package org.jenkinsci.plugins.matrixauth;

import hudson.Functions;
import hudson.Util;
import hudson.model.User;
import hudson.security.AccessControlled;
import hudson.security.AuthorizationStrategy;
import hudson.security.GlobalMatrixAuthorizationStrategy;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.PermissionScope;
import hudson.security.SecurityRealm;
import hudson.security.UserMayOrMayNotExistException;
import hudson.util.FormValidation;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.matrixauth.AuthorizationContainer;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:org/jenkinsci/plugins/matrixauth/AuthorizationContainerDescriptor.class */
public interface AuthorizationContainerDescriptor<T extends AuthorizationContainer> {
    PermissionScope getPermissionScope();

    @Restricted({DoNotUse.class})
    default String getDescription(Permission permission) {
        Permission permission2;
        String localizable = permission.description == null ? "" : permission.description.toString();
        Permission permission3 = permission.impliedBy;
        while (true) {
            permission2 = permission3;
            if (permission2 == null || permission2.group != PermissionGroup.get(Permission.class) || permission2.impliedBy == null) {
                break;
            }
            permission3 = permission2.impliedBy;
        }
        if (permission2 == null) {
            if (localizable.length() > 0) {
                localizable = localizable + "<br/><br/>";
            }
            localizable = localizable + Messages.GlobalMatrixAuthorizationStrategy_PermissionNotImpliedBy();
        } else if (permission2 != Jenkins.ADMINISTER) {
            if (localizable.length() > 0) {
                localizable = localizable + "<br/><br/>";
            }
            localizable = localizable + Messages.GlobalMatrixAuthorizationStrategy_PermissionImpliedBy(permission2.group.title, permission2.name);
        }
        return localizable;
    }

    @Restricted({DoNotUse.class})
    default List<PermissionGroup> getAllGroups() {
        ArrayList arrayList = new ArrayList();
        for (PermissionGroup permissionGroup : PermissionGroup.getAll()) {
            if (permissionGroup != PermissionGroup.get(Permission.class) && permissionGroup.hasPermissionContainedBy(getPermissionScope())) {
                Iterator it = permissionGroup.getPermissions().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((Permission) it.next()).getEnabled()) {
                        arrayList.add(permissionGroup);
                        break;
                    }
                }
            }
        }
        return arrayList;
    }

    @Restricted({DoNotUse.class})
    default boolean showPermission(Permission permission) {
        if (!permission.getEnabled() || !permission.isContainedBy(getPermissionScope())) {
            return false;
        }
        if (GlobalMatrixAuthorizationStrategy.ENABLE_DANGEROUS_PERMISSIONS || !GlobalMatrixAuthorizationStrategy.DANGEROUS_PERMISSIONS.contains(permission)) {
            return true;
        }
        AuthorizationStrategy authorizationStrategy = Jenkins.getInstance().getAuthorizationStrategy();
        if (authorizationStrategy instanceof GlobalMatrixAuthorizationStrategy) {
            return ((GlobalMatrixAuthorizationStrategy) authorizationStrategy).isAnyRelevantDangerousPermissionExplicitlyGranted();
        }
        return false;
    }

    @Restricted({NoExternalUse.class})
    default FormValidation doCheckName_(@Nonnull String str, @Nonnull AccessControlled accessControlled, @Nonnull Permission permission) {
        String substring = str.substring(1, str.length() - 1);
        String escape = Functions.escape(substring);
        if (!accessControlled.hasPermission(permission)) {
            return FormValidation.ok(escape);
        }
        SecurityRealm securityRealm = Jenkins.getInstance().getSecurityRealm();
        try {
            if (substring.equals("authenticated")) {
                return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("user.png", escape, "Group", false));
            }
            try {
                try {
                    securityRealm.loadUserByUsername(substring);
                    User user = User.get(substring);
                    return escape.equals(user.getFullName()) ? FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("person.png", escape, "User", false)) : FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("person.png", Util.escape(StringUtils.abbreviate(user.getFullName(), 50)), "User " + escape, false));
                } catch (UsernameNotFoundException | DataAccessException e) {
                    try {
                        securityRealm.loadGroupByGroupname(substring);
                        return FormValidation.respond(FormValidation.Kind.OK, ValidationUtil.formatUserGroupValidationResponse("user.png", escape, "Group", false));
                    } catch (UserMayOrMayNotExistException e2) {
                        return FormValidation.respond(FormValidation.Kind.OK, escape);
                    } catch (UsernameNotFoundException | DataAccessException e3) {
                        return FormValidation.respond(FormValidation.Kind.ERROR, ValidationUtil.formatNonExistentUserGroupValidationResponse(escape, "User or group not found"));
                    } catch (AuthenticationException e4) {
                        return FormValidation.error(e4, "Failed to test the validity of the group name " + substring);
                    }
                }
            } catch (UserMayOrMayNotExistException e5) {
                return FormValidation.respond(FormValidation.Kind.OK, escape);
            } catch (AuthenticationException e6) {
                return FormValidation.error(e6, "Failed to test the validity of the user name " + substring);
            }
        } catch (Exception e7) {
            return FormValidation.error(e7, escape);
        }
    }
}
