package org.springframework.boot.actuate.autoconfigure;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.List;
import javax.servlet.Filter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.endpoint.Endpoint;
import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping;
import org.springframework.boot.actuate.properties.ManagementServerProperties;
import org.springframework.boot.actuate.properties.SecurityProperties;
import org.springframework.boot.actuate.web.ErrorController;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityConfigurer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.header.writers.HstsHeaderWriter;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;

@EnableConfigurationProperties
@Configuration
@ConditionalOnClass({EnableWebSecurity.class})
@ConditionalOnMissingBean({SecurityAutoConfiguration.class})
/* loaded from: input_file:org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.class */
public class SecurityAutoConfiguration {
    private static final String[] NO_PATHS = new String[0];

    @Order(2147483642)
    /* loaded from: input_file:org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration$ApplicationWebSecurityConfigurerAdapter.class */
    private static class ApplicationWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private SecurityProperties security;

        @Autowired
        private AuthenticationEventPublisher authenticationEventPublisher;

        private ApplicationWebSecurityConfigurerAdapter() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            if (this.security.isRequireSsl()) {
                ((ChannelSecurityConfigurer.RequiresChannelUrl) httpSecurity.requiresChannel().anyRequest()).requiresSecure();
            }
            String[] secureApplicationPaths = getSecureApplicationPaths();
            if (this.security.getBasic().isEnabled() && secureApplicationPaths.length > 0) {
                httpSecurity.exceptionHandling().authenticationEntryPoint(entryPoint());
                httpSecurity.requestMatchers().antMatchers(secureApplicationPaths);
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).hasRole(this.security.getUser().getRole()).and().httpBasic().and().anonymous().disable();
            }
            if (!this.security.isEnableCsrf()) {
                httpSecurity.csrf().disable();
            }
            httpSecurity.sessionManagement().sessionCreationPolicy(this.security.getSessions());
            SecurityAutoConfiguration.configureHeaders(httpSecurity.headers(), this.security.getHeaders());
        }

        private String[] getSecureApplicationPaths() {
            ArrayList arrayList = new ArrayList();
            String[] path = this.security.getBasic().getPath();
            int length = path.length;
            for (int i = 0; i < length; i++) {
                String str = path[i];
                String trim = str == null ? "" : str.trim();
                if (trim.equals("/**")) {
                    return new String[]{trim};
                }
                if (!trim.equals("")) {
                    arrayList.add(trim);
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        private AuthenticationEntryPoint entryPoint() {
            BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
            basicAuthenticationEntryPoint.setRealmName(this.security.getBasic().getRealm());
            return basicAuthenticationEntryPoint;
        }

        protected AuthenticationManager authenticationManager() throws Exception {
            ProviderManager authenticationManager = super.authenticationManager();
            if (authenticationManager instanceof ProviderManager) {
                authenticationManager.setAuthenticationEventPublisher(this.authenticationEventPublisher);
            }
            return authenticationManager;
        }
    }

    @ConditionalOnMissingBean({AuthenticationManager.class})
    @Configuration
    /* loaded from: input_file:org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration$AuthenticationManagerConfiguration.class */
    public static class AuthenticationManagerConfiguration {
        private static Log logger = LogFactory.getLog(AuthenticationManagerConfiguration.class);

        @Autowired
        private SecurityProperties security;

        @Bean
        public AuthenticationManager authenticationManager(ObjectPostProcessor<Object> objectPostProcessor) throws Exception {
            InMemoryUserDetailsManagerConfigurer inMemoryAuthentication = new AuthenticationManagerBuilder(objectPostProcessor).inMemoryAuthentication();
            SecurityProperties.User user = this.security.getUser();
            if (user.isDefaultPassword()) {
                logger.info("\n\nUsing default password for application endpoints: " + user.getPassword() + "\n\n");
            }
            LinkedHashSet linkedHashSet = new LinkedHashSet(Arrays.asList(this.security.getManagement().getRole(), user.getRole()));
            inMemoryAuthentication.withUser(user.getName()).password(user.getPassword()).roles((String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]));
            return (AuthenticationManager) inMemoryAuthentication.and().build();
        }
    }

    @EnableWebSecurity
    @Order(Integer.MIN_VALUE)
    /* loaded from: input_file:org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration$IgnoredPathsWebSecurityConfigurerAdapter.class */
    private static class IgnoredPathsWebSecurityConfigurerAdapter implements SecurityConfigurer<Filter, WebSecurity> {
        private static List<String> DEFAULT_IGNORED = Arrays.asList("/css/**", "/js/**", "/images/**", "/**/favicon.ico");

        @Autowired(required = false)
        private ErrorController errorController;

        @Autowired(required = false)
        private EndpointHandlerMapping endpointHandlerMapping;

