package org.springframework.security.config.annotation.web.configurers;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Objects;
import java.util.function.Supplier;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.ApplicationContext;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.config.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry;
import org.springframework.security.config.core.GrantedAuthorityDefaults;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/spring-security-config-6.5.1.jar:org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.class */
public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {
    static final String permitAll = "permitAll";
    private static final String denyAll = "denyAll";
    private static final String anonymous = "anonymous";
    private static final String authenticated = "authenticated";
    private static final String fullyAuthenticated = "fullyAuthenticated";
    private static final String rememberMe = "rememberMe";
    private final String rolePrefix;
    private final ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry REGISTRY;
    private SecurityExpressionHandler<FilterInvocation> expressionHandler;

    /* loaded from: input_file:WEB-INF/lib/spring-security-config-6.5.1.jar:org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer$AuthorizedUrl.class */
    public class AuthorizedUrl {
        private List<? extends RequestMatcher> requestMatchers;
        private boolean not;

        AuthorizedUrl(List<? extends RequestMatcher> list) {
            this.requestMatchers = list;
        }

        protected List<? extends RequestMatcher> getMatchers() {
            return this.requestMatchers;
        }

        public ExpressionUrlAuthorizationConfigurer<H>.AuthorizedUrl not() {
            this.not = true;
            return this;
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry hasRole(String str) {
            return access(ExpressionUrlAuthorizationConfigurer.hasRole(ExpressionUrlAuthorizationConfigurer.this.rolePrefix, str));
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry hasAnyRole(String... strArr) {
            return access(ExpressionUrlAuthorizationConfigurer.hasAnyRole(ExpressionUrlAuthorizationConfigurer.this.rolePrefix, strArr));
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry hasAuthority(String str) {
            return access(ExpressionUrlAuthorizationConfigurer.hasAuthority(str));
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry hasAnyAuthority(String... strArr) {
            return access(ExpressionUrlAuthorizationConfigurer.hasAnyAuthority(strArr));
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry hasIpAddress(String str) {
            return access(ExpressionUrlAuthorizationConfigurer.hasIpAddress(str));
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry permitAll() {
            return access(ExpressionUrlAuthorizationConfigurer.permitAll);
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry anonymous() {
            return access("anonymous");
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry rememberMe() {
            return access(ExpressionUrlAuthorizationConfigurer.rememberMe);
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry denyAll() {
            return access(ExpressionUrlAuthorizationConfigurer.denyAll);
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry authenticated() {
            return access(ExpressionUrlAuthorizationConfigurer.authenticated);
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry fullyAuthenticated() {
            return access(ExpressionUrlAuthorizationConfigurer.fullyAuthenticated);
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry access(String str) {
            if (this.not) {
                str = "!" + str;
            }
            ExpressionUrlAuthorizationConfigurer.this.interceptUrl(this.requestMatchers, SecurityConfig.createList(str));
            return ExpressionUrlAuthorizationConfigurer.this.REGISTRY;
        }
    }

    @Deprecated
    /* loaded from: input_file:WEB-INF/lib/spring-security-config-6.5.1.jar:org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer$ExpressionInterceptUrlRegistry.class */
    public final class ExpressionInterceptUrlRegistry extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H>.AbstractInterceptUrlRegistry<ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry, ExpressionUrlAuthorizationConfigurer<H>.AuthorizedUrl> {
        private ExpressionInterceptUrlRegistry(ApplicationContext applicationContext) {
            super();
            setApplicationContext(applicationContext);
        }

        @Override // org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
        protected ExpressionUrlAuthorizationConfigurer<H>.AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> list) {
            return new AuthorizedUrl(list);
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry expressionHandler(SecurityExpressionHandler<FilterInvocation> securityExpressionHandler) {
            ExpressionUrlAuthorizationConfigurer.this.expressionHandler = securityExpressionHandler;
            return this;
        }

        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
            ExpressionUrlAuthorizationConfigurer.this.addObjectPostProcessor(objectPostProcessor);
            return this;
        }

        @Deprecated(since = "6.4", forRemoval = true)
        public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry withObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
            ExpressionUrlAuthorizationConfigurer.this.addObjectPostProcessor(objectPostProcessor);
            return this;
        }

        public H and() {
            return (H) ExpressionUrlAuthorizationConfigurer.this.and();
        }

