package org.springframework.boot.actuate.autoconfigure.cloudfoundry.servlet;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.camunda.community.rest.client.dto.HistoryCleanupConfigurationDto;
import org.springdoc.core.Constants;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryWebEndpointDiscoverer;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.web.servlet.ServletManagementContextAutoConfiguration;
import org.springframework.boot.actuate.endpoint.EndpointsSupplier;
import org.springframework.boot.actuate.endpoint.invoke.ParameterValueMapper;
import org.springframework.boot.actuate.endpoint.web.EndpointMapping;
import org.springframework.boot.actuate.endpoint.web.EndpointMediaTypes;
import org.springframework.boot.actuate.endpoint.web.ExposableWebEndpoint;
import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
import org.springframework.boot.actuate.endpoint.web.annotation.ControllerEndpointsSupplier;
import org.springframework.boot.actuate.endpoint.web.annotation.ServletEndpointsSupplier;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.health.HealthEndpointWebExtension;
import org.springframework.boot.actuate.info.GitInfoContributor;
import org.springframework.boot.actuate.info.InfoContributor;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.actuate.info.InfoPropertiesInfoContributor;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnCloudPlatform;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.cloud.CloudPlatform;
import org.springframework.boot.info.GitProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.DispatcherServlet;

@AutoConfiguration(after = {ServletManagementContextAutoConfiguration.class, HealthEndpointAutoConfiguration.class, InfoEndpointAutoConfiguration.class})
@ConditionalOnClass({DispatcherServlet.class})
@ConditionalOnCloudPlatform(CloudPlatform.CLOUD_FOUNDRY)
@ConditionalOnProperty(prefix = "management.cloudfoundry", name = {HistoryCleanupConfigurationDto.SERIALIZED_NAME_ENABLED}, matchIfMissing = true)
@ConditionalOnBean({DispatcherServlet.class})
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
/* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-autoconfigure-2.7.11.jar:org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration.class */
public class CloudFoundryActuatorAutoConfiguration {
    private static final String BASE_PATH = "/cloudfoundryapplication";

    @ConditionalOnClass({WebSecurityCustomizer.class, WebSecurity.class})
    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-autoconfigure-2.7.11.jar:org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration$IgnoredCloudFoundryPathsWebSecurityConfiguration.class */
    public static class IgnoredCloudFoundryPathsWebSecurityConfiguration {
        @Bean
        IgnoredCloudFoundryPathsWebSecurityCustomizer ignoreCloudFoundryPathsWebSecurityCustomizer(CloudFoundryWebEndpointServletHandlerMapping cloudFoundryWebEndpointServletHandlerMapping) {
            return new IgnoredCloudFoundryPathsWebSecurityCustomizer(cloudFoundryWebEndpointServletHandlerMapping);
        }
    }

    @Order(Integer.MIN_VALUE)
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-autoconfigure-2.7.11.jar:org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration$IgnoredCloudFoundryPathsWebSecurityCustomizer.class */
    static class IgnoredCloudFoundryPathsWebSecurityCustomizer implements WebSecurityCustomizer {
        private final PathMappedEndpoints pathMappedEndpoints;

        IgnoredCloudFoundryPathsWebSecurityCustomizer(CloudFoundryWebEndpointServletHandlerMapping cloudFoundryWebEndpointServletHandlerMapping) {
            cloudFoundryWebEndpointServletHandlerMapping.getClass();
            this.pathMappedEndpoints = new PathMappedEndpoints(CloudFoundryActuatorAutoConfiguration.BASE_PATH, (EndpointsSupplier<?>) cloudFoundryWebEndpointServletHandlerMapping::getAllEndpoints);
        }

        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
        public void customize(WebSecurity webSecurity) {
            ArrayList arrayList = new ArrayList();
            this.pathMappedEndpoints.getAllPaths().forEach(str -> {
                arrayList.add(new AntPathRequestMatcher(str + Constants.ALL_PATTERN));
            });
            arrayList.add(new AntPathRequestMatcher(CloudFoundryActuatorAutoConfiguration.BASE_PATH));
            arrayList.add(new AntPathRequestMatcher("/cloudfoundryapplication/"));
            if (CollectionUtils.isEmpty(arrayList)) {
                return;
            }
            webSecurity.ignoring().requestMatchers(new OrRequestMatcher(arrayList));
        }
    }

