package org.springframework.security.config.http;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.derby.iapi.store.raw.RowLock;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.parsing.CompositeComponentDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.support.ManagedMap;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.core.OrderComparator;
import org.springframework.core.Ordered;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AnonymousAuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.Elements;
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.channel.InsecureChannelProcessor;
import org.springframework.security.web.access.channel.RetryWithHttpEntryPoint;
import org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint;
import org.springframework.security.web.access.channel.SecureChannelProcessor;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.access.intercept.RequestKey;
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
import org.springframework.security.web.session.DefaultAuthenticatedSessionStrategy;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.RegexUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/spring-security-config-3.0.0.M2.jar:org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.class */
public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
    private static final Log logger = LogFactory.getLog(HttpSecurityBeanDefinitionParser.class);
    static final String ATT_PATH_PATTERN = "pattern";
    static final String ATT_PATH_TYPE = "path-type";
    static final String OPT_PATH_TYPE_REGEX = "regex";
    private static final String DEF_PATH_TYPE_ANT = "ant";
    static final String ATT_FILTERS = "filters";
    static final String OPT_FILTERS_NONE = "none";
    private static final String ATT_REALM = "realm";
    private static final String DEF_REALM = "Spring Security Application";
    private static final String ATT_SESSION_FIXATION_PROTECTION = "session-fixation-protection";
    private static final String OPT_SESSION_FIXATION_NO_PROTECTION = "none";
    private static final String OPT_SESSION_FIXATION_MIGRATE_SESSION = "migrateSession";
    private static final String ATT_ACCESS_CONFIG = "access";
    static final String ATT_REQUIRES_CHANNEL = "requires-channel";
    private static final String OPT_REQUIRES_HTTP = "http";
    private static final String OPT_REQUIRES_HTTPS = "https";
    private static final String OPT_ANY_CHANNEL = "any";
    private static final String ATT_HTTP_METHOD = "method";
    private static final String ATT_CREATE_SESSION = "create-session";
    private static final String DEF_CREATE_SESSION_IF_REQUIRED = "ifRequired";
    private static final String OPT_CREATE_SESSION_ALWAYS = "always";
    private static final String OPT_CREATE_SESSION_NEVER = "never";
    private static final String ATT_LOWERCASE_COMPARISONS = "lowercase-comparisons";
    private static final String ATT_AUTO_CONFIG = "auto-config";
    private static final String ATT_SERVLET_API_PROVISION = "servlet-api-provision";
    private static final String DEF_SERVLET_API_PROVISION = "true";
    private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
    private static final String ATT_USER_SERVICE_REF = "user-service-ref";
    private static final String ATT_ENTRY_POINT_REF = "entry-point-ref";
    private static final String ATT_ONCE_PER_REQUEST = "once-per-request";
    private static final String ATT_ACCESS_DENIED_PAGE = "access-denied-page";
    private static final String ATT_ACCESS_DENIED_ERROR_PAGE = "error-page";
    private static final String ATT_USE_EXPRESSIONS = "use-expressions";
    private static final String ATT_INVALID_SESSION_URL = "invalid-session-url";
    private static final String ATT_SECURITY_CONTEXT_REPOSITORY = "security-context-repository-ref";
    private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
    private static final String ATT_SESSION_CONTROLLER_REF = "session-controller-ref";
    static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProcessingFilter";
    static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";
    static final String OPEN_ID_CONSUMER_CLASS = "org.springframework.security.openid.OpenID4JavaConsumer";
    static final String OPEN_ID_ATTRIBUTE_CLASS = "org.springframework.security.openid.OpenIDAttribute";
    static final String AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter";
    static final String EXPRESSION_FIMDS_CLASS = "org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource";
    static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler";
    final SecureRandom random;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/spring-security-config-3.0.0.M2.jar:org/springframework/security/config/http/HttpSecurityBeanDefinitionParser$FilterAndEntryPoint.class */
    public class FilterAndEntryPoint {
        RootBeanDefinition filter;
        RootBeanDefinition entryPoint;

        public FilterAndEntryPoint(RootBeanDefinition rootBeanDefinition, RootBeanDefinition rootBeanDefinition2) {
            this.filter = rootBeanDefinition;
            this.entryPoint = rootBeanDefinition2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-security-config-3.0.0.M2.jar:org/springframework/security/config/http/HttpSecurityBeanDefinitionParser$OrderDecorator.class */
    public class OrderDecorator implements Ordered {
        BeanMetadataElement bean;
        int order;

        public OrderDecorator(BeanMetadataElement beanMetadataElement, int i) {
            this.bean = beanMetadataElement;
            this.order = i;
        }