        @Override // org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
        protected /* bridge */ /* synthetic */ Object chainRequestMatchersInternal(List list) {
            return chainRequestMatchersInternal((List<RequestMatcher>) list);
        }
    }

    public ExpressionUrlAuthorizationConfigurer(ApplicationContext applicationContext) {
        GrantedAuthorityDefaults grantedAuthorityDefaults = (GrantedAuthorityDefaults) applicationContext.getBeanProvider(GrantedAuthorityDefaults.class).getIfUnique();
        if (grantedAuthorityDefaults != null) {
            this.rolePrefix = grantedAuthorityDefaults.getRolePrefix();
        } else {
            this.rolePrefix = "ROLE_";
        }
        this.REGISTRY = new ExpressionInterceptUrlRegistry(applicationContext);
    }

    public ExpressionUrlAuthorizationConfigurer<H>.ExpressionInterceptUrlRegistry getRegistry() {
        return this.REGISTRY;
    }

    private void interceptUrl(Iterable<? extends RequestMatcher> iterable, Collection<ConfigAttribute> collection) {
        Iterator<? extends RequestMatcher> it = iterable.iterator();
        while (it.hasNext()) {
            this.REGISTRY.addMapping(new AbstractConfigAttributeRequestMatcherRegistry.UrlMapping(it.next(), collection));
        }
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
    List<AccessDecisionVoter<?>> getDecisionVoters(H h) {
        ArrayList arrayList = new ArrayList();
        WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
        webExpressionVoter.setExpressionHandler(getExpressionHandler(h));
        arrayList.add(webExpressionVoter);
        return arrayList;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
    ExpressionBasedFilterInvocationSecurityMetadataSource createMetadataSource(H h) {
        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> createRequestMap = this.REGISTRY.createRequestMap();
        Assert.state(!createRequestMap.isEmpty(), "At least one mapping is required (i.e. authorizeRequests().anyRequest().authenticated())");
        return new ExpressionBasedFilterInvocationSecurityMetadataSource(createRequestMap, getExpressionHandler(h));
    }

    private SecurityExpressionHandler<FilterInvocation> getExpressionHandler(H h) {
        if (this.expressionHandler != null) {
            return this.expressionHandler;
        }
        DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
        AuthenticationTrustResolver authenticationTrustResolver = (AuthenticationTrustResolver) h.getSharedObject(AuthenticationTrustResolver.class);
        if (authenticationTrustResolver != null) {
            defaultWebSecurityExpressionHandler.setTrustResolver(authenticationTrustResolver);
        }
        ApplicationContext applicationContext = (ApplicationContext) h.getSharedObject(ApplicationContext.class);
        if (applicationContext != null) {
            ObjectProvider beanProvider = applicationContext.getBeanProvider(RoleHierarchy.class);
            Objects.requireNonNull(defaultWebSecurityExpressionHandler);
            beanProvider.ifUnique(defaultWebSecurityExpressionHandler::setRoleHierarchy);
            applicationContext.getBeanProvider(GrantedAuthorityDefaults.class).ifUnique(grantedAuthorityDefaults -> {
                defaultWebSecurityExpressionHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
            });
            ObjectProvider beanProvider2 = applicationContext.getBeanProvider(PermissionEvaluator.class);
            Objects.requireNonNull(defaultWebSecurityExpressionHandler);
            beanProvider2.ifUnique(defaultWebSecurityExpressionHandler::setPermissionEvaluator);
        }
        this.expressionHandler = (SecurityExpressionHandler) postProcess(defaultWebSecurityExpressionHandler);
        return this.expressionHandler;
    }

    private static String hasAnyRole(String str, String... strArr) {
        return "hasAnyRole('" + str + StringUtils.arrayToDelimitedString(strArr, "','" + str) + "')";
    }

    private static String hasRole(String str, String str2) {
        Assert.notNull(str2, "role cannot be null");
        Assert.isTrue(str.isEmpty() || !str2.startsWith(str), (Supplier<String>) () -> {
            return "role should not start with '" + str + "' since it is automatically inserted. Got '" + str2 + "'";
        });
        return "hasRole('" + str + str2 + "')";
    }

    private static String hasAuthority(String str) {
        return "hasAuthority('" + str + "')";
    }

    private static String hasAnyAuthority(String... strArr) {
        return "hasAnyAuthority('" + StringUtils.arrayToDelimitedString(strArr, "','") + "')";
    }

    private static String hasIpAddress(String str) {
        return "hasIpAddress('" + str + "')";
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
    /* bridge */ /* synthetic */ FilterInvocationSecurityMetadataSource createMetadataSource(HttpSecurityBuilder httpSecurityBuilder) {
        return createMetadataSource((ExpressionUrlAuthorizationConfigurer<H>) httpSecurityBuilder);
    }
}
