package org.springframework.security.config.annotation.web.configurers;

import io.micrometer.observation.ObservationRegistry;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import org.springframework.context.ApplicationContext;
import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.CompositeAccessDeniedHandler;
import org.springframework.security.web.access.DelegatingAccessDeniedHandler;
import org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.csrf.CsrfAuthenticationStrategy;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfLogoutHandler;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfTokenRequestHandler;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.security.web.csrf.LazyCsrfTokenRepository;
import org.springframework.security.web.csrf.MissingCsrfTokenException;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.session.InvalidSessionAccessDeniedHandler;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/rewrite/classpath/spring-security-config-5.8.3.jar:org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.class
 */
/* loaded from: input_file:META-INF/rewrite/classpath/spring-security-config-6.0.3.jar:org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.class */
public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<CsrfConfigurer<H>, H> {
    private CsrfTokenRepository csrfTokenRepository = new LazyCsrfTokenRepository(new HttpSessionCsrfTokenRepository());
    private RequestMatcher requireCsrfProtectionMatcher = CsrfFilter.DEFAULT_CSRF_MATCHER;
    private List<RequestMatcher> ignoredCsrfProtectionMatchers = new ArrayList();
    private SessionAuthenticationStrategy sessionAuthenticationStrategy;
    private CsrfTokenRequestHandler requestHandler;
    private final ApplicationContext context;

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/rewrite/classpath/spring-security-config-5.8.3.jar:org/springframework/security/config/annotation/web/configurers/CsrfConfigurer$IgnoreCsrfProtectionRegistry.class
     */
    /* loaded from: input_file:META-INF/rewrite/classpath/spring-security-config-6.0.3.jar:org/springframework/security/config/annotation/web/configurers/CsrfConfigurer$IgnoreCsrfProtectionRegistry.class */
    private class IgnoreCsrfProtectionRegistry extends AbstractRequestMatcherRegistry<CsrfConfigurer<H>.IgnoreCsrfProtectionRegistry> {
        IgnoreCsrfProtectionRegistry(ApplicationContext applicationContext) {
            setApplicationContext(applicationContext);
        }

        CsrfConfigurer<H> and() {
            return CsrfConfigurer.this;
        }

        @Override // org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
        protected CsrfConfigurer<H>.IgnoreCsrfProtectionRegistry chainRequestMatchers(List<RequestMatcher> list) {
            CsrfConfigurer.this.ignoredCsrfProtectionMatchers.addAll(list);
            return this;
        }

        @Override // org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
        protected /* bridge */ /* synthetic */ Object chainRequestMatchers(List list) {
            return chainRequestMatchers((List<RequestMatcher>) list);
        }
    }

    /* loaded from: input_file:META-INF/rewrite/classpath/spring-security-config-5.8.3.jar:org/springframework/security/config/annotation/web/configurers/CsrfConfigurer$MvcMatchersIgnoreCsrfProtectionRegistry.class */
    private final class MvcMatchersIgnoreCsrfProtectionRegistry extends CsrfConfigurer<H>.IgnoreCsrfProtectionRegistry {
        private final List<MvcRequestMatcher> mvcMatchers;

        private MvcMatchersIgnoreCsrfProtectionRegistry(ApplicationContext applicationContext, List<MvcRequestMatcher> list) {
            super(applicationContext);
            this.mvcMatchers = list;
        }

        CsrfConfigurer<H>.IgnoreCsrfProtectionRegistry servletPath(String str) {
            Iterator<MvcRequestMatcher> it = this.mvcMatchers.iterator();
            while (it.hasNext()) {
                it.next().setServletPath(str);
            }
            return this;
        }
    }

    public CsrfConfigurer(ApplicationContext applicationContext) {
        this.context = applicationContext;
    }

    public CsrfConfigurer<H> csrfTokenRepository(CsrfTokenRepository csrfTokenRepository) {
        Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
        this.csrfTokenRepository = csrfTokenRepository;
        return this;
    }

    public CsrfConfigurer<H> requireCsrfProtectionMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requireCsrfProtectionMatcher cannot be null");
        this.requireCsrfProtectionMatcher = requestMatcher;
        return this;
    }

    public CsrfConfigurer<H> csrfTokenRequestHandler(CsrfTokenRequestHandler csrfTokenRequestHandler) {
        this.requestHandler = csrfTokenRequestHandler;
        return this;
    }

    public CsrfConfigurer<H> ignoringRequestMatchers(RequestMatcher... requestMatcherArr) {
        return (CsrfConfigurer<H>) new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(requestMatcherArr).and();
    }

    public CsrfConfigurer<H> ignoringRequestMatchers(String... strArr) {
        return (CsrfConfigurer<H>) new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(strArr).and();
    }

