package org.jenkinsci.plugins.matrixauth;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Node;
import hudson.model.User;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionScope;
import hudson.security.ProjectMatrixAuthorizationStrategy;
import hudson.security.SidACL;
import hudson.slaves.NodeProperty;
import hudson.slaves.NodePropertyDescriptor;
import hudson.util.FormValidation;
import io.jenkins.plugins.casc.Attribute;
import io.jenkins.plugins.casc.BaseConfigurator;
import io.jenkins.plugins.casc.ConfigurationContext;
import io.jenkins.plugins.casc.ConfiguratorException;
import io.jenkins.plugins.casc.impl.attributes.DescribableAttribute;
import io.jenkins.plugins.casc.impl.attributes.MultivaluedAttribute;
import io.jenkins.plugins.casc.model.Mapping;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.model.NodeListener;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.jenkinsci.plugins.matrixauth.inheritance.InheritGlobalStrategy;
import org.jenkinsci.plugins.matrixauth.inheritance.InheritanceStrategy;
import org.jenkinsci.plugins.matrixauth.integrations.casc.MatrixAuthorizationStrategyConfigurator;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationMatrixNodeProperty.class */
public class AuthorizationMatrixNodeProperty extends NodeProperty<Node> implements AuthorizationProperty {
    private final transient SidACL acl;
    private final Map<Permission, Set<String>> grantedPermissions;
    private final Set<String> sids;

    @Deprecated
    private transient Boolean blocksInheritance;
    private InheritanceStrategy inheritanceStrategy;
    private static final Logger LOGGER = Logger.getLogger(AuthorizationMatrixNodeProperty.class.getName());

    /* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationMatrixNodeProperty$AclImpl.class */
    private final class AclImpl extends SidACL {
        private AclImpl() {
        }

        @CheckForNull
        @SuppressFBWarnings(value = {"NP_BOOLEAN_RETURN_NULL"}, justification = "As designed, implements a third state for the ternary logic")
        protected Boolean hasPermission(Sid sid, Permission permission) {
            return AuthorizationMatrixNodeProperty.this.hasPermission(toString(sid), permission, sid instanceof PrincipalSid) ? true : null;
        }
    }

    @Extension(optional = true)
    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationMatrixNodeProperty$Configurator.class */
    public static class Configurator extends BaseConfigurator<AuthorizationMatrixNodeProperty> {
        public Class<AuthorizationMatrixNodeProperty> getTarget() {
            return AuthorizationMatrixNodeProperty.class;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: instance, reason: merged with bridge method [inline-methods] */
        public AuthorizationMatrixNodeProperty m11instance(Mapping mapping, ConfigurationContext configurationContext) throws ConfiguratorException {
            return new AuthorizationMatrixNodeProperty();
        }

        @Nonnull
        public Set<Attribute<AuthorizationMatrixNodeProperty, ?>> describe() {
            return new HashSet(Arrays.asList(new MultivaluedAttribute("permissions", String.class).getter((v0) -> {
                return MatrixAuthorizationStrategyConfigurator.getGrantedPermissions(v0);
            }).setter((v0, v1) -> {
                MatrixAuthorizationStrategyConfigurator.setGrantedPermissions(v0, v1);
            }), new DescribableAttribute("inheritanceStrategy", InheritanceStrategy.class)));
        }
    }

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationMatrixNodeProperty$ConverterImpl.class */
    public static final class ConverterImpl extends AbstractAuthorizationPropertyConverter<AuthorizationMatrixNodeProperty> {
        @Override // org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter, org.jenkinsci.plugins.matrixauth.AbstractAuthorizationContainerConverter
        public boolean canConvert(Class cls) {
            return cls == AuthorizationMatrixNodeProperty.class;
        }

        @Override // org.jenkinsci.plugins.matrixauth.AbstractAuthorizationPropertyConverter, org.jenkinsci.plugins.matrixauth.AbstractAuthorizationContainerConverter
        public AuthorizationMatrixNodeProperty create() {
            return new AuthorizationMatrixNodeProperty();
        }
    }

    @Extension
    /* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationMatrixNodeProperty$DescriptorImpl.class */
    public static class DescriptorImpl extends NodePropertyDescriptor implements AuthorizationPropertyDescriptor<AuthorizationMatrixNodeProperty> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jenkinsci.plugins.matrixauth.AuthorizationPropertyDescriptor
        @Restricted({NoExternalUse.class})
        public AuthorizationMatrixNodeProperty create() {
            return new AuthorizationMatrixNodeProperty();
        }

