package org.springframework.security.config.annotation.web.configurers;

import jakarta.servlet.Filter;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import java.util.function.Supplier;
import org.springframework.context.ApplicationContext;
import org.springframework.core.ResolvableType;
import org.springframework.security.access.hierarchicalroles.NullRoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationEventPublisher;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.authorization.AuthorizationManagers;
import org.springframework.security.authorization.SpringAuthorizationEventPublisher;
import org.springframework.security.config.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.core.GrantedAuthorityDefaults;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcherEntry;
import org.springframework.util.Assert;
import org.springframework.util.function.SingletonSupplier;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.class */
public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<AuthorizeHttpRequestsConfigurer<H>, H> {
    static final AuthorizationManager<RequestAuthorizationContext> permitAllAuthorizationManager = (supplier, requestAuthorizationContext) -> {
        return new AuthorizationDecision(true);
    };
    private final AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry registry;
    private final AuthorizationEventPublisher publisher;
    private final Supplier<RoleHierarchy> roleHierarchy;
    private String rolePrefix;
    private ObjectPostProcessor<AuthorizationManager<HttpServletRequest>> postProcessor = ObjectPostProcessor.identity();

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer$AuthorizationManagerRequestMatcherRegistry.class */
    public final class AuthorizationManagerRequestMatcherRegistry extends AbstractRequestMatcherRegistry<AuthorizeHttpRequestsConfigurer<H>.AuthorizedUrl> {
        private List<RequestMatcher> unmappedMatchers;
        private int mappingCount;
        private final RequestMatcherDelegatingAuthorizationManager.Builder managerBuilder = RequestMatcherDelegatingAuthorizationManager.builder();
        private boolean shouldFilterAllDispatcherTypes = true;

        private AuthorizationManagerRequestMatcherRegistry(ApplicationContext applicationContext) {
            setApplicationContext(applicationContext);
        }

        private void addMapping(RequestMatcher requestMatcher, AuthorizationManager<RequestAuthorizationContext> authorizationManager) {
            this.unmappedMatchers = null;
            this.managerBuilder.add(requestMatcher, authorizationManager);
            this.mappingCount++;
        }

        private void addFirst(RequestMatcher requestMatcher, AuthorizationManager<RequestAuthorizationContext> authorizationManager) {
            this.unmappedMatchers = null;
            this.managerBuilder.mappings(list -> {
                list.add(0, new RequestMatcherEntry(requestMatcher, authorizationManager));
            });
            this.mappingCount++;
        }

        private AuthorizationManager<HttpServletRequest> createAuthorizationManager() {
            Assert.state(this.unmappedMatchers == null, (Supplier<String>) () -> {
                return "An incomplete mapping was found for " + String.valueOf(this.unmappedMatchers) + ". Try completing it with something like requestUrls().<something>.hasRole('USER')";
            });
            Assert.state(this.mappingCount > 0, "At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())");
            return (AuthorizationManager) AuthorizeHttpRequestsConfigurer.this.postProcessor.postProcess((AuthorizationManager) AuthorizeHttpRequestsConfigurer.this.postProcess(this.managerBuilder.build()));
        }

        @Override // org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
        protected AuthorizeHttpRequestsConfigurer<H>.AuthorizedUrl chainRequestMatchers(List<RequestMatcher> list) {
            this.unmappedMatchers = list;
            return new AuthorizedUrl(list);
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
            AuthorizeHttpRequestsConfigurer.this.addObjectPostProcessor(objectPostProcessor);
            return this;
        }

        @Deprecated(since = "6.4", forRemoval = true)
        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry withObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
            AuthorizeHttpRequestsConfigurer.this.addObjectPostProcessor(objectPostProcessor);
            return this;
        }

        @Deprecated(since = "6.1", forRemoval = true)
        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry shouldFilterAllDispatcherTypes(boolean z) {
            this.shouldFilterAllDispatcherTypes = z;
            return this;
        }

        @Deprecated(since = "6.1", forRemoval = true)
        public H and() {
            return (H) AuthorizeHttpRequestsConfigurer.this.and();
        }

        @Override // org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
        protected /* bridge */ /* synthetic */ Object chainRequestMatchers(List list) {
            return chainRequestMatchers((List<RequestMatcher>) list);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer$AuthorizedUrl.class */
    public class AuthorizedUrl {
        private final List<? extends RequestMatcher> matchers;
        private boolean not;

        /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer$AuthorizedUrl$AuthorizedUrlVariable.class */
        public final class AuthorizedUrlVariable {
            private final String variable;

            private AuthorizedUrlVariable(String str) {
                this.variable = str;
            }

            public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry equalTo(Function<Authentication, String> function) {
                return AuthorizedUrl.this.access((supplier, requestAuthorizationContext) -> {
                    return new AuthorizationDecision(((String) function.apply((Authentication) supplier.get())).equals(requestAuthorizationContext.getVariables().get(this.variable)));
                });
            }
        }

