package com.sap.cds.framework.spring.actuator;

import com.google.common.collect.Lists;
import com.sap.cds.adapter.ServletUrlResourcePaths;
import com.sap.cds.adapter.UrlResourcePath;
import com.sap.cds.feature.config.Properties;
import com.sap.cds.feature.config.pojo.CdsProperties;
import com.sap.cds.framework.spring.config.auth.MockUsersSecurityConfig;
import com.sap.cds.framework.spring.config.auth.XsuaaSecurityConfig;
import com.sap.cds.framework.spring.mt.MtFeature;
import com.sap.cds.services.runtime.CdsRuntime;
import com.sap.cds.services.utils.info.CdsInfo;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@ConditionalOnClass({WebSecurityConfigurer.class})
/* loaded from: input_file:com/sap/cds/framework/spring/actuator/CdsSecurityInfo.class */
public class CdsSecurityInfo {
    private Authentication authentication;
    private CdsRuntime cdsRuntime;
    private MtFeature mtFeature;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sap/cds/framework/spring/actuator/CdsSecurityInfo$Authentication.class */
    public enum Authentication {
        NONE("Not configured", null, "All endpoints are public!", null),
        CUSTOM("Custom", "<unknown>", "Make sure CDS adapter endpoints are secured accordingly", null),
        MOCK("Mock users", "Basic", "Not appropriate for productive usage!", MockUsersSecurityConfig.class),
        XSUAA("XSUAA", "OAuth2", null, XsuaaSecurityConfig.class);

        private final String name;
        private final String type;
        private final String remark;
        private final Class<?> config;

        Authentication(String str, String str2, String str3, Class cls) {
            this.name = str;
            this.type = str2;
            this.remark = str3;
            this.config = cls;
        }
    }

    /* loaded from: input_file:com/sap/cds/framework/spring/actuator/CdsSecurityInfo$CdsSecurityInfoImpl.class */
    public static class CdsSecurityInfoImpl implements CdsInfo {
        private static CdsSecurityInfo securityInfo;

        /* renamed from: info, reason: merged with bridge method [inline-methods] */
        public Map<String, Object> m1info(final CdsInfo.Details details) {
            return new LinkedHashMap<String, Object>() { // from class: com.sap.cds.framework.spring.actuator.CdsSecurityInfo.CdsSecurityInfoImpl.1
                {
                    if (CdsSecurityInfoImpl.securityInfo == null) {
                        put("authentication", new LinkedHashMap<String, Object>() { // from class: com.sap.cds.framework.spring.actuator.CdsSecurityInfo.CdsSecurityInfoImpl.1.1
                            {
                                put("name", "Not configured");
                                put("remark", "All endpoints are public!");
                            }
                        });
                        return;
                    }
                    put("authentication", CdsSecurityInfoImpl.securityInfo.authentication());
                    put("authorization", CdsSecurityInfoImpl.securityInfo.authorization());
                    if (details == CdsInfo.Details.HIGH) {
                        Map publicEndpoints = CdsSecurityInfoImpl.securityInfo.publicEndpoints();
                        if (publicEndpoints.isEmpty()) {
                            return;
                        }
                        put("public CDS adapter endpoints", publicEndpoints);
                    }
                }
            };
        }

        public String name() {
            return "security";
        }
    }

    @Autowired
    public CdsSecurityInfo(List<WebSecurityConfigurerAdapter> list, CdsRuntime cdsRuntime, MtFeature mtFeature) {
        this.cdsRuntime = cdsRuntime;
        this.mtFeature = mtFeature;
        this.authentication = Authentication.NONE;
        if (list != null) {
            this.authentication = (Authentication) Stream.of((Object[]) Authentication.values()).filter(authentication -> {
                return authentication.config != null && list.stream().filter(webSecurityConfigurerAdapter -> {
                    return authentication.config.isAssignableFrom(webSecurityConfigurerAdapter.getClass());
                }).findAny().isPresent();
            }).findFirst().orElse(Authentication.CUSTOM);
        }
        CdsSecurityInfo unused = CdsSecurityInfoImpl.securityInfo = this;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Object> authentication() {
        return new LinkedHashMap<String, Object>() { // from class: com.sap.cds.framework.spring.actuator.CdsSecurityInfo.1
            {
                put("name", CdsSecurityInfo.this.authentication.name);
                if (CdsSecurityInfo.this.authentication.type != null) {
                    put("type", CdsSecurityInfo.this.authentication.type);
                }
                if (CdsSecurityInfo.this.authentication.remark != null) {
                    put("remark", CdsSecurityInfo.this.authentication.remark);
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Object> authorization() {
        return new LinkedHashMap<String, Object>() { // from class: com.sap.cds.framework.spring.actuator.CdsSecurityInfo.2
            {
                CdsProperties.Security security = Properties.getCds().getSecurity();
                put("authenticate-unknown-endpoints", Boolean.valueOf(security.isAuthenticateUnknownEndpoints()));
                put("instance-based-authorization", security.getInstanceBasedAuthorization().isEnabled());
                put("open-unrestricted-endpoints", Boolean.valueOf(security.getOpenUnrestrictedEndpoints(CdsSecurityInfo.this.mtFeature.isActive())));
                put("draft-protection", security.getDraftProtection().isEnabled());
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, List<String>> publicEndpoints() {
        final LinkedHashMap linkedHashMap = new LinkedHashMap();
        if ((this.authentication == Authentication.MOCK || this.authentication == Authentication.XSUAA) && Properties.getCds().getSecurity().getOpenUnrestrictedEndpoints(this.mtFeature.isActive())) {
            new ServletUrlResourcePaths(this.cdsRuntime).visit(new ServletUrlResourcePaths.UrlResourcePathVisitor() { // from class: com.sap.cds.framework.spring.actuator.CdsSecurityInfo.3
                public void foundPublicPath(UrlResourcePath urlResourcePath) {
                    linkedHashMap.put(urlResourcePath.getPath(), Lists.newArrayList(new String[]{"*"}));
                }

                public void foundPublicEvents(UrlResourcePath urlResourcePath, Stream<String> stream) {
                    List list = (List) stream.collect(Collectors.toList());
                    if (list.isEmpty()) {
                        return;
                    }
                    linkedHashMap.put(urlResourcePath.getPath(), list);
                }
            });
        }
        return linkedHashMap;
    }
}
