package nl.nn.adapterframework.management.gateway;

import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.HttpConstraintElement;
import javax.servlet.ServletContext;
import javax.servlet.ServletRegistration;
import javax.servlet.ServletSecurityElement;
import javax.servlet.annotation.ServletSecurity;
import nl.nn.adapterframework.management.bus.BusAction;
import nl.nn.adapterframework.management.bus.BusMessageUtils;
import nl.nn.adapterframework.management.bus.BusTopic;
import nl.nn.adapterframework.management.security.JwtSecurityFilter;
import nl.nn.adapterframework.util.SpringUtils;
import nl.nn.adapterframework.util.StreamUtil;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.annotation.Order;
import org.springframework.http.converter.ByteArrayHttpMessageConverter;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.StringHttpMessageConverter;
import org.springframework.integration.IntegrationPattern;
import org.springframework.integration.IntegrationPatternType;
import org.springframework.integration.channel.PublishSubscribeChannel;
import org.springframework.integration.http.inbound.HttpRequestHandlingMessagingGateway;
import org.springframework.integration.http.support.DefaultHttpHeaderMapper;
import org.springframework.messaging.MessageChannel;
import org.springframework.messaging.SubscribableChannel;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.context.ServletContextAware;
import org.springframework.web.context.support.HttpRequestHandlerServlet;
import org.springframework.web.filter.RequestContextFilter;

@Order(2147483646)
/* loaded from: input_file:nl/nn/adapterframework/management/gateway/HttpInboundGateway.class */
public class HttpInboundGateway implements WebSecurityConfigurer<WebSecurity>, ServletContextAware, IntegrationPattern, InitializingBean, ApplicationContextAware, BeanFactoryAware {
    private static final String HTTP_SECURITY_BEAN_NAME = "org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity";
    private static final String SERVLET_NAME = "HttpInboundGatewayServlet";
    private final Logger log = LogManager.getLogger(HttpInboundGateway.class);
    private HttpRequestHandlingMessagingGateway gateway;
    private ApplicationContext applicationContext;
    private BeanFactory beanFactory;
    private ServletContext servletContext;

    @Value("${management.gateway.http.inbound.path:/iaf/management}")
    private String httpPath;

    public void afterPropertiesSet() {
        if (this.applicationContext == null) {
            throw new IllegalStateException("no ApplicationContext set");
        }
        if (this.gateway == null) {
            createGateway();
            createGatewayEndpoint();
        }
    }

    private void createGateway() {
        this.gateway = (HttpRequestHandlingMessagingGateway) SpringUtils.createBean(this.applicationContext, HttpRequestHandlingMessagingGateway.class);
        this.gateway.setRequestChannel(getRequestChannel(this.applicationContext));
        this.gateway.setErrorChannel(getErrorChannel(this.applicationContext));
        this.gateway.setMessageConverters(getMessageConverters());
        this.gateway.setErrorOnTimeout(false);
        this.gateway.setRequestTimeout(0L);
        this.gateway.setReplyTimeout(0L);
        DefaultHttpHeaderMapper defaultHttpHeaderMapper = (DefaultHttpHeaderMapper) SpringUtils.createBean(this.applicationContext, DefaultHttpHeaderMapper.class);
        defaultHttpHeaderMapper.setInboundHeaderNames(getRequestHeaders());
        defaultHttpHeaderMapper.setOutboundHeaderNames(new String[]{BusMessageUtils.HEADER_PREFIX_PATTERN});
        this.gateway.setHeaderMapper(defaultHttpHeaderMapper);
        this.beanFactory.registerSingleton(SERVLET_NAME, this.gateway);
    }

    public void createGatewayEndpoint() {
        HttpRequestHandlerServlet httpRequestHandlerServlet = new HttpRequestHandlerServlet();
        this.log.info("created management service endpoint [{}]", this.httpPath);
        ServletRegistration.Dynamic addServlet = this.servletContext.addServlet(SERVLET_NAME, httpRequestHandlerServlet);
        addServlet.setLoadOnStartup(-1);
        addServlet.addMapping(new String[]{this.httpPath});
        addServlet.setServletSecurity(new ServletSecurityElement(new HttpConstraintElement(ServletSecurity.TransportGuarantee.NONE, new String[0])));
    }

