package org.springframework.security.config;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.aop.config.AopNamespaceUtils;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
import org.springframework.security.access.annotation.Jsr250Voter;
import org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory;
import org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice;
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
import org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource;
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
import org.springframework.security.access.prepost.PostInvocationAdviceProvider;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParser.class */
class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
    private final Log logger = LogFactory.getLog(getClass());
    static final String SECURITY_INTERCEPTOR_ID = "_globalMethodSecurityInterceptor";
    static final String INTERCEPTOR_POST_PROCESSOR_ID = "_globalMethodSecurityInterceptorPostProcessor";
    static final String ACCESS_MANAGER_ID = "_globalMethodSecurityAccessManager";
    private static final String DELEGATING_METHOD_DEFINITION_SOURCE_ID = "_delegatingMethodSecurityMetadataSource";
    private static final String EXPRESSION_HANDLER_ID = "_methodExpressionHandler";
    private static final String ATT_ACCESS = "access";
    private static final String ATT_EXPRESSION = "expression";
    private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
    private static final String ATT_RUN_AS_MGR = "run-as-manager-ref";
    private static final String ATT_USE_JSR250 = "jsr250-annotations";
    private static final String ATT_USE_SECURED = "secured-annotations";
    private static final String ATT_USE_PREPOST = "pre-post-annotations";