        AuthorizedUrl(List<? extends RequestMatcher> list) {
            this.matchers = list;
        }

        protected List<? extends RequestMatcher> getMatchers() {
            return this.matchers;
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizedUrl not() {
            this.not = true;
            return this;
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry permitAll() {
            return access(AuthorizeHttpRequestsConfigurer.permitAllAuthorizationManager);
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry denyAll() {
            return access((supplier, requestAuthorizationContext) -> {
                return new AuthorizationDecision(false);
            });
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasRole(String str) {
            return access(withRoleHierarchy(AuthorityAuthorizationManager.hasAnyRole(AuthorizeHttpRequestsConfigurer.this.rolePrefix, new String[]{str})));
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyRole(String... strArr) {
            return access(withRoleHierarchy(AuthorityAuthorizationManager.hasAnyRole(AuthorizeHttpRequestsConfigurer.this.rolePrefix, strArr)));
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAuthority(String str) {
            return access(withRoleHierarchy(AuthorityAuthorizationManager.hasAuthority(str)));
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyAuthority(String... strArr) {
            return access(withRoleHierarchy(AuthorityAuthorizationManager.hasAnyAuthority(strArr)));
        }

        private AuthorityAuthorizationManager<RequestAuthorizationContext> withRoleHierarchy(AuthorityAuthorizationManager<RequestAuthorizationContext> authorityAuthorizationManager) {
            authorityAuthorizationManager.setRoleHierarchy(AuthorizeHttpRequestsConfigurer.this.roleHierarchy.get());
            return authorityAuthorizationManager;
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry authenticated() {
            return access(AuthenticatedAuthorizationManager.authenticated());
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry fullyAuthenticated() {
            return access(AuthenticatedAuthorizationManager.fullyAuthenticated());
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry rememberMe() {
            return access(AuthenticatedAuthorizationManager.rememberMe());
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry anonymous() {
            return access(AuthenticatedAuthorizationManager.anonymous());
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizedUrl.AuthorizedUrlVariable hasVariable(String str) {
            return new AuthorizedUrlVariable(str);
        }

        public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry access(AuthorizationManager<RequestAuthorizationContext> authorizationManager) {
            Assert.notNull(authorizationManager, "manager cannot be null");
            return this.not ? AuthorizeHttpRequestsConfigurer.this.addMapping(this.matchers, AuthorizationManagers.not(authorizationManager)) : AuthorizeHttpRequestsConfigurer.this.addMapping(this.matchers, authorizationManager);
        }
    }

    public AuthorizeHttpRequestsConfigurer(ApplicationContext applicationContext) {
        this.rolePrefix = "ROLE_";
        this.registry = new AuthorizationManagerRequestMatcherRegistry(applicationContext);
        if (applicationContext.getBeanNamesForType(AuthorizationEventPublisher.class).length > 0) {
            this.publisher = (AuthorizationEventPublisher) applicationContext.getBean(AuthorizationEventPublisher.class);
        } else {
            this.publisher = new SpringAuthorizationEventPublisher(applicationContext);
        }
        this.roleHierarchy = SingletonSupplier.of(() -> {
            return applicationContext.getBeanNamesForType(RoleHierarchy.class).length > 0 ? (RoleHierarchy) applicationContext.getBean(RoleHierarchy.class) : new NullRoleHierarchy();
        });
        if (applicationContext.getBeanNamesForType(GrantedAuthorityDefaults.class).length > 0) {
            this.rolePrefix = ((GrantedAuthorityDefaults) applicationContext.getBean(GrantedAuthorityDefaults.class)).getRolePrefix();
        }
        applicationContext.getBeanProvider(ResolvableType.forClassWithGenerics((Class<?>) ObjectPostProcessor.class, ResolvableType.forClassWithGenerics((Class<?>) AuthorizationManager.class, (Class<?>[]) new Class[]{HttpServletRequest.class}))).ifUnique(objectPostProcessor -> {
            this.postProcessor = objectPostProcessor;
        });
    }

    public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry getRegistry() {
        return this.registry;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) {
        AuthorizationFilter authorizationFilter = new AuthorizationFilter(this.registry.createAuthorizationManager());
        authorizationFilter.setAuthorizationEventPublisher(this.publisher);
        authorizationFilter.setShouldFilterAllDispatcherTypes(((AuthorizationManagerRequestMatcherRegistry) this.registry).shouldFilterAllDispatcherTypes);
        authorizationFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
        h.addFilter((Filter) postProcess(authorizationFilter));
    }

    private AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry addMapping(List<? extends RequestMatcher> list, AuthorizationManager<RequestAuthorizationContext> authorizationManager) {
        Iterator<? extends RequestMatcher> it = list.iterator();
        while (it.hasNext()) {
            this.registry.addMapping(it.next(), authorizationManager);
        }
        return this.registry;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry addFirst(RequestMatcher requestMatcher, AuthorizationManager<RequestAuthorizationContext> authorizationManager) {
        this.registry.addFirst(requestMatcher, authorizationManager);
        return this.registry;
    }
}
