package org.springframework.boot.actuate.cloudfoundry;

import java.util.Arrays;
import java.util.LinkedHashSet;
import org.apache.hadoop.security.HttpCrossOriginFilterInitializer;
import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoints;
import org.springframework.boot.actuate.endpoint.mvc.NamedMvcEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnCloudPlatform;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.IgnoredRequestCustomizer;
import org.springframework.boot.bind.RelaxedPropertyResolver;
import org.springframework.boot.cloud.CloudPlatform;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.HandlerInterceptor;

@Configuration
@AutoConfigureAfter({EndpointWebMvcAutoConfiguration.class})
@ConditionalOnCloudPlatform(CloudPlatform.CLOUD_FOUNDRY)
@ConditionalOnProperty(prefix = "management.cloudfoundry", name = {HttpCrossOriginFilterInitializer.ENABLED_SUFFIX}, matchIfMissing = true)
@ConditionalOnBean({MvcEndpoints.class})
/* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-1.5.8.RELEASE.jar:org/springframework/boot/actuate/cloudfoundry/CloudFoundryActuatorAutoConfiguration.class */
public class CloudFoundryActuatorAutoConfiguration {

    @ConditionalOnClass({WebSecurity.class})
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-1.5.8.RELEASE.jar:org/springframework/boot/actuate/cloudfoundry/CloudFoundryActuatorAutoConfiguration$CloudFoundryIgnoredRequestConfiguration.class */
    static class CloudFoundryIgnoredRequestConfiguration {

        /* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-1.5.8.RELEASE.jar:org/springframework/boot/actuate/cloudfoundry/CloudFoundryActuatorAutoConfiguration$CloudFoundryIgnoredRequestConfiguration$CloudFoundryIgnoredRequestCustomizer.class */
        private static class CloudFoundryIgnoredRequestCustomizer implements IgnoredRequestCustomizer {
            private CloudFoundryIgnoredRequestCustomizer() {
            }

            @Override // org.springframework.boot.autoconfigure.security.IgnoredRequestCustomizer
            public void customize(WebSecurity.IgnoredRequestConfigurer ignoredRequestConfigurer) {
                ignoredRequestConfigurer.requestMatchers(new RequestMatcher[]{new AntPathRequestMatcher("/cloudfoundryapplication/**")});
            }
        }

        CloudFoundryIgnoredRequestConfiguration() {
        }

        @Bean
        public IgnoredRequestCustomizer cloudFoundryIgnoredRequestCustomizer() {
            return new CloudFoundryIgnoredRequestCustomizer();
        }
    }

    @Bean
    public CloudFoundryEndpointHandlerMapping cloudFoundryEndpointHandlerMapping(MvcEndpoints mvcEndpoints, RestTemplateBuilder restTemplateBuilder, Environment environment) {
        CloudFoundryEndpointHandlerMapping cloudFoundryEndpointHandlerMapping = new CloudFoundryEndpointHandlerMapping(new LinkedHashSet(mvcEndpoints.getEndpoints(NamedMvcEndpoint.class)), getCorsConfiguration(), getSecurityInterceptor(restTemplateBuilder, environment));
        cloudFoundryEndpointHandlerMapping.setPrefix("/cloudfoundryapplication");
        return cloudFoundryEndpointHandlerMapping;
    }

    private HandlerInterceptor getSecurityInterceptor(RestTemplateBuilder restTemplateBuilder, Environment environment) {
        CloudFoundrySecurityService cloudFoundrySecurityService = getCloudFoundrySecurityService(restTemplateBuilder, environment);
        return new CloudFoundrySecurityInterceptor(new TokenValidator(cloudFoundrySecurityService), cloudFoundrySecurityService, environment.getProperty("vcap.application.application_id"));
    }

    private CloudFoundrySecurityService getCloudFoundrySecurityService(RestTemplateBuilder restTemplateBuilder, Environment environment) {
        RelaxedPropertyResolver relaxedPropertyResolver = new RelaxedPropertyResolver(environment, "management.cloudfoundry.");
        String property = environment.getProperty("vcap.application.cf_api");
        boolean booleanValue = ((Boolean) relaxedPropertyResolver.getProperty("skip-ssl-validation", Boolean.class, false)).booleanValue();
        if (property == null) {
            return null;
        }
        return new CloudFoundrySecurityService(restTemplateBuilder, property, booleanValue);
    }

    private CorsConfiguration getCorsConfiguration() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(), HttpMethod.POST.name()));
        corsConfiguration.setAllowedHeaders(Arrays.asList("Authorization", "X-Cf-App-Instance", "Content-Type"));
        return corsConfiguration;
    }
}
