package org.springframework.security.config.http;

import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.ManagedMap;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.authentication.AnonymousAuthenticationProvider;
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.Elements;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-5.3.4.RELEASE.jar:org/springframework/security/config/http/AuthenticationConfigBuilder.class */
final class AuthenticationConfigBuilder {
    private static final String ATT_REALM = "realm";
    private static final String DEF_REALM = "Realm";
    static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationFilter";
    static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
    private static final String OPEN_ID_CONSUMER_CLASS = "org.springframework.security.openid.OpenID4JavaConsumer";
    static final String OPEN_ID_ATTRIBUTE_CLASS = "org.springframework.security.openid.OpenIDAttribute";
    private static final String OPEN_ID_ATTRIBUTE_FACTORY_CLASS = "org.springframework.security.openid.RegexBasedAxFetchListFactory";
    static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter";
    static final String ATT_AUTH_DETAILS_SOURCE_REF = "authentication-details-source-ref";
    private static final String ATT_AUTO_CONFIG = "auto-config";
    private static final String ATT_ACCESS_DENIED_ERROR_PAGE = "error-page";
    private static final String ATT_ENTRY_POINT_REF = "entry-point-ref";
    private static final String ATT_USER_SERVICE_REF = "user-service-ref";
    private static final String ATT_KEY = "key";
    private final Element httpElt;
    private final ParserContext pc;
    private final boolean autoConfig;
    private final boolean allowSessionCreation;
    private RootBeanDefinition anonymousFilter;
    private BeanReference anonymousProviderRef;
    private BeanDefinition rememberMeFilter;
    private String rememberMeServicesId;
    private BeanReference rememberMeProviderRef;
    private BeanDefinition basicFilter;
    private RuntimeBeanReference basicEntryPoint;
    private BeanDefinition formEntryPoint;
    private BeanDefinition openIDEntryPoint;
    private BeanReference openIDProviderRef;
    private BeanDefinition x509Filter;
    private BeanReference x509ProviderRef;
    private BeanDefinition jeeFilter;
    private BeanReference jeeProviderRef;
    private RootBeanDefinition preAuthEntryPoint;
    private BeanMetadataElement mainEntryPoint;
    private BeanMetadataElement accessDeniedHandler;
    private BeanDefinition bearerTokenAuthenticationFilter;
    private BeanDefinition logoutFilter;
    private ManagedList logoutHandlers;
    private BeanDefinition loginPageGenerationFilter;
    private BeanDefinition logoutPageGenerationFilter;
    private BeanDefinition etf;
    private final BeanReference requestCache;
    private final BeanReference portMapper;
    private final BeanReference portResolver;
    private final BeanMetadataElement csrfLogoutHandler;
    private String loginProcessingUrl;
    private String openidLoginProcessingUrl;
    private String formLoginPage;
    private String openIDLoginPage;
    private String oauth2LoginFilterId;
    private BeanDefinition oauth2AuthorizationRequestRedirectFilter;
    private BeanDefinition oauth2LoginEntryPoint;
    private BeanReference oauth2LoginAuthenticationProviderRef;
    private BeanReference oauth2LoginOidcAuthenticationProviderRef;
    private BeanDefinition oauth2LoginLinks;
    private BeanDefinition authorizationRequestRedirectFilter;
    private BeanDefinition authorizationCodeGrantFilter;
    private BeanReference authorizationCodeAuthenticationProviderRef;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final Log logger = LogFactory.getLog(getClass());
    private String formFilterId = null;
    private String openIDFilterId = null;
    private final List<BeanReference> authenticationProviders = new ManagedList();
    private final Map<BeanDefinition, BeanMetadataElement> defaultDeniedHandlerMappings = new ManagedMap();
    private final Map<BeanDefinition, BeanMetadataElement> defaultEntryPointMappings = new ManagedMap();
    private final List<BeanDefinition> csrfIgnoreRequestMatchers = new ManagedList();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-5.3.4.RELEASE.jar:org/springframework/security/config/http/AuthenticationConfigBuilder$CsrfTokenHiddenInputFunction.class */
    public static class CsrfTokenHiddenInputFunction implements Function<HttpServletRequest, Map<String, String>> {
        private CsrfTokenHiddenInputFunction() {
        }

