package com.michelin.cio.hudson.plugins.rolestrategy;

import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.ExtendedHierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.Functions;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import hudson.model.AbstractItem;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.Node;
import hudson.model.Run;
import hudson.model.View;
import hudson.scm.SCM;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.SecurityRealm;
import hudson.security.SidACL;
import hudson.util.FormValidation;
import java.io.IOException;
import java.io.Writer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import java.util.stream.Collectors;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.rolestrategy.AmbiguousSidsAdminMonitor;
import org.jenkinsci.plugins.rolestrategy.permissions.PermissionHelper;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.kohsuke.stapler.verb.GET;

/* loaded from: input_file:WEB-INF/lib/role-strategy.jar:com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.class */
public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy {
    public static final String GLOBAL = "globalRoles";
    public static final String PROJECT = "projectRoles";
    public static final String SLAVE = "slaveRoles";
    public static final String PERMISSION_TEMPLATES = "permissionTemplates";
    public static final String ROLE_TEMPLATES = "roleTemplates";
    public static final String MACRO_ROLE = "roleMacros";
    public static final String MACRO_USER = "userMacros";
    private final RoleMap agentRoles;
    private final RoleMap globalRoles;
    private final RoleMap itemRoles;
    private Set<PermissionTemplate> permissionTemplates;
    private Set<RoleTemplate> roleTemplates;
    private static Logger LOGGER = Logger.getLogger(RoleBasedAuthorizationStrategy.class.getName());

    @Extension
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();

