package org.jenkinsci.plugins.rolestrategy;

import com.michelin.cio.hudson.plugins.rolestrategy.AuthorizationType;
import com.michelin.cio.hudson.plugins.rolestrategy.Messages;
import com.michelin.cio.hudson.plugins.rolestrategy.PermissionEntry;
import com.michelin.cio.hudson.plugins.rolestrategy.Role;
import com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy;
import com.michelin.cio.hudson.plugins.rolestrategy.RoleMap;
import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro;
import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.Failure;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import jenkins.model.Jenkins;
import jenkins.model.ProjectNamingStrategy;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Stapler;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/lib/role-strategy.jar:org/jenkinsci/plugins/rolestrategy/RoleBasedProjectNamingStrategy.class */
public class RoleBasedProjectNamingStrategy extends ProjectNamingStrategy implements Serializable {
    private static final long serialVersionUID = 1;
    private final boolean forceExistingJobs;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/role-strategy.jar:org/jenkinsci/plugins/rolestrategy/RoleBasedProjectNamingStrategy$DescriptorImpl.class */
    public static final class DescriptorImpl extends ProjectNamingStrategy.ProjectNamingStrategyDescriptor {
        @NonNull
        public String getDisplayName() {
            return Messages.RoleBasedAuthorizationStrategy_DisplayName();
        }
    }

    @DataBoundConstructor
    public RoleBasedProjectNamingStrategy(boolean z) {
        this.forceExistingJobs = z;
    }

    public void checkName(String str) throws Failure {
        checkName(Stapler.getCurrentRequest() != null ? ((ItemGroup) Stapler.getCurrentRequest().findAncestorObject(ItemGroup.class)).getFullName() : "", str);
    }

    public void checkName(String str, String str2) throws Failure {
        Authentication authentication2;
        if (StringUtils.isBlank(str2)) {
            return;
        }
        String str3 = str2;
        if (StringUtils.isNotBlank(str)) {
            str3 = str + "/" + str2;
        }
        AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
        if (!(authorizationStrategy instanceof RoleBasedAuthorizationStrategy) || (authentication2 = Jenkins.getAuthentication2()) == ACL.SYSTEM2) {
            return;
        }
        PermissionEntry permissionEntry = new PermissionEntry(AuthorizationType.USER, new PrincipalSid(authentication2).getPrincipal());
        RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy = (RoleBasedAuthorizationStrategy) authorizationStrategy;
        RoleMap roleMap = roleBasedAuthorizationStrategy.getRoleMap(RoleType.Global);
        List<String> list = (List) authentication2.getAuthorities().stream().map(grantedAuthority -> {
            return grantedAuthority.getAuthority();
        }).collect(Collectors.toList());
        if (hasCreatePermission(roleMap, permissionEntry, list, RoleType.Global)) {
            return;
        }
        if (!hasCreatePermission(roleBasedAuthorizationStrategy.getRoleMap(RoleType.Project), permissionEntry, list, RoleType.Project)) {
            throw new Failure(Messages.RoleBasedProjectNamingStrategy_NoPermissions());
        }
        SortedMap<Role, Set<PermissionEntry>> grantedRolesEntries = roleBasedAuthorizationStrategy.getGrantedRolesEntries(RoleType.Project);
        ArrayList arrayList = new ArrayList(grantedRolesEntries.size());
        for (Map.Entry<Role, Set<PermissionEntry>> entry : grantedRolesEntries.entrySet()) {
            Role key = entry.getKey();
            if (!Macro.isMacro(key) && key.hasPermission(Item.CREATE).booleanValue()) {
                Set<PermissionEntry> value = entry.getValue();
                Pattern pattern = key.getPattern();
                if (!StringUtils.isNotBlank(pattern.toString())) {
                    continue;
                } else if (!pattern.matcher(str3).matches()) {
                    arrayList.add(pattern.toString());
                } else if (hasAnyPermission(permissionEntry, list, value)) {
                    return;
                }
            }
        }
        throw new Failure((arrayList == null || arrayList.isEmpty()) ? Messages.RoleBasedProjectNamingStrategy_NoPermissions() : Messages.RoleBasedProjectNamingStrategy_JobNameConventionNotApplyed(str3, arrayList.toString()));
    }

    private boolean hasAnyPermission(PermissionEntry permissionEntry, List<String> list, Set<PermissionEntry> set) {
        PermissionEntry permissionEntry2 = new PermissionEntry(AuthorizationType.EITHER, permissionEntry.getSid());
        if (set.contains(permissionEntry) || set.contains(permissionEntry2)) {
            return true;
        }
        for (String str : list) {
            if (set.contains(new PermissionEntry(AuthorizationType.GROUP, str)) || set.contains(new PermissionEntry(AuthorizationType.EITHER, str))) {
                return true;
            }
        }
        return false;
    }

    private boolean hasCreatePermission(RoleMap roleMap, PermissionEntry permissionEntry, List<String> list, RoleType roleType) {
        if (roleMap.hasPermission(permissionEntry, Item.CREATE, roleType, null)) {
            return true;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (roleMap.hasPermission(new PermissionEntry(AuthorizationType.GROUP, it.next()), Item.CREATE, roleType, null)) {
                return true;
            }
        }
        return false;
    }

    public boolean isForceExistingJobs() {
        return this.forceExistingJobs;
    }
}