        @Override // java.util.function.Function
        public Map<String, String> apply(HttpServletRequest httpServletRequest) {
            CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());
            return csrfToken == null ? Collections.emptyMap() : Collections.singletonMap(csrfToken.getParameterName(), csrfToken.getToken());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationConfigBuilder(Element element, boolean z, ParserContext parserContext, SessionCreationPolicy sessionCreationPolicy, BeanReference beanReference, BeanReference beanReference2, BeanReference beanReference3, BeanReference beanReference4, BeanReference beanReference5, BeanMetadataElement beanMetadataElement) {
        this.httpElt = element;
        this.pc = parserContext;
        this.requestCache = beanReference;
        this.autoConfig = z | "true".equals(element.getAttribute(ATT_AUTO_CONFIG));
        this.allowSessionCreation = (sessionCreationPolicy == SessionCreationPolicy.NEVER || sessionCreationPolicy == SessionCreationPolicy.STATELESS) ? false : true;
        this.portMapper = beanReference4;
        this.portResolver = beanReference5;
        this.csrfLogoutHandler = beanMetadataElement;
        createAnonymousFilter();
        createRememberMeFilter(beanReference2);
        createBasicFilter(beanReference2);
        createBearerTokenAuthenticationFilter(beanReference2);
        createFormLoginFilter(beanReference3, beanReference2);
        createOAuth2LoginFilter(beanReference3, beanReference2);
        createOAuth2ClientFilter(beanReference, beanReference2);
        createOpenIDLoginFilter(beanReference3, beanReference2);
        createX509Filter(beanReference2);
        createJeeFilter(beanReference2);
        createLogoutFilter();
        createLoginPageFilterIfNeeded();
        createUserDetailsServiceFactory();
        createExceptionTranslationFilter();
    }

    void createRememberMeFilter(BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, "remember-me");
        if (childElementByTagName != null) {
            String attribute = childElementByTagName.getAttribute("key");
            if (!StringUtils.hasText(attribute)) {
                attribute = createKey();
            }
            RememberMeBeanDefinitionParser rememberMeBeanDefinitionParser = new RememberMeBeanDefinitionParser(attribute, beanReference);
            this.rememberMeFilter = rememberMeBeanDefinitionParser.parse(childElementByTagName, this.pc);
            this.rememberMeServicesId = rememberMeBeanDefinitionParser.getRememberMeServicesId();
            createRememberMeProvider(attribute);
        }
    }

    private void createRememberMeProvider(String str) {
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition((Class<?>) RememberMeAuthenticationProvider.class);
        rootBeanDefinition.setSource(this.rememberMeFilter.getSource());
        rootBeanDefinition.getConstructorArgumentValues().addGenericArgumentValue(str);
        String generateBeanName = this.pc.getReaderContext().generateBeanName(rootBeanDefinition);
        this.pc.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, generateBeanName));
        this.rememberMeProviderRef = new RuntimeBeanReference(generateBeanName);
    }

    void createFormLoginFilter(BeanReference beanReference, BeanReference beanReference2) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
        RootBeanDefinition rootBeanDefinition = null;
        if (childElementByTagName != null || this.autoConfig) {
            FormLoginBeanDefinitionParser formLoginBeanDefinitionParser = new FormLoginBeanDefinitionParser("/login", "POST", AUTHENTICATION_PROCESSING_FILTER_CLASS, this.requestCache, beanReference, this.allowSessionCreation, this.portMapper, this.portResolver);
            formLoginBeanDefinitionParser.parse(childElementByTagName, this.pc);
            rootBeanDefinition = formLoginBeanDefinitionParser.getFilterBean();
            this.formEntryPoint = formLoginBeanDefinitionParser.getEntryPointBean();
            this.loginProcessingUrl = formLoginBeanDefinitionParser.getLoginProcessingUrl();
            this.formLoginPage = formLoginBeanDefinitionParser.getLoginPage();
        }
        if (rootBeanDefinition != null) {
            rootBeanDefinition.getPropertyValues().addPropertyValue("allowSessionCreation", Boolean.valueOf(this.allowSessionCreation));
            rootBeanDefinition.getPropertyValues().addPropertyValue("authenticationManager", beanReference2);
            this.formFilterId = this.pc.getReaderContext().generateBeanName(rootBeanDefinition);
            this.pc.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, this.formFilterId));
            injectRememberMeServicesRef(rootBeanDefinition, this.rememberMeServicesId);
        }
    }

