package com.michelin.cio.hudson.plugins.rolestrategy;

import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.ExtendedHierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.Functions;
import hudson.Util;
import hudson.model.AbstractItem;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.Node;
import hudson.model.Run;
import hudson.model.User;
import hudson.model.View;
import hudson.scm.SCM;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.SecurityRealm;
import hudson.security.SidACL;
import hudson.security.UserMayOrMayNotExistException2;
import hudson.util.FormValidation;
import java.io.IOException;
import java.io.Writer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import java.util.stream.Collectors;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.rolestrategy.permissions.PermissionHelper;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.kohsuke.stapler.verb.GET;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.class */
public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy {
    public static final String GLOBAL = "globalRoles";
    public static final String PROJECT = "projectRoles";
    public static final String SLAVE = "slaveRoles";
    public static final String MACRO_ROLE = "roleMacros";
    public static final String MACRO_USER = "userMacros";
    private final RoleMap agentRoles;
    private final RoleMap globalRoles;
    private final RoleMap itemRoles;

    @Extension
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();

    /* loaded from: input_file:com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy$ConverterImpl.class */
    public static class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == RoleBasedAuthorizationStrategy.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            for (Map.Entry entry : ((RoleBasedAuthorizationStrategy) obj).getRoleMaps().entrySet()) {
                RoleMap roleMap = (RoleMap) entry.getValue();
                hierarchicalStreamWriter.startNode("roleMap");
                hierarchicalStreamWriter.addAttribute("type", ((RoleType) entry.getKey()).getStringType());
                for (Role role : roleMap.getRoles()) {
                    if (role != null) {
                        hierarchicalStreamWriter.startNode("role");
                        hierarchicalStreamWriter.addAttribute("name", role.getName());
                        hierarchicalStreamWriter.addAttribute("pattern", role.getPattern().pattern());
                        hierarchicalStreamWriter.startNode("permissions");
                        for (Permission permission : role.getPermissions()) {
                            hierarchicalStreamWriter.startNode("permission");
                            hierarchicalStreamWriter.setValue(permission.getId());
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.startNode("assignedSIDs");
                        for (String str : role.getSids()) {
                            hierarchicalStreamWriter.startNode("sid");
                            hierarchicalStreamWriter.setValue(str);
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.endNode();
                    }
                }
                hierarchicalStreamWriter.endNode();
            }
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            HashMap hashMap = new HashMap();
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                if (hierarchicalStreamReader.getNodeName().equals("roleMap")) {
                    String attribute = hierarchicalStreamReader.getAttribute("type");
                    RoleMap roleMap = new RoleMap();
                    while (hierarchicalStreamReader.hasMoreChildren()) {
                        hierarchicalStreamReader.moveDown();
                        String attribute2 = hierarchicalStreamReader.getAttribute("name");
                        String attribute3 = hierarchicalStreamReader.getAttribute("pattern");
                        HashSet hashSet = new HashSet();
                        String peekNextChild = ((ExtendedHierarchicalStreamReader) hierarchicalStreamReader).peekNextChild();
                        if (peekNextChild != null && peekNextChild.equals("permissions")) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                Permission resolvePermissionFromString = PermissionHelper.resolvePermissionFromString(hierarchicalStreamReader.getValue());
                                if (resolvePermissionFromString != null) {
                                    hashSet.add(resolvePermissionFromString);
                                }
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        Role role = new Role(attribute2, attribute3, hashSet);
                        roleMap.addRole(role);
                        String peekNextChild2 = ((ExtendedHierarchicalStreamReader) hierarchicalStreamReader).peekNextChild();
                        if (peekNextChild2 != null && peekNextChild2.equals("assignedSIDs")) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                roleMap.assignRole(role, hierarchicalStreamReader.getValue());
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        hierarchicalStreamReader.moveUp();
                    }
                    hashMap.put(attribute, roleMap);
                }
                hierarchicalStreamReader.moveUp();
            }
            return new RoleBasedAuthorizationStrategy(hashMap);
        }

        protected RoleBasedAuthorizationStrategy create() {
            return new RoleBasedAuthorizationStrategy();
        }
    }

