package org.springframework.security.config.http;

import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedMap;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.web.access.DelegatingAccessDeniedHandler;
import org.springframework.security.web.csrf.CsrfAuthenticationStrategy;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfLogoutHandler;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.security.web.csrf.MissingCsrfTokenException;
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
import org.springframework.security.web.session.InvalidSessionAccessDeniedHandler;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/spring-security-config-4.0.1.RELEASE.jar:org/springframework/security/config/http/CsrfBeanDefinitionParser.class */
public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
    private static final String REQUEST_DATA_VALUE_PROCESSOR = "requestDataValueProcessor";
    private static final String DISPATCHER_SERVLET_CLASS_NAME = "org.springframework.web.servlet.DispatcherServlet";
    private static final String ATT_MATCHER = "request-matcher-ref";
    private static final String ATT_REPOSITORY = "token-repository-ref";
    private String csrfRepositoryRef;
    private BeanDefinition csrfFilter;

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        if (element != null && "true".equals(element.getAttribute("disabled"))) {
            return null;
        }
        if (ClassUtils.isPresent(DISPATCHER_SERVLET_CLASS_NAME, getClass().getClassLoader())) {
            parserContext.registerBeanComponent(new BeanComponentDefinition(new RootBeanDefinition((Class<?>) CsrfRequestDataValueProcessor.class), "requestDataValueProcessor"));
        }
        String str = null;
        if (element != null) {
            this.csrfRepositoryRef = element.getAttribute(ATT_REPOSITORY);
            str = element.getAttribute(ATT_MATCHER);
        }
        if (!StringUtils.hasText(this.csrfRepositoryRef)) {
            RootBeanDefinition rootBeanDefinition = new RootBeanDefinition((Class<?>) HttpSessionCsrfTokenRepository.class);
            this.csrfRepositoryRef = parserContext.getReaderContext().generateBeanName(rootBeanDefinition);
            parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, this.csrfRepositoryRef));
        }
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) CsrfFilter.class);
        rootBeanDefinition2.addConstructorArgReference(this.csrfRepositoryRef);
        if (StringUtils.hasText(str)) {
            rootBeanDefinition2.addPropertyReference("requireCsrfProtectionMatcher", str);
        }
        this.csrfFilter = rootBeanDefinition2.getBeanDefinition();
        return this.csrfFilter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initAccessDeniedHandler(BeanDefinition beanDefinition, BeanMetadataElement beanMetadataElement) {
        this.csrfFilter.getPropertyValues().addPropertyValue("accessDeniedHandler", createAccessDeniedHandler(beanDefinition, beanMetadataElement));
    }

    private BeanMetadataElement createAccessDeniedHandler(BeanDefinition beanDefinition, BeanMetadataElement beanMetadataElement) {
        if (beanDefinition == null) {
            return beanMetadataElement;
        }
        ManagedMap managedMap = new ManagedMap();
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) InvalidSessionAccessDeniedHandler.class);
        rootBeanDefinition.addConstructorArgValue(beanDefinition);
        managedMap.put(MissingCsrfTokenException.class, rootBeanDefinition.getBeanDefinition());
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DelegatingAccessDeniedHandler.class);
        rootBeanDefinition2.addConstructorArgValue(managedMap);
        rootBeanDefinition2.addConstructorArgValue(beanMetadataElement);
        return rootBeanDefinition2.getBeanDefinition();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getCsrfAuthenticationStrategy() {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) CsrfAuthenticationStrategy.class);
        rootBeanDefinition.addConstructorArgReference(this.csrfRepositoryRef);
        return rootBeanDefinition.getBeanDefinition();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getCsrfLogoutHandler() {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) CsrfLogoutHandler.class);
        rootBeanDefinition.addConstructorArgReference(this.csrfRepositoryRef);
        return rootBeanDefinition.getBeanDefinition();
    }
}
