package hudson.security;

import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.Functions;
import hudson.diagnosis.OldDataMonitor;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.View;
import hudson.util.FormValidation;
import hudson.util.RobustReflectionConverter;
import hudson.util.VersionNumber;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import net.sf.json.JSONObject;
import org.eclipse.hudson.security.HudsonSecurityEntitiesHolder;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.dao.DataAccessException;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:WEB-INF/lib/hudson-core-3.2.2.jar:hudson/security/GlobalMatrixAuthorizationStrategy.class */
public class GlobalMatrixAuthorizationStrategy extends AuthorizationStrategy {
    private transient SidACL acl = new AclImpl();
    private final Map<Permission, Set<String>> grantedPermissions = new HashMap();
    private final Set<String> sids = new HashSet();

    @Extension
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();

    /* loaded from: input_file:WEB-INF/lib/hudson-core-3.2.2.jar:hudson/security/GlobalMatrixAuthorizationStrategy$AclImpl.class */
    private final class AclImpl extends SidACL {
        private AclImpl() {
        }

        @Override // hudson.security.SidACL
        protected Boolean hasPermission(Sid sid, Permission permission) {
            return GlobalMatrixAuthorizationStrategy.this.hasPermission(toString(sid), permission) ? true : null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hudson-core-3.2.2.jar:hudson/security/GlobalMatrixAuthorizationStrategy$ConverterImpl.class */
    public static class ConverterImpl implements Converter {
        @Override // com.thoughtworks.xstream.converters.ConverterMatcher
        public boolean canConvert(Class cls) {
            return cls == GlobalMatrixAuthorizationStrategy.class;
        }

        @Override // com.thoughtworks.xstream.converters.Converter
        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            TreeMap treeMap = new TreeMap(Permission.ID_COMPARATOR);
            treeMap.putAll(((GlobalMatrixAuthorizationStrategy) obj).grantedPermissions);
            for (Map.Entry entry : treeMap.entrySet()) {
                String id = ((Permission) entry.getKey()).getId();
                ArrayList<String> arrayList = new ArrayList((Collection) entry.getValue());
                Collections.sort(arrayList);
                for (String str : arrayList) {
                    hierarchicalStreamWriter.startNode("permission");
                    hierarchicalStreamWriter.setValue(id + ':' + str);
                    hierarchicalStreamWriter.endNode();
                }
            }
        }

        @Override // com.thoughtworks.xstream.converters.Converter
        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            GlobalMatrixAuthorizationStrategy create = create();
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                try {
                    create.add(hierarchicalStreamReader.getValue());
                } catch (IllegalArgumentException e) {
                    Logger.getLogger(GlobalMatrixAuthorizationStrategy.class.getName()).log(Level.WARNING, "Skipping a non-existent permission", (Throwable) e);
                    RobustReflectionConverter.addErrorInContext(unmarshallingContext, e);
                }
                hierarchicalStreamReader.moveUp();
            }
            if (GlobalMatrixAuthorizationStrategy.migrateHudson2324(create.grantedPermissions)) {
                OldDataMonitor.report(unmarshallingContext, "1.301");
            }
            return create;
        }

        protected GlobalMatrixAuthorizationStrategy create() {
            return new GlobalMatrixAuthorizationStrategy();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hudson-core-3.2.2.jar:hudson/security/GlobalMatrixAuthorizationStrategy$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<AuthorizationStrategy> {
        protected DescriptorImpl(Class<? extends GlobalMatrixAuthorizationStrategy> cls) {
            super(cls);
        }

        public DescriptorImpl() {
        }

        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return Messages.GlobalMatrixAuthorizationStrategy_DisplayName();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // hudson.model.Descriptor
        /* renamed from: newInstance */
        public AuthorizationStrategy newInstance2(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            GlobalMatrixAuthorizationStrategy create = create();
            for (Map.Entry entry : jSONObject.getJSONObject("data").entrySet()) {
                String str = (String) entry.getKey();
                for (Map.Entry entry2 : ((JSONObject) entry.getValue()).entrySet()) {
                    if (((Boolean) entry2.getValue()).booleanValue()) {
                        create.add(Permission.fromId((String) entry2.getKey()), str);
                    }
                }
            }
            return create;
        }

        protected GlobalMatrixAuthorizationStrategy create() {
            return new GlobalMatrixAuthorizationStrategy();
        }

        public List<PermissionGroup> getAllGroups() {
            ArrayList arrayList = new ArrayList(PermissionGroup.getAll());
            arrayList.remove(PermissionGroup.get(Permission.class));
            return arrayList;
        }

