package org.springframework.security.config.http;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.ListFactoryBean;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.boot.logging.LoggingSystem;
import org.springframework.core.OrderComparator;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.Elements;
import org.springframework.security.config.authentication.AuthenticationManagerFactoryBean;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-5.6.1.jar:org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.class */
public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
    private static final Log logger = LogFactory.getLog((Class<?>) HttpSecurityBeanDefinitionParser.class);
    private static final String ATT_AUTHENTICATION_MANAGER_REF = "authentication-manager-ref";
    static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
    static final String ATT_PATH_PATTERN = "pattern";
    static final String ATT_HTTP_METHOD = "method";
    static final String ATT_FILTERS = "filters";
    static final String OPT_FILTERS_NONE = "none";
    static final String ATT_REQUIRES_CHANNEL = "requires-channel";
    private static final String ATT_REF = "ref";
    private static final String ATT_SECURED = "security";
    private static final String OPT_SECURITY_NONE = "none";
    private static final String ATT_AFTER = "after";
    private static final String ATT_BEFORE = "before";
    private static final String ATT_POSITION = "position";

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-5.6.1.jar:org/springframework/security/config/http/HttpSecurityBeanDefinitionParser$ClearCredentialsMethodInvokingFactoryBean.class */
    static final class ClearCredentialsMethodInvokingFactoryBean extends MethodInvokingFactoryBean {
        ClearCredentialsMethodInvokingFactoryBean() {
        }

        @Override // org.springframework.beans.factory.config.MethodInvokingFactoryBean, org.springframework.beans.factory.config.MethodInvokingBean, org.springframework.beans.factory.InitializingBean
        public void afterPropertiesSet() throws Exception {
            if (!(getTargetObject() instanceof ProviderManager)) {
                setTargetObject(this);
            }
            super.afterPropertiesSet();
        }

        boolean isEraseCredentialsAfterAuthentication() {
            return false;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-5.6.1.jar:org/springframework/security/config/http/HttpSecurityBeanDefinitionParser$RequestRejectedHandlerPostProcessor.class */
    static class RequestRejectedHandlerPostProcessor implements BeanDefinitionRegistryPostProcessor {
        private final String beanName;
        private final String targetBeanName;
        private final String targetPropertyName;

        RequestRejectedHandlerPostProcessor(String str, String str2, String str3) {
            this.beanName = str;
            this.targetBeanName = str2;
            this.targetPropertyName = str3;
        }

        @Override // org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor
        public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry beanDefinitionRegistry) throws BeansException {
            if (beanDefinitionRegistry.containsBeanDefinition(this.beanName)) {
                beanDefinitionRegistry.getBeanDefinition(this.targetBeanName).getPropertyValues().add(this.targetPropertyName, new RuntimeBeanReference(this.beanName));
            }
        }

        @Override // org.springframework.beans.factory.config.BeanFactoryPostProcessor
        public void postProcessBeanFactory(ConfigurableListableBeanFactory configurableListableBeanFactory) throws BeansException {
        }
    }

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        parserContext.pushContainingComponent(new CompositeComponentDefinition(element.getTagName(), parserContext.extractSource(element)));
        registerFilterChainProxyIfNecessary(parserContext, parserContext.extractSource(element));
        ((List) parserContext.getRegistry().getBeanDefinition(BeanIds.FILTER_CHAINS).getPropertyValues().getPropertyValue("sourceList").getValue()).add(createFilterChain(element, parserContext));
        parserContext.popAndRegisterContainingComponent();
        return null;
    }