    void createOAuth2LoginFilter(BeanReference beanReference, BeanReference beanReference2) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.OAUTH2_LOGIN);
        if (childElementByTagName == null) {
            return;
        }
        OAuth2LoginBeanDefinitionParser oAuth2LoginBeanDefinitionParser = new OAuth2LoginBeanDefinitionParser(this.requestCache, this.portMapper, this.portResolver, beanReference, this.allowSessionCreation);
        BeanDefinition parse = oAuth2LoginBeanDefinitionParser.parse(childElementByTagName, this.pc);
        parse.getPropertyValues().addPropertyValue("authenticationManager", beanReference2);
        BeanDefinition oAuth2LoginAuthenticationProvider = oAuth2LoginBeanDefinitionParser.getOAuth2LoginAuthenticationProvider();
        this.oauth2AuthorizationRequestRedirectFilter = oAuth2LoginBeanDefinitionParser.getOAuth2AuthorizationRequestRedirectFilter();
        this.oauth2LoginEntryPoint = oAuth2LoginBeanDefinitionParser.getOAuth2LoginAuthenticationEntryPoint();
        String generateBeanName = this.pc.getReaderContext().generateBeanName(oAuth2LoginAuthenticationProvider);
        this.oauth2LoginFilterId = this.pc.getReaderContext().generateBeanName(parse);
        String generateBeanName2 = this.pc.getReaderContext().generateBeanName(this.oauth2AuthorizationRequestRedirectFilter);
        this.oauth2LoginLinks = oAuth2LoginBeanDefinitionParser.getOAuth2LoginLinks();
        this.pc.registerBeanComponent(new BeanComponentDefinition(parse, this.oauth2LoginFilterId));
        this.pc.registerBeanComponent(new BeanComponentDefinition(this.oauth2AuthorizationRequestRedirectFilter, generateBeanName2));
        this.pc.registerBeanComponent(new BeanComponentDefinition(oAuth2LoginAuthenticationProvider, generateBeanName));
        this.oauth2LoginAuthenticationProviderRef = new RuntimeBeanReference(generateBeanName);
        BeanDefinition oAuth2LoginOidcAuthenticationProvider = oAuth2LoginBeanDefinitionParser.getOAuth2LoginOidcAuthenticationProvider();
        String generateBeanName3 = this.pc.getReaderContext().generateBeanName(oAuth2LoginOidcAuthenticationProvider);
        this.pc.registerBeanComponent(new BeanComponentDefinition(oAuth2LoginOidcAuthenticationProvider, generateBeanName3));
        this.oauth2LoginOidcAuthenticationProviderRef = new RuntimeBeanReference(generateBeanName3);
    }

    void createOAuth2ClientFilter(BeanReference beanReference, BeanReference beanReference2) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.OAUTH2_CLIENT);
        if (childElementByTagName == null) {
            return;
        }
        OAuth2ClientBeanDefinitionParser oAuth2ClientBeanDefinitionParser = new OAuth2ClientBeanDefinitionParser(beanReference, beanReference2);
        oAuth2ClientBeanDefinitionParser.parse(childElementByTagName, this.pc);
        this.authorizationRequestRedirectFilter = oAuth2ClientBeanDefinitionParser.getAuthorizationRequestRedirectFilter();
        this.pc.registerBeanComponent(new BeanComponentDefinition(this.authorizationRequestRedirectFilter, this.pc.getReaderContext().generateBeanName(this.authorizationRequestRedirectFilter)));
        this.authorizationCodeGrantFilter = oAuth2ClientBeanDefinitionParser.getAuthorizationCodeGrantFilter();
        this.pc.registerBeanComponent(new BeanComponentDefinition(this.authorizationCodeGrantFilter, this.pc.getReaderContext().generateBeanName(this.authorizationCodeGrantFilter)));
        BeanDefinition authorizationCodeAuthenticationProvider = oAuth2ClientBeanDefinitionParser.getAuthorizationCodeAuthenticationProvider();
        String generateBeanName = this.pc.getReaderContext().generateBeanName(authorizationCodeAuthenticationProvider);
        this.pc.registerBeanComponent(new BeanComponentDefinition(authorizationCodeAuthenticationProvider, generateBeanName));
        this.authorizationCodeAuthenticationProviderRef = new RuntimeBeanReference(generateBeanName);
    }

