package ch.tbmelabs.actuatorendpointssecurityutils.configuration;

import javax.annotation.PostConstruct;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.util.Assert;

@Configuration
@EnableWebSecurity
@Order(2)
/* loaded from: input_file:ch/tbmelabs/actuatorendpointssecurityutils/configuration/ActuatorEndpointSecurityConfiguration.class */
public class ActuatorEndpointSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final BCryptPasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();
    private ObjectPostProcessor<Object> objectPostProcessor;
    private String actuatorUserName;
    private String actuatorUserPassword;
    private String actuatorUserRole;

    public ActuatorEndpointSecurityConfiguration(ObjectPostProcessor<Object> objectPostProcessor, ApplicationProperties applicationProperties) {
        this.objectPostProcessor = objectPostProcessor;
        this.actuatorUserName = applicationProperties.getEureka().getInstance().getMetadataMap().getUser().getName();
        this.actuatorUserPassword = applicationProperties.getEureka().getInstance().getMetadataMap().getUser().getPassword();
        this.actuatorUserRole = applicationProperties.getEureka().getInstance().getMetadataMap().getUser().getRole();
    }

    @PostConstruct
    public void postConstruct() {
        Assert.notNull(this.actuatorUserName, "You must specify an actuator user name!");
        Assert.notNull(this.actuatorUserPassword, "You must specify an actuator user password!");
        Assert.notNull(this.actuatorUserRole, "You must specify an actuator user role!");
    }

    protected AuthenticationManager authenticationManager() throws Exception {
        AuthenticationManagerBuilder authenticationManagerBuilder = new AuthenticationManagerBuilder(this.objectPostProcessor);
        authenticationManagerBuilder.inMemoryAuthentication().passwordEncoder(PASSWORD_ENCODER).withUser(this.actuatorUserName).password(PASSWORD_ENCODER.encode(this.actuatorUserPassword)).roles(new String[]{this.actuatorUserRole});
        return (AuthenticationManager) authenticationManagerBuilder.build();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/actuator/**").authorizeRequests().antMatchers(new String[]{"/actuator/**"})).hasRole(this.actuatorUserRole).and().httpBasic();
    }
}
