package icu.lowcoder.spring.commons.actuator;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.util.StringUtils;

@Configuration(proxyBeanMethods = false)
@ConditionalOnClass({WebSecurityConfigurerAdapter.class})
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
/* loaded from: input_file:icu/lowcoder/spring/commons/actuator/ServletWebActuatorSecurityConfiguration.class */
public class ServletWebActuatorSecurityConfiguration {

    @Configuration(proxyBeanMethods = false)
    @Order(2)
    /* loaded from: input_file:icu/lowcoder/spring/commons/actuator/ServletWebActuatorSecurityConfiguration$ActuatorRequestSecurityConfiguration.class */
    static class ActuatorRequestSecurityConfiguration extends WebSecurityConfigurerAdapter {
        private static final Logger log = LoggerFactory.getLogger(ActuatorRequestSecurityConfiguration.class);
        private final ActuatorSecurityProperties actuatorSecurityProperties;
        private final WebEndpointProperties webEndpointProperties;
        private final SecurityProperties securityProperties;

        ActuatorRequestSecurityConfiguration(ActuatorSecurityProperties actuatorSecurityProperties, WebEndpointProperties webEndpointProperties, SecurityProperties securityProperties) {
            this.actuatorSecurityProperties = actuatorSecurityProperties;
            this.webEndpointProperties = webEndpointProperties;
            this.securityProperties = securityProperties;
        }

        @ConditionalOnBean({SecurityProperties.class})
        @Bean
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }

        @ConditionalOnBean({SecurityProperties.class})
        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            authenticationManagerBuilder.userDetailsService(inMemoryUserDetailsService());
        }

        private UserDetailsService inMemoryUserDetailsService() {
            SecurityProperties.User user = this.securityProperties.getUser();
            return new InMemoryUserDetailsManager(new UserDetails[]{User.withUsername(user.getName()).password(getOrDeducePassword(user)).roles(StringUtils.toStringArray(user.getRoles())).build()});
        }

        private String getOrDeducePassword(SecurityProperties.User user) {
            String password = user.getPassword();
            if (user.isPasswordGenerated()) {
                log.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword()));
            }
            return "{noop}" + password;
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            if (this.actuatorSecurityProperties.getEnabled().booleanValue()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher(this.webEndpointProperties.getBasePath() + "/**").authorizeRequests().anyRequest()).authenticated().and().formLogin().and().httpBasic().and().csrf().disable();
            } else {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher(this.webEndpointProperties.getBasePath() + "/**").authorizeRequests().anyRequest()).permitAll().and().formLogin().and().httpBasic().and().csrf().disable();
            }
        }
    }
}
