package org.apache.ambari.logsearch.conf;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.ambari.logsearch.common.LogSearchConstants;
import org.apache.ambari.logsearch.conf.global.LogLevelFilterManagerState;
import org.apache.ambari.logsearch.conf.global.LogSearchConfigState;
import org.apache.ambari.logsearch.conf.global.SolrCollectionState;
import org.apache.ambari.logsearch.web.authenticate.LogsearchAuthFailureHandler;
import org.apache.ambari.logsearch.web.authenticate.LogsearchAuthSuccessHandler;
import org.apache.ambari.logsearch.web.authenticate.LogsearchLogoutSuccessHandler;
import org.apache.ambari.logsearch.web.filters.LogSearchConfigStateFilter;
import org.apache.ambari.logsearch.web.filters.LogSearchLogLevelFilterManagerFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchAuditLogsStateFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchAuthenticationEntryPoint;
import org.apache.ambari.logsearch.web.filters.LogsearchCorsFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchEventHistoryStateFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchJWTFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchKRBAuthenticationFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchSecurityContextFormationFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchServiceLogsStateFilter;
import org.apache.ambari.logsearch.web.filters.LogsearchUsernamePasswordAuthenticationFilter;
import org.apache.ambari.logsearch.web.security.LogsearchAuthenticationProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:org/apache/ambari/logsearch/conf/SecurityConfig.class */
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Inject
    private AuthPropsConfig authPropsConfig;

    @Inject
    private LogSearchHttpHeaderConfig logSearchHttpHeaderConfig;

    @Inject
    private SolrServiceLogPropsConfig solrServiceLogPropsConfig;

    @Inject
    private SolrAuditLogPropsConfig solrAuditLogPropsConfig;

    @Inject
    private SolrEventHistoryPropsConfig solrEventHistoryPropsConfig;

    @Inject
    @Named("solrServiceLogsState")
    private SolrCollectionState solrServiceLogsState;

    @Inject
    @Named("solrAuditLogsState")
    private SolrCollectionState solrAuditLogsState;

    @Inject
    @Named("solrEventHistoryState")
    private SolrCollectionState solrEventHistoryState;

    @Inject
    @Named("logLevelFilterManagerState")
    private LogLevelFilterManagerState logLevelFilterManagerState;

    @Inject
    private LogSearchConfigState logSearchConfigState;

    @Inject
    private LogSearchConfigApiConfig logSearchConfigApiConfig;

    @Inject
    private LogsearchAuthenticationProvider logsearchAuthenticationProvider;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().requestMatchers(new RequestMatcher[]{requestMatcher()})).permitAll().antMatchers(new String[]{"/**"})).authenticated().and().authenticationProvider(this.logsearchAuthenticationProvider).httpBasic().authenticationEntryPoint(logsearchAuthenticationEntryPoint()).and().addFilterBefore(logsearchKRBAuthenticationFilter(), BasicAuthenticationFilter.class).addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), LogsearchKRBAuthenticationFilter.class).addFilterAfter(securityContextFormationFilter(), FilterSecurityInterceptor.class).addFilterAfter(logsearchEventHistoryFilter(), LogsearchSecurityContextFormationFilter.class).addFilterAfter(logsearchAuditLogFilter(), LogsearchSecurityContextFormationFilter.class).addFilterAfter(logsearchServiceLogFilter(), LogsearchSecurityContextFormationFilter.class).addFilterAfter(logSearchConfigStateFilter(), LogsearchSecurityContextFormationFilter.class).addFilterAfter(logSearchLogLevelFilterManagerFilter(), LogsearchSecurityContextFormationFilter.class).addFilterBefore(logsearchCorsFilter(), LogsearchSecurityContextFormationFilter.class).addFilterBefore(logsearchJwtFilter(), LogsearchSecurityContextFormationFilter.class).logout().logoutUrl("/logout").deleteCookies(getCookies()).logoutSuccessHandler(new LogsearchLogoutSuccessHandler());
    }

    @Bean
    public LogsearchCorsFilter logsearchCorsFilter() {
        return new LogsearchCorsFilter(this.logSearchHttpHeaderConfig);
    }

    @Bean
    public LogsearchSecurityContextFormationFilter securityContextFormationFilter() {
        return new LogsearchSecurityContextFormationFilter();
    }

    @Bean
    public LogsearchKRBAuthenticationFilter logsearchKRBAuthenticationFilter() {
        return new LogsearchKRBAuthenticationFilter(requestMatcher());
    }

    @Bean
    public LogsearchJWTFilter logsearchJwtFilter() throws Exception {
        LogsearchJWTFilter logsearchJWTFilter = new LogsearchJWTFilter(requestMatcher(), this.authPropsConfig);
        logsearchJWTFilter.setAuthenticationManager(authenticationManagerBean());
        logsearchJWTFilter.setAuthenticationSuccessHandler(new LogsearchAuthSuccessHandler());
        logsearchJWTFilter.setAuthenticationFailureHandler(new LogsearchAuthFailureHandler());
        return logsearchJWTFilter;
    }