        @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainerDescriptor
        @Restricted({NoExternalUse.class})
        public PermissionScope getPermissionScope() {
            return PermissionScope.COMPUTER;
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public AuthorizationMatrixNodeProperty m12newInstance(StaplerRequest staplerRequest, @Nonnull JSONObject jSONObject) throws Descriptor.FormException {
            return createNewInstance(staplerRequest, jSONObject, false);
        }

        public boolean isApplicable(Class<? extends Node> cls) {
            return Node.class.isAssignableFrom(cls) && isApplicable();
        }

        @Nonnull
        public String getDisplayName() {
            return Messages.AuthorizationMatrixNodeProperty_DisplayName();
        }

        @Restricted({DoNotUse.class})
        public FormValidation doCheckName(@AncestorInPath Computer computer, @QueryParameter String str) {
            return doCheckName_(str, computer == null ? Jenkins.getInstance() : computer, computer == null ? Jenkins.ADMINISTER : Computer.CONFIGURE);
        }
    }

    @Extension
    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationMatrixNodeProperty$NodeListenerImpl.class */
    public static class NodeListenerImpl extends NodeListener {
        protected void onCreated(@Nonnull Node node) {
            AuthorizationStrategy authorizationStrategy = Jenkins.getInstance().getAuthorizationStrategy();
            if (authorizationStrategy instanceof ProjectMatrixAuthorizationStrategy) {
                ProjectMatrixAuthorizationStrategy projectMatrixAuthorizationStrategy = (ProjectMatrixAuthorizationStrategy) authorizationStrategy;
                AuthorizationMatrixNodeProperty authorizationMatrixNodeProperty = (AuthorizationMatrixNodeProperty) node.getNodeProperty(AuthorizationMatrixNodeProperty.class);
                if (authorizationMatrixNodeProperty == null) {
                    authorizationMatrixNodeProperty = new AuthorizationMatrixNodeProperty();
                }
                User current = User.current();
                String id = current == null ? "anonymous" : current.getId();
                if (!projectMatrixAuthorizationStrategy.getACL(node).hasPermission(Jenkins.getAuthentication(), Computer.CONFIGURE)) {
                    authorizationMatrixNodeProperty.add(Computer.CONFIGURE, id);
                }
                if (authorizationMatrixNodeProperty.getGrantedPermissions().size() > 0) {
                    try {
                        node.getNodeProperties().replace(authorizationMatrixNodeProperty);
                    } catch (IOException e) {
                        AuthorizationMatrixNodeProperty.LOGGER.log(Level.WARNING, "Failed to grant creator permissions on node " + node.getDisplayName(), (Throwable) e);
                    }
                }
            }
        }
    }

    private AuthorizationMatrixNodeProperty() {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.sids = new HashSet();
        this.inheritanceStrategy = new InheritGlobalStrategy();
    }

    public AuthorizationMatrixNodeProperty(Map<Permission, Set<String>> map) {
        this.acl = new AclImpl();
        this.grantedPermissions = new HashMap();
        this.sids = new HashSet();
        this.inheritanceStrategy = new InheritGlobalStrategy();
        for (Map.Entry<Permission, Set<String>> entry : map.entrySet()) {
            this.grantedPermissions.put(entry.getKey(), new HashSet(entry.getValue()));
        }
    }

    @Restricted({NoExternalUse.class})
    public Set<String> getGroups() {
        return new HashSet(this.sids);
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainer
    public Map<Permission, Set<String>> getGrantedPermissions() {
        return Collections.unmodifiableMap(this.grantedPermissions);
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationProperty
    public void setInheritanceStrategy(InheritanceStrategy inheritanceStrategy) {
        this.inheritanceStrategy = inheritanceStrategy;
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationProperty
    public InheritanceStrategy getInheritanceStrategy() {
        return this.inheritanceStrategy;
    }

    @Override // org.jenkinsci.plugins.matrixauth.AuthorizationContainer
    public void add(Permission permission, String str) {
        Set<String> set = this.grantedPermissions.get(permission);
        if (set == null) {
            Map<Permission, Set<String>> map = this.grantedPermissions;
            HashSet hashSet = new HashSet();
            set = hashSet;
            map.put(permission, hashSet);
        }
        set.add(str);
        this.sids.add(str);
    }

    public SidACL getACL() {
        return this.acl;
    }
}
