package io.jenkins.plugins.folderauth;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import hudson.Extension;
import hudson.model.AbstractItem;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Job;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.SidACL;
import io.jenkins.plugins.folderauth.acls.GenericAclImpl;
import io.jenkins.plugins.folderauth.acls.GlobalAclImpl;
import io.jenkins.plugins.folderauth.misc.PermissionWrapper;
import io.jenkins.plugins.folderauth.roles.AbstractRole;
import io.jenkins.plugins.folderauth.roles.AgentRole;
import io.jenkins.plugins.folderauth.roles.FolderRole;
import io.jenkins.plugins.folderauth.roles.GlobalRole;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.ParametersAreNonnullByDefault;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.StaplerRequest;

@ParametersAreNonnullByDefault
/* loaded from: input_file:io/jenkins/plugins/folderauth/FolderBasedAuthorizationStrategy.class */
public class FolderBasedAuthorizationStrategy extends AuthorizationStrategy {
    private static final String ADMIN_ROLE_NAME = "admin";
    private static final String FOLDER_SEPARATOR = "/";
    private final Set<AgentRole> agentRoles;
    private final Set<GlobalRole> globalRoles;
    private final Set<FolderRole> folderRoles;
    private transient GlobalAclImpl globalAcl;
    private transient ConcurrentHashMap<String, GenericAclImpl> jobAcls;
    private transient ConcurrentHashMap<String, GenericAclImpl> agentAcls;
    private transient Cache<String, SidACL> jobAclCache;

    @Extension
    /* loaded from: input_file:io/jenkins/plugins/folderauth/FolderBasedAuthorizationStrategy$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
        @Nonnull
        public String getDisplayName() {
            return Messages.FolderBasedAuthorizationStrategy_DisplayName();
        }

        @Nonnull
        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public FolderBasedAuthorizationStrategy m5newInstance(@Nullable StaplerRequest staplerRequest, @Nonnull JSONObject jSONObject) {
            AuthorizationStrategy authorizationStrategy = Jenkins.get().getAuthorizationStrategy();
            if (authorizationStrategy instanceof FolderBasedAuthorizationStrategy) {
                return (FolderBasedAuthorizationStrategy) authorizationStrategy;
            }
            HashSet hashSet = new HashSet(PermissionGroup.getAll());
            hashSet.remove(PermissionGroup.get(Permission.class));
            return new FolderBasedAuthorizationStrategy(Collections.singleton(new GlobalRole(FolderBasedAuthorizationStrategy.ADMIN_ROLE_NAME, PermissionWrapper.wrapPermissions(FolderAuthorizationStrategyManagementLink.getSafePermissions(hashSet)), Collections.singleton(new PrincipalSid(Jenkins.getAuthentication()).getPrincipal()))), Collections.emptySet(), Collections.emptySet());
        }
    }

    @DataBoundConstructor
    public FolderBasedAuthorizationStrategy(Set<GlobalRole> set, Set<FolderRole> set2, Set<AgentRole> set3) {
        this.agentRoles = new HashSet(set3);
        this.globalRoles = new HashSet(set);
        this.folderRoles = new HashSet(set2);
        init();
    }

    private void updateJobAcls() {
        this.jobAcls.clear();
        Iterator<FolderRole> it = this.folderRoles.iterator();
        while (it.hasNext()) {
            updateAclForFolderRole(it.next());
        }
    }

    private synchronized void updateAgentAcls() {
        this.agentAcls.clear();
        Iterator<AgentRole> it = this.agentRoles.iterator();
        while (it.hasNext()) {
            updateAclForAgentRole(it.next());
        }
    }

    @Nonnull
    /* renamed from: getRootACL, reason: merged with bridge method [inline-methods] */
    public GlobalAclImpl m4getRootACL() {
        return this.globalAcl;
    }

    @Nonnull
    private FolderBasedAuthorizationStrategy readResolve() {
        init();
        return this;
    }