    /* loaded from: input_file:WEB-INF/lib/role-strategy.jar:com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy$ConverterImpl.class */
    public static class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == RoleBasedAuthorizationStrategy.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy = (RoleBasedAuthorizationStrategy) obj;
            for (Map.Entry<RoleType, RoleMap> entry : roleBasedAuthorizationStrategy.getRoleMaps().entrySet()) {
                RoleMap value = entry.getValue();
                hierarchicalStreamWriter.startNode("roleMap");
                hierarchicalStreamWriter.addAttribute("type", entry.getKey().getStringType());
                for (Map.Entry<Role, Set<PermissionEntry>> entry2 : value.getGrantedRolesEntries().entrySet()) {
                    Role key = entry2.getKey();
                    if (key != null) {
                        hierarchicalStreamWriter.startNode("role");
                        hierarchicalStreamWriter.addAttribute("name", key.getName());
                        hierarchicalStreamWriter.addAttribute("pattern", key.getPattern().pattern());
                        hierarchicalStreamWriter.addAttribute("generated", Boolean.toString(key.isGenerated()));
                        hierarchicalStreamWriter.startNode("permissions");
                        for (Permission permission : key.getPermissions()) {
                            hierarchicalStreamWriter.startNode("permission");
                            hierarchicalStreamWriter.setValue(permission.getId());
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.startNode("assignedSIDs");
                        for (PermissionEntry permissionEntry : entry2.getValue()) {
                            hierarchicalStreamWriter.startNode("sid");
                            hierarchicalStreamWriter.addAttribute("type", permissionEntry.getType().toString());
                            hierarchicalStreamWriter.setValue(permissionEntry.getSid());
                            hierarchicalStreamWriter.endNode();
                        }
                        hierarchicalStreamWriter.endNode();
                        hierarchicalStreamWriter.endNode();
                    }
                }
                hierarchicalStreamWriter.endNode();
            }
            hierarchicalStreamWriter.startNode(RoleBasedAuthorizationStrategy.PERMISSION_TEMPLATES);
            for (PermissionTemplate permissionTemplate : roleBasedAuthorizationStrategy.permissionTemplates) {
                hierarchicalStreamWriter.startNode("template");
                hierarchicalStreamWriter.addAttribute("name", permissionTemplate.getName());
                hierarchicalStreamWriter.startNode("permissions");
                for (Permission permission2 : permissionTemplate.getPermissions()) {
                    hierarchicalStreamWriter.startNode("permission");
                    hierarchicalStreamWriter.setValue(permission2.getId());
                    hierarchicalStreamWriter.endNode();
                }
                hierarchicalStreamWriter.endNode();
                hierarchicalStreamWriter.endNode();
            }
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode(RoleBasedAuthorizationStrategy.ROLE_TEMPLATES);
            for (RoleTemplate roleTemplate : roleBasedAuthorizationStrategy.roleTemplates) {
                hierarchicalStreamWriter.startNode("template");
                hierarchicalStreamWriter.addAttribute("name", roleTemplate.getName());
                hierarchicalStreamWriter.addAttribute("pattern", roleTemplate.getPattern());
                hierarchicalStreamWriter.endNode();
            }
            hierarchicalStreamWriter.endNode();
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                if (hierarchicalStreamReader.getNodeName().equals("roleMap")) {
                    String attribute = hierarchicalStreamReader.getAttribute("type");
                    RoleMap roleMap = new RoleMap();
                    while (hierarchicalStreamReader.hasMoreChildren()) {
                        hierarchicalStreamReader.moveDown();
                        String attribute2 = hierarchicalStreamReader.getAttribute("name");
                        String attribute3 = hierarchicalStreamReader.getAttribute("pattern");
                        Boolean valueOf = Boolean.valueOf(Boolean.parseBoolean(hierarchicalStreamReader.getAttribute("generated")));
                        HashSet hashSet3 = new HashSet();
                        String peekNextChild = ((ExtendedHierarchicalStreamReader) hierarchicalStreamReader).peekNextChild();
                        if (peekNextChild != null && peekNextChild.equals("permissions")) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                Permission resolvePermissionFromString = PermissionHelper.resolvePermissionFromString(hierarchicalStreamReader.getValue());
                                if (resolvePermissionFromString != null) {
                                    hashSet3.add(resolvePermissionFromString);
                                }
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        Role role = new Role(attribute2, Pattern.compile(attribute3), hashSet3, "", valueOf.booleanValue());
                        roleMap.addRole(role);
                        String peekNextChild2 = ((ExtendedHierarchicalStreamReader) hierarchicalStreamReader).peekNextChild();
                        if (peekNextChild2 != null && peekNextChild2.equals("assignedSIDs")) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                String attribute4 = hierarchicalStreamReader.getAttribute("type");
                                AuthorizationType authorizationType = AuthorizationType.EITHER;
                                String value = hierarchicalStreamReader.getValue();
                                if (attribute4 != null) {
                                    try {
                                        authorizationType = AuthorizationType.valueOf(attribute4);
                                    } catch (IllegalArgumentException e) {
                                        RoleBasedAuthorizationStrategy.LOGGER.log(Level.WARNING, "Unknown AuthorizationType {0} for SID {1} in Role {2}/{3}", new Object[]{attribute4, value, attribute, attribute2});
                                        throw e;
                                    }
                                }
                                roleMap.assignRole(role, new PermissionEntry(authorizationType, value));
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        hierarchicalStreamReader.moveUp();
                    }
                    hashMap.put(attribute, roleMap);
                }
                if (hierarchicalStreamReader.getNodeName().equals(RoleBasedAuthorizationStrategy.PERMISSION_TEMPLATES)) {
                    while (hierarchicalStreamReader.hasMoreChildren()) {
                        hierarchicalStreamReader.moveDown();
                        HashSet hashSet4 = new HashSet();
                        String attribute5 = hierarchicalStreamReader.getAttribute("name");
                        String peekNextChild3 = ((ExtendedHierarchicalStreamReader) hierarchicalStreamReader).peekNextChild();
                        if (peekNextChild3 != null && peekNextChild3.equals("permissions")) {
                            hierarchicalStreamReader.moveDown();
                            while (hierarchicalStreamReader.hasMoreChildren()) {
                                hierarchicalStreamReader.moveDown();
                                Permission resolvePermissionFromString2 = PermissionHelper.resolvePermissionFromString(hierarchicalStreamReader.getValue());
                                if (resolvePermissionFromString2 != null) {
                                    hashSet4.add(resolvePermissionFromString2);
                                }
                                hierarchicalStreamReader.moveUp();
                            }
                            hierarchicalStreamReader.moveUp();
                        }
                        hashSet.add(new PermissionTemplate(hashSet4, attribute5));
                        hierarchicalStreamReader.moveUp();
                    }
                }
                if (hierarchicalStreamReader.getNodeName().equals(RoleBasedAuthorizationStrategy.ROLE_TEMPLATES)) {
                    while (hierarchicalStreamReader.hasMoreChildren()) {
                        hierarchicalStreamReader.moveDown();
                        hashSet2.add(new RoleTemplate(hierarchicalStreamReader.getAttribute("name"), hierarchicalStreamReader.getAttribute("pattern")));
                        hierarchicalStreamReader.moveUp();
                    }
                }
                hierarchicalStreamReader.moveUp();
            }
            return new RoleBasedAuthorizationStrategy(hashMap, hashSet, hashSet2);
        }

        protected RoleBasedAuthorizationStrategy create() {
            return new RoleBasedAuthorizationStrategy();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/role-strategy.jar:com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
        static final /* synthetic */ boolean $assertionsDisabled;

        @NonNull
        public String getDisplayName() {
            return Messages.RoleBasedAuthorizationStrategy_DisplayName();
        }

