package com.microsoft.jenkins.azuread;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.ExtensionPoint;
import hudson.XmlFile;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import hudson.model.AdministrativeMonitor;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.Node;
import hudson.model.Saveable;
import hudson.model.listeners.ItemListener;
import hudson.model.listeners.SaveableListener;
import hudson.security.AuthorizationStrategy;
import hudson.security.ProjectMatrixAuthorizationStrategy;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import jenkins.model.Jenkins;
import jenkins.model.NodeListener;
import jenkins.model.Nodes;
import jenkins.util.SystemProperties;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Extension
@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor.class */
public class AmbiguityMonitor extends AdministrativeMonitor {
    public static final Logger LOGGER = Logger.getLogger(AmbiguityMonitor.class.getName());
    private static boolean DISABLE = SystemProperties.getBoolean(AmbiguityMonitor.class.getName() + ".DISABLE");

    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor$Contributor.class */
    public interface Contributor extends ExtensionPoint {
        boolean hasAmbiguousEntries();
    }

    @Extension(ordinal = 10.0d)
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor$GlobalConfigurationContributor.class */
    public static class GlobalConfigurationContributor implements Contributor {
        @Override // com.microsoft.jenkins.azuread.AmbiguityMonitor.Contributor
        public boolean hasAmbiguousEntries() {
            AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
            if (authorizationStrategy instanceof GlobalMatrixAuthorizationStrategy) {
                return AmbiguityMonitor.hasAmbiguousEntries((GlobalMatrixAuthorizationStrategy) authorizationStrategy);
            }
            return false;
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor$JobContributor.class */
    public static class JobContributor implements Contributor {
        public final Map<String, Boolean> activeJobs = Collections.synchronizedMap(new TreeMap());

        @Extension
        /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor$JobContributor$JobListenerImpl.class */
        public static class JobListenerImpl extends ItemListener {
            public void onCreated(Item item) {
                if (item instanceof Job) {
                    JobContributor.update((Job) item);
                }
            }

            public void onLocationChanged(Item item, String str, String str2) {
                if (AmbiguityMonitor.isGatheringData() && (item instanceof Job)) {
                    JobContributor.remove(str);
                    JobContributor.update((Job) item);
                }
            }

            public void onDeleted(Item item) {
                if (AmbiguityMonitor.DISABLE || !(item instanceof Job)) {
                    return;
                }
                JobContributor.remove(item.getFullName());
            }
        }

        @Override // com.microsoft.jenkins.azuread.AmbiguityMonitor.Contributor
        public boolean hasAmbiguousEntries() {
            return (Jenkins.get().getAuthorizationStrategy() instanceof ProjectMatrixAuthorizationStrategy) && this.activeJobs.values().stream().anyMatch(bool -> {
                return bool.booleanValue();
            });
        }

        public static void update(Job<?, ?> job) {
            if (AmbiguityMonitor.DISABLE) {
                return;
            }
            boolean hasAmbiguousEntries = AmbiguityMonitor.hasAmbiguousEntries(job.getProperty(AuthorizationMatrixProperty.class));
            AmbiguityMonitor.LOGGER.log(Level.FINE, () -> {
                return "Recording job " + job + " as having ambiguous entries? " + hasAmbiguousEntries;
            });
            ((JobContributor) ExtensionList.lookupSingleton(JobContributor.class)).activeJobs.put(job.getFullName(), Boolean.valueOf(hasAmbiguousEntries));
        }

        public static void remove(String str) {
            if (AmbiguityMonitor.DISABLE) {
                return;
            }
            AmbiguityMonitor.LOGGER.log(Level.FINE, () -> {
                return "Removing job " + str;
            });
            ((JobContributor) ExtensionList.lookupSingleton(JobContributor.class)).activeJobs.remove(str);
        }

