package org.zowe.apiml.discovery.config;

import java.util.Arrays;
import java.util.Collections;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.zowe.apiml.security.common.config.HandlerInitializer;
import org.zowe.apiml.security.common.content.BasicContentFilter;

@Configuration
@EnableWebSecurity
@Profile({"!https", "!attls"})
@ComponentScan({"org.zowe.apiml.security.common", "org.zowe.apiml.gateway.security.login"})
/* loaded from: input_file:org/zowe/apiml/discovery/config/HttpWebSecurityConfig.class */
public class HttpWebSecurityConfig extends AbstractWebSecurityConfigurer {
    private static final String DISCOVERY_REALM = "API Mediation Discovery Service realm";

    @Value("${apiml.discovery.userid:eureka}")
    private String eurekaUserid;

    @Value("${apiml.discovery.password:password}")
    private char[] eurekaPassword;

    @Value("${apiml.metrics.enabled:false}")
    private boolean isMetricsEnabled;
    private final HandlerInitializer handlerInitializer;

    /* loaded from: input_file:org/zowe/apiml/discovery/config/HttpWebSecurityConfig$CustomSecurityFilters.class */
    private class CustomSecurityFilters extends AbstractHttpConfigurer<CustomSecurityFilters, HttpSecurity> {
        private CustomSecurityFilters() {
        }

        public void configure(HttpSecurity httpSecurity) {
            httpSecurity.addFilterBefore(basicFilter((AuthenticationManager) httpSecurity.getSharedObject(AuthenticationManager.class)), UsernamePasswordAuthenticationFilter.class);
        }

        private BasicContentFilter basicFilter(AuthenticationManager authenticationManager) {
            return new BasicContentFilter(authenticationManager, HttpWebSecurityConfig.this.handlerInitializer.getAuthenticationFailureHandler(), HttpWebSecurityConfig.this.handlerInitializer.getResourceAccessExceptionHandler());
        }
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(new AuthenticationProvider() { // from class: org.zowe.apiml.discovery.config.HttpWebSecurityConfig.1
            private MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();

            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (StringUtils.equals(HttpWebSecurityConfig.this.eurekaUserid, String.valueOf(authentication.getPrincipal())) && authentication.getCredentials() != null) {
                    if (Arrays.equals(HttpWebSecurityConfig.this.eurekaPassword, authentication.getCredentials() instanceof char[] ? (char[]) authentication.getCredentials() : String.valueOf(authentication.getCredentials()).toCharArray())) {
                        UsernamePasswordAuthenticationToken authenticated = UsernamePasswordAuthenticationToken.authenticated(authentication.getPrincipal(), authentication.getCredentials(), Collections.singleton(new SimpleGrantedAuthority("EUREKA")));
                        authenticated.setDetails(authentication.getDetails());
                        return authenticated;
                    }
                }
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }

            public boolean supports(Class<?> cls) {
                return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
            }
        });
    }

    @Bean
    public WebSecurityCustomizer httpWebSecurityCustomizer() {
        String[] strArr = {"/favicon.ico", "/eureka/css/**", "/eureka/js/**", "/eureka/fonts/**", "/eureka/images/**"};
        return webSecurity -> {
            webSecurity.ignoring().antMatchers(strArr);
        };
    }

    @Bean
    public SecurityFilterChain httpFilterChain(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) baseConfigure(httpSecurity).httpBasic().realmName(DISCOVERY_REALM).and().authorizeRequests().antMatchers(new String[]{"/application/info", "/application/health"})).permitAll().antMatchers(new String[]{"/**"})).authenticated();
        if (this.isMetricsEnabled) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/application/hystrixstream"})).permitAll();
        }
        return (SecurityFilterChain) httpSecurity.apply(new CustomSecurityFilters()).and().build();
    }

    @Generated
    public HttpWebSecurityConfig(HandlerInitializer handlerInitializer) {
        this.handlerInitializer = handlerInitializer;
    }
}
