package hudson.security;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.JobProperty;
import hudson.model.JobPropertyDescriptor;
import hudson.model.User;
import hudson.model.listeners.ItemListener;
import hudson.util.FormValidation;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter;
import org.jenkinsci.plugins.matrixauth.AmbiguityMonitor;
import org.jenkinsci.plugins.matrixauth.AuthorizationContainer;
import org.jenkinsci.plugins.matrixauth.AuthorizationProperty;
import org.jenkinsci.plugins.matrixauth.AuthorizationPropertyDescriptor;
import org.jenkinsci.plugins.matrixauth.AuthorizationType;
import org.jenkinsci.plugins.matrixauth.PermissionEntry;
import org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy;
import org.jenkinsci.plugins.matrixauth.inheritance.InheritanceStrategy;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.verb.GET;

/* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:hudson/security/AuthorizationMatrixProperty.class */
public class AuthorizationMatrixProperty extends JobProperty<Job<?, ?>> implements AuthorizationProperty {
    private final transient SidACL acl;
    private final Map<Permission, Set<PermissionEntry>> grantedPermissions;
    private final Set<String> groupSids;

    @Deprecated
    private transient Boolean blocksInheritance;
    private InheritanceStrategy inheritanceStrategy;
    private static final Logger LOGGER = Logger.getLogger(AuthorizationMatrixProperty.class.getName());

    /* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:hudson/security/AuthorizationMatrixProperty$AclImpl.class */
    private final class AclImpl extends SidACL {
        private AclImpl() {
        }

        @CheckForNull
        @SuppressFBWarnings(value = {"NP_BOOLEAN_RETURN_NULL"}, justification = "As designed, implements a third state for the ternary logic")
        protected Boolean hasPermission(Sid sid, Permission permission) {
            return AuthorizationMatrixProperty.this.hasPermission(toString(sid), permission, sid instanceof PrincipalSid) ? true : null;
        }
    }

    @Restricted({DoNotUse.class})
    /* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:hudson/security/AuthorizationMatrixProperty$ConverterImpl.class */
    public static final class ConverterImpl extends AbstractAuthorizationPropertyConverter<AuthorizationMatrixProperty> {
        @Override // org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter, org.jenkinsci.plugins.matrixauth.AbstractAuthorizationContainerConverter
        public boolean canConvert(Class cls) {
            return cls == AuthorizationMatrixProperty.class;
        }

        @Override // org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter, org.jenkinsci.plugins.matrixauth.AbstractAuthorizationContainerConverter
        public AuthorizationMatrixProperty create() {
            return new AuthorizationMatrixProperty();
        }
    }

    @Extension
    @Symbol({"authorizationMatrix"})
    /* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:hudson/security/AuthorizationMatrixProperty$DescriptorImpl.class */
    public static class DescriptorImpl extends JobPropertyDescriptor implements AuthorizationPropertyDescriptor<AuthorizationMatrixProperty> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jenkinsci.plugins.matrixauth.AuthorizationPropertyDescriptor
        public AuthorizationMatrixProperty create() {
            return new AuthorizationMatrixProperty();
        }

        @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainerDescriptor
        public PermissionScope getPermissionScope() {
            return PermissionScope.ITEM;
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public JobProperty<?> m5newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            return createNewInstance(staplerRequest, jSONObject, true);
        }

        public boolean isApplicable(Class<? extends Job> cls) {
            return isApplicable();
        }

        @GET
        public FormValidation doCheckName(@AncestorInPath Job<?, ?> job, @QueryParameter String str) {
            return doCheckName_(str, job, Item.CONFIGURE);
        }
    }