    void createOpenIDLoginFilter(BeanReference beanReference, BeanReference beanReference2) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
        RootBeanDefinition rootBeanDefinition = null;
        if (childElementByTagName != null) {
            FormLoginBeanDefinitionParser formLoginBeanDefinitionParser = new FormLoginBeanDefinitionParser("/login/openid", null, OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, this.requestCache, beanReference, this.allowSessionCreation, this.portMapper, this.portResolver);
            formLoginBeanDefinitionParser.parse(childElementByTagName, this.pc);
            rootBeanDefinition = formLoginBeanDefinitionParser.getFilterBean();
            this.openIDEntryPoint = formLoginBeanDefinitionParser.getEntryPointBean();
            this.openidLoginProcessingUrl = formLoginBeanDefinitionParser.getLoginProcessingUrl();
            this.openIDLoginPage = formLoginBeanDefinitionParser.getLoginPage();
            List<Element> childElementsByTagName = DomUtils.getChildElementsByTagName(childElementByTagName, Elements.OPENID_ATTRIBUTE_EXCHANGE);
            if (!childElementsByTagName.isEmpty()) {
                BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_CONSUMER_CLASS);
                BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_ATTRIBUTE_FACTORY_CLASS);
                ManagedMap managedMap = new ManagedMap();
                for (Element element : childElementsByTagName) {
                    String attribute = element.getAttribute("identifier-match");
                    if (!StringUtils.hasText(attribute)) {
                        if (childElementsByTagName.size() > 1) {
                            this.pc.getReaderContext().error("You must supply an identifier-match attribute if using more than one attribute-exchange element", element);
                        }
                        attribute = ".*";
                    }
                    managedMap.put(attribute, parseOpenIDAttributes(element));
                }
                rootBeanDefinition3.addConstructorArgValue(managedMap);
                rootBeanDefinition2.addConstructorArgValue(rootBeanDefinition3.getBeanDefinition());
                rootBeanDefinition.getPropertyValues().addPropertyValue("consumer", rootBeanDefinition2.getBeanDefinition());
            }
        }
        if (rootBeanDefinition != null) {
            rootBeanDefinition.getPropertyValues().addPropertyValue("allowSessionCreation", Boolean.valueOf(this.allowSessionCreation));
            rootBeanDefinition.getPropertyValues().addPropertyValue("authenticationManager", beanReference2);
            this.openIDFilterId = this.pc.getReaderContext().generateBeanName(rootBeanDefinition);
            this.pc.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, this.openIDFilterId));
            injectRememberMeServicesRef(rootBeanDefinition, this.rememberMeServicesId);
            createOpenIDProvider();
        }
    }

    private ManagedList<BeanDefinition> parseOpenIDAttributes(Element element) {
        ManagedList<BeanDefinition> managedList = new ManagedList<>();
        for (Element element2 : DomUtils.getChildElementsByTagName(element, Elements.OPENID_ATTRIBUTE)) {
            String attribute = element2.getAttribute("name");
            String attribute2 = element2.getAttribute("type");
            String attribute3 = element2.getAttribute("required");
            String attribute4 = element2.getAttribute("count");
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_ATTRIBUTE_CLASS);
            rootBeanDefinition.addConstructorArgValue(attribute);
            rootBeanDefinition.addConstructorArgValue(attribute2);
            if (StringUtils.hasLength(attribute3)) {
                rootBeanDefinition.addPropertyValue("required", Boolean.valueOf(attribute3));
            }
            if (StringUtils.hasLength(attribute4)) {
                rootBeanDefinition.addPropertyValue("count", Integer.valueOf(Integer.parseInt(attribute4)));
            }
            managedList.add(rootBeanDefinition.getBeanDefinition());
        }
        return managedList;
    }

    private void createOpenIDProvider() {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
        RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition();
        rootBeanDefinition2.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
        rootBeanDefinition2.setFactoryMethodName("authenticationUserDetailsService");
        rootBeanDefinition2.getConstructorArgumentValues().addGenericArgumentValue(childElementByTagName.getAttribute(ATT_USER_SERVICE_REF));
        rootBeanDefinition.addPropertyValue("authenticationUserDetailsService", rootBeanDefinition2);
        this.openIDProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(rootBeanDefinition.getBeanDefinition()));
    }

    private void injectRememberMeServicesRef(RootBeanDefinition rootBeanDefinition, String str) {
        if (str != null) {
            rootBeanDefinition.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(str));
        }
    }

    void createBasicFilter(BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
        if (childElementByTagName != null || this.autoConfig) {
            String attribute = this.httpElt.getAttribute(ATT_REALM);
            if (!StringUtils.hasText(attribute)) {
                attribute = DEF_REALM;
            }
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) BasicAuthenticationFilter.class);
            if (childElementByTagName != null) {
                if (StringUtils.hasText(childElementByTagName.getAttribute(ATT_ENTRY_POINT_REF))) {
                    this.basicEntryPoint = new RuntimeBeanReference(childElementByTagName.getAttribute(ATT_ENTRY_POINT_REF));
                }
                injectAuthenticationDetailsSource(childElementByTagName, rootBeanDefinition);
            }
            if (this.basicEntryPoint == null) {
                RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition((Class<?>) BasicAuthenticationEntryPoint.class);
                rootBeanDefinition2.setSource(this.pc.extractSource(this.httpElt));
                rootBeanDefinition2.getPropertyValues().addPropertyValue("realmName", attribute);
                String generateBeanName = this.pc.getReaderContext().generateBeanName(rootBeanDefinition2);
                this.pc.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition2, generateBeanName));
                this.basicEntryPoint = new RuntimeBeanReference(generateBeanName);
            }
            rootBeanDefinition.addConstructorArgValue(beanReference);
            rootBeanDefinition.addConstructorArgValue(this.basicEntryPoint);
            this.basicFilter = rootBeanDefinition.getBeanDefinition();
        }
    }