    private String[] getRequestHeaders() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(BusAction.ACTION_HEADER_NAME);
        arrayList.add(BusTopic.TOPIC_HEADER_NAME);
        arrayList.add(BusMessageUtils.HEADER_PREFIX_PATTERN);
        return (String[]) arrayList.toArray(new String[0]);
    }

    private MessageChannel getRequestChannel(ApplicationContext applicationContext) {
        return (MessageChannel) applicationContext.getBean("frank-management-bus", MessageChannel.class);
    }

    private SubscribableChannel getErrorChannel(ApplicationContext applicationContext) {
        PublishSubscribeChannel publishSubscribeChannel = (PublishSubscribeChannel) SpringUtils.createBean(applicationContext, PublishSubscribeChannel.class);
        publishSubscribeChannel.setBeanName("ErrorMessageConvertingChannel");
        ErrorMessageConverter errorMessageConverter = (ErrorMessageConverter) SpringUtils.createBean(applicationContext, ErrorMessageConverter.class);
        if (publishSubscribeChannel.subscribe(errorMessageConverter)) {
            this.log.info("created ErrorMessageConverter [{}]", errorMessageConverter);
        } else {
            this.log.info("unable to create ErrorMessageConverter, all errors wil be ingored");
            this.gateway.setErrorOnTimeout(false);
        }
        return publishSubscribeChannel;
    }

    private List<HttpMessageConverter<?>> getMessageConverters() {
        ArrayList arrayList = new ArrayList();
        StringHttpMessageConverter stringHttpMessageConverter = new StringHttpMessageConverter(StreamUtil.DEFAULT_CHARSET);
        stringHttpMessageConverter.setWriteAcceptCharset(false);
        arrayList.add(stringHttpMessageConverter);
        arrayList.add(new InputStreamHttpMessageConverter());
        arrayList.add(new ByteArrayHttpMessageConverter());
        return arrayList;
    }

    public IntegrationPatternType getIntegrationPatternType() {
        return IntegrationPatternType.inbound_gateway;
    }

    public void init(WebSecurity webSecurity) throws Exception {
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.addSecurityFilterChainBuilder(this::createSecurityFilterChain);
    }

    private SecurityFilterChain createSecurityFilterChain() {
        return configureHttpSecurity((HttpSecurity) this.applicationContext.getBean(HTTP_SECURITY_BEAN_NAME, HttpSecurity.class));
    }

    private SecurityFilterChain configureHttpSecurity(HttpSecurity httpSecurity) {
        try {
            httpSecurity.headers().frameOptions().sameOrigin();
            httpSecurity.csrf().disable();
            httpSecurity.securityMatcher(new AntPathRequestMatcher(this.httpPath));
            httpSecurity.formLogin().disable();
            httpSecurity.anonymous().disable();
            httpSecurity.logout().disable();
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.authorizeHttpRequests().anyRequest()).authenticated();
            httpSecurity.addFilterAfter((Filter) SpringUtils.createBean(this.applicationContext, RequestContextFilter.class), AuthorizationFilter.class);
            httpSecurity.addFilterBefore((JwtSecurityFilter) SpringUtils.createBean(this.applicationContext, JwtSecurityFilter.class), BasicAuthenticationFilter.class);
            return (SecurityFilterChain) httpSecurity.build();
        } catch (Exception e) {
            throw new IllegalStateException("unable to configure Spring Security", e);
        }
    }

    public void setApplicationContext(ApplicationContext applicationContext) {
        this.applicationContext = applicationContext;
    }

    public void setBeanFactory(BeanFactory beanFactory) {
        this.beanFactory = beanFactory;
    }

    public void setServletContext(ServletContext servletContext) {
        this.servletContext = servletContext;
    }
}
