package io.gravitee.am.management.handlers.management.api.spring.security.filter;

import io.gravitee.am.management.handlers.management.api.authentication.csrf.CookieCsrfSignedTokenRepository;
import io.gravitee.am.management.handlers.management.api.authentication.csrf.CsrfRequestMatcher;
import io.gravitee.am.management.handlers.management.api.authentication.filter.CsrfIncludeFilter;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;

/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/spring/security/filter/CsrfAwareConfiguration.class */
public abstract class CsrfAwareConfiguration {
    protected static final String DEFAULT_COOKIE_JWT_NAME = "Auth-Graviteeio-AM";
    protected static final String PROP_JWT_COOKIE_NAME = "jwt.cookie-name";
    protected static final String PROP_HTTP_CSRF_ENABLED = "http.csrf.enabled";
    protected final Environment environment;

    /* JADX INFO: Access modifiers changed from: protected */
    public CsrfAwareConfiguration(Environment environment) {
        this.environment = environment;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpSecurity applyCsrf(HttpSecurity httpSecurity, CookieCsrfSignedTokenRepository cookieCsrfSignedTokenRepository) throws Exception {
        if (!((Boolean) this.environment.getProperty(PROP_HTTP_CSRF_ENABLED, Boolean.class, true)).booleanValue()) {
            return httpSecurity.csrf(csrfConfigurer -> {
                csrfConfigurer.disable();
            });
        }
        CsrfTokenRequestAttributeHandler csrfTokenRequestAttributeHandler = new CsrfTokenRequestAttributeHandler();
        csrfTokenRequestAttributeHandler.setCsrfRequestAttributeName((String) null);
        return httpSecurity.csrf(csrfConfigurer2 -> {
            csrfConfigurer2.csrfTokenRepository(cookieCsrfSignedTokenRepository).csrfTokenRequestHandler(csrfTokenRequestAttributeHandler).requireCsrfProtectionMatcher(getRequireCsrfProtectionMatcher()).sessionAuthenticationStrategy((authentication, httpServletRequest, httpServletResponse) -> {
                cookieCsrfSignedTokenRepository.saveToken((CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName()), httpServletRequest, httpServletResponse);
            });
        }).addFilterAfter(new CsrfIncludeFilter(), CsrfFilter.class);
    }

    protected CsrfRequestMatcher getRequireCsrfProtectionMatcher() {
        return new CsrfRequestMatcher(this.environment.getProperty(PROP_JWT_COOKIE_NAME, DEFAULT_COOKIE_JWT_NAME));
    }
}
