package org.springframework.boot.actuate.autoconfigure;

import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.eclipse.jdt.internal.compiler.impl.CompilerOptions;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping;
import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionMessage;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
import org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration;
import org.springframework.boot.autoconfigure.security.FallbackWebSecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.security.IgnoredRequestCustomizer;
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.security.SecurityPrerequisite;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.type.AnnotatedTypeMetadata;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;

@AutoConfigureBefore({FallbackWebSecurityAutoConfiguration.class})
@EnableConfigurationProperties
@Configuration
@ConditionalOnClass({EnableWebSecurity.class})
@AutoConfigureAfter({SecurityAutoConfiguration.class})
@ConditionalOnWebApplication
/* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.class */
public class ManagementWebSecurityAutoConfiguration {
    private static final String[] NO_PATHS = new String[0];
    private static final RequestMatcher MATCH_NONE = new NegatedRequestMatcher(AnyRequestMatcher.INSTANCE);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration$EndpointPaths.class */
    public enum EndpointPaths {
        ALL,
        NON_SENSITIVE { // from class: org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.EndpointPaths.1
            @Override // org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.EndpointPaths
            protected boolean isIncluded(MvcEndpoint mvcEndpoint) {
                return !mvcEndpoint.isSensitive();
            }
        },
        SENSITIVE { // from class: org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.EndpointPaths.2
            @Override // org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.EndpointPaths
            protected boolean isIncluded(MvcEndpoint mvcEndpoint) {
                return mvcEndpoint.isSensitive();
            }
        };

        public String[] getPaths(EndpointHandlerMapping endpointHandlerMapping) {
            if (endpointHandlerMapping == null) {
                return ManagementWebSecurityAutoConfiguration.NO_PATHS;
            }
            Set<MvcEndpoint> endpoints = endpointHandlerMapping.getEndpoints();
            LinkedHashSet linkedHashSet = new LinkedHashSet(endpoints.size());
            for (MvcEndpoint mvcEndpoint : endpoints) {
                if (isIncluded(mvcEndpoint)) {
                    String path = endpointHandlerMapping.getPath(mvcEndpoint.getPath());
                    linkedHashSet.add(path);
                    if (!path.equals("")) {
                        linkedHashSet.add(path + "/**");
                        linkedHashSet.add(path + ".*");
                    }
                    linkedHashSet.add(path + "/");
                }
            }
            return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
        }

        protected boolean isIncluded(MvcEndpoint mvcEndpoint) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration$LazyEndpointPathRequestMatcher.class */
    public static class LazyEndpointPathRequestMatcher implements RequestMatcher {
        private final EndpointPaths endpointPaths;
        private final ManagementContextResolver contextResolver;
        private RequestMatcher delegate;

        public static RequestMatcher getRequestMatcher(ManagementContextResolver managementContextResolver) {
            if (managementContextResolver == null) {
                return null;
            }
            ManagementServerProperties managementServerProperties = (ManagementServerProperties) managementContextResolver.getApplicationContext().getBean(ManagementServerProperties.class);
            ServerProperties serverProperties = (ServerProperties) managementContextResolver.getApplicationContext().getBean(ServerProperties.class);
            String contextPath = managementServerProperties.getContextPath();
            return StringUtils.hasText(contextPath) ? new AntPathRequestMatcher(serverProperties.getPath(contextPath) + "/**") : new LazyEndpointPathRequestMatcher(managementContextResolver, EndpointPaths.ALL);
        }

        LazyEndpointPathRequestMatcher(ManagementContextResolver managementContextResolver, EndpointPaths endpointPaths) {
            this.contextResolver = managementContextResolver;
            this.endpointPaths = endpointPaths;
        }

        @Override // org.springframework.security.web.util.matcher.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            if (this.delegate == null) {
                this.delegate = createDelegate();
            }
            return this.delegate.matches(httpServletRequest);
        }

        private RequestMatcher createDelegate() {
            ServerProperties serverProperties = (ServerProperties) this.contextResolver.getApplicationContext().getBean(ServerProperties.class);
            ArrayList arrayList = new ArrayList();
            for (String str : this.endpointPaths.getPaths(getRequiredEndpointHandlerMapping())) {
                arrayList.add(new AntPathRequestMatcher(serverProperties.getPath(str)));
            }
            return arrayList.isEmpty() ? ManagementWebSecurityAutoConfiguration.MATCH_NONE : new OrRequestMatcher(arrayList);
        }

        private EndpointHandlerMapping getRequiredEndpointHandlerMapping() {
            EndpointHandlerMapping endpointHandlerMapping = null;
            ApplicationContext applicationContext = this.contextResolver.getApplicationContext();
            if (applicationContext.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) {
                endpointHandlerMapping = (EndpointHandlerMapping) applicationContext.getBean(EndpointHandlerMapping.class);
            }
            if (endpointHandlerMapping == null) {
                endpointHandlerMapping = new EndpointHandlerMapping(Collections.emptySet());
            }
            return endpointHandlerMapping;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration$ManagementIgnoredRequestCustomizer.class */
    private class ManagementIgnoredRequestCustomizer implements IgnoredRequestCustomizer {
        private final ManagementServerProperties management;
        private final ManagementContextResolver contextResolver;

        ManagementIgnoredRequestCustomizer(ManagementServerProperties managementServerProperties, ManagementContextResolver managementContextResolver) {
            this.management = managementServerProperties;
            this.contextResolver = managementContextResolver;
        }