        @RequirePOST
        public FormValidation doCheckForWhitespace(@QueryParameter String str) {
            RoleBasedAuthorizationStrategy.checkAdminPerm();
            return (str == null || str.trim().equals(str)) ? FormValidation.ok() : FormValidation.warning(Messages.RoleBasedProjectNamingStrategy_WhiteSpaceWillBeTrimmed());
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public void doRolesSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws ServletException, IOException {
            RoleBasedAuthorizationStrategy.checkAdminPerm();
            staplerRequest.setCharacterEncoding("UTF-8");
            RoleBasedAuthorizationStrategy.instance().setAuthorizationStrategy(m8newInstance(staplerRequest, staplerRequest.getSubmittedForm()));
            RoleBasedAuthorizationStrategy.persistChanges();
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public void doAssignSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws ServletException, IOException {
            Role role;
            RoleBasedAuthorizationStrategy.checkAdminPerm();
            staplerRequest.setCharacterEncoding("UTF-8");
            JSONObject submittedForm = staplerRequest.getSubmittedForm();
            AuthorizationStrategy authorizationStrategy = RoleBasedAuthorizationStrategy.instance().getAuthorizationStrategy();
            if (submittedForm.has(RoleBasedAuthorizationStrategy.GLOBAL) && submittedForm.has(RoleBasedAuthorizationStrategy.PROJECT) && (authorizationStrategy instanceof RoleBasedAuthorizationStrategy)) {
                for (Map.Entry<RoleType, RoleMap> entry : ((RoleBasedAuthorizationStrategy) authorizationStrategy).getRoleMaps().entrySet()) {
                    RoleMap value = entry.getValue();
                    value.clearSids();
                    JSONObject jSONObject = submittedForm.getJSONObject(entry.getKey().getStringType());
                    if (!jSONObject.isNullObject()) {
                        for (Map.Entry entry2 : jSONObject.getJSONObject("data").entrySet()) {
                            String str = (String) entry2.getKey();
                            if (str != null && !str.equals("")) {
                                PermissionEntry fromString = PermissionEntry.fromString(str);
                                for (Map.Entry entry3 : ((JSONObject) entry2.getValue()).entrySet()) {
                                    if (((Boolean) entry3.getValue()).booleanValue() && (role = value.getRole((String) entry3.getKey())) != null) {
                                        value.assignRole(role, fromString);
                                    }
                                }
                            }
                        }
                    }
                }
                RoleBasedAuthorizationStrategy.persistChanges();
            }
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public void doTemplatesSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws ServletException, IOException {
            RoleBasedAuthorizationStrategy.checkAdminPerm();
            staplerRequest.setCharacterEncoding("UTF-8");
            JSONObject submittedForm = staplerRequest.getSubmittedForm();
            AuthorizationStrategy authorizationStrategy = RoleBasedAuthorizationStrategy.instance().getAuthorizationStrategy();
            if (submittedForm.has(RoleBasedAuthorizationStrategy.PERMISSION_TEMPLATES) && submittedForm.has(RoleBasedAuthorizationStrategy.ROLE_TEMPLATES) && (authorizationStrategy instanceof RoleBasedAuthorizationStrategy)) {
                RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy = (RoleBasedAuthorizationStrategy) authorizationStrategy;
                JSONObject jSONObject = submittedForm.getJSONObject(RoleBasedAuthorizationStrategy.PERMISSION_TEMPLATES);
                TreeSet treeSet = new TreeSet();
                for (Map.Entry entry : jSONObject.getJSONObject("data").entrySet()) {
                    String str = (String) entry.getKey();
                    HashSet hashSet = new HashSet();
                    for (Map.Entry entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                        if (((Boolean) entry2.getValue()).booleanValue()) {
                            hashSet.add((String) entry2.getKey());
                        }
                    }
                    treeSet.add(new PermissionTemplate(str, hashSet));
                }
                JSONObject jSONObject2 = submittedForm.getJSONObject(RoleBasedAuthorizationStrategy.ROLE_TEMPLATES);
                TreeSet treeSet2 = new TreeSet();
                for (Map.Entry entry3 : jSONObject2.getJSONObject("data").entrySet()) {
                    treeSet2.add(new RoleTemplate((String) entry3.getKey(), ((JSONObject) entry3.getValue()).getString("pattern")));
                }
                roleBasedAuthorizationStrategy.permissionTemplates = treeSet;
                roleBasedAuthorizationStrategy.roleTemplates = treeSet2;
                roleBasedAuthorizationStrategy.generateRolesFromTemplates();
                RoleBasedAuthorizationStrategy.persistChanges();
            }
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public AuthorizationStrategy m8newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) {
            RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy;
            AuthorizationStrategy authorizationStrategy = RoleBasedAuthorizationStrategy.instance().getAuthorizationStrategy();
            if (jSONObject.has(RoleBasedAuthorizationStrategy.GLOBAL) && jSONObject.has(RoleBasedAuthorizationStrategy.PROJECT) && jSONObject.has(RoleBasedAuthorizationStrategy.SLAVE) && (authorizationStrategy instanceof RoleBasedAuthorizationStrategy)) {
                roleBasedAuthorizationStrategy = new RoleBasedAuthorizationStrategy();
                readRoles(jSONObject, RoleType.Global, roleBasedAuthorizationStrategy, (RoleBasedAuthorizationStrategy) authorizationStrategy);
                readRoles(jSONObject, RoleType.Project, roleBasedAuthorizationStrategy, (RoleBasedAuthorizationStrategy) authorizationStrategy);
                readRoles(jSONObject, RoleType.Slave, roleBasedAuthorizationStrategy, (RoleBasedAuthorizationStrategy) authorizationStrategy);
                roleBasedAuthorizationStrategy.permissionTemplates = ((RoleBasedAuthorizationStrategy) authorizationStrategy).permissionTemplates;
                roleBasedAuthorizationStrategy.roleTemplates = ((RoleBasedAuthorizationStrategy) authorizationStrategy).roleTemplates;
            } else if (authorizationStrategy instanceof RoleBasedAuthorizationStrategy) {
                roleBasedAuthorizationStrategy = (RoleBasedAuthorizationStrategy) authorizationStrategy;
            } else {
                roleBasedAuthorizationStrategy = new RoleBasedAuthorizationStrategy();
                Role createAdminRole = createAdminRole();
                roleBasedAuthorizationStrategy.addRole(RoleType.Global, createAdminRole);
                roleBasedAuthorizationStrategy.assignRole(RoleType.Global, createAdminRole, new PermissionEntry(AuthorizationType.USER, getCurrentUser()));
            }
            return roleBasedAuthorizationStrategy;
        }

