package org.springframework.geode.boot.autoconfigure;

import java.util.Optional;
import java.util.Properties;
import org.apache.geode.cache.GemFireCache;
import org.apache.geode.cache.client.ClientCache;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnCloudPlatform;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.cloud.CloudPlatform;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ConfigurationCondition;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.Environment;
import org.springframework.core.env.PropertiesPropertySource;
import org.springframework.core.env.PropertySource;
import org.springframework.data.gemfire.client.ClientCacheFactoryBean;
import org.springframework.data.gemfire.config.annotation.EnableSecurity;
import org.springframework.geode.core.env.VcapPropertySource;
import org.springframework.geode.core.env.support.CloudCacheService;
import org.springframework.geode.core.env.support.Service;

@AutoConfigureBefore({ClientCacheAutoConfiguration.class})
@Configuration
@ConditionalOnClass({ClientCacheFactoryBean.class, ClientCache.class})
@ConditionalOnMissingBean({GemFireCache.class})
@Conditional({EnableSecurityCondition.class})
@EnableSecurity
/* loaded from: input_file:org/springframework/geode/boot/autoconfigure/ClientSecurityAutoConfiguration.class */
public class ClientSecurityAutoConfiguration {
    public static final String SECURITY_CLOUD_ENVIRONMENT_POST_PROCESSOR_ENABLED_PROPERTY = "spring.boot.data.gemfire.security.auth.environment.post-processor.enabled";
    private static final String CLOUD_CACHE_PROPERTY_SOURCE_NAME = "cloudcache-configuration";
    private static final String MANAGEMENT_HTTP_HOST_PROPERTY = "spring.data.gemfire.management.http.host";
    private static final String MANAGEMENT_HTTP_PORT_PROPERTY = "spring.data.gemfire.management.http.port";
    private static final String MANAGEMENT_USE_HTTP_PROPERTY = "spring.data.gemfire.management.use-http";
    private static final String POOL_LOCATORS_PROPERTY = "spring.data.gemfire.pool.locators";
    private static final String SECURITY_USERNAME_PROPERTY = "spring.data.gemfire.security.username";
    private static final String SECURITY_PASSWORD_PROPERTY = "spring.data.gemfire.security.password";
    private static final String VCAP_PROPERTY_SOURCE_NAME = "vcap";

    /* loaded from: input_file:org/springframework/geode/boot/autoconfigure/ClientSecurityAutoConfiguration$AutoConfiguredCloudSecurityEnvironmentPostProcessor.class */
    public static class AutoConfiguredCloudSecurityEnvironmentPostProcessor implements EnvironmentPostProcessor {
        public void postProcessEnvironment(ConfigurableEnvironment configurableEnvironment, SpringApplication springApplication) {
            Optional.of(configurableEnvironment).filter((v1) -> {
                return isEnabled(v1);
            }).filter((v1) -> {
                return isCloudFoundryEnvironment(v1);
            }).ifPresent(this::configureSecurityContext);
        }

        private boolean isCloudFoundryEnvironment(Environment environment) {
            Optional ofNullable = Optional.ofNullable(environment);
            CloudPlatform cloudPlatform = CloudPlatform.CLOUD_FOUNDRY;
            cloudPlatform.getClass();
            return ofNullable.filter(cloudPlatform::isActive).isPresent();
        }

        private boolean isEnabled(Environment environment) {
            return ((Boolean) environment.getProperty(ClientSecurityAutoConfiguration.SECURITY_CLOUD_ENVIRONMENT_POST_PROCESSOR_ENABLED_PROPERTY, Boolean.class, true)).booleanValue();
        }

        private boolean isSecurityPropertiesSet(Environment environment) {
            return environment.containsProperty(ClientSecurityAutoConfiguration.SECURITY_USERNAME_PROPERTY) && environment.containsProperty(ClientSecurityAutoConfiguration.SECURITY_PASSWORD_PROPERTY);
        }

        private boolean isSecurityPropertiesNotSet(Environment environment) {
            return !isSecurityPropertiesSet(environment);
        }

