package org.springframework.security.config.annotation.web.configuration;

import cn.com.yusys.yusp.commons.security.headers.HeadersSecurityProperties;
import cn.com.yusys.yusp.commons.security.util.WebSecurityUtils;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({HeadersSecurityProperties.class})
@EnableWebSecurity
@ConditionalOnClass({DefaultAuthenticationEventPublisher.class})
@ConditionalOnProperty(prefix = "yusp", name = {"security.enabled"}, havingValue = "true", matchIfMissing = true)
@Order(99)
/* loaded from: input_file:org/springframework/security/config/annotation/web/configuration/HeadersSecurityAutoConfiguration.class */
public class HeadersSecurityAutoConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(HeadersSecurityAutoConfiguration.class);
    private final HeadersSecurityProperties headersSecurityProperties;
    private final List<WebSecurityConfigurerAdapter> securityConfigurerAdapters;

    public HeadersSecurityAutoConfiguration(HeadersSecurityProperties headersSecurityProperties, ObjectProvider<List<WebSecurityConfigurerAdapter>> objectProvider) {
        this.headersSecurityProperties = headersSecurityProperties;
        this.securityConfigurerAdapters = (List) objectProvider.getIfAvailable();
    }

    protected void configure(HttpSecurity httpSecurity) {
        if (this.securityConfigurerAdapters != null && !this.securityConfigurerAdapters.isEmpty()) {
            this.securityConfigurerAdapters.forEach(webSecurityConfigurerAdapter -> {
                try {
                    appendSecurityConfigurer(webSecurityConfigurerAdapter.getHttp());
                } catch (Exception e) {
                    log.error("Add Yusp Security Framework exception", e);
                }
            });
        }
        log.debug("Loaded Yusp Security framework Success");
    }

    private void appendSecurityConfigurer(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().csrfTokenRepository(new CookieCsrfTokenRepository()).requireCsrfProtectionMatcher(requestMatcher());
        httpSecurity.headers().contentTypeOptions().disable().frameOptions().disable().xssProtection().disable().cacheControl().disable().addHeaderWriter(new StaticHeadersWriter(WebSecurityUtils.parseSecurityHeaders(this.headersSecurityProperties)));
    }

    private RequestMatcher requestMatcher() {
        boolean z = false;
        List list = null;
        if (!StringUtils.isEmpty(this.headersSecurityProperties.getCsrf())) {
            list = (List) Arrays.stream(this.headersSecurityProperties.getCsrf().split(",")).map(AntPathRequestMatcher::new).collect(Collectors.toList());
            z = true;
        }
        boolean z2 = z;
        List list2 = list;
        return httpServletRequest -> {
            return z2 && list2 != null && list2.stream().anyMatch(antPathRequestMatcher -> {
                return antPathRequestMatcher.matches(httpServletRequest);
            });
        };
    }
}
