package org.eclipse.hawkbit.autoconfigure.security;

import com.rabbitmq.client.AMQP;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.eclipse.hawkbit.cache.DownloadIdCache;
import org.eclipse.hawkbit.ddi.rest.resource.DdiApiConfiguration;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter;
import org.eclipse.hawkbit.mgmt.rest.resource.MgmtApiConfiguration;
import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.SystemManagement;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.ControllerTenantAwareAuthenticationDetailsSource;
import org.eclipse.hawkbit.security.DdiSecurityProperties;
import org.eclipse.hawkbit.security.DosFilter;
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
import org.eclipse.hawkbit.security.HttpControllerPreAuthenticateAnonymousDownloadFilter;
import org.eclipse.hawkbit.security.HttpControllerPreAuthenticateSecurityTokenFilter;
import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedGatewaySecurityTokenFilter;
import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedSecurityHeaderFilter;
import org.eclipse.hawkbit.security.HttpDownloadAuthenticationFilter;
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.ui.MgmtUiConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.AdviceMode;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.Elements;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.util.StringUtils;
import org.vaadin.spring.security.VaadinSecurityContext;
import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
import org.vaadin.spring.security.config.VaadinSecurityConfiguration;
import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy;
import org.vaadin.spring.security.web.VaadinRedirectStrategy;
import org.vaadin.spring.security.web.authentication.VaadinAuthenticationSuccessHandler;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, mode = AdviceMode.ASPECTJ, proxyTargetClass = true, securedEnabled = true)
@Order(Integer.MIN_VALUE)
@PropertySource({"classpath:/hawkbit-security-defaults.properties"})
/* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.2.5.jar:org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.class */
public class SecurityManagedConfiguration {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecurityManagedConfiguration.class);
    private static final int DOS_FILTER_ORDER = -200;

    @Autowired
    private AuthenticationConfiguration configuration;

    @Configuration
    @ConditionalOnClass({DdiApiConfiguration.class})
    @Order(301)
    /* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.2.5.jar:org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration$ControllerDownloadSecurityConfigurationAdapter.class */
    static class ControllerDownloadSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        private static final String DDI_DL_ANT_MATCHER = "/{tenant}/controller/v1/{controllerId}/softwaremodules/{softwareModuleId}/artifacts/*";
        private final ControllerManagement controllerManagement;
        private final TenantConfigurationManagement tenantConfigurationManagement;
        private final TenantAware tenantAware;
        private final DdiSecurityProperties ddiSecurityConfiguration;
        private final SecurityProperties springSecurityProperties;
        private final SystemSecurityContext systemSecurityContext;

        @Autowired
        ControllerDownloadSecurityConfigurationAdapter(ControllerManagement controllerManagement, TenantConfigurationManagement tenantConfigurationManagement, TenantAware tenantAware, DdiSecurityProperties ddiSecurityProperties, SecurityProperties securityProperties, SystemSecurityContext systemSecurityContext) {
            this.controllerManagement = controllerManagement;
            this.tenantConfigurationManagement = tenantConfigurationManagement;
            this.tenantAware = tenantAware;
            this.ddiSecurityConfiguration = ddiSecurityProperties;
            this.springSecurityProperties = securityProperties;
            this.systemSecurityContext = systemSecurityContext;
        }

