package org.jenkinsci.plugins.workflow.support.pickles.serialization;

import hudson.model.Action;
import hudson.model.Result;
import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
import org.jenkinsci.plugins.workflow.test.steps.SemaphoreStep;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.BuildWatcher;
import org.jvnet.hudson.test.For;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.RestartableJenkinsRule;

/* loaded from: input_file:org/jenkinsci/plugins/workflow/support/pickles/serialization/SerializationSecurityTest.class */
public class SerializationSecurityTest {

    @ClassRule
    public static BuildWatcher buildWatcher = new BuildWatcher();

    @Rule
    public RestartableJenkinsRule rr = new RestartableJenkinsRule();

    @Test
    @For({RiverWriter.class})
    public void writeObjectChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack {\n  @NonCPS private void writeObject(ObjectOutputStream out) {\n    Jenkins.instance.systemMessage = 'oops'\n  }\n}\ndef hack = new Hack()\nsleep 1\necho(/should not still have $hack/)", true));
            safe(jenkinsRule, (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get());
        });
    }

    @Test
    @For({RiverWriter.class})
    public void writeReplaceChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack {\n  @NonCPS private Object writeReplace() {\n    Jenkins.instance.systemMessage = 'oops'\n    this\n  }\n}\ndef hack = new Hack()\nsleep 1\necho(/should not still have $hack/)", true));
            safe(jenkinsRule, (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get());
        });
    }

    @Test
    @For({RiverWriter.class})
    public void writeExternalChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack implements Externalizable {\n  @NonCPS void writeExternal(ObjectOutput out) {\n    Jenkins.instance.systemMessage = 'oops'\n  }\n  @NonCPS void readExternal(ObjectInput inp) {}\n}\ndef hack = new Hack()\nsleep 1\necho(/should not still have $hack/)", true));
            safe(jenkinsRule, (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get());
        });
    }

    @Test
    @For({RiverReader.class})
    public void readObjectChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack {\n  @NonCPS private void readObject(ObjectInputStream inp) {\n    Jenkins.instance.systemMessage = 'oops'\n  }\n}\ndef hack = new Hack()\nsemaphore 'wait'\necho(/should not still have $hack/)", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.rr.then(jenkinsRule2 -> {
            SemaphoreStep.success("wait/1", null);
            safe(jenkinsRule2, jenkinsRule2.waitForCompletion(jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getBuildByNumber(1)));
        });
    }

    @Test
    @For({RiverReader.class})
    public void readResolveChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack {\n  @NonCPS private Object readResolve() {\n    Jenkins.instance.systemMessage = 'oops'\n  }\n}\ndef hack = new Hack()\nsemaphore 'wait'\necho(/should not still have $hack/)", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.rr.then(jenkinsRule2 -> {
            SemaphoreStep.success("wait/1", null);
            safe(jenkinsRule2, jenkinsRule2.waitForCompletion(jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getBuildByNumber(1)));
        });
    }

    @Test
    @For({RiverReader.class})
    public void readExternalChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack implements Externalizable {\n  @NonCPS void writeExternal(ObjectOutput out) {}\n  @NonCPS void readExternal(ObjectInput inp) {\n    Jenkins.instance.systemMessage = 'oops'\n  }\n}\ndef hack = new Hack()\nsemaphore 'wait'\necho(/should not still have $hack/)", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.rr.then(jenkinsRule2 -> {
            SemaphoreStep.success("wait/1", null);
            safe(jenkinsRule2, jenkinsRule2.waitForCompletion(jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getBuildByNumber(1)));
        });
    }

    @Test
    @For({RiverReader.class})
    public void externalizableNoArgConstructorChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack implements Externalizable {\n  Hack(boolean x) {}\n  Hack() {    Jenkins.instance.systemMessage = 'oops'\n  }\n  @NonCPS void writeExternal(ObjectOutput out) {}\n  @NonCPS void readExternal(ObjectInput inp) {}\n}\ndef hack = new Hack(true)\nsemaphore 'wait'\necho(/should not still have $hack/)", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.rr.then(jenkinsRule2 -> {
            SemaphoreStep.success("wait/1", null);
            safe(jenkinsRule2, jenkinsRule2.waitForCompletion(jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getBuildByNumber(1)));
        });
    }

    @Test
    @For({RiverReader.class})
    public void externalizableObjectInputConstructorChecksSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Hack implements Externalizable {\n  Hack() {}\n  Hack(ObjectInput inp) {    Jenkins.instance.systemMessage = 'oops'\n  }\n  @NonCPS void writeExternal(ObjectOutput out) {}\n  @NonCPS void readExternal(ObjectInput inp) {}\n}\ndef hack = new Hack()\nsemaphore 'wait'\necho(/should not still have $hack/)", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.rr.then(jenkinsRule2 -> {
            SemaphoreStep.success("wait/1", null);
            safe(jenkinsRule2, jenkinsRule2.waitForCompletion(jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getBuildByNumber(1)));
        });
    }

    @Test
    @Ignore("does not currently work (fails on `new Replacer`), since CpsWhitelist & GroovyClassLoaderWhitelist are not in .all()")
    public void harmlessCallsPassSandbox() {
        this.rr.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("class Fine {\n  @NonCPS private Object writeReplace() {\n    new Replacer()\n  }\n}\nclass Replacer {\n  @NonCPS private Object readResolve() {\n    'something safe'\n  }\n}\ndef fine = new Fine()\nsemaphore 'wait'\necho(/but we do have $fine/)", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.rr.then(jenkinsRule2 -> {
            SemaphoreStep.success("wait/1", null);
            jenkinsRule2.waitForMessage("but we do have something safe", jenkinsRule2.assertBuildStatusSuccess(jenkinsRule2.waitForCompletion(jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getBuildByNumber(1))));
        });
    }

    private static void safe(JenkinsRule jenkinsRule, WorkflowRun workflowRun) throws Exception {
        Assert.assertNull(jenkinsRule.jenkins.getSystemMessage());
        Assert.assertEquals(Result.FAILURE, workflowRun.getResult());
        jenkinsRule.waitForMessage("staticMethod jenkins.model.Jenkins getInstance", workflowRun);
        jenkinsRule.assertLogNotContains("should not still have", workflowRun);
    }
}
