package org.zowe.apiml.caching.config;

import java.util.Collections;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
import org.zowe.apiml.filter.AttlsFilter;
import org.zowe.apiml.filter.SecureConnectionFilter;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:org/zowe/apiml/caching/config/SpringSecurityConfig.class */
public class SpringSecurityConfig {

    @Value("${apiml.service.ssl.verifySslCertificatesOfServices:true}")
    private boolean verifyCertificates;

    @Value("${apiml.service.ssl.nonStrictVerifySslCertificatesOfServices:false}")
    private boolean nonStrictVerifyCerts;

    @Value("${server.attls.enabled:false}")
    private boolean isAttlsEnabled;

    @Value("${apiml.metrics.enabled:false}")
    private boolean isMetricsEnabled;

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        String[] strArr = {"/application/health", "/application/info", "/v3/api-docs"};
        return webSecurity -> {
            webSecurity.ignoring().requestMatchers(strArr);
        };
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf((v0) -> {
            v0.disable();
        }).headers(headersConfigurer -> {
            headersConfigurer.httpStrictTransportSecurity((v0) -> {
                v0.disable();
            });
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        });
        if (this.verifyCertificates || !this.nonStrictVerifyCerts) {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
            }).x509(x509Configurer -> {
                x509Configurer.userDetailsService(x509UserDetailsService());
            });
            if (this.isAttlsEnabled) {
                httpSecurity.addFilterBefore(new AttlsFilter(), X509AuthenticationFilter.class);
                httpSecurity.addFilterBefore(new SecureConnectionFilter(), AttlsFilter.class);
            }
        } else {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.anyRequest()).permitAll();
            });
        }
        return (SecurityFilterChain) httpSecurity.build();
    }

    private UserDetailsService x509UserDetailsService() {
        return str -> {
            return new User("cachingUser", "", Collections.emptyList());
        };
    }
}