    void createBearerTokenAuthenticationFilter(BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.OAUTH2_RESOURCE_SERVER);
        if (childElementByTagName == null) {
            return;
        }
        this.bearerTokenAuthenticationFilter = new OAuth2ResourceServerBeanDefinitionParser(beanReference, this.authenticationProviders, this.defaultEntryPointMappings, this.defaultDeniedHandlerMappings, this.csrfIgnoreRequestMatchers).parse(childElementByTagName, this.pc);
    }

    void createX509Filter(BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.X509);
        RootBeanDefinition rootBeanDefinition = null;
        if (childElementByTagName != null) {
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) X509AuthenticationFilter.class);
            rootBeanDefinition2.getRawBeanDefinition().setSource(this.pc.extractSource(childElementByTagName));
            rootBeanDefinition2.addPropertyValue("authenticationManager", beanReference);
            String attribute = childElementByTagName.getAttribute("subject-principal-regex");
            if (StringUtils.hasText(attribute)) {
                BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) SubjectDnX509PrincipalExtractor.class);
                rootBeanDefinition3.addPropertyValue("subjectDnRegex", attribute);
                rootBeanDefinition2.addPropertyValue("principalExtractor", rootBeanDefinition3.getBeanDefinition());
            }
            injectAuthenticationDetailsSource(childElementByTagName, rootBeanDefinition2);
            rootBeanDefinition = (RootBeanDefinition) rootBeanDefinition2.getBeanDefinition();
            createPrauthEntryPoint(childElementByTagName);
            createX509Provider();
        }
        this.x509Filter = rootBeanDefinition;
    }

    private void injectAuthenticationDetailsSource(Element element, BeanDefinitionBuilder beanDefinitionBuilder) {
        String attribute = element.getAttribute(ATT_AUTH_DETAILS_SOURCE_REF);
        if (StringUtils.hasText(attribute)) {
            beanDefinitionBuilder.addPropertyReference("authenticationDetailsSource", attribute);
        }
    }

    private void createX509Provider() {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.X509);
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition((Class<?>) PreAuthenticatedAuthenticationProvider.class);
        RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition();
        rootBeanDefinition2.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
        rootBeanDefinition2.setFactoryMethodName("authenticationUserDetailsService");
        rootBeanDefinition2.getConstructorArgumentValues().addGenericArgumentValue(childElementByTagName.getAttribute(ATT_USER_SERVICE_REF));
        rootBeanDefinition.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", rootBeanDefinition2);
        this.x509ProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(rootBeanDefinition));
    }

    private void createPrauthEntryPoint(Element element) {
        if (this.preAuthEntryPoint == null) {
            this.preAuthEntryPoint = new RootBeanDefinition((Class<?>) Http403ForbiddenEntryPoint.class);
            this.preAuthEntryPoint.setSource(this.pc.extractSource(element));
        }
    }

    void createJeeFilter(BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.JEE);
        RootBeanDefinition rootBeanDefinition = null;
        if (childElementByTagName != null) {
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) J2eePreAuthenticatedProcessingFilter.class);
            rootBeanDefinition2.getRawBeanDefinition().setSource(this.pc.extractSource(childElementByTagName));
            rootBeanDefinition2.addPropertyValue("authenticationManager", beanReference);
            BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
            rootBeanDefinition3.addPropertyValue("userRoles2GrantedAuthoritiesMapper", new RootBeanDefinition((Class<?>) SimpleAttributes2GrantedAuthoritiesMapper.class));
            String attribute = childElementByTagName.getAttribute("mappable-roles");
            Assert.hasLength(attribute, "roles is expected to have length");
            BeanDefinitionBuilder rootBeanDefinition4 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) StringUtils.class);
            rootBeanDefinition4.addConstructorArgValue(attribute);
            rootBeanDefinition4.setFactoryMethod("commaDelimitedListToSet");
            RootBeanDefinition rootBeanDefinition5 = new RootBeanDefinition((Class<?>) SimpleMappableAttributesRetriever.class);
            rootBeanDefinition5.getPropertyValues().addPropertyValue("mappableAttributes", rootBeanDefinition4.getBeanDefinition());
            rootBeanDefinition3.addPropertyValue("mappableRolesRetriever", rootBeanDefinition5);
            rootBeanDefinition2.addPropertyValue("authenticationDetailsSource", rootBeanDefinition3.getBeanDefinition());
            rootBeanDefinition = (RootBeanDefinition) rootBeanDefinition2.getBeanDefinition();
            createPrauthEntryPoint(childElementByTagName);
            createJeeProvider();
        }
        this.jeeFilter = rootBeanDefinition;
    }

