package org.springframework.security.config.http;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedMap;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.config.Elements;
import org.springframework.security.config.http.GrantedAuthorityDefaultsParserUtils;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.class */
public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser {
    private static final String ATT_USE_EXPRESSIONS = "use-expressions";
    private static final String ATT_HTTP_METHOD = "method";
    private static final String ATT_PATTERN = "pattern";
    private static final String ATT_ACCESS = "access";
    private static final String ATT_SERVLET_PATH = "servlet-path";
    private static final Log logger = LogFactory.getLog(FilterInvocationSecurityMetadataSourceParser.class);

    /* loaded from: input_file:org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser$DefaultWebSecurityExpressionHandlerBeanFactory.class */
    static class DefaultWebSecurityExpressionHandlerBeanFactory extends GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory {
        private DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();

        DefaultWebSecurityExpressionHandlerBeanFactory() {
        }

        @Override // org.springframework.security.config.http.GrantedAuthorityDefaultsParserUtils.AbstractGrantedAuthorityDefaultsBeanFactory
        public DefaultWebSecurityExpressionHandler getBean() {
            this.handler.setDefaultRolePrefix(this.rolePrefix);
            return this.handler;
        }
    }

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        List<Element> childElementsByTagName = DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL);
        for (Element element2 : childElementsByTagName) {
            if (StringUtils.hasLength(element2.getAttribute("requires-channel"))) {
                parserContext.getReaderContext().error("The attribute 'requires-channel' isn't allowed here.", element2);
            }
            if (StringUtils.hasLength(element2.getAttribute("filters"))) {
                parserContext.getReaderContext().error("The attribute 'filters' isn't allowed here.", element2);
            }
            if (StringUtils.hasLength(element2.getAttribute("servlet-path"))) {
                parserContext.getReaderContext().error("The attribute 'servlet-path' isn't allowed here.", element2);
            }
        }
        RootBeanDefinition createSecurityMetadataSource = createSecurityMetadataSource(childElementsByTagName, false, element, parserContext);
        String attribute = element.getAttribute("id");
        if (StringUtils.hasText(attribute)) {
            parserContext.registerComponent(new BeanComponentDefinition(createSecurityMetadataSource, attribute));
            parserContext.getRegistry().registerBeanDefinition(attribute, createSecurityMetadataSource);
        }
        return createSecurityMetadataSource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RootBeanDefinition createSecurityMetadataSource(List<Element> list, boolean z, Element element, ParserContext parserContext) {
        BeanDefinitionBuilder rootBeanDefinition;
        MatcherType fromElement = MatcherType.fromElement(element);
        boolean isUseExpressions = isUseExpressions(element);
        ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap = parseInterceptUrlsForFilterInvocationRequestMap(fromElement, list, isUseExpressions, z, parserContext);
        if (isUseExpressions) {
            Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
            String attribute = childElementByTagName != null ? childElementByTagName.getAttribute("ref") : null;
            if (StringUtils.hasText(attribute)) {
                logger.info("Using bean '" + attribute + "' as web SecurityExpressionHandler implementation");
            } else {
                attribute = registerDefaultExpressionHandler(parserContext);
            }
            rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ExpressionBasedFilterInvocationSecurityMetadataSource.class);
            rootBeanDefinition.addConstructorArgValue(parseInterceptUrlsForFilterInvocationRequestMap);
            rootBeanDefinition.addConstructorArgReference(attribute);
        } else {
            rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DefaultFilterInvocationSecurityMetadataSource.class);
            rootBeanDefinition.addConstructorArgValue(parseInterceptUrlsForFilterInvocationRequestMap);
        }
        rootBeanDefinition.getRawBeanDefinition().setSource(parserContext.extractSource(element));
        return (RootBeanDefinition) rootBeanDefinition.getBeanDefinition();
    }

    static String registerDefaultExpressionHandler(ParserContext parserContext) {
        RootBeanDefinition registerWithDefaultRolePrefix = GrantedAuthorityDefaultsParserUtils.registerWithDefaultRolePrefix(parserContext, DefaultWebSecurityExpressionHandlerBeanFactory.class);
        String generateBeanName = parserContext.getReaderContext().generateBeanName(registerWithDefaultRolePrefix);
        parserContext.registerBeanComponent(new BeanComponentDefinition(registerWithDefaultRolePrefix, generateBeanName));
        return generateBeanName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isUseExpressions(Element element) {
        String attribute = element.getAttribute(ATT_USE_EXPRESSIONS);
        return !StringUtils.hasText(attribute) || "true".equals(attribute);
    }

    private static ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap(MatcherType matcherType, List<Element> list, boolean z, boolean z2, ParserContext parserContext) {
        ManagedMap<BeanMetadataElement, BeanDefinition> managedMap = new ManagedMap<>();
        for (Element element : list) {
            String attribute = element.getAttribute(ATT_ACCESS);
            if (StringUtils.hasText(attribute)) {
                String attribute2 = element.getAttribute("pattern");
                String attribute3 = element.getAttribute("request-matcher-ref");
                boolean hasText = StringUtils.hasText(attribute3);
                if (!hasText && !StringUtils.hasText(attribute2)) {
                    parserContext.getReaderContext().error("path attribute cannot be empty or null", element);
                }
                String attribute4 = element.getAttribute("method");
                if (!StringUtils.hasText(attribute4)) {
                    attribute4 = null;
                }
                String attribute5 = element.getAttribute("servlet-path");
                if (!StringUtils.hasText(attribute5)) {
                    attribute5 = null;
                } else if (!MatcherType.mvc.equals(matcherType)) {
                    parserContext.getReaderContext().error("servlet-path is not applicable for request-matcher: '" + matcherType.name() + "'", element);
                }
                Object runtimeBeanReference = hasText ? new RuntimeBeanReference(attribute3) : matcherType.createMatcher(parserContext, attribute2, attribute4, attribute5);
                BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) SecurityConfig.class);
                if (z) {
                    logger.info("Creating access control expression attribute '" + attribute + "' for " + attribute2);
                    rootBeanDefinition.addConstructorArgValue(new String[]{attribute});
                    rootBeanDefinition.setFactoryMethod("createList");
                } else {
                    rootBeanDefinition.addConstructorArgValue(attribute);
                    rootBeanDefinition.setFactoryMethod("createListFromCommaDelimitedString");
                }
                if (managedMap.containsKey(runtimeBeanReference)) {
                    logger.warn("Duplicate URL defined: " + attribute2 + ". The original attribute values will be overwritten");
                }
                managedMap.put(runtimeBeanReference, rootBeanDefinition.getBeanDefinition());
            }
        }
        if (z2 && managedMap.isEmpty()) {
            BeanDefinition createMatcher = matcherType.createMatcher(parserContext, "/**", null);
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) SecurityConfig.class);
            rootBeanDefinition2.addConstructorArgValue(new String[]{"authenticated"});
            rootBeanDefinition2.setFactoryMethod("createList");
            managedMap.put(createMatcher, rootBeanDefinition2.getBeanDefinition());
        }
        return managedMap;
    }
}