        public List<Item> getEntries() {
            return (List) this.activeJobs.entrySet().stream().filter((v0) -> {
                return v0.getValue();
            }).map((v0) -> {
                return v0.getKey();
            }).map(str -> {
                return Jenkins.get().getItemByFullName(str);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).sorted(Comparator.comparing((v0) -> {
                return v0.getFullDisplayName();
            }, String.CASE_INSENSITIVE_ORDER)).collect(Collectors.toList());
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor$NodeAndJobSaveableListenerImpl.class */
    public static class NodeAndJobSaveableListenerImpl extends SaveableListener {
        public void onChange(Saveable saveable, XmlFile xmlFile) {
            if (AmbiguityMonitor.isGatheringData()) {
                try {
                    if (saveable instanceof Nodes) {
                        AmbiguityMonitor.LOGGER.log(Level.FINEST, () -> {
                            return "Recording update to Saveable " + saveable + " stored in " + xmlFile;
                        });
                        String name = xmlFile.getFile().getParentFile().getName();
                        Node node = Jenkins.get().getNode(name);
                        AmbiguityMonitor.LOGGER.log(Level.FINER, () -> {
                            return "Determined node name " + name + " from file " + xmlFile + " and found node " + node;
                        });
                        if (node != null) {
                            NodeContributor.record(node);
                        }
                    }
                    if (saveable instanceof Job) {
                        AmbiguityMonitor.LOGGER.log(Level.FINEST, () -> {
                            return "Recording update to Saveable " + saveable + " stored in " + xmlFile;
                        });
                        JobContributor.update((Job) saveable);
                    }
                } catch (Exception e) {
                    AmbiguityMonitor.LOGGER.log(Level.WARNING, e, () -> {
                        return "Exception while updating status for " + saveable;
                    });
                }
            }
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor$NodeContributor.class */
    public static class NodeContributor implements Contributor {
        public final Map<String, Boolean> activeNodes = Collections.synchronizedMap(new TreeMap());

        @Extension
        /* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AmbiguityMonitor$NodeContributor$NodeListenerImpl.class */
        public static class NodeListenerImpl extends NodeListener {
            protected void onCreated(@NonNull Node node) {
                NodeContributor.record(node);
            }

            protected void onDeleted(@NonNull Node node) {
                if (AmbiguityMonitor.DISABLE) {
                    return;
                }
                NodeContributor.remove(node.getNodeName());
            }
        }

        @Override // com.microsoft.jenkins.azuread.AmbiguityMonitor.Contributor
        public boolean hasAmbiguousEntries() {
            return (Jenkins.get().getAuthorizationStrategy() instanceof ProjectMatrixAuthorizationStrategy) && this.activeNodes.values().stream().anyMatch(bool -> {
                return bool.booleanValue();
            });
        }

        public static void record(Node node) {
            if (AmbiguityMonitor.DISABLE) {
                return;
            }
            boolean hasAmbiguousEntries = AmbiguityMonitor.hasAmbiguousEntries(node.getNodeProperty(AuthorizationMatrixNodeProperty.class));
            AmbiguityMonitor.LOGGER.log(Level.FINE, () -> {
                return "Recording node " + node + " as having ambiguous entries? " + hasAmbiguousEntries;
            });
            ((NodeContributor) ExtensionList.lookupSingleton(NodeContributor.class)).activeNodes.put(node.getNodeName(), Boolean.valueOf(hasAmbiguousEntries));
        }

        public static void remove(String str) {
            if (AmbiguityMonitor.DISABLE) {
                return;
            }
            AmbiguityMonitor.LOGGER.log(Level.FINE, () -> {
                return "Removing node " + str;
            });
            ((NodeContributor) ExtensionList.lookupSingleton(NodeContributor.class)).activeNodes.remove(str);
        }
    }

    public List<Contributor> getContributors() {
        return ExtensionList.lookup(Contributor.class);
    }

    public String getDisplayName() {
        return Messages.AmbiguityMonitor_DisplayName();
    }

    public boolean isSecurity() {
        return true;
    }

    public boolean isActivated() {
        if (DISABLE) {
            return false;
        }
        Iterator<Contributor> it = getContributors().iterator();
        while (it.hasNext()) {
            if (it.next().hasAmbiguousEntries()) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAmbiguousEntries(AuthorizationContainer authorizationContainer) {
        if (authorizationContainer == null) {
            return false;
        }
        return authorizationContainer.getAllPermissionEntries().stream().anyMatch(permissionEntry -> {
            return permissionEntry.getType() == AuthorizationType.EITHER;
        });
    }

    @Initializer(after = InitMilestone.SYSTEM_CONFIG_ADAPTED)
    public static void recordAgents() {
        LOGGER.log(Level.FINE, () -> {
            return "Recording nodes";
        });
        Jenkins.get().getNodes().forEach(NodeContributor::record);
    }

    public static boolean isGatheringData() {
        return !DISABLE;
    }
}
