package org.springframework.security.config.http;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.ResolvableType;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.Elements;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
import org.w3c.dom.Element;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/spring-security-config-5.3.2.RELEASE.jar:org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser.class */
public final class OAuth2LoginBeanDefinitionParser implements BeanDefinitionParser {
    private static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization";
    private static final String DEFAULT_LOGIN_URI = "/login";
    private static final String ELT_CLIENT_REGISTRATION = "client-registration";
    private static final String ATT_REGISTRATION_ID = "registration-id";
    private static final String ATT_CLIENT_REGISTRATION_REPOSITORY_REF = "client-registration-repository-ref";
    private static final String ATT_AUTHORIZED_CLIENT_REPOSITORY_REF = "authorized-client-repository-ref";
    private static final String ATT_AUTHORIZED_CLIENT_SERVICE_REF = "authorized-client-service-ref";
    private static final String ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF = "authorization-request-repository-ref";
    private static final String ATT_AUTHORIZATION_REQUEST_RESOLVER_REF = "authorization-request-resolver-ref";
    private static final String ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF = "access-token-response-client-ref";
    private static final String ATT_USER_AUTHORITIES_MAPPER_REF = "user-authorities-mapper-ref";
    private static final String ATT_USER_SERVICE_REF = "user-service-ref";
    private static final String ATT_OIDC_USER_SERVICE_REF = "oidc-user-service-ref";
    private static final String ATT_LOGIN_PROCESSING_URL = "login-processing-url";
    private static final String ATT_LOGIN_PAGE = "login-page";
    private static final String ATT_AUTHENTICATION_SUCCESS_HANDLER_REF = "authentication-success-handler-ref";
    private static final String ATT_AUTHENTICATION_FAILURE_HANDLER_REF = "authentication-failure-handler-ref";
    private static final String ATT_JWT_DECODER_FACTORY_REF = "jwt-decoder-factory-ref";
    private final BeanReference requestCache;
    private final BeanReference portMapper;
    private final BeanReference portResolver;
    private final BeanReference sessionStrategy;
    private final boolean allowSessionCreation;
    private BeanDefinition oauth2AuthorizationRequestRedirectFilter;
    private BeanDefinition oauth2LoginAuthenticationEntryPoint;
    private BeanDefinition oauth2LoginAuthenticationProvider;
    private BeanDefinition oauth2LoginOidcAuthenticationProvider;
    private BeanDefinition oauth2LoginLinks;

    /* loaded from: input_file:WEB-INF/lib/spring-security-config-5.3.2.RELEASE.jar:org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser$OAuth2LoginBeanConfig.class */
    private static class OAuth2LoginBeanConfig implements ApplicationContextAware {
        private ApplicationContext context;

        private OAuth2LoginBeanConfig() {
        }

        @Override // org.springframework.context.ApplicationContextAware
        public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
            this.context = applicationContext;
        }

        public Map<String, String> getLoginLinks() {
            Iterable iterable = null;
            ClientRegistrationRepository clientRegistrationRepository = (ClientRegistrationRepository) this.context.getBean(ClientRegistrationRepository.class);
            ResolvableType as = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class);
            if (as != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(as.resolveGenerics()[0])) {
                iterable = (Iterable) clientRegistrationRepository;
            }
            if (iterable == null) {
                return Collections.emptyMap();
            }
            String str = "/oauth2/authorization";
            HashMap hashMap = new HashMap();
            iterable.forEach(clientRegistration -> {
            });
            return hashMap;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-security-config-5.3.2.RELEASE.jar:org/springframework/security/config/http/OAuth2LoginBeanDefinitionParser$OidcAuthenticationRequestChecker.class */
    private static class OidcAuthenticationRequestChecker implements AuthenticationProvider {
        private OidcAuthenticationRequestChecker() {
        }

        @Override // org.springframework.security.authentication.AuthenticationProvider
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            if (!((OAuth2LoginAuthenticationToken) authentication).getAuthorizationExchange().getAuthorizationRequest().getScopes().contains(OidcScopes.OPENID)) {
                return null;
            }
            OAuth2Error oAuth2Error = new OAuth2Error("oidc_provider_not_configured", "An OpenID Connect Authentication Provider has not been configured. Check to ensure you include the dependency 'spring-security-oauth2-jose'.", null);
            throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
        }

        @Override // org.springframework.security.authentication.AuthenticationProvider
        public boolean supports(Class<?> cls) {
            return OAuth2LoginAuthenticationToken.class.isAssignableFrom(cls);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuth2LoginBeanDefinitionParser(BeanReference beanReference, BeanReference beanReference2, BeanReference beanReference3, BeanReference beanReference4, boolean z) {
        this.requestCache = beanReference;
        this.portMapper = beanReference2;
        this.portResolver = beanReference3;
        this.sessionStrategy = beanReference4;
        this.allowSessionCreation = z;
    }