        @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = {"enabled"}, matchIfMissing = true)
        @Bean
        public FilterRegistrationBean dosDDiDlFilter(HawkbitSecurityProperties hawkbitSecurityProperties) {
            FilterRegistrationBean dosFilter = SecurityManagedConfiguration.dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER), hawkbitSecurityProperties.getDos().getFilter(), hawkbitSecurityProperties.getClients());
            dosFilter.setOrder(SecurityManagedConfiguration.DOS_FILTER_ORDER);
            dosFilter.setName("dosDDiDlFilter");
            return dosFilter;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ControllerTenantAwareAuthenticationDetailsSource controllerTenantAwareAuthenticationDetailsSource = new ControllerTenantAwareAuthenticationDetailsSource();
            HttpControllerPreAuthenticatedSecurityHeaderFilter httpControllerPreAuthenticatedSecurityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter(this.ddiSecurityConfiguration.getRp().getCnHeader(), this.ddiSecurityConfiguration.getRp().getSslIssuerHashHeader(), this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext);
            httpControllerPreAuthenticatedSecurityHeaderFilter.setAuthenticationManager(authenticationManager());
            httpControllerPreAuthenticatedSecurityHeaderFilter.setCheckForPrincipalChanges(true);
            httpControllerPreAuthenticatedSecurityHeaderFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            HttpControllerPreAuthenticateSecurityTokenFilter httpControllerPreAuthenticateSecurityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(this.tenantConfigurationManagement, this.tenantAware, this.controllerManagement, this.systemSecurityContext);
            httpControllerPreAuthenticateSecurityTokenFilter.setAuthenticationManager(authenticationManager());
            httpControllerPreAuthenticateSecurityTokenFilter.setCheckForPrincipalChanges(true);
            httpControllerPreAuthenticateSecurityTokenFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            HttpControllerPreAuthenticatedGatewaySecurityTokenFilter httpControllerPreAuthenticatedGatewaySecurityTokenFilter = new HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext);
            httpControllerPreAuthenticatedGatewaySecurityTokenFilter.setAuthenticationManager(authenticationManager());
            httpControllerPreAuthenticatedGatewaySecurityTokenFilter.setCheckForPrincipalChanges(true);
            httpControllerPreAuthenticatedGatewaySecurityTokenFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            HttpControllerPreAuthenticateAnonymousDownloadFilter httpControllerPreAuthenticateAnonymousDownloadFilter = new HttpControllerPreAuthenticateAnonymousDownloadFilter(this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext);
            httpControllerPreAuthenticateAnonymousDownloadFilter.setAuthenticationManager(authenticationManager());
            httpControllerPreAuthenticateAnonymousDownloadFilter.setCheckForPrincipalChanges(true);
            httpControllerPreAuthenticateAnonymousDownloadFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            HttpSecurity httpSecurity2 = (HttpSecurity) httpSecurity.csrf().disable();
            if (this.springSecurityProperties.isRequireSsl()) {
                httpSecurity2 = (HttpSecurity) httpSecurity2.requiresChannel().anyRequest().requiresSecure().and();
            }
            if (!this.ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled()) {
                ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity2.addFilter((Filter) httpControllerPreAuthenticatedSecurityHeaderFilter).addFilter((Filter) httpControllerPreAuthenticateSecurityTokenFilter).addFilter((Filter) httpControllerPreAuthenticatedGatewaySecurityTokenFilter).addFilter((Filter) httpControllerPreAuthenticateAnonymousDownloadFilter).requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().anonymous().disable()).authorizeRequests().anyRequest().authenticated().and()).exceptionHandling().authenticationEntryPoint((httpServletRequest, httpServletResponse, authenticationException) -> {
                    httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                }).and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
                return;
            }
            SecurityManagedConfiguration.LOG.info("******************\n** Anonymous controller security enabled, should only be used for developing purposes **\n******************");
            AnonymousAuthenticationFilter anonymousAuthenticationFilter = new AnonymousAuthenticationFilter("controllerAnonymousFilter", Elements.ANONYMOUS, Arrays.asList(new SimpleGrantedAuthority(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS)));
            anonymousAuthenticationFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            ((HttpSecurity) httpSecurity2.requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().securityContext().disable()).anonymous().authenticationFilter(anonymousAuthenticationFilter);
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) new PreAuthTokenSourceTrustAuthenticationProvider(this.ddiSecurityConfiguration.getRp().getTrustedIPs()));
        }
    }

    @Configuration
    @ConditionalOnClass({DdiApiConfiguration.class})
    @Order(300)
    /* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.2.5.jar:org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration$ControllerSecurityConfigurationAdapter.class */
    static class ControllerSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        private static final String[] DDI_ANT_MATCHERS = {"/{tenant}/controller/v1/{controllerId}", "/{tenant}/controller/v1/{controllerId}/deploymentBase/**", "/{tenant}/controller/v1/{controllerId}/cancelAction/**", "/{tenant}/controller/v1/{controllerId}/configData", "/{tenant}/controller/v1/{controllerId}/softwaremodules/{softwareModuleId}/artifacts"};
        private final ControllerManagement controllerManagement;
        private final TenantConfigurationManagement tenantConfigurationManagement;
        private final TenantAware tenantAware;
        private final DdiSecurityProperties ddiSecurityConfiguration;
        private final SecurityProperties springSecurityProperties;
        private final SystemSecurityContext systemSecurityContext;

        @Autowired
        ControllerSecurityConfigurationAdapter(ControllerManagement controllerManagement, TenantConfigurationManagement tenantConfigurationManagement, TenantAware tenantAware, DdiSecurityProperties ddiSecurityProperties, SecurityProperties securityProperties, SystemSecurityContext systemSecurityContext) {
            this.controllerManagement = controllerManagement;
            this.tenantConfigurationManagement = tenantConfigurationManagement;
            this.tenantAware = tenantAware;
            this.ddiSecurityConfiguration = ddiSecurityProperties;
            this.springSecurityProperties = securityProperties;
            this.systemSecurityContext = systemSecurityContext;
        }

