package org.cattleframework.webmvc;

import java.util.ArrayList;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.cattleframework.utils.exception.BaseExceptionCustomizer;
import org.cattleframework.utils.exception.ExceptionProcessResponse;
import org.cattleframework.web.WebProperties;
import org.cattleframework.webmvc.exception.ExceptionController;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.SearchStrategy;
import org.springframework.boot.autoconfigure.web.servlet.error.ErrorMvcAutoConfiguration;
import org.springframework.boot.web.servlet.error.ErrorAttributes;
import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.lang.Nullable;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler;
import org.springframework.security.web.firewall.RequestRejectedHandler;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.ErrorResponse;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableWebMvc
@AutoConfiguration(before = {ErrorMvcAutoConfiguration.class})
/* loaded from: input_file:org/cattleframework/webmvc/WebMvcAutoConfiguration.class */
public class WebMvcAutoConfiguration {

    @Value("${server.error.path:${error.path:/error}}")
    private String errorPath;

    @Bean
    public WebMvcConfigurer webMvcConfigurer(WebProperties webProperties) {
        return new CattleWebMvcConfigurer(webProperties);
    }

    @Bean
    @Order(Integer.MIN_VALUE)
    public SecurityFilterChain webMvcSecurityFilterChain(HttpSecurity httpSecurity, WebProperties webProperties) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(AntPathRequestMatcher.antMatcher(HttpMethod.GET, this.errorPath));
        arrayList.add(AntPathRequestMatcher.antMatcher(HttpMethod.GET, "/favicon.ico"));
        if (CollectionUtils.isNotEmpty(webProperties.getSecurityIgnoreStaticResourcePaths())) {
            webProperties.getSecurityIgnoreStaticResourcePaths().forEach(str -> {
                arrayList.add(AntPathRequestMatcher.antMatcher(HttpMethod.GET, str));
            });
        }
        if (CollectionUtils.isNotEmpty(webProperties.getSecurityIgnorePaths())) {
            webProperties.getSecurityIgnorePaths().forEach(str2 -> {
                arrayList.add(AntPathRequestMatcher.antMatcher(str2));
            });
        }
        OrRequestMatcher orRequestMatcher = new OrRequestMatcher(arrayList);
        httpSecurity.securityMatcher(orRequestMatcher).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{orRequestMatcher})).permitAll().anyRequest()).authenticated();
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.ignoringRequestMatchers(new RequestMatcher[]{orRequestMatcher});
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions(frameOptionsConfig -> {
                frameOptionsConfig.sameOrigin();
            }).xssProtection(xXssConfig -> {
                xXssConfig.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK);
            }).contentTypeOptions(Customizer.withDefaults());
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @ConditionalOnMissingBean
    @Bean
    public HttpFirewall httpFirewall(WebProperties webProperties) {
        StrictHttpFirewall strictHttpFirewall = new StrictHttpFirewall();
        if (CollectionUtils.isNotEmpty(webProperties.getAllowedHttpMethods())) {
            strictHttpFirewall.setAllowedHttpMethods(webProperties.getAllowedHttpMethods());
        }
        return strictHttpFirewall;
    }

    @ConditionalOnMissingBean
    @Bean
    public RequestRejectedHandler requestRejectedHandler() {
        return new HttpStatusRequestRejectedHandler();
    }

    @ConditionalOnMissingBean(value = {ErrorController.class}, search = SearchStrategy.CURRENT)
    @Bean({"errorController"})
    public ExceptionController exceptionController(ErrorAttributes errorAttributes, WebProperties webProperties, @Nullable Set<BaseExceptionCustomizer> set) {
        return new ExceptionController(errorAttributes, webProperties, set);
    }

    @Bean
    public BaseExceptionCustomizer webmvcExceptionCustomizer() {
        return new BaseExceptionCustomizer(AccessDeniedException.class, ErrorResponse.class) { // from class: org.cattleframework.webmvc.WebMvcAutoConfiguration.1
            protected ExceptionProcessResponse processException(Throwable th) {
                if (th instanceof AccessDeniedException) {
                    return new ExceptionProcessResponse(Integer.valueOf(HttpStatus.FORBIDDEN.value()), (Integer) null, th.getMessage(), (String) null);
                }
                if (th instanceof ErrorResponse) {
                    return new ExceptionProcessResponse(Integer.valueOf(((ErrorResponse) th).getStatusCode().value()), (Integer) null, th.getMessage(), (String) null);
                }
                return null;
            }
        };
    }
}
