package com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.job;

import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.Messages;
import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.JobRestrictionDescriptor;
import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.util.GroupSelector;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.model.User;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.springframework.dao.DataAccessException;

@SuppressFBWarnings(value = {"SE_NO_SERIALVERSIONID"}, justification = "XStream does actually need serialization, the code needs refactoring in 1.0")
/* loaded from: input_file:WEB-INF/lib/job-restrictions.jar:com/synopsys/arc/jenkinsci/plugins/jobrestrictions/restrictions/job/StartedByMemberOfGroupRestriction.class */
public class StartedByMemberOfGroupRestriction extends AbstractUserCauseRestriction {
    private final List<GroupSelector> groupList;
    private transient Set<String> acceptedGroups;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/job-restrictions.jar:com/synopsys/arc/jenkinsci/plugins/jobrestrictions/restrictions/job/StartedByMemberOfGroupRestriction$DescriptorImpl.class */
    public static class DescriptorImpl extends JobRestrictionDescriptor {
        public String getDisplayName() {
            return Messages.restrictions_Job_StartedByMemberOfGroupRestriction_displayName();
        }
    }

    @DataBoundConstructor
    public StartedByMemberOfGroupRestriction(List<GroupSelector> list, boolean z) {
        super(z);
        this.acceptedGroups = null;
        this.groupList = list;
    }

    public List<GroupSelector> getGroupList() {
        return this.groupList;
    }

    @Nonnull
    private synchronized Set<String> getAcceptedGroups() {
        if (this.acceptedGroups == null) {
            List<GroupSelector> groupList = getGroupList();
            this.acceptedGroups = new HashSet(groupList.size());
            Iterator<GroupSelector> it = groupList.iterator();
            while (it.hasNext()) {
                this.acceptedGroups.add(it.next().getSelectedGroupId());
            }
        }
        return this.acceptedGroups;
    }

    @Override // com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.job.AbstractUserCauseRestriction
    protected boolean acceptsUser(@CheckForNull String str) {
        List<String> authorities;
        if (str == null || (authorities = getAuthorities(str)) == null) {
            return false;
        }
        Set<String> acceptedGroups = getAcceptedGroups();
        Iterator<String> it = authorities.iterator();
        while (it.hasNext()) {
            if (acceptedGroups.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    @CheckForNull
    private static List<String> getAuthorities(@Nonnull String str) {
        User byId = User.getById(str, false);
        if (byId == null) {
            return getAuthoritiesFromRealm(str);
        }
        List<String> authorities = byId.getAuthorities();
        return authorities.isEmpty() ? getAuthoritiesFromRealm(str) : authorities;
    }

    @CheckForNull
    private static List<String> getAuthoritiesFromRealm(@Nonnull String str) {
        UserDetails userDetails = null;
        try {
            userDetails = Jenkins.getInstance().getSecurityRealm().loadUserByUsername(str);
        } catch (DataAccessException | UsernameNotFoundException e) {
        }
        if (userDetails == null) {
            return null;
        }
        GrantedAuthority[] authorities = userDetails.getAuthorities();
        ArrayList arrayList = new ArrayList(authorities.length);
        for (GrantedAuthority grantedAuthority : authorities) {
            arrayList.add(grantedAuthority.getAuthority());
        }
        return arrayList;
    }
}