        @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = {"enabled"}, matchIfMissing = true)
        @Bean
        public FilterRegistrationBean dosDDiFilter(HawkbitSecurityProperties hawkbitSecurityProperties) {
            FilterRegistrationBean dosFilter = SecurityManagedConfiguration.dosFilter(Arrays.asList(DDI_ANT_MATCHERS), hawkbitSecurityProperties.getDos().getFilter(), hawkbitSecurityProperties.getClients());
            dosFilter.setOrder(SecurityManagedConfiguration.DOS_FILTER_ORDER);
            dosFilter.setName("dosDDiFilter");
            return dosFilter;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ControllerTenantAwareAuthenticationDetailsSource controllerTenantAwareAuthenticationDetailsSource = new ControllerTenantAwareAuthenticationDetailsSource();
            HttpControllerPreAuthenticatedSecurityHeaderFilter httpControllerPreAuthenticatedSecurityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter(this.ddiSecurityConfiguration.getRp().getCnHeader(), this.ddiSecurityConfiguration.getRp().getSslIssuerHashHeader(), this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext);
            httpControllerPreAuthenticatedSecurityHeaderFilter.setAuthenticationManager(authenticationManager());
            httpControllerPreAuthenticatedSecurityHeaderFilter.setCheckForPrincipalChanges(true);
            httpControllerPreAuthenticatedSecurityHeaderFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            HttpControllerPreAuthenticateSecurityTokenFilter httpControllerPreAuthenticateSecurityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(this.tenantConfigurationManagement, this.tenantAware, this.controllerManagement, this.systemSecurityContext);
            httpControllerPreAuthenticateSecurityTokenFilter.setAuthenticationManager(authenticationManager());
            httpControllerPreAuthenticateSecurityTokenFilter.setCheckForPrincipalChanges(true);
            httpControllerPreAuthenticateSecurityTokenFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            HttpControllerPreAuthenticatedGatewaySecurityTokenFilter httpControllerPreAuthenticatedGatewaySecurityTokenFilter = new HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(this.tenantConfigurationManagement, this.tenantAware, this.systemSecurityContext);
            httpControllerPreAuthenticatedGatewaySecurityTokenFilter.setAuthenticationManager(authenticationManager());
            httpControllerPreAuthenticatedGatewaySecurityTokenFilter.setCheckForPrincipalChanges(true);
            httpControllerPreAuthenticatedGatewaySecurityTokenFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            HttpSecurity httpSecurity2 = (HttpSecurity) httpSecurity.csrf().disable();
            if (this.springSecurityProperties.isRequireSsl()) {
                httpSecurity2 = (HttpSecurity) httpSecurity2.requiresChannel().anyRequest().requiresSecure().and();
            }
            if (!this.ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled()) {
                ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity2.addFilter((Filter) httpControllerPreAuthenticatedSecurityHeaderFilter).addFilter((Filter) httpControllerPreAuthenticateSecurityTokenFilter).addFilter((Filter) httpControllerPreAuthenticatedGatewaySecurityTokenFilter).requestMatchers().antMatchers(DDI_ANT_MATCHERS).and().anonymous().disable()).authorizeRequests().anyRequest().authenticated().and()).exceptionHandling().authenticationEntryPoint((httpServletRequest, httpServletResponse, authenticationException) -> {
                    httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                }).and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
                return;
            }
            SecurityManagedConfiguration.LOG.info("******************\n** Anonymous controller security enabled, should only be used for developing purposes **\n******************");
            AnonymousAuthenticationFilter anonymousAuthenticationFilter = new AnonymousAuthenticationFilter("controllerAnonymousFilter", Elements.ANONYMOUS, Arrays.asList(new SimpleGrantedAuthority(SpPermission.SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS)));
            anonymousAuthenticationFilter.setAuthenticationDetailsSource(controllerTenantAwareAuthenticationDetailsSource);
            ((HttpSecurity) httpSecurity2.requestMatchers().antMatchers(DDI_ANT_MATCHERS).and().securityContext().disable()).anonymous().authenticationFilter(anonymousAuthenticationFilter);
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) new PreAuthTokenSourceTrustAuthenticationProvider(this.ddiSecurityConfiguration.getRp().getTrustedIPs()));
        }
    }