    /* loaded from: input_file:com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
        static final /* synthetic */ boolean $assertionsDisabled;

        @NonNull
        public String getDisplayName() {
            return Messages.RoleBasedAuthorizationStrategy_DisplayName();
        }

        @RequirePOST
        public FormValidation doCheckForWhitespace(@QueryParameter String str) {
            RoleBasedAuthorizationStrategy.checkAdminPerm();
            return (str == null || str.trim().equals(str)) ? FormValidation.ok() : FormValidation.warning(Messages.RoleBasedProjectNamingStrategy_WhiteSpaceWillBeTrimmed());
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public void doRolesSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws ServletException, IOException {
            RoleBasedAuthorizationStrategy.checkAdminPerm();
            staplerRequest.setCharacterEncoding("UTF-8");
            RoleBasedAuthorizationStrategy.access$200().setAuthorizationStrategy(m6newInstance(staplerRequest, staplerRequest.getSubmittedForm()));
            RoleBasedAuthorizationStrategy.persistChanges();
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public void doAssignSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws ServletException, IOException {
            Role role;
            RoleBasedAuthorizationStrategy.checkAdminPerm();
            staplerRequest.setCharacterEncoding("UTF-8");
            JSONObject submittedForm = staplerRequest.getSubmittedForm();
            AuthorizationStrategy authorizationStrategy = RoleBasedAuthorizationStrategy.access$200().getAuthorizationStrategy();
            if (submittedForm.has(RoleBasedAuthorizationStrategy.GLOBAL) && submittedForm.has(RoleBasedAuthorizationStrategy.PROJECT) && (authorizationStrategy instanceof RoleBasedAuthorizationStrategy)) {
                for (Map.Entry entry : ((RoleBasedAuthorizationStrategy) authorizationStrategy).getRoleMaps().entrySet()) {
                    RoleMap roleMap = (RoleMap) entry.getValue();
                    roleMap.clearSids();
                    JSONObject jSONObject = submittedForm.getJSONObject(((RoleType) entry.getKey()).getStringType());
                    if (!jSONObject.isNullObject()) {
                        for (Map.Entry entry2 : jSONObject.getJSONObject("data").entrySet()) {
                            String str = (String) entry2.getKey();
                            for (Map.Entry entry3 : ((JSONObject) entry2.getValue()).entrySet()) {
                                if (((Boolean) entry3.getValue()).booleanValue() && (role = roleMap.getRole((String) entry3.getKey())) != null && str != null && !str.equals("")) {
                                    roleMap.assignRole(role, str);
                                }
                            }
                        }
                    }
                }
                RoleBasedAuthorizationStrategy.persistChanges();
            }
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public AuthorizationStrategy m6newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) {
            RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy;
            Set<String> sidsForRole;
            AuthorizationStrategy authorizationStrategy = RoleBasedAuthorizationStrategy.access$200().getAuthorizationStrategy();
            if (jSONObject.has(RoleBasedAuthorizationStrategy.GLOBAL) && jSONObject.has(RoleBasedAuthorizationStrategy.PROJECT) && jSONObject.has(RoleBasedAuthorizationStrategy.SLAVE) && (authorizationStrategy instanceof RoleBasedAuthorizationStrategy)) {
                roleBasedAuthorizationStrategy = new RoleBasedAuthorizationStrategy();
                for (Map.Entry entry : jSONObject.getJSONObject(RoleBasedAuthorizationStrategy.GLOBAL).getJSONObject("data").entrySet()) {
                    String str = (String) entry.getKey();
                    HashSet hashSet = new HashSet();
                    for (Map.Entry entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                        if (((Boolean) entry2.getValue()).booleanValue()) {
                            hashSet.add(Permission.fromId((String) entry2.getKey()));
                        }
                    }
                    Role role = new Role(str, hashSet);
                    roleBasedAuthorizationStrategy.addRole(RoleType.Global, role);
                    RoleMap roleMap = ((RoleBasedAuthorizationStrategy) authorizationStrategy).getRoleMap(RoleType.Global);
                    if (roleMap != null && (sidsForRole = roleMap.getSidsForRole(str)) != null) {
                        Iterator<String> it = sidsForRole.iterator();
                        while (it.hasNext()) {
                            roleBasedAuthorizationStrategy.assignRole(RoleType.Global, role, it.next());
                        }
                    }
                }
                readRoles(jSONObject, RoleType.Project, roleBasedAuthorizationStrategy, (RoleBasedAuthorizationStrategy) authorizationStrategy);
                readRoles(jSONObject, RoleType.Slave, roleBasedAuthorizationStrategy, (RoleBasedAuthorizationStrategy) authorizationStrategy);
            } else if (authorizationStrategy instanceof RoleBasedAuthorizationStrategy) {
                roleBasedAuthorizationStrategy = (RoleBasedAuthorizationStrategy) authorizationStrategy;
            } else {
                roleBasedAuthorizationStrategy = new RoleBasedAuthorizationStrategy();
                Role createAdminRole = createAdminRole();
                roleBasedAuthorizationStrategy.addRole(RoleType.Global, createAdminRole);
                roleBasedAuthorizationStrategy.assignRole(RoleType.Global, createAdminRole, getCurrentUser());
            }
            return roleBasedAuthorizationStrategy;
        }