        private void readRoles(JSONObject jSONObject, RoleType roleType, RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy, RoleBasedAuthorizationStrategy roleBasedAuthorizationStrategy2) {
            JSONObject jSONObject2 = jSONObject.getJSONObject(roleType.getStringType());
            if (!jSONObject2.containsKey("data")) {
                if (!$assertionsDisabled) {
                    throw new AssertionError("No data at role description");
                }
                return;
            }
            for (Map.Entry entry : jSONObject2.getJSONObject("data").entrySet()) {
                HashSet hashSet = new HashSet();
                String str = Role.GLOBAL_ROLE_PATTERN;
                if (((JSONObject) entry.getValue()).has("pattern")) {
                    str = ((JSONObject) entry.getValue()).getString("pattern");
                    ((JSONObject) entry.getValue()).remove("pattern");
                }
                if (str == null) {
                    str = Role.GLOBAL_ROLE_PATTERN;
                }
                for (Map.Entry entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                    if (((Boolean) entry2.getValue()).booleanValue()) {
                        hashSet.add(Permission.fromId((String) entry2.getKey()));
                    }
                }
                String str2 = (String) entry.getKey();
                RoleMap roleMap = roleBasedAuthorizationStrategy2.getRoleMap(roleType);
                Role role = roleMap.getRole(str2);
                Role role2 = new Role(str2, Pattern.compile(str), hashSet, "", role != null ? role.isGenerated() : false);
                roleBasedAuthorizationStrategy.addRole(roleType, role2);
                Set<PermissionEntry> sidEntriesForRole = roleMap.getSidEntriesForRole(str2);
                if (sidEntriesForRole != null) {
                    Iterator<PermissionEntry> it = sidEntriesForRole.iterator();
                    while (it.hasNext()) {
                        roleBasedAuthorizationStrategy.assignRole(roleType, role2, it.next());
                    }
                }
            }
        }

        private Role createAdminRole() {
            HashSet hashSet = new HashSet();
            hashSet.add(Jenkins.ADMINISTER);
            return new Role("admin", hashSet);
        }

        private String getCurrentUser() {
            return new PrincipalSid(Jenkins.getAuthentication2()).getPrincipal();
        }

        @Nullable
        public List<PermissionGroup> getGroups(@NonNull String str) {
            ArrayList arrayList = new ArrayList();
            ArrayList<PermissionGroup> arrayList2 = new ArrayList(PermissionGroup.getAll());
            boolean z = -1;
            switch (str.hashCode()) {
                case -1184953562:
                    if (str.equals(RoleBasedAuthorizationStrategy.SLAVE)) {
                        z = 2;
                        break;
                    }
                    break;
                case -853645094:
                    if (str.equals(RoleBasedAuthorizationStrategy.GLOBAL)) {
                        z = false;
                        break;
                    }
                    break;
                case 927423268:
                    if (str.equals(RoleBasedAuthorizationStrategy.PROJECT)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    break;
                case true:
                    arrayList2.remove(PermissionGroup.get(Hudson.class));
                    arrayList2.remove(PermissionGroup.get(Computer.class));
                    break;
                case true:
                    arrayList2.remove(PermissionGroup.get(Permission.class));
                    arrayList2.remove(PermissionGroup.get(Hudson.class));
                    arrayList2.remove(PermissionGroup.get(View.class));
                    arrayList2.remove(PermissionGroup.get(Item.class));
                    arrayList2.remove(PermissionGroup.get(SCM.class));
                    arrayList2.remove(PermissionGroup.get(Run.class));
                    break;
                default:
                    arrayList2 = new ArrayList();
                    break;
            }
            for (PermissionGroup permissionGroup : arrayList2) {
                if (permissionGroup != PermissionGroup.get(Permission.class)) {
                    Iterator it = permissionGroup.getPermissions().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (((Permission) it.next()).getEnabled()) {
                            arrayList.add(permissionGroup);
                        }
                    }
                }
            }
            return arrayList;
        }

