package com.microsoft.jenkins.azuread;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Node;
import hudson.model.User;
import hudson.security.Permission;
import hudson.security.PermissionScope;
import hudson.security.SecurityRealm;
import hudson.slaves.NodePropertyDescriptor;
import hudson.util.FormValidation;
import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.model.NodeListener;
import net.sf.json.JSONObject;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter;
import org.jenkinsci.plugins.matrixauth.AuthorizationMatrixNodeProperty;
import org.jenkinsci.plugins.matrixauth.AuthorizationPropertyDescriptor;
import org.jenkinsci.plugins.matrixauth.PermissionEntry;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.accmod.restrictions.suppressions.SuppressRestrictedWarnings;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixNodeProperty.class */
public class AzureAdAuthorizationMatrixNodeProperty extends AuthorizationMatrixNodeProperty {
    private final transient ObjId2FullSidMap objId2FullSidMap;
    private static final Logger LOGGER = Logger.getLogger(AzureAdAuthorizationMatrixNodeProperty.class.getName());

    @SuppressRestrictedWarnings({AbstractAuthorizationPropertyConverter.class})
    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixNodeProperty$ConverterImpl.class */
    public static final class ConverterImpl extends AbstractAuthorizationPropertyConverter<AzureAdAuthorizationMatrixNodeProperty> {
        public boolean canConvert(Class cls) {
            return cls == AzureAdAuthorizationMatrixNodeProperty.class;
        }

        /* renamed from: create, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
        public AzureAdAuthorizationMatrixNodeProperty m632create() {
            return new AzureAdAuthorizationMatrixNodeProperty();
        }
    }

    @Extension
    @SuppressRestrictedWarnings({AuthorizationPropertyDescriptor.class})
    @Symbol({"azureAdAuthorizationMatrix"})
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixNodeProperty$DescriptorImpl.class */
    public static class DescriptorImpl extends NodePropertyDescriptor implements AuthorizationPropertyDescriptor<AzureAdAuthorizationMatrixNodeProperty> {
        /* renamed from: create, reason: merged with bridge method [inline-methods] */
        public AzureAdAuthorizationMatrixNodeProperty m634create() {
            return new AzureAdAuthorizationMatrixNodeProperty();
        }

        public PermissionScope getPermissionScope() {
            return PermissionScope.COMPUTER;
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public AzureAdAuthorizationMatrixNodeProperty m633newInstance(StaplerRequest staplerRequest, @NonNull JSONObject jSONObject) throws Descriptor.FormException {
            return createNewInstance(staplerRequest, jSONObject, false);
        }

        public boolean isApplicable() {
            return Jenkins.get().getAuthorizationStrategy() instanceof AzureAdMatrixAuthorizationStrategy;
        }

        @NonNull
        public String getDisplayName() {
            return "Azure Active Directory Authorization Matrix";
        }

        public boolean isDisableGraphIntegration() {
            SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
            if (securityRealm instanceof AzureSecurityRealm) {
                return ((AzureSecurityRealm) securityRealm).isDisableGraphIntegration();
            }
            return true;
        }

        @Restricted({DoNotUse.class})
        public FormValidation doCheckName(@AncestorInPath Computer computer, @QueryParameter String str) {
            if (isDisableGraphIntegration()) {
                return Utils.undecidableResponse(str);
            }
            return doCheckName_(str, computer == null ? Jenkins.get() : computer, computer == null ? Jenkins.ADMINISTER : Computer.CONFIGURE);
        }
    }

    @Extension
    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixNodeProperty$NodeListenerImpl.class */
    public static class NodeListenerImpl extends NodeListener {
        protected void onCreated(@NonNull Node node) {
            AzureAdMatrixAuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
            if (authorizationStrategy instanceof AzureAdMatrixAuthorizationStrategy) {
                AzureAdMatrixAuthorizationStrategy azureAdMatrixAuthorizationStrategy = authorizationStrategy;
                AuthorizationMatrixNodeProperty nodeProperty = node.getNodeProperty(AzureAdAuthorizationMatrixNodeProperty.class);
                if (nodeProperty == null) {
                    nodeProperty = new AzureAdAuthorizationMatrixNodeProperty();
                }
                User current = User.current();
                String id = current == null ? "anonymous" : current.getId();
                if (!azureAdMatrixAuthorizationStrategy.getACL(node).hasPermission2(Jenkins.getAuthentication2(), Computer.CONFIGURE)) {
                    nodeProperty.add(Computer.CONFIGURE, PermissionEntry.user(id));
                }
                if (nodeProperty.getGrantedPermissionEntries().isEmpty()) {
                    return;
                }
                try {
                    node.getNodeProperties().replace(nodeProperty);
                } catch (IOException e) {
                    AzureAdAuthorizationMatrixNodeProperty.LOGGER.log(Level.WARNING, "Failed to grant creator permissions on node " + node.getDisplayName(), (Throwable) e);
                }
            }
        }
    }

    public AzureAdAuthorizationMatrixNodeProperty() {
        super(Collections.emptyMap());
        this.objId2FullSidMap = new ObjId2FullSidMap();
    }

    void refreshMap() {
        Iterator it = getAllPermissionEntries().iterator();
        while (it.hasNext()) {
            this.objId2FullSidMap.putFullSid(((PermissionEntry) it.next()).getSid());
        }
        new AzureAdAuthorizationMatrixNodeProperty();
    }

    public void add(Permission permission, PermissionEntry permissionEntry) {
        super.add(permission, permissionEntry);
        this.objId2FullSidMap.putFullSid(permissionEntry.getSid());
    }

    public boolean hasExplicitPermission(PermissionEntry permissionEntry, Permission permission) {
        String sid = permissionEntry.getSid();
        if (sid == null) {
            return false;
        }
        return super.hasExplicitPermission(new PermissionEntry(permissionEntry.getType(), this.objId2FullSidMap.getOrOriginal(sid)), permission);
    }

    public boolean hasPermission(String str, Permission permission, boolean z) {
        return super.hasPermission(this.objId2FullSidMap.getOrOriginal(str), permission, z);
    }
}