    @ConditionalOnAvailableEndpoint
    @ConditionalOnMissingBean
    @ConditionalOnBean({HealthEndpoint.class, HealthEndpointWebExtension.class})
    @Bean
    public CloudFoundryHealthEndpointWebExtension cloudFoundryHealthEndpointWebExtension(HealthEndpointWebExtension healthEndpointWebExtension) {
        return new CloudFoundryHealthEndpointWebExtension(healthEndpointWebExtension);
    }

    @ConditionalOnAvailableEndpoint
    @ConditionalOnMissingBean
    @ConditionalOnBean({InfoEndpoint.class, GitProperties.class})
    @Bean
    public CloudFoundryInfoEndpointWebExtension cloudFoundryInfoEndpointWebExtension(GitProperties gitProperties, ObjectProvider<InfoContributor> objectProvider) {
        return new CloudFoundryInfoEndpointWebExtension(new InfoEndpoint((List) objectProvider.orderedStream().map(infoContributor -> {
            return infoContributor instanceof GitInfoContributor ? new GitInfoContributor(gitProperties, InfoPropertiesInfoContributor.Mode.FULL) : infoContributor;
        }).collect(Collectors.toList())));
    }

    @Bean
    public CloudFoundryWebEndpointServletHandlerMapping cloudFoundryWebEndpointServletHandlerMapping(ParameterValueMapper parameterValueMapper, EndpointMediaTypes endpointMediaTypes, RestTemplateBuilder restTemplateBuilder, ServletEndpointsSupplier servletEndpointsSupplier, ControllerEndpointsSupplier controllerEndpointsSupplier, ApplicationContext applicationContext) {
        CloudFoundryWebEndpointDiscoverer cloudFoundryWebEndpointDiscoverer = new CloudFoundryWebEndpointDiscoverer(applicationContext, parameterValueMapper, endpointMediaTypes, null, Collections.emptyList(), Collections.emptyList());
        CloudFoundrySecurityInterceptor securityInterceptor = getSecurityInterceptor(restTemplateBuilder, applicationContext.getEnvironment());
        Collection<ExposableWebEndpoint> endpoints = cloudFoundryWebEndpointDiscoverer.getEndpoints();
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(endpoints);
        arrayList.addAll(servletEndpointsSupplier.getEndpoints());
        arrayList.addAll(controllerEndpointsSupplier.getEndpoints());
        return new CloudFoundryWebEndpointServletHandlerMapping(new EndpointMapping(BASE_PATH), endpoints, endpointMediaTypes, getCorsConfiguration(), securityInterceptor, arrayList);
    }

    private CloudFoundrySecurityInterceptor getSecurityInterceptor(RestTemplateBuilder restTemplateBuilder, Environment environment) {
        CloudFoundrySecurityService cloudFoundrySecurityService = getCloudFoundrySecurityService(restTemplateBuilder, environment);
        return new CloudFoundrySecurityInterceptor(new TokenValidator(cloudFoundrySecurityService), cloudFoundrySecurityService, environment.getProperty("vcap.application.application_id"));
    }

    private CloudFoundrySecurityService getCloudFoundrySecurityService(RestTemplateBuilder restTemplateBuilder, Environment environment) {
        String property = environment.getProperty("vcap.application.cf_api");
        boolean booleanValue = ((Boolean) environment.getProperty("management.cloudfoundry.skip-ssl-validation", Boolean.class, false)).booleanValue();
        if (property != null) {
            return new CloudFoundrySecurityService(restTemplateBuilder, property, booleanValue);
        }
        return null;
    }

    private CorsConfiguration getCorsConfiguration() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(), HttpMethod.POST.name()));
        corsConfiguration.setAllowedHeaders(Arrays.asList("Authorization", "X-Cf-App-Instance", "Content-Type"));
        return corsConfiguration;
    }
}