        @Restricted({NoExternalUse.class})
        public boolean showPermission(String str, Permission permission) {
            boolean z = -1;
            switch (str.hashCode()) {
                case -1184953562:
                    if (str.equals(RoleBasedAuthorizationStrategy.SLAVE)) {
                        z = 2;
                        break;
                    }
                    break;
                case -853645094:
                    if (str.equals(RoleBasedAuthorizationStrategy.GLOBAL)) {
                        z = false;
                        break;
                    }
                    break;
                case 927423268:
                    if (str.equals(RoleBasedAuthorizationStrategy.PROJECT)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    if (PermissionHelper.isDangerous(permission)) {
                        return false;
                    }
                    return permission.getEnabled();
                case true:
                    return permission.getEnabled();
                case true:
                    return permission != Computer.CREATE && permission.getEnabled();
                default:
                    return false;
            }
        }

        @Restricted({DoNotUse.class})
        public String impliedByList(Permission permission) {
            ArrayList arrayList = new ArrayList();
            while (permission.impliedBy != null) {
                permission = permission.impliedBy;
                arrayList.add(permission);
            }
            return StringUtils.join((Collection) arrayList.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList()), " ");
        }

        @Restricted({DoNotUse.class})
        public PermissionEntry entryFor(String str, String str2) {
            if (str == null) {
                return null;
            }
            return new PermissionEntry(AuthorizationType.valueOf(str), str2);
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public FormValidation doCheckPattern(@QueryParameter String str) {
            try {
                Pattern.compile(str);
                return FormValidation.ok();
            } catch (PatternSyntaxException e) {
                return FormValidation.error(e.getMessage());
            }
        }

        @RequirePOST
        public FormValidation doCheckName(@QueryParameter String str) {
            String substring = str.substring(1, str.length() - 1);
            int indexOf = substring.indexOf(58);
            if (indexOf < 0) {
                return FormValidation.error("No type prefix: " + substring);
            }
            try {
                AuthorizationType valueOf = AuthorizationType.valueOf(substring.substring(0, indexOf));
                String substring2 = substring.substring(indexOf + 1);
                String escape = Functions.escape(substring2);
                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                    return FormValidation.ok(escape);
                }
                SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
                if (substring2.equals("authenticated") && valueOf == AuthorizationType.EITHER) {
                    return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse(valueOf, escape, "Internal group found; but permissions would also be granted to a user of this name", true));
                }
                if (substring2.equals("anonymous") && valueOf == AuthorizationType.EITHER) {
                    return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse(valueOf, escape, "Internal user found; but permissions would also be granted to a group of this name", true));
                }
                try {
                    switch (valueOf) {
                        case GROUP:
                            FormValidation validateGroup = ValidationUtil.validateGroup(substring2, securityRealm, false);
                            return validateGroup != null ? validateGroup : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatNonExistentUserGroupValidationResponse(valueOf, escape, "Group not found"));
                        case USER:
                            FormValidation validateUser = ValidationUtil.validateUser(substring2, securityRealm, false);
                            return validateUser != null ? validateUser : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatNonExistentUserGroupValidationResponse(valueOf, escape, "User not found"));
                        case EITHER:
                            FormValidation validateUser2 = ValidationUtil.validateUser(substring2, securityRealm, true);
                            if (validateUser2 != null) {
                                return validateUser2;
                            }
                            FormValidation validateGroup2 = ValidationUtil.validateGroup(substring2, securityRealm, true);
                            return validateGroup2 != null ? validateGroup2 : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatNonExistentUserGroupValidationResponse(valueOf, escape, "User or group not found", true));
                        default:
                            return FormValidation.error("Unexpected type: " + valueOf);
                    }
                } catch (Exception e) {
                    return FormValidation.error(e, escape);
                }
            } catch (Exception e2) {
                return FormValidation.error("Invalid type prefix: " + substring);
            }
        }