        @Override // org.springframework.boot.autoconfigure.security.IgnoredRequestCustomizer
        public void customize(WebSecurity.IgnoredRequestConfigurer ignoredRequestConfigurer) {
            if (this.management.getSecurity().isEnabled()) {
                return;
            }
            ignoredRequestConfigurer.requestMatchers(LazyEndpointPathRequestMatcher.getRequestMatcher(this.contextResolver));
        }
    }

    @Configuration
    /* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration$ManagementSecurityPropertiesConfiguration.class */
    protected static class ManagementSecurityPropertiesConfiguration implements SecurityPrerequisite {
        private final SecurityProperties securityProperties;
        private final ManagementServerProperties managementServerProperties;

        public ManagementSecurityPropertiesConfiguration(ObjectProvider<SecurityProperties> objectProvider, ObjectProvider<ManagementServerProperties> objectProvider2) {
            this.securityProperties = objectProvider.getIfAvailable();
            this.managementServerProperties = objectProvider2.getIfAvailable();
        }

        @PostConstruct
        public void init() {
            if (this.managementServerProperties == null || this.securityProperties == null) {
                return;
            }
            this.securityProperties.getUser().getRole().addAll(this.managementServerProperties.getSecurity().getRoles());
        }
    }

    @Configuration
    @ConditionalOnMissingBean({ManagementWebSecurityConfigurerAdapter.class})
    @ConditionalOnProperty(prefix = "management.security", name = {CompilerOptions.ENABLED}, matchIfMissing = true)
    @Order(ManagementServerProperties.BASIC_AUTH_ORDER)
    /* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter.class */
    protected static class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        private final SecurityProperties security;
        private final ManagementServerProperties management;
        private final ManagementContextResolver contextResolver;

        public ManagementWebSecurityConfigurerAdapter(SecurityProperties securityProperties, ManagementServerProperties managementServerProperties, ObjectProvider<ManagementContextResolver> objectProvider) {
            this.security = securityProperties;
            this.management = managementServerProperties;
            this.contextResolver = objectProvider.getIfAvailable();
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            RequestMatcher requestMatcher = getRequestMatcher();
            if (requestMatcher != null) {
                if (this.security.isRequireSsl()) {
                    httpSecurity.requiresChannel().anyRequest().requiresSecure();
                }
                AuthenticationEntryPoint entryPoint = entryPoint();
                httpSecurity.exceptionHandling().authenticationEntryPoint(entryPoint);
                httpSecurity.requestMatcher(requestMatcher);
                configurePermittedRequests(httpSecurity.authorizeRequests());
                httpSecurity.httpBasic().authenticationEntryPoint(entryPoint);
                httpSecurity.csrf().disable();
                httpSecurity.sessionManagement().sessionCreationPolicy(asSpringSecuritySessionCreationPolicy(this.management.getSecurity().getSessions()));
                SpringBootWebSecurityConfiguration.configureHeaders(httpSecurity.headers(), this.security.getHeaders());
            }
        }

        private SessionCreationPolicy asSpringSecuritySessionCreationPolicy(Enum<?> r3) {
            return r3 == null ? SessionCreationPolicy.STATELESS : SessionCreationPolicy.valueOf(r3.name());
        }

        private RequestMatcher getRequestMatcher() {
            if (this.management.getSecurity().isEnabled()) {
                return LazyEndpointPathRequestMatcher.getRequestMatcher(this.contextResolver);
            }
            return null;
        }

        private AuthenticationEntryPoint entryPoint() {
            BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
            basicAuthenticationEntryPoint.setRealmName(this.security.getBasic().getRealm());
            return basicAuthenticationEntryPoint;
        }

        private void configurePermittedRequests(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {
            expressionInterceptUrlRegistry.requestMatchers(new LazyEndpointPathRequestMatcher(this.contextResolver, EndpointPaths.SENSITIVE)).authenticated();
            expressionInterceptUrlRegistry.requestMatchers(new LazyEndpointPathRequestMatcher(this.contextResolver, EndpointPaths.NON_SENSITIVE)).permitAll();
        }
    }

    @Configuration
    @EnableWebSecurity
    @ConditionalOnMissingBean({WebSecurityConfiguration.class})
    @Conditional({WebSecurityEnablerCondition.class})
    /* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration$WebSecurityEnabler.class */
    protected static class WebSecurityEnabler extends AuthenticationManagerConfiguration {
        protected WebSecurityEnabler() {
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-boot-actuator-1.5.2.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration$WebSecurityEnablerCondition.class */
    static class WebSecurityEnablerCondition extends SpringBootCondition {
        WebSecurityEnablerCondition() {
        }

        @Override // org.springframework.boot.autoconfigure.condition.SpringBootCondition
        public ConditionOutcome getMatchOutcome(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            String property = conditionContext.getEnvironment().getProperty("management.security.enabled", "true");
            String property2 = conditionContext.getEnvironment().getProperty("security.basic.enabled", "true");
            ConditionMessage.Builder forCondition = ConditionMessage.forCondition("WebSecurityEnabled", new Object[0]);
            return (!"true".equalsIgnoreCase(property) || "true".equalsIgnoreCase(property2)) ? ConditionOutcome.noMatch(forCondition.because("security disabled")) : ConditionOutcome.match(forCondition.because("security enabled"));
        }
    }

    @Bean
    public IgnoredRequestCustomizer managementIgnoredRequestCustomizer(ManagementServerProperties managementServerProperties, ObjectProvider<ManagementContextResolver> objectProvider) {
        return new ManagementIgnoredRequestCustomizer(managementServerProperties, objectProvider.getIfAvailable());
    }
}