        private void readRoles(JSONObject jSONObject, RoleType roleType, RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy, RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy2) {
            Set<String> sidsForRole;
            String stringType = roleType.getStringType();
            if (!jSONObject.has(stringType)) {
                if (!$assertionsDisabled) {
                    throw new AssertionError("Unexistent Role type " + stringType);
                }
                return;
            }
            JSONObject jSONObject2 = jSONObject.getJSONObject(stringType);
            if (!jSONObject2.containsKey("data")) {
                if (!$assertionsDisabled) {
                    throw new AssertionError("No data at role description");
                }
                return;
            }
            for (Map.Entry entry : jSONObject2.getJSONObject("data").entrySet()) {
                String str = (String) entry.getKey();
                HashSet hashSet = new HashSet();
                String string = ((JSONObject) entry.getValue()).getString("pattern");
                if (string != null) {
                    ((JSONObject) entry.getValue()).remove("pattern");
                } else {
                    string = Role.GLOBAL_ROLE_PATTERN;
                }
                for (Map.Entry entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                    if (((Boolean) entry2.getValue()).booleanValue()) {
                        hashSet.add(Permission.fromId((String) entry2.getKey()));
                    }
                }
                Role role = new Role(str, string, hashSet);
                roleBasedAuthorizationStrategy.addRole(roleType, role);
                RoleMap roleMap = roleBasedAuthorizationStrategy2.getRoleMap(roleType);
                if (roleMap != null && (sidsForRole = roleMap.getSidsForRole(str)) != null) {
                    Iterator<String> it = sidsForRole.iterator();
                    while (it.hasNext()) {
                        roleBasedAuthorizationStrategy.assignRole(roleType, role, it.next());
                    }
                }
            }
        }

        private Role createAdminRole() {
            HashSet hashSet = new HashSet();
            hashSet.add(Jenkins.ADMINISTER);
            return new Role("admin", hashSet);
        }

        private String getCurrentUser() {
            return new PrincipalSid(Jenkins.getAuthentication2()).getPrincipal();
        }

        @Nullable
        public List<PermissionGroup> getGroups(@NonNull String str) {
            ArrayList arrayList = new ArrayList();
            ArrayList<PermissionGroup> arrayList2 = new ArrayList(PermissionGroup.getAll());
            boolean z = -1;
            switch (str.hashCode()) {
                case -1184953562:
                    if (str.equals(RoleBasedAuthorizationStrategy.SLAVE)) {
                        z = 2;
                        break;
                    }
                    break;
                case -853645094:
                    if (str.equals(RoleBasedAuthorizationStrategy.GLOBAL)) {
                        z = false;
                        break;
                    }
                    break;
                case 927423268:
                    if (str.equals(RoleBasedAuthorizationStrategy.PROJECT)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    break;
                case true:
                    arrayList2.remove(PermissionGroup.get(Hudson.class));
                    arrayList2.remove(PermissionGroup.get(Computer.class));
                    break;
                case true:
                    arrayList2.remove(PermissionGroup.get(Permission.class));
                    arrayList2.remove(PermissionGroup.get(Hudson.class));
                    arrayList2.remove(PermissionGroup.get(View.class));
                    arrayList2.remove(PermissionGroup.get(Item.class));
                    arrayList2.remove(PermissionGroup.get(SCM.class));
                    arrayList2.remove(PermissionGroup.get(Run.class));
                    break;
                default:
                    arrayList2 = new ArrayList();
                    break;
            }
            for (PermissionGroup permissionGroup : arrayList2) {
                if (permissionGroup != PermissionGroup.get(Permission.class)) {
                    Iterator it = permissionGroup.getPermissions().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (((Permission) it.next()).getEnabled()) {
                            arrayList.add(permissionGroup);
                        }
                    }
                }
            }
            return arrayList;
        }