    @Configuration
    @EnableWebSecurity
    @ConditionalOnClass({MgmtApiConfiguration.class})
    @Order(AMQP.CONNECTION_FORCED)
    /* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.2.5.jar:org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration$IdRestSecurityConfigurationAdapter.class */
    public static class IdRestSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private DdiSecurityProperties ddiSecurityConfiguration;

        @Autowired
        private DownloadIdCache downloadIdCache;

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            HttpDownloadAuthenticationFilter httpDownloadAuthenticationFilter = new HttpDownloadAuthenticationFilter(this.downloadIdCache);
            httpDownloadAuthenticationFilter.setAuthenticationManager(authenticationManager());
            httpSecurity.csrf().disable();
            httpSecurity.anonymous().disable();
            httpSecurity.regexMatcher(HttpDownloadAuthenticationFilter.REQUEST_ID_REGEX_PATTERN).addFilterBefore((Filter) httpDownloadAuthenticationFilter, FilterSecurityInterceptor.class);
            ((HttpSecurity) httpSecurity.authorizeRequests().anyRequest().authenticated().and()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            authenticationManagerBuilder.authenticationProvider((AuthenticationProvider) new PreAuthTokenSourceTrustAuthenticationProvider(this.ddiSecurityConfiguration.getRp().getTrustedIPs()));
        }
    }

    @Configuration
    @ConditionalOnClass({MgmtApiConfiguration.class})
    @Order(350)
    /* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.2.5.jar:org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration$RestSecurityConfigurationAdapter.class */
    public static class RestSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private UserAuthenticationFilter userAuthenticationFilter;

        @Autowired
        private SystemManagement systemManagement;

        @Autowired
        private SecurityProperties springSecurityProperties;

        @Autowired
        private SystemSecurityContext systemSecurityContext;

        @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = {"enabled"}, matchIfMissing = true)
        @Bean
        public FilterRegistrationBean dosMgmtFilter(HawkbitSecurityProperties hawkbitSecurityProperties) {
            FilterRegistrationBean dosFilter = SecurityManagedConfiguration.dosFilter(null, hawkbitSecurityProperties.getDos().getFilter(), hawkbitSecurityProperties.getClients());
            dosFilter.setUrlPatterns(Arrays.asList("/rest/*", "/api/*"));
            dosFilter.setOrder(SecurityManagedConfiguration.DOS_FILTER_ORDER);
            dosFilter.setName("dosMgmtFilter");
            return dosFilter;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
            basicAuthenticationEntryPoint.setRealmName(this.springSecurityProperties.getBasic().getRealm());
            HttpSecurity httpSecurity2 = (HttpSecurity) httpSecurity.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
            if (this.springSecurityProperties.isRequireSsl()) {
                httpSecurity2 = (HttpSecurity) httpSecurity2.requiresChannel().anyRequest().requiresSecure().and();
            }
            httpSecurity2.addFilterBefore(new Filter() { // from class: org.eclipse.hawkbit.autoconfigure.security.SecurityManagedConfiguration.RestSecurityConfigurationAdapter.1
                @Override // javax.servlet.Filter
                public void init(FilterConfig filterConfig) throws ServletException {
                    RestSecurityConfigurationAdapter.this.userAuthenticationFilter.init(filterConfig);
                }

                @Override // javax.servlet.Filter
                public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                    RestSecurityConfigurationAdapter.this.userAuthenticationFilter.doFilter(servletRequest, servletResponse, filterChain);
                }

                @Override // javax.servlet.Filter
                public void destroy() {
                    RestSecurityConfigurationAdapter.this.userAuthenticationFilter.destroy();
                }
            }, RequestHeaderAuthenticationFilter.class).addFilterAfter((Filter) new AuthenticationSuccessTenantMetadataCreationFilter(this.systemManagement, this.systemSecurityContext), SessionManagementFilter.class).authorizeRequests().anyRequest().authenticated().antMatchers("/system/admin/**").hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
            ((HttpSecurity) httpSecurity2.httpBasic().and()).exceptionHandling().authenticationEntryPoint(basicAuthenticationEntryPoint);
            httpSecurity2.anonymous().disable();
            httpSecurity2.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }
    }

    @EnableVaadinSecurity
    @Configuration
    @ConditionalOnClass({MgmtUiConfiguration.class})
    @Order(400)
    /* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.2.5.jar:org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration$UISecurityConfigurationAdapter.class */
    public static class UISecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private VaadinSecurityContext vaadinSecurityContext;

        @Autowired
        private SecurityProperties springSecurityProperties;

        @Autowired
        private HawkbitSecurityProperties hawkbitSecurityProperties;