        @Override // org.springframework.core.Ordered
        public int getOrder() {
            return this.order;
        }

        public String toString() {
            return this.bean + ", order = " + this.order;
        }
    }

    public HttpSecurityBeanDefinitionParser() {
        try {
            this.random = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Failed find SHA1PRNG algorithm!");
        }
    }

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        parserContext.pushContainingComponent(new CompositeComponentDefinition(element.getTagName(), parserContext.extractSource(element)));
        UrlMatcher createUrlMatcher = createUrlMatcher(element);
        Object extractSource = parserContext.extractSource(element);
        boolean z = (createUrlMatcher instanceof AntUrlPathMatcher) && createUrlMatcher.requiresLowerCaseUrl();
        boolean z2 = !OPT_CREATE_SESSION_NEVER.equals(element.getAttribute(ATT_CREATE_SESSION));
        boolean equals = "true".equals(element.getAttribute(ATT_AUTO_CONFIG));
        Map<String, List<BeanMetadataElement>> managedMap = new ManagedMap<>();
        LinkedHashMap<RequestKey, List<ConfigAttribute>> linkedHashMap = new LinkedHashMap<>();
        parseInterceptUrlsForChannelSecurityAndEmptyFilterChains(DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL), managedMap, linkedHashMap, z, parserContext);
        BeanDefinition beanDefinition = null;
        BeanReference beanReference = null;
        BeanReference beanReference2 = null;
        BeanDefinition createConcurrentSessionFilterAndRelatedBeansIfRequired = createConcurrentSessionFilterAndRelatedBeansIfRequired(element, parserContext);
        BeanDefinition createSecurityContextPersistenceFilter = createSecurityContextPersistenceFilter(element, parserContext);
        BeanReference beanReference3 = (BeanReference) createSecurityContextPersistenceFilter.getPropertyValues().getPropertyValue("securityContextRepository").getValue();
        if (createConcurrentSessionFilterAndRelatedBeansIfRequired != null) {
            beanReference = (BeanReference) createConcurrentSessionFilterAndRelatedBeansIfRequired.getPropertyValues().getPropertyValue("sessionRegistry").getValue();
            logger.info("Concurrent session filter in use, setting 'forceEagerSessionCreation' to true");
            createSecurityContextPersistenceFilter.getPropertyValues().addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
            beanReference2 = createConcurrentSessionController(element, createConcurrentSessionFilterAndRelatedBeansIfRequired, beanReference, parserContext);
        }
        ManagedList<BeanReference> managedList = new ManagedList<>();
        BeanReference createAuthenticationManager = createAuthenticationManager(element, parserContext, managedList, beanReference2);
        RootBeanDefinition createServletApiFilter = createServletApiFilter(element, parserContext);
        BeanDefinition parse = new PortMappingsBeanDefinitionParser().parse(DomUtils.getChildElementByTagName(element, Elements.PORT_MAPPINGS), parserContext);
        String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(parse);
        parserContext.registerBeanComponent(new BeanComponentDefinition(parse, registerWithGeneratedName));
        RootBeanDefinition createRememberMeFilter = createRememberMeFilter(element, parserContext, createAuthenticationManager);
        BeanDefinition createAnonymousFilter = createAnonymousFilter(element, parserContext);
        BeanReference createRequestCache = createRequestCache(element, parserContext, z2, registerWithGeneratedName);
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(RequestCacheAwareFilter.class);
        rootBeanDefinition.getPropertyValues().addPropertyValue("requestCache", createRequestCache);
        BeanDefinition createExceptionTranslationFilter = createExceptionTranslationFilter(element, parserContext, createRequestCache);
        RootBeanDefinition createSessionManagementFilter = createSessionManagementFilter(element, parserContext, beanReference, beanReference3);
        BeanReference beanReference4 = null;
        if (createSessionManagementFilter != null) {
            PropertyValue propertyValue = createSessionManagementFilter.getPropertyValues().getPropertyValue("authenticatedSessionStrategy");
            beanReference4 = (BeanReference) (propertyValue == null ? null : propertyValue.getValue());
        }
        BeanDefinition createFilterSecurityInterceptor = createFilterSecurityInterceptor(element, parserContext, createUrlMatcher, z, createAuthenticationManager);
        if (linkedHashMap.size() > 0) {
            beanDefinition = createChannelProcessingFilter(parserContext, createUrlMatcher, linkedHashMap, registerWithGeneratedName);
        }
        FilterAndEntryPoint createBasicFilter = createBasicFilter(element, parserContext, equals, createAuthenticationManager);
        FilterAndEntryPoint createFormLoginFilter = createFormLoginFilter(element, parserContext, equals, z2, beanReference4, createAuthenticationManager, createRequestCache);
        FilterAndEntryPoint createOpenIDLoginFilter = createOpenIDLoginFilter(element, parserContext, equals, z2, beanReference4, createAuthenticationManager, createRequestCache);
        String str = null;
        if (createRememberMeFilter != null) {
            str = ((RuntimeBeanReference) createRememberMeFilter.getPropertyValues().getPropertyValue("rememberMeServices").getValue()).getBeanName();
        }
        BeanDefinition createLogoutFilter = createLogoutFilter(element, equals, parserContext, str);
        String str2 = null;
        String str3 = null;