    private BeanReference createFilterChain(Element element, ParserContext parserContext) {
        if (!(!LoggingSystem.NONE.equals(element.getAttribute(ATT_SECURED)))) {
            validateSecuredFilterChainElement(element, parserContext);
            for (int i = 0; i < element.getChildNodes().getLength(); i++) {
                if (element.getChildNodes().item(i) instanceof Element) {
                    parserContext.getReaderContext().error("If you are using <http> to define an unsecured pattern, it cannot contain child elements.", parserContext.extractSource(element));
                }
            }
            return createSecurityFilterChainBean(element, parserContext, Collections.emptyList());
        }
        BeanReference createPortMapper = createPortMapper(element, parserContext);
        RuntimeBeanReference createPortResolver = createPortResolver(createPortMapper, parserContext);
        ManagedList<BeanReference> managedList = new ManagedList<>();
        BeanReference createAuthenticationManager = createAuthenticationManager(element, parserContext, managedList);
        boolean isDefaultHttpConfig = isDefaultHttpConfig(element);
        HttpConfigurationBuilder httpConfigurationBuilder = new HttpConfigurationBuilder(element, isDefaultHttpConfig, parserContext, createPortMapper, createPortResolver, createAuthenticationManager);
        AuthenticationConfigBuilder authenticationConfigBuilder = new AuthenticationConfigBuilder(element, isDefaultHttpConfig, parserContext, httpConfigurationBuilder.getSessionCreationPolicy(), httpConfigurationBuilder.getRequestCache(), createAuthenticationManager, httpConfigurationBuilder.getSessionStrategy(), createPortMapper, createPortResolver, httpConfigurationBuilder.getCsrfLogoutHandler());
        httpConfigurationBuilder.setLogoutHandlers(authenticationConfigBuilder.getLogoutHandlers());
        httpConfigurationBuilder.setEntryPoint(authenticationConfigBuilder.getEntryPointBean());
        httpConfigurationBuilder.setAccessDeniedHandler(authenticationConfigBuilder.getAccessDeniedHandlerBean());
        httpConfigurationBuilder.setCsrfIgnoreRequestMatchers(authenticationConfigBuilder.getCsrfIgnoreRequestMatchers());
        managedList.addAll(authenticationConfigBuilder.getProviders());
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(httpConfigurationBuilder.getFilters());
        arrayList.addAll(authenticationConfigBuilder.getFilters());
        arrayList.addAll(buildCustomFilterList(element, parserContext));
        arrayList.sort(new OrderComparator());
        checkFilterChainOrder(arrayList, parserContext, parserContext.extractSource(element));
        ManagedList managedList2 = new ManagedList();
        Iterator<OrderDecorator> it = arrayList.iterator();
        while (it.hasNext()) {
            managedList2.add(it.next().bean);
        }
        return createSecurityFilterChainBean(element, parserContext, managedList2);
    }

    private void validateSecuredFilterChainElement(Element element, ParserContext parserContext) {
        if (StringUtils.hasText(element.getAttribute("pattern")) || StringUtils.hasText(ATT_REQUEST_MATCHER_REF)) {
            return;
        }
        parserContext.getReaderContext().error("The 'security' attribute must be used in combination with the 'pattern' or 'request-matcher-ref' attributes.", parserContext.extractSource(element));
    }

    private static boolean isDefaultHttpConfig(Element element) {
        return element.getChildNodes().getLength() == 0 && element.getAttributes().getLength() == 0;
    }

    private BeanReference createSecurityFilterChainBean(Element element, ParserContext parserContext, List<?> list) {
        BeanMetadataElement createMatcher;
        String attribute = element.getAttribute(ATT_REQUEST_MATCHER_REF);
        String attribute2 = element.getAttribute("pattern");
        if (StringUtils.hasText(attribute)) {
            if (StringUtils.hasText(attribute2)) {
                parserContext.getReaderContext().error("You can't define a pattern and a request-matcher-ref for the same filter chain", parserContext.extractSource(element));
            }
            createMatcher = new RuntimeBeanReference(attribute);
        } else {
            createMatcher = StringUtils.hasText(attribute2) ? MatcherType.fromElement(element).createMatcher(parserContext, attribute2, null) : new RootBeanDefinition((Class<?>) AnyRequestMatcher.class);
        }
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DefaultSecurityFilterChain.class);
        rootBeanDefinition.addConstructorArgValue(createMatcher);
        rootBeanDefinition.addConstructorArgValue(list);
        AbstractBeanDefinition beanDefinition = rootBeanDefinition.getBeanDefinition();
        String attribute3 = element.getAttribute("name");
        if (!StringUtils.hasText(attribute3)) {
            attribute3 = element.getAttribute("id");
            if (!StringUtils.hasText(attribute3)) {
                attribute3 = parserContext.getReaderContext().generateBeanName(beanDefinition);
            }
        }
        parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, attribute3));
        return new RuntimeBeanReference(attribute3);
    }

