package hudson.plugins.audit_trail;

import hudson.Extension;
import hudson.model.AdministrativeMonitor;
import hudson.util.FormValidation;
import hudson.util.HttpResponses;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.inject.Inject;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
/* loaded from: input_file:hudson/plugins/audit_trail/BypassablePatternMonitor.class */
public class BypassablePatternMonitor extends AdministrativeMonitor {
    private static final List<String> LEGACY_DEFAULT_PATTERNS = Arrays.asList(".*/(?:configSubmit|doDelete|postBuildResult|enable|disable|cancelQueue|stop|toggleLogKeep|doWipeOutWorkspace|createItem|createView|toggleOffline|cancelQuietDown|quietDown|restart|exit|safeExit)", ".*/(?:configSubmit|doDelete|postBuildResult|cancelQueue|stop|toggleLogKeep|doWipeOutWorkspace|createItem|createView|toggleOffline)", ".*/(?:configSubmit|doDelete|build|toggleLogKeep|doWipeOutWorkspace|createItem|createView)");

    @Inject
    private AuditTrailPlugin auditTrailPlugin;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hudson/plugins/audit_trail/BypassablePatternMonitor$BypassablePatternDetector.class */
    public static class BypassablePatternDetector {
        private final String keyword;
        private final List<String> messages = new ArrayList();

        BypassablePatternDetector(String str, Pattern pattern) {
            this.keyword = str;
            if (pattern.matcher(createLegitUrl()).matches()) {
                if (!pattern.matcher(createPrefixBypassableUrl()).matches()) {
                    this.messages.add("crafted URLs with prefix like " + createPrefixBypassableUrl());
                }
                if (pattern.matcher(createSuffixBypassableUrl()).matches()) {
                    return;
                }
                this.messages.add("crafted URLs with suffix like " + createSuffixBypassableUrl());
            }
        }

        private String createLegitUrl() {
            return "/" + this.keyword;
        }

        private String createPrefixBypassableUrl() {
            return "/static/forged/" + this.keyword;
        }

        private String createSuffixBypassableUrl() {
            return "/" + this.keyword + "/forged";
        }

        boolean isBypassed() {
            return !this.messages.isEmpty();
        }

        FormValidation buildWarningMessage() {
            return FormValidation.warning("Pattern seems to attempt to match " + createLegitUrl() + " but doesn't handle " + buildCraftedUrlMessage());
        }

        private String buildCraftedUrlMessage() {
            return String.join(" and ", this.messages);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isLegacyBypassableDefaultPattern(String str) {
        return LEGACY_DEFAULT_PATTERNS.contains(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FormValidation validatePatternAgainstKnownKeywords(String str) {
        Pattern compile = Pattern.compile(str);
        return FormValidation.aggregate((Collection) AuditTrailPlugin.getKnownKeywords().stream().map(str2 -> {
            return new BypassablePatternDetector(str2, compile);
        }).filter((v0) -> {
            return v0.isBypassed();
        }).map((v0) -> {
            return v0.buildWarningMessage();
        }).collect(Collectors.toList()));
    }

    public String getMessage() {
        return validatePatternAgainstKnownKeywords(this.auditTrailPlugin.getPattern()).renderHtml();
    }

    public HttpResponse doRedirectToConfig() {
        return HttpResponses.redirectViaContextPath("configure");
    }

    @RequirePOST
    public HttpResponse doApplyDefault() {
        this.auditTrailPlugin.resetPattern();
        return HttpResponses.redirectToContextRoot();
    }

    public boolean isActivated() {
        return validatePatternAgainstKnownKeywords(this.auditTrailPlugin.getPattern()).kind != FormValidation.Kind.OK;
    }

    public boolean isSecurity() {
        return true;
    }
}