        if (createFormLoginFilter.filter != null) {
            str2 = parserContext.getReaderContext().registerWithGeneratedName(createFormLoginFilter.filter);
            parserContext.registerBeanComponent(new BeanComponentDefinition(createFormLoginFilter.filter, str2));
            injectRememberMeServicesRef(createFormLoginFilter.filter, str);
        }
        if (createOpenIDLoginFilter.filter != null) {
            str3 = parserContext.getReaderContext().registerWithGeneratedName(createOpenIDLoginFilter.filter);
            parserContext.getRegistry().registerBeanDefinition(str3, createOpenIDLoginFilter.filter);
            parserContext.registerBeanComponent(new BeanComponentDefinition(createOpenIDLoginFilter.filter, str3));
            injectRememberMeServicesRef(createOpenIDLoginFilter.filter, str);
        }
        BeanDefinition createLoginPageFilterIfNeeded = createLoginPageFilterIfNeeded(createFormLoginFilter, str2, createOpenIDLoginFilter, str3);
        String str4 = null;
        FilterAndEntryPoint createX509Filter = createX509Filter(element, parserContext, createAuthenticationManager);
        createExceptionTranslationFilter.getPropertyValues().addPropertyValue("authenticationEntryPoint", selectEntryPoint(element, parserContext, createBasicFilter, createFormLoginFilter, createOpenIDLoginFilter, createX509Filter));
        List<OrderDecorator> arrayList = new ArrayList<>();
        if (beanDefinition != null) {
            arrayList.add(new OrderDecorator(beanDefinition, 0));
        }
        if (createConcurrentSessionFilterAndRelatedBeansIfRequired != null) {
            arrayList.add(new OrderDecorator(createConcurrentSessionFilterAndRelatedBeansIfRequired, FilterChainOrder.CONCURRENT_SESSION_FILTER));
        }
        arrayList.add(new OrderDecorator(createSecurityContextPersistenceFilter, FilterChainOrder.SECURITY_CONTEXT_FILTER));
        if (createLogoutFilter != null) {
            arrayList.add(new OrderDecorator(createLogoutFilter, FilterChainOrder.LOGOUT_FILTER));
        }
        if (createX509Filter.filter != null) {
            arrayList.add(new OrderDecorator(createX509Filter.filter, FilterChainOrder.X509_FILTER));
            BeanReference createX509Provider = createX509Provider(element, parserContext);
            str4 = createX509Provider.getBeanName();
            managedList.add(createX509Provider);
        }
        if (createFormLoginFilter.filter != null) {
            arrayList.add(new OrderDecorator(createFormLoginFilter.filter, FilterChainOrder.AUTHENTICATION_PROCESSING_FILTER));
        }
        String str5 = null;
        if (createOpenIDLoginFilter.filter != null) {
            arrayList.add(new OrderDecorator(createOpenIDLoginFilter.filter, FilterChainOrder.OPENID_PROCESSING_FILTER));
            BeanReference createOpenIDProvider = createOpenIDProvider(element, parserContext);
            str5 = createOpenIDProvider.getBeanName();
            managedList.add(createOpenIDProvider);
        }
        if (createLoginPageFilterIfNeeded != null) {
            arrayList.add(new OrderDecorator(createLoginPageFilterIfNeeded, FilterChainOrder.LOGIN_PAGE_FILTER));
        }
        if (createBasicFilter.filter != null) {
            arrayList.add(new OrderDecorator(createBasicFilter.filter, FilterChainOrder.BASIC_PROCESSING_FILTER));
        }
        arrayList.add(new OrderDecorator(rootBeanDefinition, FilterChainOrder.REQUEST_CACHE_FILTER));
        if (createServletApiFilter != null) {
            arrayList.add(new OrderDecorator(createServletApiFilter, FilterChainOrder.SERVLET_API_SUPPORT_FILTER));
        }
        if (createRememberMeFilter != null) {
            arrayList.add(new OrderDecorator(createRememberMeFilter, FilterChainOrder.REMEMBER_ME_FILTER));
            managedList.add(createRememberMeProvider(createRememberMeFilter, parserContext, str));
        }
        if (createAnonymousFilter != null) {
            arrayList.add(new OrderDecorator(createAnonymousFilter, FilterChainOrder.ANONYMOUS_FILTER));
            managedList.add(createAnonymousProvider(createAnonymousFilter, parserContext));
        }
        arrayList.add(new OrderDecorator(createExceptionTranslationFilter, FilterChainOrder.EXCEPTION_TRANSLATION_FILTER));
        if (createSessionManagementFilter != null) {
            arrayList.add(new OrderDecorator(createSessionManagementFilter, FilterChainOrder.SESSION_FIXATION_FILTER));
        }
        arrayList.add(new OrderDecorator(createFilterSecurityInterceptor, FilterChainOrder.FILTER_SECURITY_INTERCEPTOR));
        arrayList.addAll(buildCustomFilterList(element, parserContext));
        Collections.sort(arrayList, new OrderComparator());
        checkFilterChainOrder(arrayList, parserContext, extractSource);
        List<BeanMetadataElement> managedList2 = new ManagedList<>();
        Iterator<OrderDecorator> it = arrayList.iterator();
        while (it.hasNext()) {
            managedList2.add(it.next().bean);
        }
        managedMap.put(createUrlMatcher.getUniversalMatchPattern(), managedList2);
        registerFilterChainProxy(parserContext, managedMap, createUrlMatcher, extractSource);
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(UserDetailsServiceInjectionBeanPostProcessor.class);
        rootBeanDefinition2.addConstructorArgValue(str4);
        rootBeanDefinition2.addConstructorArgValue(str);
        rootBeanDefinition2.addConstructorArgValue(str5);
        rootBeanDefinition2.setRole(2);
        parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition2.getBeanDefinition());
        parserContext.popAndRegisterContainingComponent();
        return null;
    }