        @Restricted({DoNotUse.class})
        public boolean hasAmbiguousEntries(SortedMap<Role, Set<PermissionEntry>> sortedMap) {
            return sortedMap.entrySet().stream().anyMatch(entry -> {
                return ((Set) entry.getValue()).stream().anyMatch(permissionEntry -> {
                    return permissionEntry.getType() == AuthorizationType.EITHER;
                });
            });
        }

        static {
            $assertionsDisabled = !RoleBasedAuthorizationStrategy.class.desiredAssertionStatus();
        }
    }

    public RoleBasedAuthorizationStrategy() {
        this.agentRoles = new RoleMap();
        this.globalRoles = new RoleMap();
        this.itemRoles = new RoleMap();
        this.permissionTemplates = new TreeSet();
        this.roleTemplates = new TreeSet();
    }

    public RoleBasedAuthorizationStrategy(Map<String, RoleMap> map) {
        this(map, null, null);
    }

    public RoleBasedAuthorizationStrategy(Map<String, RoleMap> map, @CheckForNull Set<PermissionTemplate> set, @CheckForNull Set<RoleTemplate> set2) {
        RoleMap roleMap = map.get(SLAVE);
        this.agentRoles = roleMap == null ? new RoleMap() : roleMap;
        RoleMap roleMap2 = map.get(GLOBAL);
        this.globalRoles = roleMap2 == null ? new RoleMap() : roleMap2;
        RoleMap roleMap3 = map.get(PROJECT);
        this.itemRoles = roleMap3 == null ? new RoleMap() : roleMap3;
        this.permissionTemplates = set == null ? Collections.emptySet() : new TreeSet<>(set);
        this.roleTemplates = set2 == null ? Collections.emptySet() : new TreeSet<>(set2);
        generateRolesFromTemplates();
    }

    private void generateRolesFromTemplates() {
        RoleMap roleMap = getRoleMaps().get(RoleType.Project);
        RoleMap generatedRoles = roleMap.getGeneratedRoles();
        RoleMap roleMap2 = new RoleMap();
        for (PermissionTemplate permissionTemplate : this.permissionTemplates) {
            for (RoleTemplate roleTemplate : this.roleTemplates) {
                String str = "#" + permissionTemplate.getName() + "-" + roleTemplate.getName();
                Role role = roleMap.getRole(str);
                HashSet hashSet = new HashSet();
                if (role != null) {
                    Set<PermissionEntry> sidEntriesForRole = roleMap.getSidEntriesForRole(str);
                    if (sidEntriesForRole != null) {
                        hashSet.addAll(sidEntriesForRole);
                    }
                    roleMap.removeRole(role);
                }
                roleMap2.addRole(new Role(str, Pattern.compile(roleTemplate.getPattern()), permissionTemplate.getPermissions(), "", true), hashSet);
            }
        }
        Iterator<Map.Entry<Role, Set<PermissionEntry>>> it = generatedRoles.getGrantedRolesEntries().entrySet().iterator();
        while (it.hasNext()) {
            roleMap.removeRole(it.next().getKey());
        }
        for (Map.Entry<Role, Set<PermissionEntry>> entry : roleMap2.getGrantedRolesEntries().entrySet()) {
            roleMap.addRole(entry.getKey(), entry.getValue());
        }
    }

    @NonNull
    /* renamed from: getRootACL, reason: merged with bridge method [inline-methods] */
    public SidACL m5getRootACL() {
        return this.globalRoles.getACL(RoleType.Global, null);
    }

    @NonNull
    @Restricted({NoExternalUse.class})
    public RoleMap getRoleMap(RoleType roleType) {
        switch (roleType) {
            case Global:
                return this.globalRoles;
            case Project:
                return this.itemRoles;
            case Slave:
                return this.agentRoles;
            default:
                throw new IllegalArgumentException("Unknown RoleType: " + roleType);
        }
    }

    @NonNull
    public ACL getACL(@NonNull Job<?, ?> job) {
        return getACL((AbstractItem) job);
    }

    @NonNull
    public ACL getACL(@NonNull AbstractItem abstractItem) {
        return this.itemRoles.newMatchingRoleMap(abstractItem.getFullName()).getACL(RoleType.Project, abstractItem).newInheritingACL(m5getRootACL());
    }

    @NonNull
    public ACL getACL(@NonNull Computer computer) {
        return this.agentRoles.newMatchingRoleMap(computer.getName()).getACL(RoleType.Slave, computer).newInheritingACL(m5getRootACL());
    }

    @NonNull
    public ACL getACL(@NonNull Node node) {
        return this.agentRoles.newMatchingRoleMap(node.getNodeName()).getACL(RoleType.Slave, node).newInheritingACL(m5getRootACL());
    }

    @NonNull
    public Collection<String> getGroups() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(filterRoleSids(this.globalRoles));
        hashSet.addAll(filterRoleSids(this.itemRoles));
        hashSet.addAll(filterRoleSids(this.agentRoles));
        return hashSet;
    }

    private Set<String> filterRoleSids(RoleMap roleMap) {
        return (Set) roleMap.getSidEntries(false).stream().filter(permissionEntry -> {
            return permissionEntry.getType() != AuthorizationType.USER;
        }).map((v0) -> {
            return v0.getSid();
        }).collect(Collectors.toSet());
    }

    @Nullable
    @Deprecated
    public SortedMap<Role, Set<String>> getGrantedRoles(String str) {
        return getRoleMap(RoleType.fromString(str)).getGrantedRoles();
    }