        @Autowired
        private SecurityProperties security;

        private IgnoredPathsWebSecurityConfigurerAdapter() {
        }

        public void configure(WebSecurity webSecurity) throws Exception {
        }

        public void init(WebSecurity webSecurity) throws Exception {
            WebSecurity.IgnoredRequestConfigurer ignoring = webSecurity.ignoring();
            ignoring.antMatchers(SecurityAutoConfiguration.getEndpointPaths(this.endpointHandlerMapping, false));
            ArrayList arrayList = new ArrayList(this.security.getIgnored());
            if (!this.security.getManagement().isEnabled()) {
                arrayList.addAll(Arrays.asList(SecurityAutoConfiguration.getEndpointPaths(this.endpointHandlerMapping, true)));
            }
            if (arrayList.isEmpty()) {
                arrayList.addAll(DEFAULT_IGNORED);
            } else if (arrayList.contains("none")) {
                arrayList.remove("none");
            }
            if (this.errorController != null) {
                arrayList.add(this.errorController.getErrorPath());
            }
            ignoring.antMatchers((String[]) arrayList.toArray(new String[0]));
        }
    }

    @Order(2147483637)
    /* loaded from: input_file:org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter.class */
    private static class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private SecurityProperties security;

        @Autowired
        private ManagementServerProperties management;

        @Autowired(required = false)
        private EndpointHandlerMapping endpointHandlerMapping;

        private ManagementWebSecurityConfigurerAdapter() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            String[] endpointPaths = SecurityAutoConfiguration.getEndpointPaths(this.endpointHandlerMapping, true);
            if (endpointPaths.length <= 0 || !this.security.getManagement().isEnabled()) {
                return;
            }
            if (this.security.isRequireSsl()) {
                ((ChannelSecurityConfigurer.RequiresChannelUrl) httpSecurity.requiresChannel().anyRequest()).requiresSecure();
            }
            httpSecurity.exceptionHandling().authenticationEntryPoint(entryPoint());
            httpSecurity.requestMatchers().antMatchers(endpointPaths);
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).hasRole(this.security.getManagement().getRole()).and().httpBasic().and().anonymous().disable();
            httpSecurity.csrf().disable();
            httpSecurity.sessionManagement().sessionCreationPolicy(this.security.getManagement().getSessions());
            SecurityAutoConfiguration.configureHeaders(httpSecurity.headers(), this.security.getHeaders());
        }

        private AuthenticationEntryPoint entryPoint() {
            BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
            basicAuthenticationEntryPoint.setRealmName(this.security.getBasic().getRealm());
            return basicAuthenticationEntryPoint;
        }
    }

    @ConditionalOnMissingBean
    @Bean(name = {"org.springframework.actuate.properties.SecurityProperties"})
    public SecurityProperties securityProperties() {
        return new SecurityProperties();
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthenticationEventPublisher authenticationEventPublisher() {
        return new DefaultAuthenticationEventPublisher();
    }

    @ConditionalOnMissingBean({ApplicationWebSecurityConfigurerAdapter.class})
    @Bean
    @ConditionalOnExpression("${security.basic.enabled:true}")
    public WebSecurityConfigurerAdapter applicationWebSecurityConfigurerAdapter() {
        return new ApplicationWebSecurityConfigurerAdapter();
    }

    @ConditionalOnMissingBean({ManagementWebSecurityConfigurerAdapter.class})
    @Bean
    @ConditionalOnExpression("${security.management.enabled:true}")
    public WebSecurityConfigurerAdapter managementWebSecurityConfigurerAdapter() {
        return new ManagementWebSecurityConfigurerAdapter();
    }

    @ConditionalOnMissingBean({IgnoredPathsWebSecurityConfigurerAdapter.class})
    @Bean
    public SecurityConfigurer<Filter, WebSecurity> ignoredPathsWebSecurityConfigurerAdapter() {
        return new IgnoredPathsWebSecurityConfigurerAdapter();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] getEndpointPaths(EndpointHandlerMapping endpointHandlerMapping, boolean z) {
        if (endpointHandlerMapping == null) {
            return NO_PATHS;
        }
        List<Endpoint<?>> endpoints = endpointHandlerMapping.getEndpoints();
        ArrayList arrayList = new ArrayList(endpoints.size());
        for (Endpoint<?> endpoint : endpoints) {
            if (endpoint.isSensitive() == z) {
                arrayList.add(endpoint.getPath());
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void configureHeaders(HeadersConfigurer<?> headersConfigurer, SecurityProperties.Headers headers) throws Exception {
        if (headers.getHsts() != SecurityProperties.Headers.HSTS.none) {
            HstsHeaderWriter hstsHeaderWriter = new HstsHeaderWriter(headers.getHsts() == SecurityProperties.Headers.HSTS.all);
            hstsHeaderWriter.setRequestMatcher(AnyRequestMatcher.INSTANCE);
            headersConfigurer.addHeaderWriter(hstsHeaderWriter);
        }
        if (headers.isContentType()) {
            headersConfigurer.contentTypeOptions();
        }
        if (headers.isXss()) {
            headersConfigurer.xssProtection();
        }
        if (headers.isCache()) {
            headersConfigurer.cacheControl();
        }
        if (headers.isFrame()) {
            headersConfigurer.frameOptions();
        }
    }
}