        @Restricted({NoExternalUse.class})
        public boolean showPermission(String str, Permission permission) {
            boolean z = -1;
            switch (str.hashCode()) {
                case -1184953562:
                    if (str.equals(RoleBasedAuthorizationStrategy.SLAVE)) {
                        z = 2;
                        break;
                    }
                    break;
                case -853645094:
                    if (str.equals(RoleBasedAuthorizationStrategy.GLOBAL)) {
                        z = false;
                        break;
                    }
                    break;
                case 927423268:
                    if (str.equals(RoleBasedAuthorizationStrategy.PROJECT)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    if (PermissionHelper.isDangerous(permission)) {
                        return false;
                    }
                    return permission.getEnabled();
                case true:
                    return permission.getEnabled();
                case true:
                    return permission != Computer.CREATE && permission.getEnabled();
                default:
                    return false;
            }
        }

        @Restricted({DoNotUse.class})
        public String impliedByList(Permission permission) {
            ArrayList arrayList = new ArrayList();
            while (permission.impliedBy != null) {
                permission = permission.impliedBy;
                arrayList.add(permission);
            }
            return StringUtils.join((Collection) arrayList.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList()), " ");
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public FormValidation doCheckPattern(@QueryParameter String str) {
            try {
                Pattern.compile(str);
                return FormValidation.ok();
            } catch (PatternSyntaxException e) {
                return FormValidation.error(e.getMessage());
            }
        }

        @RequirePOST
        public FormValidation doCheckName(@QueryParameter String str) {
            String substring = str.substring(1, str.length() - 1);
            String escape = Functions.escape(substring);
            if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return FormValidation.ok(escape);
            }
            SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
            try {
                if (substring.equals("authenticated")) {
                    return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("user", escape, "Group"));
                }
                try {
                    try {
                        try {
                            securityRealm.loadUserByUsername2(substring);
                            User byId = User.getById(substring, true);
                            return substring.equals(byId.getFullName()) ? FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("person", escape, "User")) : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("person", Util.escape(StringUtils.abbreviate(byId.getFullName(), 50)), "User " + escape));
                        } catch (UsernameNotFoundException e) {
                            try {
                                try {
                                    securityRealm.loadGroupByGroupname2(substring, false);
                                    return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("user", escape, "Group"));
                                } catch (AuthenticationException e2) {
                                    return FormValidation.error(e2, "Failed to test the validity of the group name " + substring);
                                }
                            } catch (UserMayOrMayNotExistException2 e3) {
                                return FormValidation.respond(FormValidation.Kind.WARNING, substring);
                            } catch (UsernameNotFoundException e4) {
                                return FormValidation.respond(FormValidation.Kind.ERROR, ValidationUtil.formatNonExistentUserGroupValidationResponse(escape, "User or group not found"));
                            }
                        }
                    } catch (AuthenticationException e5) {
                        return FormValidation.error(e5, "Failed to test the validity of the user name " + substring);
                    }
                } catch (UserMayOrMayNotExistException2 e6) {
                    return FormValidation.respond(FormValidation.Kind.OK, escape);
                }
            } catch (Exception e7) {
                return FormValidation.error(e7, escape);
            }
        }

        static {
            $assertionsDisabled = !RoleBasedAuthorizationStrategy.class.desiredAssertionStatus();
        }
    }