    @Deprecated
    public SortedMap<Role, Set<String>> getGrantedRoles(@NonNull RoleType roleType) {
        return getRoleMap(roleType).getGrantedRoles();
    }

    public Set<PermissionTemplate> getPermissionTemplates() {
        return Collections.unmodifiableSet(this.permissionTemplates);
    }

    public Set<RoleTemplate> getRoleTemplates() {
        return Collections.unmodifiableSet(this.roleTemplates);
    }

    public SortedMap<Role, Set<PermissionEntry>> getGrantedRolesEntries(@NonNull String str) {
        return getGrantedRolesEntries(RoleType.fromString(str));
    }

    public SortedMap<Role, Set<PermissionEntry>> getGrantedRolesEntries(@NonNull RoleType roleType) {
        return getRoleMap(roleType).getGrantedRolesEntries();
    }

    public Set<PermissionEntry> getSidEntries(String str) {
        return getRoleMap(RoleType.fromString(str)).getSidEntries();
    }

    @CheckForNull
    @Deprecated
    public Set<String> getSIDs(String str) {
        return getRoleMap(RoleType.fromString(str)).getSids();
    }

    @NonNull
    private Map<RoleType, RoleMap> getRoleMaps() {
        HashMap hashMap = new HashMap();
        hashMap.put(RoleType.Global, this.globalRoles);
        hashMap.put(RoleType.Slave, this.agentRoles);
        hashMap.put(RoleType.Project, this.itemRoles);
        return Collections.unmodifiableMap(hashMap);
    }

    private void addRole(RoleType roleType, Role role) {
        getRoleMap(roleType).addRole(role);
    }

    private void assignRole(RoleType roleType, Role role, PermissionEntry permissionEntry) {
        RoleMap roleMap = getRoleMap(roleType);
        if (roleMap.hasRole(role)) {
            roleMap.assignRole(role, permissionEntry);
        }
    }

    private static void persistChanges() throws IOException {
        Jenkins instance = instance();
        instance.save();
        AuthorizationStrategy authorizationStrategy = instance.getAuthorizationStrategy();
        if (authorizationStrategy instanceof RoleBasedAuthorizationStrategy) {
            ((RoleBasedAuthorizationStrategy) authorizationStrategy).validateConfig();
        }
    }

    private static Jenkins instance() {
        return Jenkins.get();
    }

    private static void checkAdminPerm() {
        instance().checkPermission(Jenkins.ADMINISTER);
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAddRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3, @QueryParameter(required = true) String str4, @QueryParameter(required = false) String str5) throws IOException {
        RoleMap roleMap;
        Role role;
        checkAdminPerm();
        boolean parseBoolean = Boolean.parseBoolean(str4);
        String str6 = Role.GLOBAL_ROLE_PATTERN;
        if (!str.equals(GLOBAL) && str5 != null) {
            str6 = str5;
        }
        Role role2 = new Role(str2, str6, PermissionHelper.fromStrings(Arrays.asList(str3.split(",")), true));
        RoleType fromString = RoleType.fromString(str);
        if (parseBoolean && (role = (roleMap = getRoleMap(fromString)).getRole(str2)) != null) {
            roleMap.removeRole(role);
        }
        addRole(fromString, role2);
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doRemoveRoles(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        RoleMap roleMap = getRoleMap(RoleType.fromString(str));
        for (String str3 : str2.split(",")) {
            Role role = roleMap.getRole(str3);
            if (role != null) {
                roleMap.removeRole(role);
            }
        }
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    @Deprecated
    public void doAssignRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleType fromString = RoleType.fromString(str);
        Role role = getRoleMap(fromString).getRole(str2);
        if (role != null) {
            assignRole(fromString, role, new PermissionEntry(AuthorizationType.EITHER, str3));
        }
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAssignUserRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleType fromString = RoleType.fromString(str);
        Role role = getRoleMap(fromString).getRole(str2);
        if (role != null) {
            assignRole(fromString, role, new PermissionEntry(AuthorizationType.USER, str3));
        }
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doAssignGroupRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleType fromString = RoleType.fromString(str);
        Role role = getRoleMap(fromString).getRole(str2);
        if (role != null) {
            assignRole(fromString, role, new PermissionEntry(AuthorizationType.GROUP, str3));
        }
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doDeleteSid(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        getRoleMap(RoleType.fromString(str)).deleteSids(new PermissionEntry(AuthorizationType.EITHER, str2));
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doDeleteUser(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        getRoleMap(RoleType.fromString(str)).deleteSids(new PermissionEntry(AuthorizationType.USER, str2));
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doDeleteGroup(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        getRoleMap(RoleType.fromString(str)).deleteSids(new PermissionEntry(AuthorizationType.GROUP, str2));
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doUnassignRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleMap roleMap = getRoleMap(RoleType.fromString(str));
        Role role = roleMap.getRole(str2);
        if (role != null) {
            roleMap.deleteRoleSid(new PermissionEntry(AuthorizationType.EITHER, str3), role.getName());
        }
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doUnassignUserRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleMap roleMap = getRoleMap(RoleType.fromString(str));
        Role role = roleMap.getRole(str2);
        if (role != null) {
            roleMap.deleteRoleSid(new PermissionEntry(AuthorizationType.USER, str3), role.getName());
        }
        persistChanges();
    }

