package org.springframework.boot.actuate.endpoint.mvc;

import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.springframework.boot.actuate.endpoint.HealthEndpoint;
import org.springframework.boot.actuate.health.Health;
import org.springframework.boot.actuate.health.Status;
import org.springframework.boot.bind.RelaxedNames;
import org.springframework.boot.bind.RelaxedPropertyResolver;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.EnvironmentAware;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.transaction.interceptor.RuleBasedTransactionAttribute;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@ConfigurationProperties(prefix = "endpoints.health")
/* loaded from: input_file:BOOT-INF/lib/spring-boot-actuator-1.4.1.RELEASE.jar:org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.class */
public class HealthMvcEndpoint extends AbstractEndpointMvcAdapter<HealthEndpoint> implements EnvironmentAware {
    private final boolean secure;
    private Map<String, HttpStatus> statusMapping;
    private RelaxedPropertyResolver propertyResolver;
    private RelaxedPropertyResolver roleResolver;
    private long lastAccess;
    private Health cached;

    public HealthMvcEndpoint(HealthEndpoint healthEndpoint) {
        this(healthEndpoint, true);
    }

    public HealthMvcEndpoint(HealthEndpoint healthEndpoint, boolean z) {
        super(healthEndpoint);
        this.statusMapping = new HashMap();
        this.lastAccess = 0L;
        this.secure = z;
        setupDefaultStatusMapping();
    }

    private void setupDefaultStatusMapping() {
        addStatusMapping(Status.DOWN, HttpStatus.SERVICE_UNAVAILABLE);
        addStatusMapping(Status.OUT_OF_SERVICE, HttpStatus.SERVICE_UNAVAILABLE);
    }

    @Override // org.springframework.context.EnvironmentAware
    public void setEnvironment(Environment environment) {
        this.propertyResolver = new RelaxedPropertyResolver(environment, "endpoints.health.");
        this.roleResolver = new RelaxedPropertyResolver(environment, "management.security.");
    }

    public void setStatusMapping(Map<String, HttpStatus> map) {
        Assert.notNull(map, "StatusMapping must not be null");
        this.statusMapping = new HashMap(map);
    }

    public void addStatusMapping(Map<String, HttpStatus> map) {
        Assert.notNull(map, "StatusMapping must not be null");
        this.statusMapping.putAll(map);
    }

    public void addStatusMapping(Status status, HttpStatus httpStatus) {
        Assert.notNull(status, "Status must not be null");
        Assert.notNull(httpStatus, "HttpStatus must not be null");
        addStatusMapping(status.getCode(), httpStatus);
    }

    public void addStatusMapping(String str, HttpStatus httpStatus) {
        Assert.notNull(str, "StatusCode must not be null");
        Assert.notNull(httpStatus, "HttpStatus must not be null");
        this.statusMapping.put(str, httpStatus);
    }

    @RequestMapping(produces = {"application/json"})
    @ResponseBody
    public Object invoke(Principal principal) {
        if (!getDelegate().isEnabled()) {
            return getDisabledResponse();
        }
        Health health = getHealth(principal);
        HttpStatus status = getStatus(health);
        return status != null ? new ResponseEntity(health, status) : health;
    }

    private HttpStatus getStatus(Health health) {
        String code = health.getStatus().getCode();
        if (code == null) {
            return null;
        }
        Iterator<String> it = RelaxedNames.forCamelCase(code.toLowerCase().replace("_", RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE)).iterator();
        while (it.hasNext()) {
            HttpStatus httpStatus = this.statusMapping.get(it.next());
            if (httpStatus != null) {
                return httpStatus;
            }
        }
        return null;
    }

    private Health getHealth(Principal principal) {
        long currentTimeMillis = System.currentTimeMillis();
        if (isCacheStale(currentTimeMillis)) {
            this.lastAccess = currentTimeMillis;
            this.cached = getDelegate().invoke();
        }
        return exposeHealthDetails(principal) ? this.cached : Health.status(this.cached.getStatus()).build();
    }

    private boolean isCacheStale(long j) {
        return this.cached == null || j - this.lastAccess >= getDelegate().getTimeToLive();
    }

    private boolean exposeHealthDetails(Principal principal) {
        return isSecure(principal) || isUnrestricted();
    }

    private boolean isSecure(Principal principal) {
        if (principal == null || principal.getClass().getName().contains("Anonymous") || !isSpringSecurityAuthentication(principal)) {
            return false;
        }
        List<String> asList = Arrays.asList(StringUtils.trimArrayElements(StringUtils.commaDelimitedListToStringArray(this.roleResolver.getProperty("roles", "ROLE_ADMIN"))));
        Iterator it = ((Authentication) principal).getAuthorities().iterator();
        while (it.hasNext()) {
            String authority = ((GrantedAuthority) it.next()).getAuthority();
            for (String str : asList) {
                if (str.equals(authority) || ("ROLE_" + str).equals(authority)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean isSpringSecurityAuthentication(Principal principal) {
        return ClassUtils.isPresent("org.springframework.security.core.Authentication", null) && (principal instanceof Authentication);
    }

    private boolean isUnrestricted() {
        return (this.secure || Boolean.TRUE.equals((Boolean) this.propertyResolver.getProperty("sensitive", Boolean.class))) ? false : true;
    }
}
