package org.springframework.security.web;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.HttpGet;
import org.springframework.core.log.LogMessage;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.firewall.DefaultRequestRejectedHandler;
import org.springframework.security.web.firewall.FirewalledRequest;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.RequestRejectedException;
import org.springframework.security.web.firewall.RequestRejectedHandler;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.6.7.jar:org/springframework/security/web/FilterChainProxy.class */
public class FilterChainProxy extends GenericFilterBean {
    private static final Log logger = LogFactory.getLog((Class<?>) FilterChainProxy.class);
    private static final String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED");
    private List<SecurityFilterChain> filterChains;
    private FilterChainValidator filterChainValidator;
    private HttpFirewall firewall;
    private RequestRejectedHandler requestRejectedHandler;
    private ThrowableAnalyzer throwableAnalyzer;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.6.7.jar:org/springframework/security/web/FilterChainProxy$FilterChainValidator.class */
    public interface FilterChainValidator {
        void validate(FilterChainProxy filterChainProxy);
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.6.7.jar:org/springframework/security/web/FilterChainProxy$NullFilterChainValidator.class */
    private static class NullFilterChainValidator implements FilterChainValidator {
        private NullFilterChainValidator() {
        }

        @Override // org.springframework.security.web.FilterChainProxy.FilterChainValidator
        public void validate(FilterChainProxy filterChainProxy) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.6.7.jar:org/springframework/security/web/FilterChainProxy$VirtualFilterChain.class */
    public static final class VirtualFilterChain implements FilterChain {
        private final FilterChain originalChain;
        private final List<Filter> additionalFilters;
        private final FirewalledRequest firewalledRequest;
        private final int size;
        private int currentPosition;

        private VirtualFilterChain(FirewalledRequest firewalledRequest, FilterChain filterChain, List<Filter> list) {
            this.currentPosition = 0;
            this.originalChain = filterChain;
            this.additionalFilters = list;
            this.size = list.size();
            this.firewalledRequest = firewalledRequest;
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            if (this.currentPosition == this.size) {
                if (FilterChainProxy.logger.isDebugEnabled()) {
                    FilterChainProxy.logger.debug(LogMessage.of(() -> {
                        return "Secured " + FilterChainProxy.requestLine(this.firewalledRequest);
                    }));
                }
                this.firewalledRequest.reset();
                this.originalChain.doFilter(servletRequest, servletResponse);
                return;
            }
            this.currentPosition++;
            Filter filter = this.additionalFilters.get(this.currentPosition - 1);
            if (FilterChainProxy.logger.isTraceEnabled()) {
                FilterChainProxy.logger.trace(LogMessage.format("Invoking %s (%d/%d)", filter.getClass().getSimpleName(), Integer.valueOf(this.currentPosition), Integer.valueOf(this.size)));
            }
            filter.doFilter(servletRequest, servletResponse, this);
        }
    }

    public FilterChainProxy() {
        this.filterChainValidator = new NullFilterChainValidator();
        this.firewall = new StrictHttpFirewall();
        this.requestRejectedHandler = new DefaultRequestRejectedHandler();
        this.throwableAnalyzer = new ThrowableAnalyzer();
    }

    public FilterChainProxy(SecurityFilterChain securityFilterChain) {
        this((List<SecurityFilterChain>) Arrays.asList(securityFilterChain));
    }

    public FilterChainProxy(List<SecurityFilterChain> list) {
        this.filterChainValidator = new NullFilterChainValidator();
        this.firewall = new StrictHttpFirewall();
        this.requestRejectedHandler = new DefaultRequestRejectedHandler();
        this.throwableAnalyzer = new ThrowableAnalyzer();
        this.filterChains = list;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        this.filterChainValidator.validate(this);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            if (!(servletRequest.getAttribute(FILTER_APPLIED) == null)) {
                doFilterInternal(servletRequest, servletResponse, filterChain);
                return;
            }
            try {
                servletRequest.setAttribute(FILTER_APPLIED, Boolean.TRUE);
                doFilterInternal(servletRequest, servletResponse, filterChain);
                SecurityContextHolder.clearContext();
                servletRequest.removeAttribute(FILTER_APPLIED);
            } catch (Exception e) {
                Throwable firstThrowableOfType = this.throwableAnalyzer.getFirstThrowableOfType(RequestRejectedException.class, this.throwableAnalyzer.determineCauseChain(e));
                if (!(firstThrowableOfType instanceof RequestRejectedException)) {
                    throw e;
                }
                this.requestRejectedHandler.handle((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, (RequestRejectedException) firstThrowableOfType);
                SecurityContextHolder.clearContext();
                servletRequest.removeAttribute(FILTER_APPLIED);
            }
        } catch (Throwable th) {
            SecurityContextHolder.clearContext();
            servletRequest.removeAttribute(FILTER_APPLIED);
            throw th;
        }
    }

    private void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletRequest firewalledRequest = this.firewall.getFirewalledRequest((HttpServletRequest) servletRequest);
        ServletResponse firewalledResponse = this.firewall.getFirewalledResponse((HttpServletResponse) servletResponse);
        List<Filter> filters = getFilters((HttpServletRequest) firewalledRequest);
        if (filters != null && filters.size() != 0) {
            if (logger.isDebugEnabled()) {
                logger.debug(LogMessage.of(() -> {
                    return "Securing " + requestLine(firewalledRequest);
                }));
            }
            new VirtualFilterChain(firewalledRequest, filterChain, filters).doFilter(firewalledRequest, firewalledResponse);
        } else {
            if (logger.isTraceEnabled()) {
                logger.trace(LogMessage.of(() -> {
                    return "No security for " + requestLine(firewalledRequest);
                }));
            }
            firewalledRequest.reset();
            filterChain.doFilter(firewalledRequest, firewalledResponse);
        }
    }

    private List<Filter> getFilters(HttpServletRequest httpServletRequest) {
        int i = 0;
        for (SecurityFilterChain securityFilterChain : this.filterChains) {
            if (logger.isTraceEnabled()) {
                i++;
                logger.trace(LogMessage.format("Trying to match request against %s (%d/%d)", securityFilterChain, Integer.valueOf(i), Integer.valueOf(this.filterChains.size())));
            }
            if (securityFilterChain.matches(httpServletRequest)) {
                return securityFilterChain.getFilters();
            }
        }
        return null;
    }

    public List<Filter> getFilters(String str) {
        return getFilters((HttpServletRequest) this.firewall.getFirewalledRequest(new FilterInvocation(str, HttpGet.METHOD_NAME).getRequest()));
    }

    public List<SecurityFilterChain> getFilterChains() {
        return Collections.unmodifiableList(this.filterChains);
    }

    public void setFilterChainValidator(FilterChainValidator filterChainValidator) {
        this.filterChainValidator = filterChainValidator;
    }

    public void setFirewall(HttpFirewall httpFirewall) {
        this.firewall = httpFirewall;
    }

    public void setRequestRejectedHandler(RequestRejectedHandler requestRejectedHandler) {
        Assert.notNull(requestRejectedHandler, "requestRejectedHandler may not be null");
        this.requestRejectedHandler = requestRejectedHandler;
    }

    public String toString() {
        return "FilterChainProxy[Filter Chains: " + this.filterChains + "]";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String requestLine(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod() + " " + UrlUtils.buildRequestUrl(httpServletRequest);
    }
}