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        AbstractBeanDefinition beanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) OAuth2LoginBeanConfig.class).getBeanDefinition();
        String generateBeanName = parserContext.getReaderContext().generateBeanName(beanDefinition);
        parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, generateBeanName));
        BeanMetadataElement clientRegistrationRepository = getClientRegistrationRepository(element);
        BeanMetadataElement authorizedClientRepository = getAuthorizedClientRepository(element, clientRegistrationRepository);
        BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(element);
        BeanMetadataElement oAuth2UserService = getOAuth2UserService(element);
        BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(element);
        BeanDefinitionBuilder addPropertyValue = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) OAuth2LoginAuthenticationFilter.class).addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository).addPropertyValue("authorizationRequestRepository", authorizationRequestRepository);
        if (this.sessionStrategy != null) {
            addPropertyValue.addPropertyValue("sessionAuthenticationStrategy", this.sessionStrategy);
        }
        Object extractSource = parserContext.extractSource(element);
        String attribute = element.getAttribute(ATT_LOGIN_PROCESSING_URL);
        if (StringUtils.isEmpty(attribute)) {
            addPropertyValue.addConstructorArgValue(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
        } else {
            WebConfigUtils.validateHttpRedirect(attribute, parserContext, extractSource);
            addPropertyValue.addConstructorArgValue(attribute);
        }
        BeanDefinitionBuilder addConstructorArgValue = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) OAuth2LoginAuthenticationProvider.class).addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oAuth2UserService);
        String attribute2 = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF);
        if (!StringUtils.isEmpty(attribute2)) {
            addConstructorArgValue.addPropertyReference("authoritiesMapper", attribute2);
        }
        this.oauth2LoginAuthenticationProvider = addConstructorArgValue.getBeanDefinition();
        this.oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient, attribute2);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) OAuth2AuthorizationRequestRedirectFilter.class);
        String attribute3 = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF);
        if (StringUtils.isEmpty(attribute3)) {
            rootBeanDefinition.addConstructorArgValue(clientRegistrationRepository);
        } else {
            rootBeanDefinition.addConstructorArgReference(attribute3);
        }
        rootBeanDefinition.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository).addPropertyValue("requestCache", this.requestCache);
        this.oauth2AuthorizationRequestRedirectFilter = rootBeanDefinition.getBeanDefinition();
        String attribute4 = element.getAttribute(ATT_AUTHENTICATION_SUCCESS_HANDLER_REF);
        if (StringUtils.isEmpty(attribute4)) {
            addPropertyValue.addPropertyValue("authenticationSuccessHandler", BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler").addPropertyValue("requestCache", this.requestCache).getBeanDefinition());
        } else {
            addPropertyValue.addPropertyReference("authenticationSuccessHandler", attribute4);
        }
        String attribute5 = element.getAttribute(ATT_LOGIN_PAGE);
        if (StringUtils.isEmpty(attribute5)) {
            Map<RequestMatcher, AuthenticationEntryPoint> loginEntryPoint = getLoginEntryPoint(element);
            if (loginEntryPoint != null) {
                this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DelegatingAuthenticationEntryPoint.class).addConstructorArgValue(loginEntryPoint).addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint("/login")).getBeanDefinition();
            }
        } else {
            WebConfigUtils.validateHttpRedirect(attribute5, parserContext, extractSource);
            this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(attribute5).addPropertyValue("portMapper", this.portMapper).addPropertyValue("portResolver", this.portResolver).getBeanDefinition();
        }
        String attribute6 = element.getAttribute(ATT_AUTHENTICATION_FAILURE_HANDLER_REF);
        if (StringUtils.isEmpty(attribute6)) {
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler");
            rootBeanDefinition2.addConstructorArgValue("/login?error");
            rootBeanDefinition2.addPropertyValue("allowSessionCreation", Boolean.valueOf(this.allowSessionCreation));
            addPropertyValue.addPropertyValue("authenticationFailureHandler", rootBeanDefinition2.getBeanDefinition());
        } else {
            addPropertyValue.addPropertyReference("authenticationFailureHandler", attribute6);
        }
        this.oauth2LoginLinks = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) Map.class).setFactoryMethodOnBean("getLoginLinks", generateBeanName).getBeanDefinition();
        return addPropertyValue.getBeanDefinition();
    }

    private BeanMetadataElement getAuthorizationRequestRepository(Element element) {
        String attribute = element.getAttribute(ATT_AUTHORIZATION_REQUEST_REPOSITORY_REF);
        return !StringUtils.isEmpty(attribute) ? new RuntimeBeanReference(attribute) : BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository").getBeanDefinition();
    }