        public boolean showPermission(Permission permission) {
            if (permission == Computer.READ || permission == Computer.CREATE || permission == View.READ) {
                return false;
            }
            return permission.getEnabled();
        }

        public FormValidation doCheckName(@QueryParameter String str) throws IOException, ServletException {
            return doCheckName(str, Hudson.getInstance(), Hudson.ADMINISTER);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public FormValidation doCheckName(String str, AccessControlled accessControlled, Permission permission) throws IOException, ServletException {
            if (!accessControlled.hasPermission(permission)) {
                return FormValidation.ok();
            }
            String substring = str.substring(1, str.length() - 1);
            SecurityRealm securityRealm = HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getSecurityRealm();
            String escape = Functions.escape(substring);
            if (substring.equals("authenticated")) {
                return FormValidation.respond(FormValidation.Kind.OK, makeImg("user.png") + escape);
            }
            try {
                securityRealm.loadUserByUsername(substring);
                return FormValidation.respond(FormValidation.Kind.OK, makeImg("person.png") + escape);
            } catch (UserMayOrMayNotExistException e) {
                return FormValidation.respond(FormValidation.Kind.OK, escape);
            } catch (DataAccessException e2) {
                try {
                    securityRealm.loadGroupByGroupname(substring);
                    return FormValidation.respond(FormValidation.Kind.OK, makeImg("user.png") + escape);
                } catch (UserMayOrMayNotExistException e3) {
                    return FormValidation.respond(FormValidation.Kind.OK, escape);
                } catch (DataAccessException e4) {
                    return FormValidation.respond(FormValidation.Kind.ERROR, makeImg("error.png") + escape);
                } catch (UsernameNotFoundException e5) {
                    return FormValidation.respond(FormValidation.Kind.ERROR, makeImg("error.png") + escape);
                }
            } catch (UsernameNotFoundException e6) {
                securityRealm.loadGroupByGroupname(substring);
                return FormValidation.respond(FormValidation.Kind.OK, makeImg("user.png") + escape);
            }
        }

        private String makeImg(String str) {
            return String.format("<img src='%s%s/images/16x16/%s' style='margin-right:0.2em'>", Stapler.getCurrentRequest().getContextPath(), Hudson.RESOURCE_PATH, str);
        }
    }

    public void add(Permission permission, String str) {
        if (permission == null) {
            throw new IllegalArgumentException();
        }
        Set<String> set = this.grantedPermissions.get(permission);
        if (set == null) {
            Map<Permission, Set<String>> map = this.grantedPermissions;
            HashSet hashSet = new HashSet();
            set = hashSet;
            map.put(permission, hashSet);
        }
        set.add(str);
        this.sids.add(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void add(String str) {
        int indexOf = str.indexOf(58);
        Permission fromId = Permission.fromId(str.substring(0, indexOf));
        if (fromId != null) {
            add(fromId, str.substring(indexOf + 1));
        } else if (Hudson.getInstance() != null) {
            throw new IllegalArgumentException("Failed to parse '" + str + "' --- no such permission");
        }
    }

    @Override // hudson.security.AuthorizationStrategy
    public SidACL getRootACL() {
        return this.acl;
    }

    @Override // hudson.security.AuthorizationStrategy
    public Set<String> getGroups() {
        return this.sids;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean migrateHudson2324(Map<Permission, Set<String>> map) {
        Set<String> set;
        boolean z = false;
        if (Hudson.getInstance() == null) {
            return false;
        }
        if (Hudson.getInstance().isUpgradedFromBefore(new VersionNumber("1.300.*")) && (set = map.get(Hudson.READ)) != null) {
            Set<String> set2 = map.get(Item.READ);
            if (set2 != null) {
                z = set2.addAll(set);
            } else {
                set2 = new HashSet(set);
                z = true;
            }
            map.put(Item.READ, set2);
        }
        return z;
    }

    public boolean hasPermission(String str, Permission permission) {
        while (permission != null) {
            Set<String> set = this.grantedPermissions.get(permission);
            if (set != null && set.contains(str) && permission.getEnabled()) {
                return true;
            }
            permission = permission.impliedBy;
        }
        return false;
    }

    public boolean hasExplicitPermission(String str, Permission permission) {
        Set<String> set = this.grantedPermissions.get(permission);
        return set != null && set.contains(str) && permission.getEnabled();
    }

    public List<String> getAllSIDs() {
        HashSet hashSet = new HashSet();
        Iterator<Set<String>> it = this.grantedPermissions.values().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next());
        }
        hashSet.remove("anonymous");
        String[] strArr = (String[]) hashSet.toArray(new String[hashSet.size()]);
        Arrays.sort(strArr);
        return Arrays.asList(strArr);
    }
}
