package com.netflix.genie.web.security;

import com.netflix.genie.web.security.x509.X509UserDetailsService;
import javax.validation.constraints.NotNull;
import org.hibernate.validator.constraints.NotBlank;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.savedrequest.NullRequestCache;

/* loaded from: input_file:WEB-INF/lib/genie-web-3.3.4.jar:com/netflix/genie/web/security/SecurityUtils.class */
public final class SecurityUtils {
    private static final String ADMIN_ROLE = "ADMIN";
    private static final String USER_ROLE = "USER";
    private static final String APPLICATIONS_API_REGEX = "/api/.*/applications.*";
    private static final String CLUSTERS_API_REGEX = "/api/.*/clusters.*";
    private static final String COMMANDS_API_REGEX = "/api/.*/commands.*";

    protected SecurityUtils() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void buildAPIHttpSecurity(@NotNull HttpSecurity httpSecurity, @NotNull X509UserDetailsService x509UserDetailsService, @NotBlank String str) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.regexMatcher("(/api/.*)").authorizeRequests().regexMatchers(HttpMethod.DELETE, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.PATCH, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.POST, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.PUT, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.DELETE, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.PATCH, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.POST, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.PUT, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.DELETE, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.PATCH, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.POST, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE).regexMatchers(HttpMethod.PUT, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE).anyRequest().hasRole(USER_ROLE).and()).x509().authenticationUserDetailsService(x509UserDetailsService).and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and()).requestCache().requestCache(new NullRequestCache()).and()).csrf().disable();
    }
}
