package com.sap.cds.framework.spring.config.auth;

import com.sap.cds.adapter.ServletUrlResourcePaths;
import com.sap.cds.adapter.UrlResourcePath;
import com.sap.cds.feature.config.Properties;
import com.sap.cds.framework.spring.mt.MtFeature;
import com.sap.cds.services.runtime.CdsRuntime;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

@Configuration
@ConditionalOnClass({WebSecurityConfigurer.class})
/* loaded from: input_file:com/sap/cds/framework/spring/config/auth/CdsHttpSecurityConfigurerConfig.class */
public class CdsHttpSecurityConfigurerConfig {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/cds/framework/spring/config/auth/CdsHttpSecurityConfigurerConfig$CdsModelBasedSecurityConfigurer.class */
    public static class CdsModelBasedSecurityConfigurer implements HttpSecurityConfigurer {
        private static final Logger logger = LoggerFactory.getLogger(HttpSecurityConfigurer.class);
        private final CdsRuntime runtime;
        private final MtFeature mtFeature;

        public CdsModelBasedSecurityConfigurer(CdsRuntime cdsRuntime, MtFeature mtFeature) {
            this.runtime = cdsRuntime;
            this.mtFeature = mtFeature;
        }

        @Override // com.sap.cds.framework.spring.config.auth.HttpSecurityConfigurer
        public void configure(HttpSecurity httpSecurity) throws Exception {
            ServletUrlResourcePaths servletUrlResourcePaths = new ServletUrlResourcePaths(this.runtime);
            if (!Properties.getCds().getSecurity().isAuthenticateUnknownEndpoints()) {
                httpSecurity.requestMatchers().antMatchers((String[]) servletUrlResourcePaths.getBasePaths().map((v0) -> {
                    return v0.getPath();
                }).toArray(i -> {
                    return new String[i];
                }));
                logger.info("Configuring authentication of CDS adapter endpoints. Other endpoints are not configured.");
            }
            final ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
            if (Properties.getCds().getSecurity().getOpenUnrestrictedEndpoints(this.mtFeature.isActive())) {
                servletUrlResourcePaths.visit(new ServletUrlResourcePaths.UrlResourcePathVisitor() { // from class: com.sap.cds.framework.spring.config.auth.CdsHttpSecurityConfigurerConfig.CdsModelBasedSecurityConfigurer.1
                    public void foundPublicPath(UrlResourcePath urlResourcePath) {
                        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{urlResourcePath.getPath()})).permitAll();
                        CdsModelBasedSecurityConfigurer.logger.debug("Public CDS endpoint {}", urlResourcePath.getPath());
                    }

                    public void foundPublicEvents(UrlResourcePath urlResourcePath, Stream<String> stream) {
                        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry = authorizeRequests;
                        stream.forEach(str -> {
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(HttpMethod.valueOf(str), new String[]{urlResourcePath.getPath()})).permitAll();
                            CdsModelBasedSecurityConfigurer.logger.debug("Public CDS endpoint {} {}", str, urlResourcePath.getPath());
                        });
                        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{urlResourcePath.getPath()})).authenticated();
                        CdsModelBasedSecurityConfigurer.logger.debug("Authenticate CDS endpoint {}", urlResourcePath.getPath());
                    }
                });
            } else {
                logger.info("Disabled configuration of public CDS adapter endpoints. All CDS adapter endpoints require authentication.");
            }
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public HttpSecurityConfigurer httpSecurityConfigurer(CdsRuntime cdsRuntime, MtFeature mtFeature) {
        return new CdsModelBasedSecurityConfigurer(cdsRuntime, mtFeature);
    }
}