    private BeanReference createPortMapper(Element element, ParserContext parserContext) {
        BeanDefinition parse = new PortMappingsBeanDefinitionParser().parse(DomUtils.getChildElementByTagName(element, Elements.PORT_MAPPINGS), parserContext);
        String generateBeanName = parserContext.getReaderContext().generateBeanName(parse);
        parserContext.registerBeanComponent(new BeanComponentDefinition(parse, generateBeanName));
        return new RuntimeBeanReference(generateBeanName);
    }

    private RuntimeBeanReference createPortResolver(BeanReference beanReference, ParserContext parserContext) {
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition((Class<?>) PortResolverImpl.class);
        rootBeanDefinition.getPropertyValues().addPropertyValue("portMapper", beanReference);
        String generateBeanName = parserContext.getReaderContext().generateBeanName(rootBeanDefinition);
        parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, generateBeanName));
        return new RuntimeBeanReference(generateBeanName);
    }

    private BeanReference createAuthenticationManager(Element element, ParserContext parserContext, ManagedList<BeanReference> managedList) {
        String attribute = element.getAttribute(ATT_AUTHENTICATION_MANAGER_REF);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ProviderManager.class);
        rootBeanDefinition.addConstructorArgValue(managedList);
        if (StringUtils.hasText(attribute)) {
            RuntimeBeanReference runtimeBeanReference = new RuntimeBeanReference(attribute);
            rootBeanDefinition.addConstructorArgValue(runtimeBeanReference);
            RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition((Class<?>) ClearCredentialsMethodInvokingFactoryBean.class);
            rootBeanDefinition2.getPropertyValues().addPropertyValue("targetObject", runtimeBeanReference);
            rootBeanDefinition2.getPropertyValues().addPropertyValue("targetMethod", "isEraseCredentialsAfterAuthentication");
            rootBeanDefinition.addPropertyValue("eraseCredentialsAfterAuthentication", rootBeanDefinition2);
        } else {
            RootBeanDefinition rootBeanDefinition3 = new RootBeanDefinition((Class<?>) AuthenticationManagerFactoryBean.class);
            rootBeanDefinition3.setRole(2);
            String generateBeanName = parserContext.getReaderContext().generateBeanName(rootBeanDefinition3);
            parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition3, generateBeanName));
            RootBeanDefinition rootBeanDefinition4 = new RootBeanDefinition((Class<?>) MethodInvokingFactoryBean.class);
            rootBeanDefinition4.getPropertyValues().addPropertyValue("targetObject", new RuntimeBeanReference(generateBeanName));
            rootBeanDefinition4.getPropertyValues().addPropertyValue("targetMethod", "isEraseCredentialsAfterAuthentication");
            rootBeanDefinition.addConstructorArgValue(new RuntimeBeanReference(generateBeanName));
            rootBeanDefinition.addPropertyValue("eraseCredentialsAfterAuthentication", rootBeanDefinition4);
        }
        rootBeanDefinition.addPropertyValue("authenticationEventPublisher", new RootBeanDefinition((Class<?>) DefaultAuthenticationEventPublisher.class));
        rootBeanDefinition.getRawBeanDefinition().setSource(parserContext.extractSource(element));
        AbstractBeanDefinition beanDefinition = rootBeanDefinition.getBeanDefinition();
        String generateBeanName2 = parserContext.getReaderContext().generateBeanName(beanDefinition);
        parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, generateBeanName2));
        return new RuntimeBeanReference(generateBeanName2);
    }

    private void checkFilterChainOrder(List<OrderDecorator> list, ParserContext parserContext, Object obj) {
        logger.info("Checking sorted filter chain: " + list);
        for (int i = 0; i < list.size(); i++) {
            OrderDecorator orderDecorator = list.get(i);
            if (i > 0) {
                OrderDecorator orderDecorator2 = list.get(i - 1);
                if (orderDecorator.getOrder() == orderDecorator2.getOrder()) {
                    parserContext.getReaderContext().error("Filter beans '" + orderDecorator.bean + "' and '" + orderDecorator2.bean + "' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.", obj);
                }
            }
        }
    }