        private void configureAuthentication(Environment environment, Properties properties, VcapPropertySource vcapPropertySource, Service service) {
            vcapPropertySource.findFirstUserByRoleClusterOperator(service).filter(user -> {
                return isSecurityPropertiesNotSet(environment);
            }).ifPresent(user2 -> {
                properties.setProperty(ClientSecurityAutoConfiguration.SECURITY_USERNAME_PROPERTY, user2.getName());
                user2.getPassword().ifPresent(str -> {
                    properties.setProperty(ClientSecurityAutoConfiguration.SECURITY_PASSWORD_PROPERTY, str);
                });
            });
        }

        private void configureLocators(Environment environment, Properties properties, VcapPropertySource vcapPropertySource, CloudCacheService cloudCacheService) {
            cloudCacheService.getLocators().ifPresent(str -> {
                properties.setProperty(ClientSecurityAutoConfiguration.POOL_LOCATORS_PROPERTY, str);
            });
        }

        private void configureManagementRestApiAccess(Environment environment, Properties properties, VcapPropertySource vcapPropertySource, CloudCacheService cloudCacheService) {
            cloudCacheService.getGfshUrl().ifPresent(url -> {
                properties.setProperty(ClientSecurityAutoConfiguration.MANAGEMENT_USE_HTTP_PROPERTY, Boolean.TRUE.toString());
                properties.setProperty(ClientSecurityAutoConfiguration.MANAGEMENT_HTTP_HOST_PROPERTY, url.getHost());
                properties.setProperty(ClientSecurityAutoConfiguration.MANAGEMENT_HTTP_PORT_PROPERTY, String.valueOf(url.getPort()));
            });
        }

        public void configureSecurityContext(ConfigurableEnvironment configurableEnvironment) {
            VcapPropertySource from = VcapPropertySource.from(configurableEnvironment);
            Properties properties = new Properties();
            CloudCacheService findFirstCloudCacheService = from.findFirstCloudCacheService();
            configureAuthentication(configurableEnvironment, properties, from, findFirstCloudCacheService);
            configureLocators(configurableEnvironment, properties, from, findFirstCloudCacheService);
            configureManagementRestApiAccess(configurableEnvironment, properties, from, findFirstCloudCacheService);
            configurableEnvironment.getPropertySources().addFirst(newPropertySource(ClientSecurityAutoConfiguration.CLOUD_CACHE_PROPERTY_SOURCE_NAME, properties));
        }

        private PropertySource<?> newPropertySource(String str, Properties properties) {
            return new PropertiesPropertySource(str, properties);
        }
    }

    /* loaded from: input_file:org/springframework/geode/boot/autoconfigure/ClientSecurityAutoConfiguration$EnableSecurityCondition.class */
    static class EnableSecurityCondition extends AnyNestedCondition {

        @ConditionalOnCloudPlatform(CloudPlatform.CLOUD_FOUNDRY)
        /* loaded from: input_file:org/springframework/geode/boot/autoconfigure/ClientSecurityAutoConfiguration$EnableSecurityCondition$CloudSecurityContextCondition.class */
        static class CloudSecurityContextCondition {
            CloudSecurityContextCondition() {
            }
        }

        @ConditionalOnProperty({ClientSecurityAutoConfiguration.SECURITY_USERNAME_PROPERTY, ClientSecurityAutoConfiguration.SECURITY_PASSWORD_PROPERTY})
        /* loaded from: input_file:org/springframework/geode/boot/autoconfigure/ClientSecurityAutoConfiguration$EnableSecurityCondition$SpringDataGeodeSecurityContextCondition.class */
        static class SpringDataGeodeSecurityContextCondition {
            SpringDataGeodeSecurityContextCondition() {
            }
        }

        @ConditionalOnProperty({"gemfire.security-username", "gemfire.security-password"})
        /* loaded from: input_file:org/springframework/geode/boot/autoconfigure/ClientSecurityAutoConfiguration$EnableSecurityCondition$StandaloneApacheGeodeSecurityContextCondition.class */
        static class StandaloneApacheGeodeSecurityContextCondition {
            StandaloneApacheGeodeSecurityContextCondition() {
            }
        }

        public EnableSecurityCondition() {
            super(ConfigurationCondition.ConfigurationPhase.PARSE_CONFIGURATION);
        }
    }
}