    @RequirePOST
    @Restricted({NoExternalUse.class})
    public void doUnassignGroupRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2, @QueryParameter(required = true) String str3) throws IOException {
        checkAdminPerm();
        RoleMap roleMap = getRoleMap(RoleType.fromString(str));
        Role role = roleMap.getRole(str2);
        if (role != null) {
            roleMap.deleteRoleSid(new PermissionEntry(AuthorizationType.GROUP, str3), role.getName());
        }
        persistChanges();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetRole(@QueryParameter(required = true) String str, @QueryParameter(required = true) String str2) throws IOException {
        checkAdminPerm();
        JSONObject jSONObject = new JSONObject();
        RoleMap roleMap = getRoleMap(RoleType.fromString(str));
        Role role = roleMap.getRole(str2);
        if (role != null) {
            Set<Permission> permissions = role.getPermissions();
            HashMap hashMap = new HashMap();
            for (Permission permission : permissions) {
                hashMap.put(permission.getId(), Boolean.valueOf(permission.getEnabled()));
            }
            jSONObject.put("permissionIds", hashMap);
            if (!str.equals(GLOBAL)) {
                jSONObject.put("pattern", role.getPattern().pattern());
            }
            jSONObject.put("sids", roleMap.getGrantedRolesEntries().get(role));
        }
        Stapler.getCurrentResponse().setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = Stapler.getCurrentResponse().getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetAllRoles(@QueryParameter(fixEmpty = true) String str) throws IOException {
        checkAdminPerm();
        JSONObject jSONObject = new JSONObject();
        RoleMap roleMap = getRoleMap(RoleType.Global);
        if (str != null) {
            roleMap = getRoleMap(RoleType.fromString(str));
        }
        for (Map.Entry<Role, Set<PermissionEntry>> entry : roleMap.getGrantedRolesEntries().entrySet()) {
            jSONObject.put(entry.getKey().getName(), entry.getValue());
        }
        Stapler.getCurrentResponse().setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = Stapler.getCurrentResponse().getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetMatchingJobs(@QueryParameter(required = true) String str, @QueryParameter int i) throws IOException {
        checkAdminPerm();
        ArrayList arrayList = new ArrayList();
        int matchingItemNames = RoleMap.getMatchingItemNames(arrayList, Pattern.compile(str), i);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("matchingJobs", arrayList);
        jSONObject.put("itemCount", Integer.valueOf(matchingItemNames));
        StaplerResponse currentResponse = Stapler.getCurrentResponse();
        currentResponse.setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = currentResponse.getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @Restricted({NoExternalUse.class})
    @GET
    public void doGetMatchingAgents(@QueryParameter(required = true) String str, @QueryParameter int i) throws IOException {
        checkAdminPerm();
        ArrayList arrayList = new ArrayList();
        int matchingAgentNames = RoleMap.getMatchingAgentNames(arrayList, Pattern.compile(str), i);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("matchingAgents", arrayList);
        jSONObject.put("agentCount", Integer.valueOf(matchingAgentNames));
        StaplerResponse currentResponse = Stapler.getCurrentResponse();
        currentResponse.setContentType("application/json;charset=UTF-8");
        Writer compressedWriter = currentResponse.getCompressedWriter(Stapler.getCurrentRequest());
        jSONObject.write(compressedWriter);
        compressedWriter.close();
    }

    @Restricted({NoExternalUse.class})
    public void validateConfig() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(getSidEntries(GLOBAL));
        arrayList.addAll(getSidEntries(SLAVE));
        arrayList.addAll(getSidEntries(PROJECT));
        AmbiguousSidsAdminMonitor.get().updateEntries(arrayList);
    }

    @Initializer(after = InitMilestone.SYSTEM_CONFIG_LOADED)
    public static void init() {
        AuthorizationStrategy authorizationStrategy = instance().getAuthorizationStrategy();
        if (authorizationStrategy instanceof RoleBasedAuthorizationStrategy) {
            ((RoleBasedAuthorizationStrategy) authorizationStrategy).validateConfig();
        }
    }

    @CheckForNull
    public static RoleBasedAuthorizationStrategy getInstance() {
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        AuthorizationStrategy authorizationStrategy = instanceOrNull != null ? instanceOrNull.getAuthorizationStrategy() : null;
        if (authorizationStrategy instanceof RoleBasedAuthorizationStrategy) {
            return (RoleBasedAuthorizationStrategy) authorizationStrategy;
        }
        return null;
    }

    @Deprecated
    public static boolean isCreateAllowed() {
        return true;
    }
}