        @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.ui-filter", name = {"enabled"}, matchIfMissing = true)
        @Bean
        public FilterRegistrationBean dosMgmtUiFilter(HawkbitSecurityProperties hawkbitSecurityProperties) {
            FilterRegistrationBean dosFilter = SecurityManagedConfiguration.dosFilter(null, hawkbitSecurityProperties.getDos().getUiFilter(), hawkbitSecurityProperties.getClients());
            dosFilter.setUrlPatterns(Arrays.asList("/UI/login", "/UI/login/*", "/UI/logout", "/UI/logout/*"));
            dosFilter.setOrder(SecurityManagedConfiguration.DOS_FILTER_ORDER);
            dosFilter.setName("dosMgmtUiFilter");
            return dosFilter;
        }

        @PostConstruct
        public void afterPropertiesSet() {
            this.vaadinSecurityContext.addAuthenticationSuccessHandler(redirectSaveHandler());
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        @Bean(name = {VaadinSecurityConfiguration.Beans.AUTHENTICATION_MANAGER})
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }

        @Bean
        public VaadinRedirectStrategy vaadinRedirectStrategy() {
            return new VaadinDefaultRedirectStrategy();
        }

        @Bean
        public VaadinAuthenticationSuccessHandler redirectSaveHandler() {
            TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler tenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler();
            tenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler.setRedirectStrategy(vaadinRedirectStrategy());
            tenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler.setDefaultTargetUrl("/UI/");
            tenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler.setTargetUrlParameter("r");
            return tenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler;
        }

        @Bean
        public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
            return new ServletListenerRegistrationBean<>(new HttpSessionEventPublisher());
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            HttpSecurity httpSecurity2 = (HttpSecurity) httpSecurity.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$").csrf().disable();
            if (this.springSecurityProperties.isRequireSsl()) {
                httpSecurity2 = (HttpSecurity) httpSecurity2.requiresChannel().anyRequest().requiresSecure().and();
            } else {
                SecurityManagedConfiguration.LOG.info("\"******************\\n** Requires HTTPS Security has been disabled for UI, should only be used for developing purposes **\\n******************\"");
            }
            if (!StringUtils.isEmpty(this.hawkbitSecurityProperties.getContentSecurityPolicy())) {
                httpSecurity2.headers().contentSecurityPolicy(this.hawkbitSecurityProperties.getContentSecurityPolicy());
            }
            SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
            simpleUrlLogoutSuccessHandler.setTargetUrlParameter("login");
            ((HttpSecurity) ((HttpSecurity) httpSecurity2.authorizeRequests().antMatchers("/UI/login/**").permitAll().antMatchers("/UI/UIDL/**").permitAll().anyRequest().authenticated().and()).exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/UI/login/#/")).and()).logout().logoutUrl("/UI/logout").logoutSuccessHandler(simpleUrlLogoutSuccessHandler);
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
        public void configure(WebSecurity webSecurity) throws Exception {
            webSecurity.ignoring().antMatchers("/documentation/**", "/VAADIN/**", "/*.*", "/docs/**");
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/hawkbit-autoconfigure-0.2.5.jar:org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration$UserAuthenticationFilterBasicAuth.class */
    private static final class UserAuthenticationFilterBasicAuth extends BasicAuthenticationFilter implements UserAuthenticationFilter {
        private UserAuthenticationFilterBasicAuth(AuthenticationManager authenticationManager) {
            super(authenticationManager);
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public UserAuthenticationFilter userAuthenticationFilter() throws Exception {
        return new UserAuthenticationFilterBasicAuth(this.configuration.getAuthenticationManager());
    }

    @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = {"enabled"}, matchIfMissing = true)
    @Bean
    public FilterRegistrationBean dosSystemFilter(HawkbitSecurityProperties hawkbitSecurityProperties) {
        FilterRegistrationBean dosFilter = dosFilter(Collections.emptyList(), hawkbitSecurityProperties.getDos().getFilter(), hawkbitSecurityProperties.getClients());
        dosFilter.setUrlPatterns(Arrays.asList("/system/*"));
        dosFilter.setOrder(DOS_FILTER_ORDER);
        dosFilter.setName("dosSystemFilter");
        return dosFilter;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static FilterRegistrationBean dosFilter(Collection<String> collection, HawkbitSecurityProperties.Dos.Filter filter, HawkbitSecurityProperties.Clients clients) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new DosFilter(collection, filter.getMaxRead(), filter.getMaxWrite(), filter.getWhitelist(), clients.getBlacklist(), clients.getRemoteIpHeader()));
        return filterRegistrationBean;
    }
}