    private BeanReference createAuthenticationManager(Element element, ParserContext parserContext, ManagedList<BeanReference> managedList, BeanReference beanReference) {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class);
        rootBeanDefinition.addPropertyReference("parent", BeanIds.AUTHENTICATION_MANAGER);
        rootBeanDefinition.addPropertyValue("providers", managedList);
        if (beanReference != null) {
            rootBeanDefinition.addPropertyValue("sessionController", beanReference);
        }
        rootBeanDefinition.getRawBeanDefinition().setSource(parserContext.extractSource(element));
        AbstractBeanDefinition beanDefinition = rootBeanDefinition.getBeanDefinition();
        String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
        parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, registerWithGeneratedName));
        return new RuntimeBeanReference(registerWithGeneratedName);
    }

    private void injectRememberMeServicesRef(RootBeanDefinition rootBeanDefinition, String str) {
        if (str != null) {
            rootBeanDefinition.getPropertyValues().addPropertyValue("rememberMeServices", new RuntimeBeanReference(str));
        }
    }

    private void checkFilterChainOrder(List<OrderDecorator> list, ParserContext parserContext, Object obj) {
        logger.info("Checking sorted filter chain: " + list);
        for (int i = 0; i < list.size(); i++) {
            OrderDecorator orderDecorator = list.get(i);
            if (i > 0) {
                OrderDecorator orderDecorator2 = list.get(i - 1);
                if (orderDecorator.getOrder() == orderDecorator2.getOrder()) {
                    parserContext.getReaderContext().error("Filter beans '" + orderDecorator.bean + "' and '" + orderDecorator2.bean + "' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.", obj);
                }
            }
        }
    }

    List<OrderDecorator> buildCustomFilterList(Element element, ParserContext parserContext) {
        List<Element> childElementsByTagName = DomUtils.getChildElementsByTagName(element, Elements.CUSTOM_FILTER);
        ArrayList arrayList = new ArrayList();
        for (Element element2 : childElementsByTagName) {
            String attribute = element2.getAttribute("after");
            String attribute2 = element2.getAttribute("before");
            String attribute3 = element2.getAttribute("position");
            String attribute4 = element2.getAttribute("ref");
            if (!StringUtils.hasText(attribute4)) {
                parserContext.getReaderContext().error("The 'ref' attribute must be supplied", parserContext.extractSource(element2));
            }
            RuntimeBeanReference runtimeBeanReference = new RuntimeBeanReference(attribute4);
            if (WebConfigUtils.countNonEmpty(new String[]{attribute, attribute2, attribute3}) != 1) {
                parserContext.getReaderContext().error("A single 'after', 'before', or 'position' attribute must be supplied", parserContext.extractSource(element2));
            }
            if (StringUtils.hasText(attribute3)) {
                arrayList.add(new OrderDecorator(runtimeBeanReference, FilterChainOrder.getOrder(attribute3)));
            } else if (StringUtils.hasText(attribute)) {
                int order = FilterChainOrder.getOrder(attribute);
                arrayList.add(new OrderDecorator(runtimeBeanReference, order == Integer.MAX_VALUE ? order : order + 1));
            } else if (StringUtils.hasText(attribute2)) {
                int order2 = FilterChainOrder.getOrder(attribute2);
                arrayList.add(new OrderDecorator(runtimeBeanReference, order2 == Integer.MIN_VALUE ? order2 : order2 - 1));
            }
        }
        return arrayList;
    }

