package org.springframework.boot.actuate.autoconfigure;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping;
import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration;
import org.springframework.boot.autoconfigure.security.FallbackWebSecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.security.SecurityPrequisite;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration;
import org.springframework.boot.autoconfigure.web.ErrorController;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.util.StringUtils;

@AutoConfigureBefore({FallbackWebSecurityAutoConfiguration.class})
@EnableConfigurationProperties
@Configuration
@ConditionalOnClass({EnableWebSecurity.class})
@AutoConfigureAfter({SecurityAutoConfiguration.class})
/* loaded from: input_file:lib/spring-boot-actuator-1.1.6.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.class */
public class ManagementSecurityAutoConfiguration {
    private static final String[] NO_PATHS = new String[0];

    @Order(-2147483647)
    /* loaded from: input_file:lib/spring-boot-actuator-1.1.6.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration$IgnoredPathsWebSecurityConfigurerAdapter.class */
    private static class IgnoredPathsWebSecurityConfigurerAdapter implements WebSecurityConfigurer<WebSecurity> {

        @Autowired(required = false)
        private ErrorController errorController;

        @Autowired(required = false)
        private EndpointHandlerMapping endpointHandlerMapping;

        @Autowired
        private ManagementServerProperties management;

        @Autowired
        private SecurityProperties security;

        @Autowired
        private ServerProperties server;

        private IgnoredPathsWebSecurityConfigurerAdapter() {
        }

        public void configure(WebSecurity webSecurity) throws Exception {
        }

        public void init(WebSecurity webSecurity) throws Exception {
            WebSecurity.IgnoredRequestConfigurer ignoring = webSecurity.ignoring();
            List<String> ignored = SpringBootWebSecurityConfiguration.getIgnored(this.security);
            ignored.addAll(Arrays.asList(ManagementSecurityAutoConfiguration.getEndpointPaths(this.endpointHandlerMapping, false)));
            if (!this.management.getSecurity().isEnabled()) {
                ignored.addAll(Arrays.asList(ManagementSecurityAutoConfiguration.getEndpointPaths(this.endpointHandlerMapping, true)));
            }
            if (ignored.contains("none")) {
                ignored.remove("none");
            }
            if (this.errorController != null) {
                ignored.add(normalizePath(this.errorController.getErrorPath()));
            }
            ignoring.antMatchers(this.server.getPathsArray(ignored));
        }

        private String normalizePath(String str) {
            String cleanPath = StringUtils.cleanPath(str);
            if (!cleanPath.startsWith("/")) {
                cleanPath = "/" + cleanPath;
            }
            return cleanPath;
        }
    }

    @Configuration
    /* loaded from: input_file:lib/spring-boot-actuator-1.1.6.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration$ManagementSecurityPropertiesConfiguration.class */
    protected static class ManagementSecurityPropertiesConfiguration implements SecurityPrequisite {

        @Autowired(required = false)
        private SecurityProperties security;

        @Autowired(required = false)
        private ManagementServerProperties management;

        protected ManagementSecurityPropertiesConfiguration() {
        }

        @PostConstruct
        public void init() {
            if (this.management == null || this.security == null) {
                return;
            }
            this.security.getUser().getRole().add(this.management.getSecurity().getRole());
        }
    }

    @Configuration
    @ConditionalOnMissingBean({ManagementWebSecurityConfigurerAdapter.class})
    @ConditionalOnExpression("${management.security.enabled:true}")
    @ConditionalOnWebApplication
    @Order(ManagementServerProperties.BASIC_AUTH_ORDER)
    /* loaded from: input_file:lib/spring-boot-actuator-1.1.6.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter.class */
    protected static class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private SecurityProperties security;

        @Autowired
        private ManagementServerProperties management;

        @Autowired
        private ServerProperties server;

        @Autowired(required = false)
        private EndpointHandlerMapping endpointHandlerMapping;

        protected ManagementWebSecurityConfigurerAdapter() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            String[] endpointPaths = ManagementSecurityAutoConfiguration.getEndpointPaths(this.endpointHandlerMapping, true);
            if (endpointPaths.length <= 0 || !this.management.getSecurity().isEnabled()) {
                return;
            }
            if (this.security.isRequireSsl()) {
                ((ChannelSecurityConfigurer.RequiresChannelUrl) httpSecurity.requiresChannel().anyRequest()).requiresSecure();
            }
            httpSecurity.exceptionHandling().authenticationEntryPoint(entryPoint());
            httpSecurity.requestMatchers().antMatchers(this.server.getPathsArray(endpointPaths));
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).hasRole(this.management.getSecurity().getRole()).and().httpBasic().and().anonymous().disable();
            httpSecurity.csrf().disable();
            httpSecurity.sessionManagement().sessionCreationPolicy(this.management.getSecurity().getSessions());
            SpringBootWebSecurityConfiguration.configureHeaders(httpSecurity.headers(), this.security.getHeaders());
        }

        private AuthenticationEntryPoint entryPoint() {
            BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
            basicAuthenticationEntryPoint.setRealmName(this.security.getBasic().getRealm());
            return basicAuthenticationEntryPoint;
        }
    }

    @Configuration
    @EnableWebSecurity
    @ConditionalOnMissingBean({WebSecurityConfiguration.class})
    @ConditionalOnExpression("${management.security.enabled:true} && !${security.basic.enabled:true}")
    /* loaded from: input_file:lib/spring-boot-actuator-1.1.6.RELEASE.jar:org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration$WebSecurityEnabler.class */
    protected static class WebSecurityEnabler extends AuthenticationManagerConfiguration {
        protected WebSecurityEnabler() {
        }
    }

    @ConditionalOnMissingBean({IgnoredPathsWebSecurityConfigurerAdapter.class})
    @Bean
    public WebSecurityConfigurer<WebSecurity> ignoredPathsWebSecurityConfigurerAdapter() {
        return new IgnoredPathsWebSecurityConfigurerAdapter();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] getEndpointPaths(EndpointHandlerMapping endpointHandlerMapping, boolean z) {
        if (endpointHandlerMapping == null) {
            return NO_PATHS;
        }
        Set<? extends MvcEndpoint> endpoints = endpointHandlerMapping.getEndpoints();
        ArrayList arrayList = new ArrayList(endpoints.size());
        for (MvcEndpoint mvcEndpoint : endpoints) {
            if (mvcEndpoint.isSensitive() == z) {
                String str = endpointHandlerMapping.getPrefix() + mvcEndpoint.getPath();
                arrayList.add(str);
                if (z) {
                    arrayList.add(str + "/");
                    arrayList.add(str + ".*");
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }
}