    private void createJeeProvider() {
        RootBeanDefinition rootBeanDefinition;
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.JEE);
        RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition((Class<?>) PreAuthenticatedAuthenticationProvider.class);
        if (StringUtils.hasText(childElementByTagName.getAttribute(ATT_USER_SERVICE_REF))) {
            rootBeanDefinition = new RootBeanDefinition();
            rootBeanDefinition.setFactoryBeanName(BeanIds.USER_DETAILS_SERVICE_FACTORY);
            rootBeanDefinition.setFactoryMethodName("authenticationUserDetailsService");
            rootBeanDefinition.getConstructorArgumentValues().addGenericArgumentValue(childElementByTagName.getAttribute(ATT_USER_SERVICE_REF));
        } else {
            rootBeanDefinition = new RootBeanDefinition((Class<?>) PreAuthenticatedGrantedAuthoritiesUserDetailsService.class);
        }
        rootBeanDefinition2.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", rootBeanDefinition);
        this.jeeProviderRef = new RuntimeBeanReference(this.pc.getReaderContext().registerWithGeneratedName(rootBeanDefinition2));
    }

    void createLoginPageFilterIfNeeded() {
        if (((this.formFilterId == null && this.openIDFilterId == null && this.oauth2LoginFilterId == null) ? false : true) && this.formLoginPage == null && this.openIDLoginPage == null) {
            this.logger.info("No login page configured. The default internal one will be used. Use the 'login-page' attribute to set the URL of the login page.");
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DefaultLoginPageGeneratingFilter.class);
            rootBeanDefinition.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction());
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DefaultLogoutPageGeneratingFilter.class);
            rootBeanDefinition2.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction());
            if (this.formFilterId != null) {
                rootBeanDefinition.addConstructorArgReference(this.formFilterId);
                rootBeanDefinition.addPropertyValue("authenticationUrl", this.loginProcessingUrl);
            }
            if (this.openIDFilterId != null) {
                rootBeanDefinition.addConstructorArgReference(this.openIDFilterId);
                rootBeanDefinition.addPropertyValue("openIDauthenticationUrl", this.openidLoginProcessingUrl);
            }
            if (this.oauth2LoginFilterId != null) {
                rootBeanDefinition.addConstructorArgReference(this.oauth2LoginFilterId);
                rootBeanDefinition.addPropertyValue("Oauth2LoginEnabled", true);
                rootBeanDefinition.addPropertyValue("Oauth2AuthenticationUrlToClientName", this.oauth2LoginLinks);
            }
            this.loginPageGenerationFilter = rootBeanDefinition.getBeanDefinition();
            this.logoutPageGenerationFilter = rootBeanDefinition2.getBeanDefinition();
        }
    }

    void createLogoutFilter() {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.LOGOUT);
        if (childElementByTagName != null || this.autoConfig) {
            String str = this.formLoginPage;
            if (str == null) {
                str = "/login";
            }
            LogoutBeanDefinitionParser logoutBeanDefinitionParser = new LogoutBeanDefinitionParser(str, this.rememberMeServicesId, this.csrfLogoutHandler);
            this.logoutFilter = logoutBeanDefinitionParser.parse(childElementByTagName, this.pc);
            this.logoutHandlers = logoutBeanDefinitionParser.getLogoutHandlers();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManagedList getLogoutHandlers() {
        if (this.logoutHandlers == null && this.rememberMeProviderRef != null) {
            this.logoutHandlers = new ManagedList();
            if (this.csrfLogoutHandler != null) {
                this.logoutHandlers.add(this.csrfLogoutHandler);
            }
            this.logoutHandlers.add(new RuntimeBeanReference(this.rememberMeServicesId));
            this.logoutHandlers.add(new RootBeanDefinition((Class<?>) SecurityContextLogoutHandler.class));
        }
        return this.logoutHandlers;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanMetadataElement getEntryPointBean() {
        return this.mainEntryPoint;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanMetadataElement getAccessDeniedHandlerBean() {
        return this.accessDeniedHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<BeanDefinition> getCsrfIgnoreRequestMatchers() {
        return this.csrfIgnoreRequestMatchers;
    }

    void createAnonymousFilter() {
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, "anonymous");
        if (childElementByTagName == null || !"false".equals(childElementByTagName.getAttribute("enabled"))) {
            String str = null;
            String str2 = null;
            String str3 = null;
            Object extractSource = this.pc.extractSource(this.httpElt);
            if (childElementByTagName != null) {
                str = childElementByTagName.getAttribute("granted-authority");
                str2 = childElementByTagName.getAttribute("username");
                str3 = childElementByTagName.getAttribute("key");
                extractSource = this.pc.extractSource(childElementByTagName);
            }
            if (!StringUtils.hasText(str)) {
                str = "ROLE_ANONYMOUS";
            }
            if (!StringUtils.hasText(str2)) {
                str2 = "anonymousUser";
            }
            if (!StringUtils.hasText(str3)) {
                str3 = createKey();
            }
            this.anonymousFilter = new RootBeanDefinition((Class<?>) AnonymousAuthenticationFilter.class);
            this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, str3);
            this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, str2);
            this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(str));
            this.anonymousFilter.setSource(extractSource);
            RootBeanDefinition rootBeanDefinition = new RootBeanDefinition((Class<?>) AnonymousAuthenticationProvider.class);
            rootBeanDefinition.getConstructorArgumentValues().addIndexedArgumentValue(0, str3);
            rootBeanDefinition.setSource(this.anonymousFilter.getSource());
            String generateBeanName = this.pc.getReaderContext().generateBeanName(rootBeanDefinition);
            this.pc.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, generateBeanName));
            this.anonymousProviderRef = new RuntimeBeanReference(generateBeanName);
        }
    }

