package org.springframework.boot.autoconfigure.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.web.ErrorController;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.boot.context.embedded.ServletRegistrationBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.header.writers.HstsHeaderWriter;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties
@Configuration
@ConditionalOnClass({EnableWebSecurity.class, AuthenticationEntryPoint.class})
@EnableWebSecurity
@ConditionalOnMissingBean({WebSecurityConfiguration.class})
@ConditionalOnWebApplication
/* loaded from: input_file:org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.class */
public class SpringBootWebSecurityConfiguration {
    private static List<String> DEFAULT_IGNORED = Arrays.asList("/css/**", "/js/**", "/images/**", "/**/favicon.ico");

    @Configuration
    @ConditionalOnProperty(prefix = "security.basic", name = {"enabled"}, havingValue = "false")
    @Order(SecurityProperties.BASIC_AUTH_ORDER)
    /* loaded from: input_file:org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration$ApplicationNoWebSecurityConfigurerAdapter.class */
    protected static class ApplicationNoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        protected ApplicationNoWebSecurityConfigurerAdapter() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.requestMatcher(new RequestMatcher() { // from class: org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.ApplicationNoWebSecurityConfigurerAdapter.1
                public boolean matches(HttpServletRequest httpServletRequest) {
                    return false;
                }
            });
        }
    }

    @Configuration
    @ConditionalOnProperty(prefix = "security.basic", name = {"enabled"}, matchIfMissing = true)
    @Order(SecurityProperties.BASIC_AUTH_ORDER)
    /* loaded from: input_file:org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration$ApplicationWebSecurityConfigurerAdapter.class */
    protected static class ApplicationWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private SecurityProperties security;

        protected ApplicationWebSecurityConfigurerAdapter() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            if (this.security.isRequireSsl()) {
                ((ChannelSecurityConfigurer.RequiresChannelUrl) httpSecurity.requiresChannel().anyRequest()).requiresSecure();
            }
            if (!this.security.isEnableCsrf()) {
                httpSecurity.csrf().disable();
            }
            httpSecurity.sessionManagement().sessionCreationPolicy(this.security.getSessions());
            SpringBootWebSecurityConfiguration.configureHeaders(httpSecurity.headers(), this.security.getHeaders());
            String[] secureApplicationPaths = getSecureApplicationPaths();
            if (secureApplicationPaths.length > 0) {
                AuthenticationEntryPoint entryPoint = entryPoint();
                httpSecurity.exceptionHandling().authenticationEntryPoint(entryPoint);
                httpSecurity.httpBasic().authenticationEntryPoint(entryPoint);
                httpSecurity.requestMatchers().antMatchers(secureApplicationPaths);
                String[] strArr = (String[]) this.security.getUser().getRole().toArray(new String[0]);
                SecurityAuthorizeMode authorizeMode = this.security.getBasic().getAuthorizeMode();
                if (authorizeMode == null || authorizeMode == SecurityAuthorizeMode.ROLE) {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).hasAnyRole(strArr);
                } else if (authorizeMode == SecurityAuthorizeMode.AUTHENTICATED) {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
                }
            }
        }

        private String[] getSecureApplicationPaths() {
            ArrayList arrayList = new ArrayList();
            String[] path = this.security.getBasic().getPath();
            int length = path.length;
            for (int i = 0; i < length; i++) {
                String str = path[i];
                String trim = str == null ? "" : str.trim();
                if (trim.equals("/**")) {
                    return new String[]{trim};
                }
                if (!trim.equals("")) {
                    arrayList.add(trim);
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        private AuthenticationEntryPoint entryPoint() {
            BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
            basicAuthenticationEntryPoint.setRealmName(this.security.getBasic().getRealm());
            return basicAuthenticationEntryPoint;
        }
    }

    @Order(SecurityProperties.IGNORED_ORDER)
    /* loaded from: input_file:org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration$IgnoredPathsWebSecurityConfigurerAdapter.class */
    private static class IgnoredPathsWebSecurityConfigurerAdapter implements WebSecurityConfigurer<WebSecurity> {

        @Autowired(required = false)
        private ErrorController errorController;

        @Autowired
        private SecurityProperties security;

        @Autowired
        private ServerProperties server;

        private IgnoredPathsWebSecurityConfigurerAdapter() {
        }

        public void configure(WebSecurity webSecurity) throws Exception {
        }

        public void init(WebSecurity webSecurity) throws Exception {
            WebSecurity.IgnoredRequestConfigurer ignoring = webSecurity.ignoring();
            List<String> ignored = SpringBootWebSecurityConfiguration.getIgnored(this.security);
            if (this.errorController != null) {
                ignored.add(normalizePath(this.errorController.getErrorPath()));
            }
            ignoring.antMatchers(this.server.getPathsArray(ignored));
        }

        private String normalizePath(String str) {
            String cleanPath = StringUtils.cleanPath(str);
            if (!cleanPath.startsWith("/")) {
                cleanPath = "/" + cleanPath;
            }
            return cleanPath;
        }
    }

    @ConditionalOnMissingBean({IgnoredPathsWebSecurityConfigurerAdapter.class})
    @Bean
    public WebSecurityConfigurer<WebSecurity> ignoredPathsWebSecurityConfigurerAdapter() {
        return new IgnoredPathsWebSecurityConfigurerAdapter();
    }

    @ConditionalOnBean(name = {"springSecurityFilterChain"})
    @Bean
    public FilterRegistrationBean securityFilterChainRegistration(@Qualifier("springSecurityFilterChain") Filter filter, SecurityProperties securityProperties) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(filter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setOrder(securityProperties.getFilterOrder());
        filterRegistrationBean.setName("springSecurityFilterChain");
        return filterRegistrationBean;
    }

    public static void configureHeaders(HeadersConfigurer<?> headersConfigurer, SecurityProperties.Headers headers) throws Exception {
        if (headers.getHsts() != SecurityProperties.Headers.HSTS.NONE) {
            HstsHeaderWriter hstsHeaderWriter = new HstsHeaderWriter(headers.getHsts() == SecurityProperties.Headers.HSTS.ALL);
            hstsHeaderWriter.setRequestMatcher(AnyRequestMatcher.INSTANCE);
            headersConfigurer.addHeaderWriter(hstsHeaderWriter);
        }
        if (headers.isContentType()) {
            headersConfigurer.contentTypeOptions();
        }
        if (headers.isXss()) {
            headersConfigurer.xssProtection();
        }
        if (headers.isCache()) {
            headersConfigurer.cacheControl();
        }
        if (headers.isFrame()) {
            headersConfigurer.frameOptions();
        }
    }

    public static List<String> getIgnored(SecurityProperties securityProperties) {
        ArrayList arrayList = new ArrayList(securityProperties.getIgnored());
        if (arrayList.isEmpty()) {
            arrayList.addAll(DEFAULT_IGNORED);
        } else if (arrayList.contains("none")) {
            arrayList.remove("none");
        }
        return arrayList;
    }
}