    public RoleBasedAuthorizationStrategy() {
        this.agentRoles = new RoleMap();
        this.globalRoles = new RoleMap();
        this.itemRoles = new RoleMap();
    }

    public RoleBasedAuthorizationStrategy(Map<String, RoleMap> map) {
        RoleMap roleMap = map.get(SLAVE);
        this.agentRoles = roleMap == null ? new RoleMap() : roleMap;
        RoleMap roleMap2 = map.get(GLOBAL);
        this.globalRoles = roleMap2 == null ? new RoleMap() : roleMap2;
        RoleMap roleMap3 = map.get(PROJECT);
        this.itemRoles = roleMap3 == null ? new RoleMap() : roleMap3;
    }

    @NonNull
    /* renamed from: getRootACL, reason: merged with bridge method [inline-methods] */
    public SidACL m3getRootACL() {
        return this.globalRoles.getACL(RoleType.Global, null);
    }

    @NonNull
    @Restricted({NoExternalUse.class})
    public RoleMap getRoleMap(RoleType roleType) {
        switch (roleType) {
            case Global:
                return this.globalRoles;
            case Project:
                return this.itemRoles;
            case Slave:
                return this.agentRoles;
            default:
                throw new IllegalArgumentException("Unknown RoleType: " + roleType);
        }
    }

    @NonNull
    public ACL getACL(@NonNull Job<?, ?> job) {
        return getACL((AbstractItem) job);
    }

    @NonNull
    public ACL getACL(@NonNull AbstractItem abstractItem) {
        return this.itemRoles.newMatchingRoleMap(abstractItem.getFullName()).getACL(RoleType.Project, abstractItem).newInheritingACL(m3getRootACL());
    }

    @NonNull
    public ACL getACL(@NonNull Computer computer) {
        return this.agentRoles.newMatchingRoleMap(computer.getName()).getACL(RoleType.Slave, computer).newInheritingACL(m3getRootACL());
    }

    @NonNull
    public ACL getACL(@NonNull Node node) {
        return this.agentRoles.newMatchingRoleMap(node.getNodeName()).getACL(RoleType.Slave, node).newInheritingACL(m3getRootACL());
    }

    @NonNull
    public Collection<String> getGroups() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.globalRoles.getSids(true));
        hashSet.addAll(this.itemRoles.getSids(true));
        hashSet.addAll(this.agentRoles.getSids(true));
        return hashSet;
    }

    @Nullable
    @Deprecated
    public SortedMap<Role, Set<String>> getGrantedRoles(String str) {
        return getGrantedRoles(RoleType.fromString(str));
    }

    public SortedMap<Role, Set<String>> getGrantedRoles(@NonNull RoleType roleType) {
        return getRoleMap(roleType).getGrantedRoles();
    }