    public CsrfConfigurer<H> sessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy) {
        Assert.notNull(sessionAuthenticationStrategy, "sessionAuthenticationStrategy cannot be null");
        this.sessionAuthenticationStrategy = sessionAuthenticationStrategy;
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) {
        CsrfFilter csrfFilter = new CsrfFilter(this.csrfTokenRepository);
        RequestMatcher requireCsrfProtectionMatcher = getRequireCsrfProtectionMatcher();
        if (requireCsrfProtectionMatcher != null) {
            csrfFilter.setRequireCsrfProtectionMatcher(requireCsrfProtectionMatcher);
        }
        AccessDeniedHandler createAccessDeniedHandler = createAccessDeniedHandler(h);
        ObservationRegistry observationRegistry = getObservationRegistry();
        if (!observationRegistry.isNoop()) {
            createAccessDeniedHandler = new CompositeAccessDeniedHandler(new ObservationMarkingAccessDeniedHandler(observationRegistry), createAccessDeniedHandler);
        }
        if (createAccessDeniedHandler != null) {
            csrfFilter.setAccessDeniedHandler(createAccessDeniedHandler);
        }
        LogoutConfigurer logoutConfigurer = (LogoutConfigurer) h.getConfigurer(LogoutConfigurer.class);
        if (logoutConfigurer != null) {
            logoutConfigurer.addLogoutHandler(new CsrfLogoutHandler(this.csrfTokenRepository));
        }
        SessionManagementConfigurer sessionManagementConfigurer = (SessionManagementConfigurer) h.getConfigurer(SessionManagementConfigurer.class);
        if (sessionManagementConfigurer != null) {
            sessionManagementConfigurer.addSessionAuthenticationStrategy(getSessionAuthenticationStrategy());
        }
        if (this.requestHandler != null) {
            csrfFilter.setRequestHandler(this.requestHandler);
        }
        h.addFilter((CsrfFilter) postProcess(csrfFilter));
    }

    private RequestMatcher getRequireCsrfProtectionMatcher() {
        return this.ignoredCsrfProtectionMatchers.isEmpty() ? this.requireCsrfProtectionMatcher : new AndRequestMatcher(this.requireCsrfProtectionMatcher, new NegatedRequestMatcher(new OrRequestMatcher(this.ignoredCsrfProtectionMatchers)));
    }

    private AccessDeniedHandler getDefaultAccessDeniedHandler(H h) {
        ExceptionHandlingConfigurer exceptionHandlingConfigurer = (ExceptionHandlingConfigurer) h.getConfigurer(ExceptionHandlingConfigurer.class);
        AccessDeniedHandler accessDeniedHandler = null;
        if (exceptionHandlingConfigurer != null) {
            accessDeniedHandler = exceptionHandlingConfigurer.getAccessDeniedHandler(h);
        }
        if (accessDeniedHandler == null) {
            accessDeniedHandler = new AccessDeniedHandlerImpl();
        }
        return accessDeniedHandler;
    }

    private InvalidSessionStrategy getInvalidSessionStrategy(H h) {
        SessionManagementConfigurer sessionManagementConfigurer = (SessionManagementConfigurer) h.getConfigurer(SessionManagementConfigurer.class);
        if (sessionManagementConfigurer == null) {
            return null;
        }
        return sessionManagementConfigurer.getInvalidSessionStrategy();
    }

    private AccessDeniedHandler createAccessDeniedHandler(H h) {
        InvalidSessionStrategy invalidSessionStrategy = getInvalidSessionStrategy(h);
        AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler(h);
        if (invalidSessionStrategy == null) {
            return defaultAccessDeniedHandler;
        }
        InvalidSessionAccessDeniedHandler invalidSessionAccessDeniedHandler = new InvalidSessionAccessDeniedHandler(invalidSessionStrategy);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(MissingCsrfTokenException.class, invalidSessionAccessDeniedHandler);
        return new DelegatingAccessDeniedHandler(linkedHashMap, defaultAccessDeniedHandler);
    }

    private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
        if (this.sessionAuthenticationStrategy != null) {
            return this.sessionAuthenticationStrategy;
        }
        CsrfAuthenticationStrategy csrfAuthenticationStrategy = new CsrfAuthenticationStrategy(this.csrfTokenRepository);
        if (this.requestHandler != null) {
            csrfAuthenticationStrategy.setRequestHandler(this.requestHandler);
        }
        return csrfAuthenticationStrategy;
    }

    private ObservationRegistry getObservationRegistry() {
        ApplicationContext applicationContext = (ApplicationContext) ((HttpSecurityBuilder) getBuilder()).getSharedObject(ApplicationContext.class);
        return applicationContext.getBeanNamesForType(ObservationRegistry.class).length == 1 ? (ObservationRegistry) applicationContext.getBean(ObservationRegistry.class) : ObservationRegistry.NOOP;
    }
}