    private BeanDefinition createAnonymousFilter(Element element, ParserContext parserContext) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.ANONYMOUS);
        if (childElementByTagName != null && "false".equals(childElementByTagName.getAttribute("enabled"))) {
            return null;
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        Object extractSource = parserContext.extractSource(element);
        if (childElementByTagName != null) {
            str = element.getAttribute("granted-authority");
            str2 = element.getAttribute("username");
            str3 = element.getAttribute("key");
            extractSource = parserContext.extractSource(childElementByTagName);
        }
        if (!StringUtils.hasText(str)) {
            str = "ROLE_ANONYMOUS";
        }
        if (!StringUtils.hasText(str2)) {
            str2 = "anonymousUser";
        }
        if (!StringUtils.hasText(str3)) {
            str3 = Long.toString(this.random.nextLong());
        }
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(AnonymousProcessingFilter.class);
        PropertyValue propertyValue = new PropertyValue("key", str3);
        rootBeanDefinition.setSource(extractSource);
        rootBeanDefinition.getPropertyValues().addPropertyValue("userAttribute", str2 + "," + str);
        rootBeanDefinition.getPropertyValues().addPropertyValue(propertyValue);
        return rootBeanDefinition;
    }

    private BeanReference createAnonymousProvider(BeanDefinition beanDefinition, ParserContext parserContext) {
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
        rootBeanDefinition.setSource(beanDefinition.getSource());
        rootBeanDefinition.getPropertyValues().addPropertyValue(beanDefinition.getPropertyValues().getPropertyValue("key"));
        String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition);
        parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, registerWithGeneratedName));
        return new RuntimeBeanReference(registerWithGeneratedName);
    }

    private FilterAndEntryPoint createBasicFilter(Element element, ParserContext parserContext, boolean z, BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.BASIC_AUTH);
        String attribute = element.getAttribute(ATT_REALM);
        if (!StringUtils.hasText(attribute)) {
            attribute = DEF_REALM;
        }
        RootBeanDefinition rootBeanDefinition = null;
        RootBeanDefinition rootBeanDefinition2 = null;
        if (childElementByTagName != null || z) {
            BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition(BasicProcessingFilter.class);
            rootBeanDefinition2 = new RootBeanDefinition(BasicProcessingFilterEntryPoint.class);
            rootBeanDefinition2.setSource(parserContext.extractSource(element));
            rootBeanDefinition2.getPropertyValues().addPropertyValue("realmName", attribute);
            String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition2);
            parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition2, registerWithGeneratedName));
            rootBeanDefinition3.addPropertyValue("authenticationManager", beanReference);
            rootBeanDefinition3.addPropertyValue("authenticationEntryPoint", new RuntimeBeanReference(registerWithGeneratedName));
            rootBeanDefinition = (RootBeanDefinition) rootBeanDefinition3.getBeanDefinition();
        }
        return new FilterAndEntryPoint(rootBeanDefinition, rootBeanDefinition2);
    }

    private FilterAndEntryPoint createX509Filter(Element element, ParserContext parserContext, BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.X509);
        RootBeanDefinition rootBeanDefinition = null;
        RootBeanDefinition rootBeanDefinition2 = null;
        if (childElementByTagName != null) {
            BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition(X509PreAuthenticatedProcessingFilter.class);
            rootBeanDefinition3.getRawBeanDefinition().setSource(parserContext.extractSource(childElementByTagName));
            rootBeanDefinition3.addPropertyValue("authenticationManager", beanReference);
            String attribute = childElementByTagName.getAttribute("subject-principal-regex");
            if (StringUtils.hasText(attribute)) {
                BeanDefinitionBuilder rootBeanDefinition4 = BeanDefinitionBuilder.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
                rootBeanDefinition4.addPropertyValue("subjectDnRegex", attribute);
                rootBeanDefinition3.addPropertyValue("principalExtractor", rootBeanDefinition4.getBeanDefinition());
            }
            rootBeanDefinition = (RootBeanDefinition) rootBeanDefinition3.getBeanDefinition();
            rootBeanDefinition2 = new RootBeanDefinition(Http403ForbiddenEntryPoint.class);
            rootBeanDefinition2.setSource(parserContext.extractSource(childElementByTagName));
        }
        return new FilterAndEntryPoint(rootBeanDefinition, rootBeanDefinition2);
    }

