package org.springframework.security.config.http;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.web.header.HeaderWriterFilter;
import org.springframework.security.web.header.writers.CacheControlHeadersWriter;
import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
import org.springframework.security.web.header.writers.HpkpHeaderWriter;
import org.springframework.security.web.header.writers.HstsHeaderWriter;
import org.springframework.security.web.header.writers.StaticHeadersWriter;
import org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
import org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy;
import org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy;
import org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-4.1.3.RELEASE.jar:org/springframework/security/config/http/HeadersBeanDefinitionParser.class */
public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
    private static final String ATT_DISABLED = "disabled";
    private static final String ATT_ENABLED = "enabled";
    private static final String ATT_BLOCK = "block";
    private static final String ATT_POLICY = "policy";
    private static final String ATT_STRATEGY = "strategy";
    private static final String ATT_FROM_PARAMETER = "from-parameter";
    private static final String ATT_NAME = "name";
    private static final String ATT_VALUE = "value";
    private static final String ATT_REF = "ref";
    private static final String ATT_INCLUDE_SUBDOMAINS = "include-subdomains";
    private static final String ATT_MAX_AGE_SECONDS = "max-age-seconds";
    private static final String ATT_REQUEST_MATCHER_REF = "request-matcher-ref";
    private static final String ATT_REPORT_ONLY = "report-only";
    private static final String ATT_REPORT_URI = "report-uri";
    private static final String ATT_ALGORITHM = "algorithm";
    private static final String ATT_POLICY_DIRECTIVES = "policy-directives";
    private static final String CACHE_CONTROL_ELEMENT = "cache-control";
    private static final String HPKP_ELEMENT = "hpkp";
    private static final String PINS_ELEMENT = "pins";
    private static final String HSTS_ELEMENT = "hsts";
    private static final String XSS_ELEMENT = "xss-protection";
    private static final String CONTENT_TYPE_ELEMENT = "content-type-options";
    private static final String FRAME_OPTIONS_ELEMENT = "frame-options";
    private static final String GENERIC_HEADER_ELEMENT = "header";
    private static final String CONTENT_SECURITY_POLICY_ELEMENT = "content-security-policy";
    private static final String ALLOW_FROM = "ALLOW-FROM";
    private ManagedList<BeanMetadataElement> headerWriters;

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        this.headerWriters = new ManagedList<>();
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) HeaderWriterFilter.class);
        boolean z = element != null && "true".equals(element.getAttribute("disabled"));
        boolean z2 = element == null || !(z || (element != null && "true".equals(element.getAttribute("defaults-disabled"))));
        parseCacheControlElement(z2, element);
        parseHstsElement(z2, element, parserContext);
        parseXssElement(z2, element, parserContext);
        parseFrameOptionsElement(z2, element, parserContext);
        parseContentTypeOptionsElement(z2, element);
        parseHpkpElement(element == null || !z, element, parserContext);
        parseContentSecurityPolicyElement(z, element, parserContext);
        parseHeaderElements(element);
        if (!z) {
            rootBeanDefinition.addConstructorArgValue(this.headerWriters);
            return rootBeanDefinition.getBeanDefinition();
        }
        if (this.headerWriters.isEmpty()) {
            return null;
        }
        parserContext.getReaderContext().error("Cannot specify <headers disabled=\"true\"> with child elements.", element);
        return null;
    }

    private void parseCacheControlElement(boolean z, Element element) {
        Element childElementByTagName = element == null ? null : DomUtils.getChildElementByTagName(element, CACHE_CONTROL_ELEMENT);
        if ("true".equals(getAttribute(childElementByTagName, "disabled", "false"))) {
            return;
        }
        if (z || childElementByTagName != null) {
            addCacheControl();
        }
    }

    private void addCacheControl() {
        this.headerWriters.add(BeanDefinitionBuilder.genericBeanDefinition((Class<?>) CacheControlHeadersWriter.class).getBeanDefinition());
    }

    private void parseHstsElement(boolean z, Element element, ParserContext parserContext) {
        Element childElementByTagName = element == null ? null : DomUtils.getChildElementByTagName(element, HSTS_ELEMENT);
        if (z || childElementByTagName != null) {
            addHsts(z, childElementByTagName, parserContext);
        }
    }

    private void addHsts(boolean z, Element element, ParserContext parserContext) {
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition((Class<?>) HstsHeaderWriter.class);
        if (element != null) {
            boolean equals = "true".equals(getAttribute(element, "disabled", "false"));
            String attribute = element.getAttribute(ATT_INCLUDE_SUBDOMAINS);
            if (StringUtils.hasText(attribute)) {
                if (equals) {
                    attrNotAllowed(parserContext, ATT_INCLUDE_SUBDOMAINS, "disabled", element);
                }
                genericBeanDefinition.addPropertyValue("includeSubDomains", attribute);
            }
            String attribute2 = element.getAttribute(ATT_MAX_AGE_SECONDS);
            if (StringUtils.hasText(attribute2)) {
                if (equals) {
                    attrNotAllowed(parserContext, ATT_MAX_AGE_SECONDS, "disabled", element);
                }
                genericBeanDefinition.addPropertyValue("maxAgeInSeconds", attribute2);
            }
            String attribute3 = element.getAttribute(ATT_REQUEST_MATCHER_REF);
            if (StringUtils.hasText(attribute3)) {
                if (equals) {
                    attrNotAllowed(parserContext, ATT_REQUEST_MATCHER_REF, "disabled", element);
                }
                genericBeanDefinition.addPropertyReference("requestMatcher", attribute3);
            }
            if (equals) {
                return;
            }
        }
        if (z || element != null) {
            this.headerWriters.add(genericBeanDefinition.getBeanDefinition());
        }
    }