    @Nonnull
    public SidACL getACL(Job<?, ?> job) {
        return m2getACL((AbstractItem) job);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v32, types: [hudson.security.SidACL] */
    @Nonnull
    /* renamed from: getACL, reason: merged with bridge method [inline-methods] */
    public SidACL m2getACL(AbstractItem abstractItem) {
        String fullName = abstractItem.getFullName();
        SidACL sidACL = (SidACL) this.jobAclCache.getIfPresent(fullName);
        if (sidACL != null) {
            return sidACL;
        }
        String[] split = fullName.split(FOLDER_SEPARATOR);
        StringBuilder sb = new StringBuilder(fullName.length());
        GlobalAclImpl globalAclImpl = this.globalAcl;
        for (String str : split) {
            sb.append(str);
            GenericAclImpl genericAclImpl = this.jobAcls.get(sb.toString());
            if (genericAclImpl != null) {
                globalAclImpl = globalAclImpl.newInheritingACL(genericAclImpl);
            }
            sb.append(FOLDER_SEPARATOR);
        }
        this.jobAclCache.put(fullName, globalAclImpl);
        return globalAclImpl;
    }

    @Nonnull
    /* renamed from: getACL, reason: merged with bridge method [inline-methods] */
    public SidACL m1getACL(@Nonnull Computer computer) {
        GenericAclImpl genericAclImpl = this.agentAcls.get(computer.getName());
        return genericAclImpl == null ? this.globalAcl : this.globalAcl.newInheritingACL(genericAclImpl);
    }

    @Nonnull
    public Collection<String> getGroups() {
        ConcurrentHashMap.KeySetView newKeySet = ConcurrentHashMap.newKeySet();
        Stream map = ((Stream) this.agentRoles.stream().parallel()).map((v0) -> {
            return v0.getSids();
        });
        Objects.requireNonNull(newKeySet);
        map.forEach((v1) -> {
            r1.addAll(v1);
        });
        Stream map2 = ((Stream) this.globalRoles.stream().parallel()).map((v0) -> {
            return v0.getSids();
        });
        Objects.requireNonNull(newKeySet);
        map2.forEach((v1) -> {
            r1.addAll(v1);
        });
        Stream map3 = ((Stream) this.folderRoles.stream().parallel()).map((v0) -> {
            return v0.getSids();
        });
        Objects.requireNonNull(newKeySet);
        map3.forEach((v1) -> {
            r1.addAll(v1);
        });
        return Collections.unmodifiableCollection(newKeySet);
    }

    @Nonnull
    public Set<GlobalRole> getGlobalRoles() {
        return Collections.unmodifiableSet(this.globalRoles);
    }

    @Nonnull
    public Set<AgentRole> getAgentRoles() {
        return Collections.unmodifiableSet(this.agentRoles);
    }

    @Nonnull
    public Set<FolderRole> getFolderRoles() {
        return Collections.unmodifiableSet(this.folderRoles);
    }

    private void updateAclForFolderRole(FolderRole folderRole) {
        Iterator<String> it = folderRole.getFolderNames().iterator();
        while (it.hasNext()) {
            updateGenericAcl(it.next(), this.jobAcls, folderRole);
        }
    }

    private void updateAclForAgentRole(AgentRole agentRole) {
        Iterator<String> it = agentRole.getAgents().iterator();
        while (it.hasNext()) {
            updateGenericAcl(it.next(), this.agentAcls, agentRole);
        }
    }

    private void updateGenericAcl(String str, ConcurrentHashMap<String, GenericAclImpl> concurrentHashMap, AbstractRole abstractRole) {
        GenericAclImpl genericAclImpl = concurrentHashMap.get(str);
        if (genericAclImpl == null) {
            genericAclImpl = new GenericAclImpl();
        }
        genericAclImpl.assignPermissions(abstractRole.getSids(), (Set) abstractRole.getPermissionsUnsorted().stream().map((v0) -> {
            return v0.getPermission();
        }).collect(Collectors.toSet()));
        concurrentHashMap.put(str, genericAclImpl);
    }

    private void init() {
        this.jobAcls = new ConcurrentHashMap<>();
        this.agentAcls = new ConcurrentHashMap<>();
        this.jobAclCache = CacheBuilder.newBuilder().expireAfterWrite(1L, TimeUnit.HOURS).maximumSize(2048L).build();
        this.globalAcl = new GlobalAclImpl(this.globalRoles);
        updateJobAcls();
        updateAgentAcls();
    }

    @Nonnull
    /* renamed from: getACL, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ ACL m3getACL(Job job) {
        return getACL((Job<?, ?>) job);
    }
}