    private BeanReference createX509Provider(Element element, ParserContext parserContext) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.X509);
        BeanDefinition rootBeanDefinition = new RootBeanDefinition(PreAuthenticatedAuthenticationProvider.class);
        String attribute = childElementByTagName.getAttribute(ATT_USER_SERVICE_REF);
        if (StringUtils.hasText(attribute)) {
            RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition(UserDetailsByNameServiceWrapper.class);
            rootBeanDefinition2.setSource(parserContext.extractSource(childElementByTagName));
            rootBeanDefinition2.getPropertyValues().addPropertyValue("userDetailsService", new RuntimeBeanReference(attribute));
            rootBeanDefinition.getPropertyValues().addPropertyValue("preAuthenticatedUserDetailsService", rootBeanDefinition2);
        }
        return new RuntimeBeanReference(parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition));
    }

    private BeanDefinition createLogoutFilter(Element element, boolean z, ParserContext parserContext, String str) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.LOGOUT);
        if (childElementByTagName != null || z) {
            return new LogoutBeanDefinitionParser(str).parse(childElementByTagName, parserContext);
        }
        return null;
    }

    private RootBeanDefinition createRememberMeFilter(Element element, ParserContext parserContext, BeanReference beanReference) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.REMEMBER_ME);
        if (childElementByTagName == null) {
            return null;
        }
        RootBeanDefinition rootBeanDefinition = (RootBeanDefinition) new RememberMeBeanDefinitionParser().parse(childElementByTagName, parserContext);
        rootBeanDefinition.getPropertyValues().addPropertyValue("authenticationManager", beanReference);
        return rootBeanDefinition;
    }

    private BeanReference createRememberMeProvider(BeanDefinition beanDefinition, ParserContext parserContext, String str) {
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(RememberMeAuthenticationProvider.class);
        rootBeanDefinition.setSource(beanDefinition.getSource());
        PropertyValue propertyValue = null;
        if (parserContext.getRegistry().containsBeanDefinition(str)) {
            propertyValue = parserContext.getRegistry().getBeanDefinition(str).getPropertyValues().getPropertyValue("key");
        }
        if (propertyValue == null) {
            propertyValue = new PropertyValue("key", "SpringSecured");
        }
        rootBeanDefinition.getPropertyValues().addPropertyValue(propertyValue);
        String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition);
        parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition, registerWithGeneratedName));
        return new RuntimeBeanReference(registerWithGeneratedName);
    }

    private void registerFilterChainProxy(ParserContext parserContext, Map<String, List<BeanMetadataElement>> map, UrlMatcher urlMatcher, Object obj) {
        if (parserContext.getRegistry().containsBeanDefinition(BeanIds.FILTER_CHAIN_PROXY)) {
            parserContext.getReaderContext().error("Duplicate <http> element detected", obj);
        }
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(FilterChainProxy.class);
        rootBeanDefinition.getRawBeanDefinition().setSource(obj);
        rootBeanDefinition.addPropertyValue("matcher", urlMatcher);
        rootBeanDefinition.addPropertyValue("stripQueryStringFromUrls", Boolean.valueOf(urlMatcher instanceof AntUrlPathMatcher));
        rootBeanDefinition.addPropertyValue("filterChainMap", map);
        AbstractBeanDefinition beanDefinition = rootBeanDefinition.getBeanDefinition();
        parserContext.getRegistry().registerBeanDefinition(BeanIds.FILTER_CHAIN_PROXY, beanDefinition);
        parserContext.getRegistry().registerAlias(BeanIds.FILTER_CHAIN_PROXY, BeanIds.SPRING_SECURITY_FILTER_CHAIN);
        parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, BeanIds.FILTER_CHAIN_PROXY));
    }

    private BeanDefinition createSecurityContextPersistenceFilter(Element element, ParserContext parserContext) {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
        String attribute = element.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
        String attribute2 = element.getAttribute(ATT_CREATE_SESSION);
        String attribute3 = element.getAttribute(ATT_DISABLE_URL_REWRITING);
        if (StringUtils.hasText(attribute)) {
            rootBeanDefinition.addPropertyReference("securityContextRepository", attribute);
            if (OPT_CREATE_SESSION_ALWAYS.equals(attribute2)) {
                rootBeanDefinition.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
            } else if (StringUtils.hasText(attribute2)) {
                parserContext.getReaderContext().error("If using security-context-repository-ref, the only value you can set for 'create-session' is 'always'. Other session creation logic should be handled by the SecurityContextRepository", element);
            }
        } else {
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSecurityContextRepository.class);
            if (OPT_CREATE_SESSION_ALWAYS.equals(attribute2)) {
                rootBeanDefinition2.addPropertyValue("allowSessionCreation", Boolean.TRUE);
                rootBeanDefinition.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
            } else if (OPT_CREATE_SESSION_NEVER.equals(attribute2)) {
                rootBeanDefinition2.addPropertyValue("allowSessionCreation", Boolean.FALSE);
                rootBeanDefinition.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
            } else {
                rootBeanDefinition2.addPropertyValue("allowSessionCreation", Boolean.TRUE);
                rootBeanDefinition.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
            }
            if ("true".equals(attribute3)) {
                rootBeanDefinition2.addPropertyValue("disableUrlRewriting", Boolean.TRUE);
            }
            AbstractBeanDefinition beanDefinition = rootBeanDefinition2.getBeanDefinition();
            String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
            parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, registerWithGeneratedName));
            rootBeanDefinition.addPropertyReference("securityContextRepository", registerWithGeneratedName);
        }
        return rootBeanDefinition.getBeanDefinition();
    }

