package com.microsoft.jenkins.azuread;

import com.cloudbees.hudson.plugins.folder.AbstractFolder;
import com.cloudbees.hudson.plugins.folder.AbstractFolderPropertyDescriptor;
import com.microsoft.jenkins.azuread.AuthorizationProperty;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.AutoCompletionCandidates;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.security.Permission;
import hudson.security.PermissionScope;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.util.List;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.jenkinsci.Symbol;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.verb.GET;

/* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixFolderProperty.class */
public class AzureAdAuthorizationMatrixFolderProperty extends com.microsoft.jenkins.azuread.folder.properties.AuthorizationMatrixProperty {
    private final transient ObjId2FullSidMap objId2FullSidMap = new ObjId2FullSidMap();

    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixFolderProperty$ConverterImpl.class */
    public static class ConverterImpl extends AbstractAuthorizationPropertyConverter<AzureAdAuthorizationMatrixFolderProperty> {
        @Override // com.microsoft.jenkins.azuread.AbstractAuthorizationPropertyConverter, com.microsoft.jenkins.azuread.AbstractAuthorizationContainerConverter
        public boolean canConvert(Class cls) {
            return cls == AzureAdAuthorizationMatrixFolderProperty.class;
        }

        @Override // com.microsoft.jenkins.azuread.AbstractAuthorizationPropertyConverter, com.microsoft.jenkins.azuread.AbstractAuthorizationContainerConverter
        public AzureAdAuthorizationMatrixFolderProperty create() {
            return new AzureAdAuthorizationMatrixFolderProperty();
        }
    }

    @Extension(optional = true)
    @Symbol({"azureAdAuthorizationMatrix"})
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdAuthorizationMatrixFolderProperty$DescriptorImpl.class */
    public static class DescriptorImpl extends AbstractFolderPropertyDescriptor implements AuthorizationPropertyDescriptor<AzureAdAuthorizationMatrixFolderProperty> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.microsoft.jenkins.azuread.AuthorizationPropertyDescriptor
        public AzureAdAuthorizationMatrixFolderProperty create() {
            return new AzureAdAuthorizationMatrixFolderProperty();
        }

        @Override // com.microsoft.jenkins.azuread.AuthorizationContainerDescriptor
        public PermissionScope getPermissionScope() {
            return PermissionScope.ITEM_GROUP;
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
        public com.microsoft.jenkins.azuread.folder.properties.AuthorizationMatrixProperty m752newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            return createNewInstance(staplerRequest, jSONObject, true);
        }

        @Override // com.microsoft.jenkins.azuread.AuthorizationPropertyDescriptor
        public boolean isApplicable() {
            return Jenkins.get().getAuthorizationStrategy() instanceof AzureAdMatrixAuthorizationStrategy;
        }

        @GET
        public FormValidation doCheckName(@AncestorInPath AbstractFolder<?> abstractFolder, @QueryParameter String str) {
            return isDisableGraphIntegration() ? Utils.undecidableResponse(str) : doCheckName_(str, abstractFolder, Item.CONFIGURE);
        }

        public boolean isDisableGraphIntegration() {
            SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
            if (securityRealm instanceof AzureSecurityRealm) {
                return ((AzureSecurityRealm) securityRealm).isDisableGraphIntegration();
            }
            return true;
        }

        @NonNull
        public String getDisplayName() {
            return "Azure Active Directory Authorization Matrix";
        }

        public AutoCompletionCandidates doAutoCompleteUserOrGroup(@QueryParameter String str) {
            return AzureAdMatrixAuthorizationStrategy.searchAndGenerateCandidates(str);
        }
    }

    protected AzureAdAuthorizationMatrixFolderProperty() {
    }

    @DataBoundConstructor
    @Restricted({NoExternalUse.class})
    public AzureAdAuthorizationMatrixFolderProperty(List<AuthorizationProperty.DslEntry> list) {
        setEntries(list);
    }

    @Override // com.microsoft.jenkins.azuread.AuthorizationContainer
    public void add(Permission permission, PermissionEntry permissionEntry) {
        super.add(permission, permissionEntry);
        this.objId2FullSidMap.putFullSid(permissionEntry.getSid());
    }

    @Override // com.microsoft.jenkins.azuread.AuthorizationContainer
    public boolean hasExplicitPermission(PermissionEntry permissionEntry, Permission permission) {
        String sid = permissionEntry.getSid();
        if (sid == null) {
            return false;
        }
        return super.hasExplicitPermission(new PermissionEntry(permissionEntry.getType(), this.objId2FullSidMap.getOrOriginal(sid)), permission);
    }

    @Override // com.microsoft.jenkins.azuread.AuthorizationContainer
    public boolean hasPermission(String str, Permission permission, boolean z) {
        return super.hasPermission(this.objId2FullSidMap.getOrOriginal(str), permission, z);
    }
}