    public BeanDefinition parse(Element element, ParserContext parserContext) {
        Object extractSource = parserContext.extractSource(element);
        ManagedList managedList = new ManagedList();
        boolean equals = "enabled".equals(element.getAttribute(ATT_USE_JSR250));
        boolean equals2 = "enabled".equals(element.getAttribute(ATT_USE_SECURED));
        boolean equals3 = "enabled".equals(element.getAttribute(ATT_USE_PREPOST));
        AbstractBeanDefinition abstractBeanDefinition = null;
        Map<String, List<ConfigAttribute>> parseProtectPointcuts = parseProtectPointcuts(parserContext, DomUtils.getChildElementsByTagName(element, Elements.PROTECT_POINTCUT));
        if (parseProtectPointcuts.size() > 0) {
            MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource = new MapBasedMethodSecurityMetadataSource();
            managedList.add(mapBasedMethodSecurityMetadataSource);
            registerProtectPointcutPostProcessor(parserContext, parseProtectPointcuts, mapBasedMethodSecurityMetadataSource, extractSource);
        }
        if (equals3) {
            Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.INVOCATION_HANDLING);
            Element childElementByTagName2 = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
            if (childElementByTagName != null && childElementByTagName2 != null) {
                parserContext.getReaderContext().error("pre-post-annotation-handling and expression-handler cannot be used together ", extractSource);
            }
            BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(PreInvocationAuthorizationAdviceVoter.class);
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(PostInvocationAdviceProvider.class);
            BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition(PrePostAnnotationSecurityMetadataSource.class);
            if (childElementByTagName != null) {
                String attribute = DomUtils.getChildElementByTagName(childElementByTagName, Elements.INVOCATION_ATTRIBUTE_FACTORY).getAttribute("ref");
                String attribute2 = DomUtils.getChildElementByTagName(childElementByTagName, Elements.PRE_INVOCATION_ADVICE).getAttribute("ref");
                String attribute3 = DomUtils.getChildElementByTagName(childElementByTagName, Elements.POST_INVOCATION_ADVICE).getAttribute("ref");
                rootBeanDefinition3.addConstructorArgReference(attribute);
                rootBeanDefinition.addConstructorArgReference(attribute2);
                rootBeanDefinition2.addConstructorArgReference(attribute3);
            } else {
                String attribute4 = childElementByTagName2 == null ? null : childElementByTagName2.getAttribute("ref");
                if (StringUtils.hasText(attribute4)) {
                    this.logger.info("Using bean '" + attribute4 + "' as method ExpressionHandler implementation");
                } else {
                    parserContext.getRegistry().registerBeanDefinition(EXPRESSION_HANDLER_ID, new RootBeanDefinition(DefaultMethodSecurityExpressionHandler.class));
                    this.logger.warn("Expressions were enabled for method security but no SecurityExpressionHandler was configured. All hasPermision() expressions will evaluate to false.");
                    attribute4 = EXPRESSION_HANDLER_ID;
                }
                BeanDefinitionBuilder rootBeanDefinition4 = BeanDefinitionBuilder.rootBeanDefinition(ExpressionBasedPreInvocationAdvice.class);
                rootBeanDefinition4.addPropertyReference("expressionHandler", attribute4);
                rootBeanDefinition.addConstructorArgValue(rootBeanDefinition4.getBeanDefinition());
                BeanDefinitionBuilder rootBeanDefinition5 = BeanDefinitionBuilder.rootBeanDefinition(ExpressionBasedPostInvocationAdvice.class);
                rootBeanDefinition5.addConstructorArgReference(attribute4);
                rootBeanDefinition2.addConstructorArgValue(rootBeanDefinition5.getBeanDefinition());
                BeanDefinitionBuilder rootBeanDefinition6 = BeanDefinitionBuilder.rootBeanDefinition(ExpressionBasedAnnotationAttributeFactory.class);
                rootBeanDefinition6.addConstructorArgReference(attribute4);
                rootBeanDefinition3.addConstructorArgValue(rootBeanDefinition6.getBeanDefinition());
            }
            abstractBeanDefinition = rootBeanDefinition.getBeanDefinition();
            ConfigUtils.getRegisteredAfterInvocationProviders(parserContext).add(rootBeanDefinition2.getBeanDefinition());
            managedList.add(rootBeanDefinition3.getBeanDefinition());
        }
        if (equals2) {
            managedList.add(BeanDefinitionBuilder.rootBeanDefinition(SecuredAnnotationSecurityMetadataSource.class).getBeanDefinition());
        }
        if (equals) {
            managedList.add(BeanDefinitionBuilder.rootBeanDefinition(Jsr250MethodSecurityMetadataSource.class).getBeanDefinition());
        }
        registerDelegatingMethodSecurityMetadataSource(parserContext, managedList, extractSource);
        String attribute5 = element.getAttribute(ATT_ACCESS_MGR);
        if (!StringUtils.hasText(attribute5)) {
            registerAccessManager(parserContext, equals, abstractBeanDefinition);
            attribute5 = ACCESS_MANAGER_ID;
        }
        registerMethodSecurityInterceptor(parserContext, attribute5, element.getAttribute(ATT_RUN_AS_MGR), extractSource);
        registerAdvisor(parserContext, extractSource);
        AopNamespaceUtils.registerAutoProxyCreatorIfNecessary(parserContext, element);
        return null;
    }

    private void registerAccessManager(ParserContext parserContext, boolean z, BeanDefinition beanDefinition) {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(AffirmativeBased.class);
        ManagedList managedList = new ManagedList(4);
        if (beanDefinition != null) {
            managedList.add(beanDefinition);
        }
        managedList.add(new RootBeanDefinition(RoleVoter.class));
        managedList.add(new RootBeanDefinition(AuthenticatedVoter.class));
        if (z) {
            managedList.add(new RootBeanDefinition(Jsr250Voter.class));
        }
        rootBeanDefinition.addPropertyValue("decisionVoters", managedList);
        parserContext.getRegistry().registerBeanDefinition(ACCESS_MANAGER_ID, rootBeanDefinition.getBeanDefinition());
    }

    private void registerDelegatingMethodSecurityMetadataSource(ParserContext parserContext, ManagedList managedList, Object obj) {
        if (parserContext.getRegistry().containsBeanDefinition(DELEGATING_METHOD_DEFINITION_SOURCE_ID)) {
            parserContext.getReaderContext().error("Duplicate <global-method-security> detected.", obj);
        }
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(DelegatingMethodSecurityMetadataSource.class);
        rootBeanDefinition.setRole(2);
        rootBeanDefinition.setSource(obj);
        rootBeanDefinition.getPropertyValues().addPropertyValue("methodSecurityMetadataSources", managedList);
        parserContext.getRegistry().registerBeanDefinition(DELEGATING_METHOD_DEFINITION_SOURCE_ID, rootBeanDefinition);
    }