    private RootBeanDefinition createServletApiFilter(Element element, ParserContext parserContext) {
        String attribute = element.getAttribute(ATT_SERVLET_API_PROVISION);
        if (!StringUtils.hasText(attribute)) {
            attribute = "true";
        }
        if ("true".equals(attribute)) {
            return new RootBeanDefinition(SecurityContextHolderAwareRequestFilter.class);
        }
        return null;
    }

    private BeanDefinition createConcurrentSessionFilterAndRelatedBeansIfRequired(Element element, ParserContext parserContext) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.CONCURRENT_SESSIONS);
        if (childElementByTagName == null) {
            return null;
        }
        return new ConcurrentSessionsBeanDefinitionParser().parse(childElementByTagName, parserContext);
    }

    private BeanReference createConcurrentSessionController(Element element, BeanDefinition beanDefinition, BeanReference beanReference, ParserContext parserContext) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.CONCURRENT_SESSIONS);
        String attribute = childElementByTagName.getAttribute(ATT_SESSION_CONTROLLER_REF);
        if (StringUtils.hasText(attribute)) {
            if (!StringUtils.hasText(childElementByTagName.getAttribute("session-registry-ref"))) {
                parserContext.getReaderContext().error("Use of session-controller-ref requires that session-registry-ref is also set.", parserContext.extractSource(childElementByTagName));
            }
            return new RuntimeBeanReference(attribute);
        }
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(ConcurrentSessionControllerImpl.class);
        rootBeanDefinition.getRawBeanDefinition().setSource(beanDefinition.getSource());
        rootBeanDefinition.setRole(2);
        rootBeanDefinition.addPropertyValue("sessionRegistry", beanReference);
        String attribute2 = childElementByTagName.getAttribute("max-sessions");
        if (StringUtils.hasText(attribute2)) {
            rootBeanDefinition.addPropertyValue("maximumSessions", attribute2);
        }
        String attribute3 = childElementByTagName.getAttribute("exception-if-maximum-exceeded");
        if (StringUtils.hasText(attribute3)) {
            rootBeanDefinition.addPropertyValue("exceptionIfMaximumExceeded", attribute3);
        }
        BeanDefinition beanDefinition2 = rootBeanDefinition.getBeanDefinition();
        String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(beanDefinition2);
        parserContext.registerComponent(new BeanComponentDefinition(beanDefinition2, registerWithGeneratedName));
        return new RuntimeBeanReference(registerWithGeneratedName);
    }

    private BeanReference createRequestCache(Element element, ParserContext parserContext, boolean z, String str) {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionRequestCache.class);
        BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(PortResolverImpl.class);
        rootBeanDefinition2.addPropertyReference("portMapper", str);
        rootBeanDefinition.addPropertyValue("createSessionAllowed", Boolean.valueOf(z));
        rootBeanDefinition.addPropertyValue("portResolver", rootBeanDefinition2.getBeanDefinition());
        AbstractBeanDefinition beanDefinition = rootBeanDefinition.getBeanDefinition();
        String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
        parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, registerWithGeneratedName));
        return new RuntimeBeanReference(registerWithGeneratedName);
    }

    private BeanDefinition createExceptionTranslationFilter(Element element, ParserContext parserContext, BeanReference beanReference) {
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
        rootBeanDefinition.addPropertyValue("accessDeniedHandler", createAccessDeniedHandler(element, parserContext));
        return rootBeanDefinition.getBeanDefinition();
    }

    private BeanMetadataElement createAccessDeniedHandler(Element element, ParserContext parserContext) {
        String attribute = element.getAttribute(ATT_ACCESS_DENIED_PAGE);
        WebConfigUtils.validateHttpRedirect(attribute, parserContext, parserContext.extractSource(element));
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.ACCESS_DENIED_HANDLER);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class);
        if (StringUtils.hasText(attribute)) {
            if (childElementByTagName != null) {
                parserContext.getReaderContext().error("The attribute access-denied-page cannot be used with <access-denied-handler>", parserContext.extractSource(childElementByTagName));
            }
            rootBeanDefinition.addPropertyValue("errorPage", attribute);
        }
        if (childElementByTagName != null) {
            String attribute2 = childElementByTagName.getAttribute(ATT_ACCESS_DENIED_ERROR_PAGE);
            String attribute3 = childElementByTagName.getAttribute("ref");
            if (StringUtils.hasText(attribute2)) {
                if (StringUtils.hasText(attribute3)) {
                    parserContext.getReaderContext().error("The attribute error-page cannot be used together with the 'ref' attribute within <access-denied-handler>", parserContext.extractSource(childElementByTagName));
                }
                rootBeanDefinition.addPropertyValue("errorPage", attribute2);
            } else if (StringUtils.hasText(attribute3)) {
                return new RuntimeBeanReference(attribute3);
            }
        }
        return rootBeanDefinition.getBeanDefinition();
    }