    @CheckForNull
    public Set<String> getSIDs(String str) {
        return getRoleMap(RoleType.fromString(str)).getSids();
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NonNull
    public Map<RoleType, RoleMap> getRoleMaps() {
        HashMap hashMap = new HashMap();
        hashMap.put(RoleType.Global, this.globalRoles);
        hashMap.put(RoleType.Slave, this.agentRoles);
        hashMap.put(RoleType.Project, this.itemRoles);
        return Collections.unmodifiableMap(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addRole(RoleType roleType, Role role) {
        getRoleMap(roleType).addRole(role);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void assignRole(RoleType roleType, Role role, String str) {
        RoleMap roleMap = getRoleMap(roleType);
        if (roleMap.hasRole(role)) {
            roleMap.assignRole(role, str);
        }
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAddRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3, @QueryParameter(required = true) String str4, @QueryParameter(required = false) String str5) throws IOException {
        RoleMap roleMap;
        Role role;
        checkAdminPerm();
        boolean parseBoolean = Boolean.parseBoolean(str4);
        String str6 = Role.GLOBAL_ROLE_PATTERN;
        if (!str.equals(GLOBAL) && str5 != null) {
            str6 = str5;
        }
        Role role2 = new Role(str2, str6, PermissionHelper.fromStrings(Arrays.asList(str3.split(",")), true));
        RoleType fromString = RoleType.fromString(str);
        if (parseBoolean && (role = (roleMap = getRoleMap(fromString)).getRole(str2)) != null) {
            roleMap.removeRole(role);
        }
        addRole(fromString, role2);
        persistChanges();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        JSONObject jSONObject = new JSONObject();
        Role role = getRoleMap(RoleType.fromString(str)).getRole(str2);
        if (role != null) {
            Set<Permission> permissions = role.getPermissions();
            HashMap hashMap = new HashMap();
            for (Permission permission : permissions) {
                hashMap.put(permission.getId(), Boolean.valueOf(permission.getEnabled()));
            }
            jSONObject.put("permissionIds", hashMap);
            if (!str.equals(GLOBAL)) {
                jSONObject.put("pattern", role.getPattern().pattern());
            }
            jSONObject.put("sids", role.getSids());
        }
        Stapler.getCurrentResponse().setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = Stapler.getCurrentResponse().getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doRemoveRoles(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        RoleMap roleMap = getRoleMap(RoleType.fromString(str));
        for (String str3 : str2.split(",")) {
            Role role = roleMap.getRole(str3);
            if (role != null) {
                roleMap.removeRole(role);
            }
        }
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAssignRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleType fromString = RoleType.fromString(str);
        Role role = getRoleMap(fromString).getRole(str2);
        if (role != null) {
            assignRole(fromString, role, str3);
        }
        persistChanges();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void persistChanges() throws IOException {
        instance().save();
    }

    private static Jenkins instance() {
        return Jenkins.get();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkAdminPerm() {
        instance().checkPermission(Jenkins.ADMINISTER);
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doDeleteSid(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        getRoleMap(RoleType.fromString(str)).deleteSids(str2);
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doUnassignRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleMap roleMap = getRoleMap(RoleType.fromString(str));
        Role role = roleMap.getRole(str2);
        if (role != null) {
            roleMap.deleteRoleSid(str3, role.getName());
        }
        persistChanges();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetAllRoles(@QueryParameter(fixEmpty = true) String str) throws IOException {
        checkAdminPerm();
        JSONObject jSONObject = new JSONObject();
        RoleMap roleMap = getRoleMap(RoleType.Global);
        if (str != null) {
            roleMap = getRoleMap(RoleType.fromString(str));
        }
        for (Role role : roleMap.getRoles()) {
            jSONObject.put(role.getName(), role.getSids());
        }
        Stapler.getCurrentResponse().setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = Stapler.getCurrentResponse().getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetMatchingJobs(@QueryParameter(required = true) String str, @QueryParameter int i) throws IOException {
        checkAdminPerm();
        ArrayList arrayList = new ArrayList();
        int matchingItemNames = RoleMap.getMatchingItemNames(arrayList, Pattern.compile(str), i);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("matchingJobs", arrayList);
        jSONObject.put("itemCount", Integer.valueOf(matchingItemNames));
        StaplerResponse currentResponse = Stapler.getCurrentResponse();
        currentResponse.setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = currentResponse.getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetMatchingAgents(@QueryParameter(required = true) String str, @QueryParameter int i) throws IOException {
        checkAdminPerm();
        ArrayList arrayList = new ArrayList();
        int matchingAgentNames = RoleMap.getMatchingAgentNames(arrayList, Pattern.compile(str), i);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("matchingAgents", arrayList);
        jSONObject.put("agentCount", Integer.valueOf(matchingAgentNames));
        StaplerResponse currentResponse = Stapler.getCurrentResponse();
        currentResponse.setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = currentResponse.getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @CheckForNull
    public static RoleBasedAuthorizationStrategy getInstance() {
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        AuthorizationStrategy authorizationStrategy = instanceOrNull != null ? instanceOrNull.getAuthorizationStrategy() : null;
        if (authorizationStrategy instanceof RoleBasedAuthorizationStrategy) {
            return (RoleBasedAuthorizationStrategy) authorizationStrategy;
        }
        return null;
    }

    @Deprecated
    public static boolean isCreateAllowed() {
        return true;
    }

    static /* synthetic */ Jenkins access$200() {
        return instance();
    }
}