    private void registerProtectPointcutPostProcessor(ParserContext parserContext, Map<String, List<ConfigAttribute>> map, MapBasedMethodSecurityMetadataSource mapBasedMethodSecurityMetadataSource, Object obj) {
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(ProtectPointcutPostProcessor.class);
        rootBeanDefinition.setRole(2);
        rootBeanDefinition.setSource(obj);
        rootBeanDefinition.getConstructorArgumentValues().addGenericArgumentValue(mapBasedMethodSecurityMetadataSource);
        rootBeanDefinition.getPropertyValues().addPropertyValue("pointcutMap", map);
        parserContext.getRegistry().registerBeanDefinition(BeanIds.PROTECT_POINTCUT_POST_PROCESSOR, rootBeanDefinition);
    }

    private Map<String, List<ConfigAttribute>> parseProtectPointcuts(ParserContext parserContext, List<Element> list) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Element element : list) {
            String attribute = element.getAttribute(ATT_ACCESS);
            String attribute2 = element.getAttribute(ATT_EXPRESSION);
            if (!StringUtils.hasText(attribute)) {
                parserContext.getReaderContext().error("Access configuration required", parserContext.extractSource(element));
            }
            if (!StringUtils.hasText(attribute2)) {
                parserContext.getReaderContext().error("Pointcut expression required", parserContext.extractSource(element));
            }
            String[] commaDelimitedListToStringArray = StringUtils.commaDelimitedListToStringArray(attribute);
            ArrayList arrayList = new ArrayList(commaDelimitedListToStringArray.length);
            for (String str : commaDelimitedListToStringArray) {
                arrayList.add(new SecurityConfig(str));
            }
            linkedHashMap.put(attribute2, arrayList);
        }
        return linkedHashMap;
    }

    private void registerMethodSecurityInterceptor(ParserContext parserContext, String str, String str2, Object obj) {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(MethodSecurityInterceptor.class);
        rootBeanDefinition.setRole(2);
        rootBeanDefinition.getRawBeanDefinition().setSource(obj);
        rootBeanDefinition.addPropertyReference("accessDecisionManager", str);
        rootBeanDefinition.addPropertyReference("authenticationManager", BeanIds.AUTHENTICATION_MANAGER);
        rootBeanDefinition.addPropertyReference("securityMetadataSource", DELEGATING_METHOD_DEFINITION_SOURCE_ID);
        if (StringUtils.hasText(str2)) {
            rootBeanDefinition.addPropertyReference("runAsManager", str2);
        }
        AbstractBeanDefinition beanDefinition = rootBeanDefinition.getBeanDefinition();
        parserContext.getRegistry().registerBeanDefinition(SECURITY_INTERCEPTOR_ID, beanDefinition);
        parserContext.registerComponent(new BeanComponentDefinition(beanDefinition, SECURITY_INTERCEPTOR_ID));
        parserContext.getRegistry().registerBeanDefinition(INTERCEPTOR_POST_PROCESSOR_ID, new RootBeanDefinition(MethodSecurityInterceptorPostProcessor.class));
    }

    private void registerAdvisor(ParserContext parserContext, Object obj) {
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
        rootBeanDefinition.setRole(2);
        rootBeanDefinition.setSource(obj);
        rootBeanDefinition.getConstructorArgumentValues().addGenericArgumentValue(SECURITY_INTERCEPTOR_ID);
        rootBeanDefinition.getConstructorArgumentValues().addGenericArgumentValue(new RuntimeBeanReference(DELEGATING_METHOD_DEFINITION_SOURCE_ID));
        parserContext.getRegistry().registerBeanDefinition(BeanIds.METHOD_SECURITY_METADATA_SOURCE_ADVISOR, rootBeanDefinition);
    }
}