    @Extension
    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/matrix-auth.jar:hudson/security/AuthorizationMatrixProperty$ItemListenerImpl.class */
    public static class ItemListenerImpl extends ItemListener {
        public void onCreated(Item item) {
            AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
            if (authorizationStrategy instanceof ProjectMatrixAuthorizationStrategy) {
                ProjectMatrixAuthorizationStrategy projectMatrixAuthorizationStrategy = (ProjectMatrixAuthorizationStrategy) authorizationStrategy;
                if (item instanceof Job) {
                    Job<?, ?> job = (Job) item;
                    AuthorizationMatrixProperty authorizationMatrixProperty = (AuthorizationMatrixProperty) job.getProperty(AuthorizationMatrixProperty.class);
                    boolean z = authorizationMatrixProperty == null;
                    if (z) {
                        authorizationMatrixProperty = new AuthorizationMatrixProperty();
                    }
                    User current = User.current();
                    String id = current == null ? "anonymous" : current.getId();
                    if (!projectMatrixAuthorizationStrategy.getACL(job).hasPermission(Jenkins.getAuthentication(), Item.READ)) {
                        authorizationMatrixProperty.add(Item.READ, new PermissionEntry(AuthorizationType.USER, id));
                    }
                    if (!projectMatrixAuthorizationStrategy.getACL(job).hasPermission(Jenkins.getAuthentication(), Item.CONFIGURE)) {
                        authorizationMatrixProperty.add(Item.CONFIGURE, new PermissionEntry(AuthorizationType.USER, id));
                    }
                    if (authorizationMatrixProperty.getGrantedPermissionEntries().size() > 0) {
                        try {
                            if (z) {
                                job.addProperty(authorizationMatrixProperty);
                            } else {
                                job.save();
                            }
                        } catch (IOException e) {
                            AuthorizationMatrixProperty.LOGGER.log(Level.WARNING, "Failed to grant creator permissions on job " + item.getFullName(), (Throwable) e);
                        }
                    }
                }
            }
        }
    }

    private AuthorizationMatrixProperty() {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.groupSids = Collections.synchronizedSet(new HashSet());
        this.inheritanceStrategy = new InheritParentStrategy();
    }

    public AuthorizationMatrixProperty(Map<Permission, Set<PermissionEntry>> map, InheritanceStrategy inheritanceStrategy) {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.groupSids = Collections.synchronizedSet(new HashSet());
        this.inheritanceStrategy = new InheritParentStrategy();
        this.inheritanceStrategy = inheritanceStrategy;
        map.entrySet().forEach(entry -> {
            this.grantedPermissions.put(entry.getKey(), new HashSet((Collection) entry.getValue()));
            ((Set) entry.getValue()).forEach(permissionEntry -> {
                if (permissionEntry.getType() != AuthorizationType.USER) {
                    recordGroup(permissionEntry.getSid());
                }
            });
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Deprecated
    public AuthorizationMatrixProperty(Map<Permission, Set<String>> map) {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.groupSids = Collections.synchronizedSet(new HashSet());
        this.inheritanceStrategy = new InheritParentStrategy();
        for (Map.Entry<Permission, Set<String>> entry : map.entrySet()) {
            this.grantedPermissions.put(entry.getKey(), entry.getValue().stream().map(str -> {
                return new PermissionEntry(AuthorizationType.EITHER, str);
            }).collect(Collectors.toSet()));
        }
    }

    @DataBoundConstructor
    public AuthorizationMatrixProperty(List<String> list) {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.groupSids = Collections.synchronizedSet(new HashSet());
        this.inheritanceStrategy = new InheritParentStrategy();
        for (String str : list) {
            if (str != null) {
                add(str);
            }
        }
    }

    public List<String> getPermissions() {
        ArrayList arrayList = new ArrayList();
        TreeMap treeMap = new TreeMap(Comparator.comparing((v0) -> {
            return v0.getId();
        }));
        treeMap.putAll(this.grantedPermissions);
        for (Map.Entry entry : treeMap.entrySet()) {
            String id = ((Permission) entry.getKey()).getId();
            TreeSet treeSet = new TreeSet(new AuthorizationContainer.PermissionEntryComparator());
            treeSet.addAll((Collection) entry.getValue());
            Iterator it = treeSet.iterator();
            while (it.hasNext()) {
                PermissionEntry permissionEntry = (PermissionEntry) it.next();
                arrayList.add(permissionEntry.getType().toPrefix() + id + ":" + permissionEntry.getSid());
            }
        }
        return arrayList;
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainer
    /* renamed from: getGroups */
    public Set<String> mo7getGroups() {
        return this.groupSids;
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainer
    public void recordGroup(String str) {
        this.groupSids.add(str);
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainer
    public Map<Permission, Set<PermissionEntry>> getGrantedPermissionEntries() {
        return this.grantedPermissions;
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainer
    public Permission getEditingPermission() {
        return Item.CONFIGURE;
    }

    public SidACL getACL() {
        return this.acl;
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationProperty
    @DataBoundSetter
    public void setInheritanceStrategy(InheritanceStrategy inheritanceStrategy) {
        this.inheritanceStrategy = inheritanceStrategy;
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationProperty
    public InheritanceStrategy getInheritanceStrategy() {
        return this.inheritanceStrategy;
    }

    protected void setOwner(Job<?, ?> job) {
        super.setOwner(job);
        AmbiguityMonitor.JobContributor.update(job);
    }
}