    private String createKey() {
        return Long.toString(new SecureRandom().nextLong());
    }

    void createExceptionTranslationFilter() {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ExceptionTranslationFilter.class);
        this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc);
        rootBeanDefinition.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler);
        if (!$assertionsDisabled && this.requestCache == null) {
            throw new AssertionError();
        }
        this.mainEntryPoint = selectEntryPoint();
        rootBeanDefinition.addConstructorArgValue(this.mainEntryPoint);
        rootBeanDefinition.addConstructorArgValue(this.requestCache);
        this.etf = rootBeanDefinition.getBeanDefinition();
    }

    private BeanMetadataElement createAccessDeniedHandler(Element element, ParserContext parserContext) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.ACCESS_DENIED_HANDLER);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AccessDeniedHandlerImpl.class);
        if (childElementByTagName != null) {
            String attribute = childElementByTagName.getAttribute(ATT_ACCESS_DENIED_ERROR_PAGE);
            String attribute2 = childElementByTagName.getAttribute("ref");
            if (StringUtils.hasText(attribute)) {
                if (StringUtils.hasText(attribute2)) {
                    parserContext.getReaderContext().error("The attribute error-page cannot be used together with the 'ref' attribute within <access-denied-handler>", parserContext.extractSource(childElementByTagName));
                }
                rootBeanDefinition.addPropertyValue("errorPage", attribute);
                return rootBeanDefinition.getBeanDefinition();
            }
            if (StringUtils.hasText(attribute2)) {
                return new RuntimeBeanReference(attribute2);
            }
        }
        if (this.defaultDeniedHandlerMappings.isEmpty()) {
            return rootBeanDefinition.getBeanDefinition();
        }
        if (this.defaultDeniedHandlerMappings.size() == 1) {
            return this.defaultDeniedHandlerMappings.values().iterator().next();
        }
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) RequestMatcherDelegatingAccessDeniedHandler.class);
        rootBeanDefinition2.addConstructorArgValue(this.defaultDeniedHandlerMappings);
        rootBeanDefinition2.addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AccessDeniedHandlerImpl.class));
        return rootBeanDefinition2.getBeanDefinition();
    }

    private BeanMetadataElement selectEntryPoint() {
        String attribute = this.httpElt.getAttribute(ATT_ENTRY_POINT_REF);
        if (StringUtils.hasText(attribute)) {
            return new RuntimeBeanReference(attribute);
        }
        if (!this.defaultEntryPointMappings.isEmpty()) {
            if (this.defaultEntryPointMappings.size() == 1) {
                return this.defaultEntryPointMappings.values().iterator().next();
            }
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DelegatingAuthenticationEntryPoint.class);
            rootBeanDefinition.addConstructorArgValue(this.defaultEntryPointMappings);
            return rootBeanDefinition.getBeanDefinition();
        }
        Element childElementByTagName = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
        Element childElementByTagName2 = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
        Element childElementByTagName3 = DomUtils.getChildElementByTagName(this.httpElt, Elements.OPENID_LOGIN);
        if (childElementByTagName != null && childElementByTagName2 == null && childElementByTagName3 == null && this.oauth2LoginEntryPoint == null) {
            return this.basicEntryPoint;
        }
        if (this.formLoginPage != null && this.openIDLoginPage != null) {
            this.pc.getReaderContext().error("Only one login-page can be defined, either for OpenID or form-login, but not both.", this.pc.extractSource(childElementByTagName3));
        }
        if (this.formFilterId == null || this.openIDLoginPage != null || ((childElementByTagName2 == null || this.oauth2LoginEntryPoint == null) && this.oauth2LoginEntryPoint != null)) {
            if (this.openIDFilterId != null) {
                return this.openIDEntryPoint;
            }
            if (this.preAuthEntryPoint != null) {
                return this.preAuthEntryPoint;
            }
            if (this.oauth2LoginEntryPoint != null) {
                return this.oauth2LoginEntryPoint;
            }
            this.pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute ", this.pc.extractSource(this.httpElt));
            return null;
        }
        return this.formEntryPoint;
    }