    private void parseHpkpElement(boolean z, Element element, ParserContext parserContext) {
        Element childElementByTagName = element == null ? null : DomUtils.getChildElementByTagName(element, HPKP_ELEMENT);
        if (z || childElementByTagName != null) {
            addHpkp(z, childElementByTagName, parserContext);
        }
    }

    private void addHpkp(boolean z, Element element, ParserContext parserContext) {
        if (element == null || "true".equals(getAttribute(element, "disabled", "false"))) {
            return;
        }
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition((Class<?>) HpkpHeaderWriter.class);
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, PINS_ELEMENT);
        if (childElementByTagName != null) {
            List<Element> childElements = DomUtils.getChildElements(childElementByTagName);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (Element element2 : childElements) {
                String attribute = element2.getAttribute(ATT_ALGORITHM);
                if (!StringUtils.hasText(attribute)) {
                    attribute = "sha256";
                }
                if (element2.getFirstChild() == null) {
                    parserContext.getReaderContext().warning("Missing value for pin entry.", element);
                } else {
                    linkedHashMap.put(element2.getFirstChild().getTextContent(), attribute);
                }
            }
            genericBeanDefinition.addPropertyValue(PINS_ELEMENT, linkedHashMap);
        }
        String attribute2 = element.getAttribute(ATT_INCLUDE_SUBDOMAINS);
        if (StringUtils.hasText(attribute2)) {
            genericBeanDefinition.addPropertyValue("includeSubDomains", attribute2);
        }
        String attribute3 = element.getAttribute(ATT_MAX_AGE_SECONDS);
        if (StringUtils.hasText(attribute3)) {
            genericBeanDefinition.addPropertyValue("maxAgeInSeconds", attribute3);
        }
        String attribute4 = element.getAttribute(ATT_REPORT_ONLY);
        if (StringUtils.hasText(attribute4)) {
            genericBeanDefinition.addPropertyValue("reportOnly", attribute4);
        }
        String attribute5 = element.getAttribute(ATT_REPORT_URI);
        if (StringUtils.hasText(attribute5)) {
            genericBeanDefinition.addPropertyValue("reportUri", attribute5);
        }
        if (z) {
            this.headerWriters.add(genericBeanDefinition.getBeanDefinition());
        }
    }

    private void parseContentSecurityPolicyElement(boolean z, Element element, ParserContext parserContext) {
        Element childElementByTagName = (z || element == null) ? null : DomUtils.getChildElementByTagName(element, CONTENT_SECURITY_POLICY_ELEMENT);
        if (childElementByTagName != null) {
            addContentSecurityPolicy(childElementByTagName, parserContext);
        }
    }

    private void addContentSecurityPolicy(Element element, ParserContext parserContext) {
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition((Class<?>) ContentSecurityPolicyHeaderWriter.class);
        String attribute = element.getAttribute(ATT_POLICY_DIRECTIVES);
        if (StringUtils.hasText(attribute)) {
            genericBeanDefinition.addConstructorArgValue(attribute);
        } else {
            parserContext.getReaderContext().error("policy-directives requires a 'value' to be set.", element);
        }
        String attribute2 = element.getAttribute(ATT_REPORT_ONLY);
        if (StringUtils.hasText(attribute2)) {
            genericBeanDefinition.addPropertyValue("reportOnly", attribute2);
        }
        this.headerWriters.add(genericBeanDefinition.getBeanDefinition());
    }

    private void attrNotAllowed(ParserContext parserContext, String str, String str2, Element element) {
        parserContext.getReaderContext().error("Only one of '" + str + "' or '" + str2 + "' can be set.", element);
    }

    private void parseHeaderElements(Element element) {
        for (Element element2 : element == null ? Collections.emptyList() : DomUtils.getChildElementsByTagName(element, GENERIC_HEADER_ELEMENT)) {
            String attribute = element2.getAttribute("ref");
            if (StringUtils.hasText(attribute)) {
                this.headerWriters.add(new RuntimeBeanReference(attribute));
            } else {
                BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition((Class<?>) StaticHeadersWriter.class);
                genericBeanDefinition.addConstructorArgValue(element2.getAttribute("name"));
                genericBeanDefinition.addConstructorArgValue(element2.getAttribute("value"));
                this.headerWriters.add(genericBeanDefinition.getBeanDefinition());
            }
        }
    }

