package org.springframework.security.config.ldap;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.config.Elements;
import org.springframework.security.config.authentication.PasswordEncoderParser;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.3.9.jar:org/springframework/security/config/ldap/LdapProviderBeanDefinitionParser.class */
public class LdapProviderBeanDefinitionParser implements BeanDefinitionParser {
    private final Log logger = LogFactory.getLog(getClass());
    private static final String ATT_USER_DN_PATTERN = "user-dn-pattern";
    private static final String ATT_USER_PASSWORD = "password-attribute";
    private static final String ATT_HASH = "hash";
    private static final String DEF_USER_SEARCH_FILTER = "uid={0}";
    static final String PROVIDER_CLASS = "org.springframework.security.ldap.authentication.LdapAuthenticationProvider";
    static final String BIND_AUTH_CLASS = "org.springframework.security.ldap.authentication.BindAuthenticator";
    static final String PASSWD_AUTH_CLASS = "org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator";

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        RuntimeBeanReference parseServerReference = LdapUserServiceBeanDefinitionParser.parseServerReference(element, parserContext);
        BeanMetadataElement parseSearchBean = LdapUserServiceBeanDefinitionParser.parseSearchBean(element, parserContext);
        String attribute = element.getAttribute(ATT_USER_DN_PATTERN);
        String[] strArr = new String[0];
        if (StringUtils.hasText(attribute)) {
            strArr = new String[]{attribute};
        } else if (parseSearchBean == null) {
            this.logger.info("No search information or DN pattern specified. Using default search filter 'uid={0}'");
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS);
            rootBeanDefinition.getRawBeanDefinition().setSource(element);
            rootBeanDefinition.addConstructorArgValue("");
            rootBeanDefinition.addConstructorArgValue(DEF_USER_SEARCH_FILTER);
            rootBeanDefinition.addConstructorArgValue(parseServerReference);
            parseSearchBean = rootBeanDefinition.getBeanDefinition();
        }
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(BIND_AUTH_CLASS);
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.LDAP_PASSWORD_COMPARE);
        if (childElementByTagName != null) {
            rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(PASSWD_AUTH_CLASS);
            String attribute2 = childElementByTagName.getAttribute(ATT_USER_PASSWORD);
            if (StringUtils.hasText(attribute2)) {
                rootBeanDefinition2.addPropertyValue("passwordAttributeName", attribute2);
            }
            Element childElementByTagName2 = DomUtils.getChildElementByTagName(childElementByTagName, Elements.PASSWORD_ENCODER);
            String attribute3 = childElementByTagName.getAttribute("hash");
            if (childElementByTagName2 != null) {
                if (StringUtils.hasText(attribute3)) {
                    parserContext.getReaderContext().warning("Attribute 'hash' cannot be used with 'password-encoder' and will be ignored.", parserContext.extractSource(element));
                }
                rootBeanDefinition2.addPropertyValue("passwordEncoder", new PasswordEncoderParser(childElementByTagName2, parserContext).getPasswordEncoder());
            } else if (StringUtils.hasText(attribute3)) {
                rootBeanDefinition2.addPropertyValue("passwordEncoder", PasswordEncoderParser.createPasswordEncoderBeanDefinition(attribute3));
            }
        }
        rootBeanDefinition2.addConstructorArgValue(parseServerReference);
        rootBeanDefinition2.addPropertyValue("userDnPatterns", strArr);
        if (parseSearchBean != null) {
            rootBeanDefinition2.addPropertyValue("userSearch", parseSearchBean);
        }
        BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition(PROVIDER_CLASS);
        rootBeanDefinition3.addConstructorArgValue(rootBeanDefinition2.getBeanDefinition());
        rootBeanDefinition3.addConstructorArgValue(LdapUserServiceBeanDefinitionParser.parseAuthoritiesPopulator(element, parserContext));
        rootBeanDefinition3.addPropertyValue("userDetailsContextMapper", LdapUserServiceBeanDefinitionParser.parseUserDetailsClassOrUserMapperRef(element, parserContext));
        return rootBeanDefinition3.getBeanDefinition();
    }
}