    private BeanMetadataElement getAuthorizedClientRepository(Element element, BeanMetadataElement beanMetadataElement) {
        BeanMetadataElement beanDefinition;
        String attribute = element.getAttribute(ATT_AUTHORIZED_CLIENT_REPOSITORY_REF);
        if (StringUtils.isEmpty(attribute)) {
            String attribute2 = element.getAttribute(ATT_AUTHORIZED_CLIENT_SERVICE_REF);
            beanDefinition = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository").addConstructorArgValue(!StringUtils.isEmpty(attribute2) ? new RuntimeBeanReference(attribute2) : BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService").addConstructorArgValue(beanMetadataElement).getBeanDefinition()).getBeanDefinition();
        } else {
            beanDefinition = new RuntimeBeanReference(attribute);
        }
        return beanDefinition;
    }

    private BeanMetadataElement getClientRegistrationRepository(Element element) {
        String attribute = element.getAttribute(ATT_CLIENT_REGISTRATION_REPOSITORY_REF);
        return !StringUtils.isEmpty(attribute) ? new RuntimeBeanReference(attribute) : new RuntimeBeanReference((Class<?>) ClientRegistrationRepository.class);
    }

    private BeanDefinition getOidcAuthProvider(Element element, BeanMetadataElement beanMetadataElement, String str) {
        if (!ClassUtils.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", getClass().getClassLoader())) {
            return BeanDefinitionBuilder.rootBeanDefinition((Class<?>) OidcAuthenticationRequestChecker.class).getBeanDefinition();
        }
        BeanDefinitionBuilder addConstructorArgValue = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider").addConstructorArgValue(beanMetadataElement).addConstructorArgValue(getOidcUserService(element));
        if (!StringUtils.isEmpty(str)) {
            addConstructorArgValue.addPropertyReference("authoritiesMapper", str);
        }
        String attribute = element.getAttribute(ATT_JWT_DECODER_FACTORY_REF);
        if (!StringUtils.isEmpty(attribute)) {
            addConstructorArgValue.addPropertyReference("jwtDecoderFactory", attribute);
        }
        return addConstructorArgValue.getBeanDefinition();
    }

    private BeanMetadataElement getOidcUserService(Element element) {
        String attribute = element.getAttribute(ATT_OIDC_USER_SERVICE_REF);
        return !StringUtils.isEmpty(attribute) ? new RuntimeBeanReference(attribute) : BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService").getBeanDefinition();
    }

    private BeanMetadataElement getOAuth2UserService(Element element) {
        String attribute = element.getAttribute(ATT_USER_SERVICE_REF);
        return !StringUtils.isEmpty(attribute) ? new RuntimeBeanReference(attribute) : BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService").getBeanDefinition();
    }

    private BeanMetadataElement getAccessTokenResponseClient(Element element) {
        String attribute = element.getAttribute(ATT_ACCESS_TOKEN_RESPONSE_CLIENT_REF);
        return !StringUtils.isEmpty(attribute) ? new RuntimeBeanReference(attribute) : BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient").getBeanDefinition();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getOAuth2AuthorizationRequestRedirectFilter() {
        return this.oauth2AuthorizationRequestRedirectFilter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getOAuth2LoginAuthenticationEntryPoint() {
        return this.oauth2LoginAuthenticationEntryPoint;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getOAuth2LoginAuthenticationProvider() {
        return this.oauth2LoginAuthenticationProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getOAuth2LoginOidcAuthenticationProvider() {
        return this.oauth2LoginOidcAuthenticationProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getOAuth2LoginLinks() {
        return this.oauth2LoginLinks;
    }

    private Map<RequestMatcher, AuthenticationEntryPoint> getLoginEntryPoint(Element element) {
        LinkedHashMap linkedHashMap = null;
        Element childElementByTagName = DomUtils.getChildElementByTagName(element.getOwnerDocument().getDocumentElement(), Elements.CLIENT_REGISTRATIONS);
        if (childElementByTagName != null) {
            List<Element> childElementsByTagName = DomUtils.getChildElementsByTagName(childElementByTagName, ELT_CLIENT_REGISTRATION);
            if (childElementsByTagName.size() == 1) {
                AndRequestMatcher andRequestMatcher = new AndRequestMatcher(new OrRequestMatcher(new AntPathRequestMatcher("/login"), new AntPathRequestMatcher("/favicon.ico")), getAuthenticationEntryPointMatcher());
                NegatedRequestMatcher negatedRequestMatcher = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
                Element element2 = childElementsByTagName.get(0);
                linkedHashMap = new LinkedHashMap();
                linkedHashMap.put(new AndRequestMatcher(negatedRequestMatcher, new NegatedRequestMatcher(andRequestMatcher)), new LoginUrlAuthenticationEntryPoint("/oauth2/authorization/" + element2.getAttribute(ATT_REGISTRATION_ID)));
            }
        }
        return linkedHashMap;
    }

    private RequestMatcher getAuthenticationEntryPointMatcher() {
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(new HeaderContentNegotiationStrategy(), MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
        mediaTypeRequestMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
        return new AndRequestMatcher((List<RequestMatcher>) Arrays.asList(new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")), mediaTypeRequestMatcher));
    }
}
