package org.apache.nifi.web;

import org.apache.nifi.admin.service.UserService;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.NiFiAuthenticationProvider;
import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter;
import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter;
import org.apache.nifi.web.security.jwt.JwtService;
import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter;
import org.apache.nifi.web.security.otp.OtpAuthenticationFilter;
import org.apache.nifi.web.security.otp.OtpService;
import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.apache.nifi.web.security.x509.X509AuthenticationFilter;
import org.apache.nifi.web.security.x509.X509CertificateExtractor;
import org.apache.nifi.web.security.x509.X509IdentityProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.class */
public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(NiFiWebApiSecurityConfiguration.class);
    private NiFiProperties properties;
    private UserService userService;
    private AuthenticationUserDetailsService authenticationUserDetailsService;
    private JwtService jwtService;
    private OtpService otpService;
    private X509CertificateExtractor certificateExtractor;
    private X509IdentityProvider certificateIdentityProvider;
    private NodeAuthorizedUserFilter nodeAuthorizedUserFilter;
    private JwtAuthenticationFilter jwtAuthenticationFilter;
    private OtpAuthenticationFilter otpAuthenticationFilter;
    private X509AuthenticationFilter x509AuthenticationFilter;
    private NiFiAnonymousUserFilter anonymousAuthenticationFilter;

    public NiFiWebApiSecurityConfiguration() {
        super(true);
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/access", "/access/config", "/access/token", "/access/kerberos"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.rememberMe().disable().authorizeRequests().anyRequest()).fullyAuthenticated().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.addFilterBefore(nodeAuthorizedUserFilterBean(), AnonymousAuthenticationFilter.class);
        httpSecurity.anonymous().authenticationFilter(anonymousFilterBean());
        httpSecurity.addFilterAfter(x509FilterBean(), AnonymousAuthenticationFilter.class);
        httpSecurity.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class);
        httpSecurity.addFilterAfter(otpFilterBean(), AnonymousAuthenticationFilter.class);
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(new NiFiAuthenticationProvider(this.authenticationUserDetailsService));
    }

    @Bean
    public NodeAuthorizedUserFilter nodeAuthorizedUserFilterBean() throws Exception {
        if (this.nodeAuthorizedUserFilter == null) {
            this.nodeAuthorizedUserFilter = new NodeAuthorizedUserFilter();
            this.nodeAuthorizedUserFilter.setProperties(this.properties);
            this.nodeAuthorizedUserFilter.setCertificateExtractor(this.certificateExtractor);
            this.nodeAuthorizedUserFilter.setCertificateIdentityProvider(this.certificateIdentityProvider);
        }
        return this.nodeAuthorizedUserFilter;
    }

    @Bean
    public JwtAuthenticationFilter jwtFilterBean() throws Exception {
        if (this.jwtAuthenticationFilter == null) {
            this.jwtAuthenticationFilter = new JwtAuthenticationFilter();
            this.jwtAuthenticationFilter.setProperties(this.properties);
            this.jwtAuthenticationFilter.setAuthenticationManager(authenticationManager());
            this.jwtAuthenticationFilter.setJwtService(this.jwtService);
        }
        return this.jwtAuthenticationFilter;
    }

    @Bean
    public OtpAuthenticationFilter otpFilterBean() throws Exception {
        if (this.otpAuthenticationFilter == null) {
            this.otpAuthenticationFilter = new OtpAuthenticationFilter();
            this.otpAuthenticationFilter.setProperties(this.properties);
            this.otpAuthenticationFilter.setAuthenticationManager(authenticationManager());
            this.otpAuthenticationFilter.setOtpService(this.otpService);
        }
        return this.otpAuthenticationFilter;
    }

    @Bean
    public X509AuthenticationFilter x509FilterBean() throws Exception {
        if (this.x509AuthenticationFilter == null) {
            this.x509AuthenticationFilter = new X509AuthenticationFilter();
            this.x509AuthenticationFilter.setProperties(this.properties);
            this.x509AuthenticationFilter.setCertificateExtractor(this.certificateExtractor);
            this.x509AuthenticationFilter.setCertificateIdentityProvider(this.certificateIdentityProvider);
            this.x509AuthenticationFilter.setAuthenticationManager(authenticationManager());
        }
        return this.x509AuthenticationFilter;
    }

    @Bean
    public NiFiAnonymousUserFilter anonymousFilterBean() throws Exception {
        if (this.anonymousAuthenticationFilter == null) {
            this.anonymousAuthenticationFilter = new NiFiAnonymousUserFilter();
            this.anonymousAuthenticationFilter.setUserService(this.userService);
        }
        return this.anonymousAuthenticationFilter;
    }

    @Autowired
    public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> authenticationUserDetailsService) {
        this.authenticationUserDetailsService = authenticationUserDetailsService;
    }

    @Autowired
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @Autowired
    public void setProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    @Autowired
    public void setJwtService(JwtService jwtService) {
        this.jwtService = jwtService;
    }

    @Autowired
    public void setOtpService(OtpService otpService) {
        this.otpService = otpService;
    }

    @Autowired
    public void setCertificateExtractor(X509CertificateExtractor x509CertificateExtractor) {
        this.certificateExtractor = x509CertificateExtractor;
    }

    @Autowired
    public void setCertificateIdentityProvider(X509IdentityProvider x509IdentityProvider) {
        this.certificateIdentityProvider = x509IdentityProvider;
    }
}
