da_f13432e5a_9.jar:jenkins/security/stapler/DoActionFilter.class */
public class DoActionFilter implements FunctionList.Filter {
    private static final Logger LOGGER = Logger.getLogger(DoActionFilter.class.getName());
    private static final Pattern DO_METHOD_REGEX = Pattern.compile("^do[^a-z].*");

    @Override // org.kohsuke.stapler.FunctionList.Filter
    public boolean keep(@NonNull Function function) {
        if (function.getAnnotation(StaplerNotDispatchable.class) != null) {
            return false;
        }
        if (function.getAnnotation(StaplerDispatchable.class) != null) {
            return true;
        }
        String name = function.getName();
        String signature = function.getSignature();
        ExtensionList lookup = ExtensionList.lookup(RoutingDecisionProvider.class);
        if (lookup.size() > 0) {
            Iterator it = lookup.iterator();
            while (it.hasNext()) {
                RoutingDecisionProvider routingDecisionProvider = (RoutingDecisionProvider) it.next();
                RoutingDecisionProvider.Decision decide = routingDecisionProvider.decide(signature);
                if (decide == RoutingDecisionProvider.Decision.ACCEPTED) {
                    LOGGER.log(Level.CONFIG, "Action " + signature + " is acceptable because it is whitelisted by " + routingDecisionProvider);
                    return true;
                }
                if (decide == RoutingDecisionProvider.Decision.REJECTED) {
                    LOGGER.log(Level.CONFIG, "Action " + signature + " is not acceptable because it is blacklisted by " + routingDecisionProvider);
                    return false;
                }
            }
        }
        if (name.equals("doDynamic")) {
            return false;
        }
        for (Annotation annotation : function.getAnnotations()) {
            if (WebMethodConstants.WEB_METHOD_ANNOTATION_NAMES.contains(annotation.annotationType().getName()) || annotation.annotationType().getAnnotation(InterceptorAnnotation.class) != null) {
                return true;
            }
        }
        for (Annotation[] annotationArr : function.getParameterAnnotations()) {
            for (Annotation annotation2 : annotationArr) {
                if (WebMethodConstants.WEB_METHOD_PARAMETER_ANNOTATION_NAMES.contains(annotation2.annotationType().getName())) {
                    return true;
                }
            }
        }
        if (!DO_METHOD_REGEX.matcher(name).matches()) {
            return false;
        }
        for (Class cls : function.getParameterTypes()) {
            if (WebMethodConstants.WEB_METHOD_PARAMETERS_NAMES.contains(cls.getName())) {
                return true;
            }
        }
        if (HttpResponse.class.isAssignableFrom(function.getReturnType())) {
            return true;
        }
        for (Class cls2 : function.getCheckedExceptionTypes()) {
            if (HttpResponse.class.isAssignableFrom(cls2)) {
                return true;
            }
        }
        return false;
    }
}