    private void parseContentTypeOptionsElement(boolean z, Element element) {
        Element childElementByTagName = element == null ? null : DomUtils.getChildElementByTagName(element, CONTENT_TYPE_ELEMENT);
        if ("true".equals(getAttribute(childElementByTagName, "disabled", "false"))) {
            return;
        }
        if (z || childElementByTagName != null) {
            addContentTypeOptions();
        }
    }

    private void addContentTypeOptions() {
        this.headerWriters.add(BeanDefinitionBuilder.genericBeanDefinition((Class<?>) XContentTypeOptionsHeaderWriter.class).getBeanDefinition());
    }

    private void parseFrameOptionsElement(boolean z, Element element, ParserContext parserContext) {
        BeanDefinitionBuilder rootBeanDefinition;
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition((Class<?>) XFrameOptionsHeaderWriter.class);
        Element childElementByTagName = element == null ? null : DomUtils.getChildElementByTagName(element, FRAME_OPTIONS_ELEMENT);
        if (childElementByTagName != null) {
            String attribute = getAttribute(childElementByTagName, ATT_POLICY, null);
            boolean equals = "true".equals(getAttribute(childElementByTagName, "disabled", "false"));
            if (equals && attribute != null) {
                attrNotAllowed(parserContext, "disabled", ATT_POLICY, childElementByTagName);
            }
            if (!StringUtils.hasText(attribute)) {
                attribute = "DENY";
            }
            if (ALLOW_FROM.equals(attribute)) {
                String attribute2 = getAttribute(childElementByTagName, "ref", null);
                String attribute3 = getAttribute(childElementByTagName, ATT_STRATEGY, null);
                if (StringUtils.hasText(attribute3) && StringUtils.hasText(attribute2)) {
                    parserContext.getReaderContext().error("Only one of 'strategy' or 'strategy-ref' can be set.", childElementByTagName);
                } else if (attribute2 != null) {
                    genericBeanDefinition.addConstructorArgReference(attribute2);
                } else if (attribute3 != null) {
                    String attribute4 = getAttribute(childElementByTagName, "value", null);
                    if (!StringUtils.hasText(attribute4)) {
                        parserContext.getReaderContext().error("Strategy requires a 'value' to be set.", childElementByTagName);
                    }
                    if ("static".equals(attribute3)) {
                        try {
                            genericBeanDefinition.addConstructorArgValue(new StaticAllowFromStrategy(new URI(attribute4)));
                        } catch (URISyntaxException e) {
                            parserContext.getReaderContext().error("'value' attribute doesn't represent a valid URI.", childElementByTagName, e);
                        }
                    } else {
                        if ("whitelist".equals(attribute3)) {
                            rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) WhiteListedAllowFromStrategy.class);
                            rootBeanDefinition.addConstructorArgValue(StringUtils.commaDelimitedListToSet(attribute4));
                        } else {
                            rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) RegExpAllowFromStrategy.class);
                            rootBeanDefinition.addConstructorArgValue(attribute4);
                        }
                        rootBeanDefinition.addPropertyValue("allowFromParameterName", getAttribute(childElementByTagName, ATT_FROM_PARAMETER, "from"));
                        genericBeanDefinition.addConstructorArgValue(rootBeanDefinition.getBeanDefinition());
                    }
                } else {
                    parserContext.getReaderContext().error("One of 'strategy' and 'strategy-ref' must be set.", childElementByTagName);
                }
            } else {
                genericBeanDefinition.addConstructorArgValue(attribute);
            }
            if (equals) {
                return;
            }
        }
        if (z || childElementByTagName != null) {
            this.headerWriters.add(genericBeanDefinition.getBeanDefinition());
        }
    }

    private void parseXssElement(boolean z, Element element, ParserContext parserContext) {
        Element childElementByTagName = element == null ? null : DomUtils.getChildElementByTagName(element, XSS_ELEMENT);
        BeanDefinitionBuilder genericBeanDefinition = BeanDefinitionBuilder.genericBeanDefinition((Class<?>) XXssProtectionHeaderWriter.class);
        if (childElementByTagName != null) {
            boolean equals = "true".equals(getAttribute(childElementByTagName, "disabled", "false"));
            String attribute = childElementByTagName.getAttribute(ATT_ENABLED);
            if (StringUtils.hasText(attribute)) {
                if (equals) {
                    attrNotAllowed(parserContext, ATT_ENABLED, "disabled", childElementByTagName);
                }
                genericBeanDefinition.addPropertyValue(ATT_ENABLED, attribute);
            }
            String attribute2 = childElementByTagName.getAttribute(ATT_BLOCK);
            if (StringUtils.hasText(attribute2)) {
                if (equals) {
                    attrNotAllowed(parserContext, ATT_BLOCK, "disabled", childElementByTagName);
                }
                genericBeanDefinition.addPropertyValue(ATT_BLOCK, attribute2);
            }
            if (equals) {
                return;
            }
        }
        if (z || childElementByTagName != null) {
            this.headerWriters.add(genericBeanDefinition.getBeanDefinition());
        }
    }

    private String getAttribute(Element element, String str, String str2) {
        if (element == null) {
            return str2;
        }
        String attribute = element.getAttribute(str);
        return StringUtils.hasText(attribute) ? attribute : str2;
    }
}