    List<OrderDecorator> buildCustomFilterList(Element element, ParserContext parserContext) {
        List<Element> childElementsByTagName = DomUtils.getChildElementsByTagName(element, Elements.CUSTOM_FILTER);
        ArrayList arrayList = new ArrayList();
        for (Element element2 : childElementsByTagName) {
            String attribute = element2.getAttribute(ATT_AFTER);
            String attribute2 = element2.getAttribute(ATT_BEFORE);
            String attribute3 = element2.getAttribute(ATT_POSITION);
            String attribute4 = element2.getAttribute("ref");
            if (!StringUtils.hasText(attribute4)) {
                parserContext.getReaderContext().error("The 'ref' attribute must be supplied", parserContext.extractSource(element2));
            }
            RuntimeBeanReference runtimeBeanReference = new RuntimeBeanReference(attribute4);
            if (WebConfigUtils.countNonEmpty(new String[]{attribute, attribute2, attribute3}) != 1) {
                parserContext.getReaderContext().error("A single 'after', 'before', or 'position' attribute must be supplied", parserContext.extractSource(element2));
            }
            if (StringUtils.hasText(attribute3)) {
                arrayList.add(new OrderDecorator(runtimeBeanReference, SecurityFilters.valueOf(attribute3)));
            } else if (StringUtils.hasText(attribute)) {
                SecurityFilters valueOf = SecurityFilters.valueOf(attribute);
                if (valueOf == SecurityFilters.LAST) {
                    arrayList.add(new OrderDecorator(runtimeBeanReference, SecurityFilters.LAST));
                } else {
                    arrayList.add(new OrderDecorator(runtimeBeanReference, valueOf.getOrder() + 1));
                }
            } else if (StringUtils.hasText(attribute2)) {
                SecurityFilters valueOf2 = SecurityFilters.valueOf(attribute2);
                if (valueOf2 == SecurityFilters.FIRST) {
                    arrayList.add(new OrderDecorator(runtimeBeanReference, SecurityFilters.FIRST));
                } else {
                    arrayList.add(new OrderDecorator(runtimeBeanReference, valueOf2.getOrder() - 1));
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void registerFilterChainProxyIfNecessary(ParserContext parserContext, Object obj) {
        BeanDefinitionRegistry registry = parserContext.getRegistry();
        if (registry.containsBeanDefinition(BeanIds.FILTER_CHAIN_PROXY)) {
            return;
        }
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition((Class<?>) ListFactoryBean.class);
        rootBeanDefinition.getPropertyValues().add("sourceList", new ManagedList());
        parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, BeanIds.FILTER_CHAINS));
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) FilterChainProxy.class);
        rootBeanDefinition2.getRawBeanDefinition().setSource(obj);
        rootBeanDefinition2.addConstructorArgReference(BeanIds.FILTER_CHAINS);
        rootBeanDefinition2.addPropertyValue("filterChainValidator", new RootBeanDefinition((Class<?>) DefaultFilterChainValidator.class));
        parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition2.getBeanDefinition(), BeanIds.FILTER_CHAIN_PROXY));
        registry.registerAlias(BeanIds.FILTER_CHAIN_PROXY, "springSecurityFilterChain");
        BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) RequestRejectedHandlerPostProcessor.class);
        rootBeanDefinition3.setRole(2);
        rootBeanDefinition3.addConstructorArgValue("requestRejectedHandler");
        rootBeanDefinition3.addConstructorArgValue(BeanIds.FILTER_CHAIN_PROXY);
        rootBeanDefinition3.addConstructorArgValue("requestRejectedHandler");
        AbstractBeanDefinition beanDefinition = rootBeanDefinition3.getBeanDefinition();
        registry.registerBeanDefinition(parserContext.getReaderContext().generateBeanName(beanDefinition), beanDefinition);
    }
}
