package hudson.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/hudson-core-3.3.3.jar:hudson/security/SidACL.class */
public abstract class SidACL extends ACL {
    private static final Logger LOGGER = LoggerFactory.getLogger(SidACL.class);

    @Override // hudson.security.ACL
    public boolean hasPermission(Authentication authentication, Permission permission) {
        if (authentication == SYSTEM) {
            LOGGER.debug("hasPermission({},{})=>SYSTEM user has full access", authentication, permission);
            return true;
        }
        Boolean _hasPermission = _hasPermission(authentication, permission);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("hasPermission(" + authentication + StringArrayPropertyEditor.DEFAULT_SEPARATOR + permission + ")=>" + (_hasPermission == null ? "null, thus false" : _hasPermission));
        }
        if (_hasPermission == null) {
            _hasPermission = false;
        }
        return _hasPermission.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Boolean _hasPermission(Authentication authentication, Permission permission) {
        LOGGER.debug("Checking if principal {} has {}", authentication.getName(), permission);
        Boolean hasPermission = hasPermission(new PrincipalSid(authentication), permission);
        if (hasPermission != null) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("hasPermission(PrincipalSID:" + authentication.getPrincipal() + StringArrayPropertyEditor.DEFAULT_SEPARATOR + permission + ")=>" + hasPermission);
            }
            return hasPermission;
        }
        for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
            LOGGER.debug("Checking if principal's role {} has {}", grantedAuthority.getAuthority(), permission);
            Boolean hasPermission2 = hasPermission(new GrantedAuthoritySid(grantedAuthority), permission);
            if (hasPermission2 != null) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("hasPermission(GroupSID:" + grantedAuthority.getAuthority() + StringArrayPropertyEditor.DEFAULT_SEPARATOR + permission + ")=>" + hasPermission2);
                }
                return hasPermission2;
            }
        }
        for (Sid sid : AUTOMATIC_SIDS) {
            Boolean hasPermission3 = hasPermission(sid, permission);
            if (hasPermission3 != null) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("hasPermission(" + sid + StringArrayPropertyEditor.DEFAULT_SEPARATOR + permission + ")=>" + hasPermission3);
                }
                return hasPermission3;
            }
        }
        return null;
    }

    protected abstract Boolean hasPermission(Sid sid, Permission permission);

    /* JADX INFO: Access modifiers changed from: protected */
    public String toString(Sid sid) {
        return sid instanceof GrantedAuthoritySid ? ((GrantedAuthoritySid) sid).getGrantedAuthority() : sid instanceof PrincipalSid ? ((PrincipalSid) sid).getPrincipal() : sid == EVERYONE ? "role_everyone" : sid.toString();
    }

    public final SidACL newInheritingACL(final SidACL sidACL) {
        return new SidACL() { // from class: hudson.security.SidACL.1
            @Override // hudson.security.SidACL
            protected Boolean hasPermission(Sid sid, Permission permission) {
                Boolean hasPermission = this.hasPermission(sid, permission);
                return hasPermission != null ? hasPermission : sidACL.hasPermission(sid, permission);
            }
        };
    }
}
