package org.springframework.security.config.http;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpHead;
import org.apache.hc.client5.http.classic.methods.HttpOptions;
import org.apache.hc.client5.http.classic.methods.HttpTrace;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.ManagedMap;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.web.access.CompositeAccessDeniedHandler;
import org.springframework.security.web.access.DelegatingAccessDeniedHandler;
import org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler;
import org.springframework.security.web.csrf.CsrfAuthenticationStrategy;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfLogoutHandler;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.security.web.csrf.MissingCsrfTokenException;
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
import org.springframework.security.web.session.InvalidSessionAccessDeniedHandler;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/http/CsrfBeanDefinitionParser.class */
public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
    private static final String REQUEST_DATA_VALUE_PROCESSOR = "requestDataValueProcessor";
    private static final String ATT_MATCHER = "request-matcher-ref";
    private static final String ATT_REPOSITORY = "token-repository-ref";
    private static final String ATT_REQUEST_HANDLER = "request-handler-ref";
    private static final boolean webMvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet", CsrfBeanDefinitionParser.class.getClassLoader());
    private String csrfRepositoryRef;
    private BeanDefinition csrfFilter;
    private String requestMatcherRef;
    private String requestHandlerRef;
    private BeanMetadataElement observationRegistry;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/http/CsrfBeanDefinitionParser$DefaultRequiresCsrfMatcher.class */
    private static final class DefaultRequiresCsrfMatcher implements RequestMatcher {
        private final HashSet<String> allowedMethods = new HashSet<>(Arrays.asList(HttpGet.METHOD_NAME, HttpHead.METHOD_NAME, HttpTrace.METHOD_NAME, HttpOptions.METHOD_NAME));

        private DefaultRequiresCsrfMatcher() {
        }

        @Override // org.springframework.security.web.util.matcher.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            return !this.allowedMethods.contains(httpServletRequest.getMethod());
        }
    }

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        if (element != null && "true".equals(element.getAttribute("disabled"))) {
            return null;
        }
        if (webMvcPresent && !parserContext.getRegistry().containsBeanDefinition("requestDataValueProcessor")) {
            parserContext.registerBeanComponent(new BeanComponentDefinition(new RootBeanDefinition((Class<?>) CsrfRequestDataValueProcessor.class), "requestDataValueProcessor"));
        }
        if (element != null) {
            this.csrfRepositoryRef = element.getAttribute(ATT_REPOSITORY);
            this.requestMatcherRef = element.getAttribute(ATT_MATCHER);
            this.requestHandlerRef = element.getAttribute(ATT_REQUEST_HANDLER);
        }
        if (!StringUtils.hasText(this.csrfRepositoryRef)) {
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) HttpSessionCsrfTokenRepository.class);
            this.csrfRepositoryRef = parserContext.getReaderContext().generateBeanName(rootBeanDefinition.getBeanDefinition());
            parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition.getBeanDefinition(), this.csrfRepositoryRef));
        }
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) CsrfFilter.class);
        rootBeanDefinition2.addConstructorArgReference(this.csrfRepositoryRef);
        if (StringUtils.hasText(this.requestMatcherRef)) {
            rootBeanDefinition2.addPropertyReference("requireCsrfProtectionMatcher", this.requestMatcherRef);
        }
        if (StringUtils.hasText(this.requestHandlerRef)) {
            rootBeanDefinition2.addPropertyReference("requestHandler", this.requestHandlerRef);
        }
        this.csrfFilter = rootBeanDefinition2.getBeanDefinition();
        return this.csrfFilter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initAccessDeniedHandler(BeanDefinition beanDefinition, BeanMetadataElement beanMetadataElement) {
        this.csrfFilter.getPropertyValues().addPropertyValue("accessDeniedHandler", createAccessDeniedHandler(beanDefinition, beanMetadataElement));
    }

    private BeanMetadataElement createAccessDeniedHandler(BeanDefinition beanDefinition, BeanMetadataElement beanMetadataElement) {
        if (beanDefinition == null) {
            return beanMetadataElement;
        }
        ManagedMap managedMap = new ManagedMap();
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) InvalidSessionAccessDeniedHandler.class);
        rootBeanDefinition.addConstructorArgValue(beanDefinition);
        managedMap.put(MissingCsrfTokenException.class, rootBeanDefinition.getBeanDefinition());
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DelegatingAccessDeniedHandler.class);
        rootBeanDefinition2.addConstructorArgValue(managedMap);
        rootBeanDefinition2.addConstructorArgValue(beanMetadataElement);
        AbstractBeanDefinition beanDefinition2 = rootBeanDefinition2.getBeanDefinition();
        ManagedList managedList = new ManagedList();
        BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) CompositeAccessDeniedHandler.class);
        AbstractBeanDefinition beanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ObservationMarkingAccessDeniedHandler.class).addConstructorArgValue(this.observationRegistry).getBeanDefinition();
        managedList.add(beanDefinition2);
        managedList.add(beanDefinition3);
        rootBeanDefinition3.addConstructorArgValue(managedList);
        return rootBeanDefinition3.getBeanDefinition();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getCsrfAuthenticationStrategy() {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) CsrfAuthenticationStrategy.class);
        rootBeanDefinition.addConstructorArgReference(this.csrfRepositoryRef);
        if (StringUtils.hasText(this.requestHandlerRef)) {
            rootBeanDefinition.addPropertyReference("requestHandler", this.requestHandlerRef);
        }
        return rootBeanDefinition.getBeanDefinition();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getCsrfLogoutHandler() {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) CsrfLogoutHandler.class);
        rootBeanDefinition.addConstructorArgReference(this.csrfRepositoryRef);
        return rootBeanDefinition.getBeanDefinition();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setIgnoreCsrfRequestMatchers(List<BeanDefinition> list) {
        if (list.isEmpty()) {
            return;
        }
        BeanMetadataElement rootBeanDefinition = !StringUtils.hasText(this.requestMatcherRef) ? new RootBeanDefinition((Class<?>) DefaultRequiresCsrfMatcher.class) : new RuntimeBeanReference(this.requestMatcherRef);
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AndRequestMatcher.class);
        BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) NegatedRequestMatcher.class);
        BeanDefinitionBuilder rootBeanDefinition4 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) OrRequestMatcher.class);
        rootBeanDefinition4.addConstructorArgValue(list);
        rootBeanDefinition3.addConstructorArgValue(rootBeanDefinition4.getBeanDefinition());
        ManagedList managedList = new ManagedList();
        managedList.add(rootBeanDefinition);
        managedList.add(rootBeanDefinition3.getBeanDefinition());
        rootBeanDefinition2.addConstructorArgValue(managedList);
        this.csrfFilter.getPropertyValues().add("requireCsrfProtectionMatcher", rootBeanDefinition2.getBeanDefinition());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setObservationRegistry(BeanMetadataElement beanMetadataElement) {
        this.observationRegistry = beanMetadataElement;
    }
}