    private void createUserDetailsServiceFactory() {
        if (this.pc.getRegistry().containsBeanDefinition(BeanIds.USER_DETAILS_SERVICE_FACTORY)) {
            return;
        }
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition((Class<?>) UserDetailsServiceFactoryBean.class);
        rootBeanDefinition.setRole(2);
        this.pc.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, BeanIds.USER_DETAILS_SERVICE_FACTORY));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<OrderDecorator> getFilters() {
        ArrayList arrayList = new ArrayList();
        if (this.anonymousFilter != null) {
            arrayList.add(new OrderDecorator(this.anonymousFilter, SecurityFilters.ANONYMOUS_FILTER));
        }
        if (this.rememberMeFilter != null) {
            arrayList.add(new OrderDecorator(this.rememberMeFilter, SecurityFilters.REMEMBER_ME_FILTER));
        }
        if (this.logoutFilter != null) {
            arrayList.add(new OrderDecorator(this.logoutFilter, SecurityFilters.LOGOUT_FILTER));
        }
        if (this.x509Filter != null) {
            arrayList.add(new OrderDecorator(this.x509Filter, SecurityFilters.X509_FILTER));
        }
        if (this.jeeFilter != null) {
            arrayList.add(new OrderDecorator(this.jeeFilter, SecurityFilters.PRE_AUTH_FILTER));
        }
        if (this.formFilterId != null) {
            arrayList.add(new OrderDecorator(new RuntimeBeanReference(this.formFilterId), SecurityFilters.FORM_LOGIN_FILTER));
        }
        if (this.oauth2LoginFilterId != null) {
            arrayList.add(new OrderDecorator(new RuntimeBeanReference(this.oauth2LoginFilterId), SecurityFilters.OAUTH2_LOGIN_FILTER));
            arrayList.add(new OrderDecorator(this.oauth2AuthorizationRequestRedirectFilter, SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER));
        }
        if (this.openIDFilterId != null) {
            arrayList.add(new OrderDecorator(new RuntimeBeanReference(this.openIDFilterId), SecurityFilters.OPENID_FILTER));
        }
        if (this.loginPageGenerationFilter != null) {
            arrayList.add(new OrderDecorator(this.loginPageGenerationFilter, SecurityFilters.LOGIN_PAGE_FILTER));
            arrayList.add(new OrderDecorator(this.logoutPageGenerationFilter, SecurityFilters.LOGOUT_PAGE_FILTER));
        }
        if (this.basicFilter != null) {
            arrayList.add(new OrderDecorator(this.basicFilter, SecurityFilters.BASIC_AUTH_FILTER));
        }
        if (this.bearerTokenAuthenticationFilter != null) {
            arrayList.add(new OrderDecorator(this.bearerTokenAuthenticationFilter, SecurityFilters.BEARER_TOKEN_AUTH_FILTER));
        }
        if (this.authorizationCodeGrantFilter != null) {
            arrayList.add(new OrderDecorator(this.authorizationRequestRedirectFilter, SecurityFilters.OAUTH2_AUTHORIZATION_REQUEST_FILTER.getOrder() + 1));
            arrayList.add(new OrderDecorator(this.authorizationCodeGrantFilter, SecurityFilters.OAUTH2_AUTHORIZATION_CODE_GRANT_FILTER));
        }
        arrayList.add(new OrderDecorator(this.etf, SecurityFilters.EXCEPTION_TRANSLATION_FILTER));
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<BeanReference> getProviders() {
        ArrayList arrayList = new ArrayList();
        if (this.anonymousProviderRef != null) {
            arrayList.add(this.anonymousProviderRef);
        }
        if (this.rememberMeProviderRef != null) {
            arrayList.add(this.rememberMeProviderRef);
        }
        if (this.openIDProviderRef != null) {
            arrayList.add(this.openIDProviderRef);
        }
        if (this.x509ProviderRef != null) {
            arrayList.add(this.x509ProviderRef);
        }
        if (this.jeeProviderRef != null) {
            arrayList.add(this.jeeProviderRef);
        }
        if (this.oauth2LoginAuthenticationProviderRef != null) {
            arrayList.add(this.oauth2LoginAuthenticationProviderRef);
        }
        if (this.oauth2LoginOidcAuthenticationProviderRef != null) {
            arrayList.add(this.oauth2LoginOidcAuthenticationProviderRef);
        }
        if (this.authorizationCodeAuthenticationProviderRef != null) {
            arrayList.add(this.authorizationCodeAuthenticationProviderRef);
        }
        arrayList.addAll(this.authenticationProviders);
        return arrayList;
    }

    static {
        $assertionsDisabled = !AuthenticationConfigBuilder.class.desiredAssertionStatus();
    }
}