    @Bean
    public LogsearchAuthenticationEntryPoint logsearchAuthenticationEntryPoint() {
        LogsearchAuthenticationEntryPoint logsearchAuthenticationEntryPoint = new LogsearchAuthenticationEntryPoint("/login", this.authPropsConfig);
        logsearchAuthenticationEntryPoint.setForceHttps(false);
        logsearchAuthenticationEntryPoint.setUseForward(this.authPropsConfig.isRedirectForward());
        return logsearchAuthenticationEntryPoint;
    }

    @Bean
    public LogsearchUsernamePasswordAuthenticationFilter logsearchUsernamePasswordAuthenticationFilter() throws Exception {
        LogsearchUsernamePasswordAuthenticationFilter logsearchUsernamePasswordAuthenticationFilter = new LogsearchUsernamePasswordAuthenticationFilter();
        logsearchUsernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(new LogsearchAuthSuccessHandler());
        logsearchUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(new LogsearchAuthFailureHandler());
        logsearchUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
        return logsearchUsernamePasswordAuthenticationFilter;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public LogsearchServiceLogsStateFilter logsearchServiceLogFilter() {
        return new LogsearchServiceLogsStateFilter(serviceLogsRequestMatcher(), this.solrServiceLogsState, this.solrServiceLogPropsConfig);
    }

    @Bean
    public LogsearchAuditLogsStateFilter logsearchAuditLogFilter() {
        return new LogsearchAuditLogsStateFilter(auditLogsRequestMatcher(), this.solrAuditLogsState, this.solrAuditLogPropsConfig);
    }

    @Bean
    public LogsearchEventHistoryStateFilter logsearchEventHistoryFilter() {
        return new LogsearchEventHistoryStateFilter(eventHistoryRequestMatcher(), this.solrEventHistoryState, this.solrEventHistoryPropsConfig);
    }

    @Bean
    public LogSearchConfigStateFilter logSearchConfigStateFilter() {
        return (this.logSearchConfigApiConfig.isSolrFilterStorage() || this.logSearchConfigApiConfig.isZkFilterStorage()) ? new LogSearchConfigStateFilter(shipperConfigInputRequestMatcher(), this.logSearchConfigState, this.logSearchConfigApiConfig.isConfigApiEnabled()) : new LogSearchConfigStateFilter(logsearchConfigRequestMatcher(), this.logSearchConfigState, this.logSearchConfigApiConfig.isConfigApiEnabled());
    }

    @Bean
    public LogSearchLogLevelFilterManagerFilter logSearchLogLevelFilterManagerFilter() {
        return new LogSearchLogLevelFilterManagerFilter(logLevelFilterRequestMatcher(), this.logLevelFilterManagerState, (this.logSearchConfigApiConfig.isSolrFilterStorage() || this.logSearchConfigApiConfig.isZkFilterStorage()) && !this.logSearchConfigApiConfig.isConfigApiEnabled());
    }

    @Bean
    public RequestMatcher requestMatcher() {
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.add(new AntPathRequestMatcher("/docs/**"));
        newArrayList.add(new AntPathRequestMatcher("/swagger-ui/**"));
        newArrayList.add(new AntPathRequestMatcher("/swagger.html"));
        if (!this.authPropsConfig.isAuthJwtEnabled()) {
            newArrayList.add(new AntPathRequestMatcher("/"));
        }
        newArrayList.add(new AntPathRequestMatcher("/login"));
        newArrayList.add(new AntPathRequestMatcher("/logout"));
        newArrayList.add(new AntPathRequestMatcher("/resources/**"));
        newArrayList.add(new AntPathRequestMatcher("/index.html"));
        newArrayList.add(new AntPathRequestMatcher("/favicon.ico"));
        newArrayList.add(new AntPathRequestMatcher("/assets/**"));
        newArrayList.add(new AntPathRequestMatcher("/templates/**"));
        newArrayList.add(new AntPathRequestMatcher("/api/v1/info/**"));
        newArrayList.add(new AntPathRequestMatcher("/api/v1/swagger.json"));
        newArrayList.add(new AntPathRequestMatcher("/api/v1/swagger.yaml"));
        return new OrRequestMatcher(newArrayList);
    }

    public RequestMatcher serviceLogsRequestMatcher() {
        return new AntPathRequestMatcher("/api/v1/service/logs/**");
    }

    public RequestMatcher auditLogsRequestMatcher() {
        return new AntPathRequestMatcher("/api/v1/audit/logs/**");
    }

    public RequestMatcher eventHistoryRequestMatcher() {
        return new AntPathRequestMatcher("/api/v1/history/**");
    }

    public RequestMatcher logsearchConfigRequestMatcher() {
        return new AntPathRequestMatcher("/api/v1/shipper/**");
    }

    public RequestMatcher logLevelFilterRequestMatcher() {
        return new AntPathRequestMatcher("/api/v1/shipper/filters/**");
    }

    public RequestMatcher shipperConfigInputRequestMatcher() {
        return new AntPathRequestMatcher("/api/v1/shipper/input/**");
    }

    private String[] getCookies() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(LogSearchConstants.LOGSEARCH_SESSION_ID);
        if (this.authPropsConfig.isAuthJwtEnabled()) {
            arrayList.add(this.authPropsConfig.getCookieName());
        }
        return (String[]) arrayList.toArray(new String[0]);
    }
}