    private BeanDefinition createFilterSecurityInterceptor(Element element, ParserContext parserContext, UrlMatcher urlMatcher, boolean z, BeanReference beanReference) {
        BeanDefinitionBuilder rootBeanDefinition;
        boolean equals = "true".equals(element.getAttribute(ATT_USE_EXPRESSIONS));
        LinkedHashMap<RequestKey, List<ConfigAttribute>> parseInterceptUrlsForFilterInvocationRequestMap = parseInterceptUrlsForFilterInvocationRequestMap(DomUtils.getChildElementsByTagName(element, Elements.INTERCEPT_URL), z, equals, parserContext);
        ManagedList managedList = new ManagedList(2);
        if (equals) {
            Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.EXPRESSION_HANDLER);
            String attribute = childElementByTagName == null ? null : childElementByTagName.getAttribute("ref");
            if (StringUtils.hasText(attribute)) {
                logger.info("Using bean '" + attribute + "' as web SecurityExpressionHandler implementation");
            } else {
                AbstractBeanDefinition beanDefinition = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_HANDLER_CLASS).getBeanDefinition();
                attribute = parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
                parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, attribute));
            }
            rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(EXPRESSION_FIMDS_CLASS);
            rootBeanDefinition.addConstructorArgValue(urlMatcher);
            rootBeanDefinition.addConstructorArgValue(parseInterceptUrlsForFilterInvocationRequestMap);
            rootBeanDefinition.addConstructorArgReference(attribute);
            managedList.add(new RootBeanDefinition(WebExpressionVoter.class));
        } else {
            rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
            rootBeanDefinition.addConstructorArgValue(urlMatcher);
            rootBeanDefinition.addConstructorArgValue(parseInterceptUrlsForFilterInvocationRequestMap);
            managedList.add(new RootBeanDefinition(RoleVoter.class));
            managedList.add(new RootBeanDefinition(AuthenticatedVoter.class));
        }
        RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition(AffirmativeBased.class);
        rootBeanDefinition2.getPropertyValues().addPropertyValue("decisionVoters", managedList);
        rootBeanDefinition2.setSource(parserContext.extractSource(element));
        rootBeanDefinition.addPropertyValue("stripQueryStringFromUrls", Boolean.valueOf(urlMatcher instanceof AntUrlPathMatcher));
        String attribute2 = element.getAttribute(ATT_ACCESS_MGR);
        if (!StringUtils.hasText(attribute2)) {
            attribute2 = parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition2);
            parserContext.registerBeanComponent(new BeanComponentDefinition(rootBeanDefinition2, attribute2));
        }
        BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition(FilterSecurityInterceptor.class);
        rootBeanDefinition3.addPropertyReference("accessDecisionManager", attribute2);
        rootBeanDefinition3.addPropertyValue("authenticationManager", beanReference);
        if ("false".equals(element.getAttribute(ATT_ONCE_PER_REQUEST))) {
            rootBeanDefinition3.addPropertyValue("observeOncePerRequest", Boolean.FALSE);
        }
        rootBeanDefinition3.addPropertyValue("securityMetadataSource", rootBeanDefinition.getBeanDefinition());
        return rootBeanDefinition3.getBeanDefinition();
    }

    private BeanDefinition createChannelProcessingFilter(ParserContext parserContext, UrlMatcher urlMatcher, LinkedHashMap<RequestKey, List<ConfigAttribute>> linkedHashMap, String str) {
        RootBeanDefinition rootBeanDefinition = new RootBeanDefinition(ChannelProcessingFilter.class);
        DefaultFilterInvocationSecurityMetadataSource defaultFilterInvocationSecurityMetadataSource = new DefaultFilterInvocationSecurityMetadataSource(urlMatcher, linkedHashMap);
        defaultFilterInvocationSecurityMetadataSource.setStripQueryStringFromUrls(urlMatcher instanceof AntUrlPathMatcher);
        rootBeanDefinition.getPropertyValues().addPropertyValue("securityMetadataSource", defaultFilterInvocationSecurityMetadataSource);
        RootBeanDefinition rootBeanDefinition2 = new RootBeanDefinition(ChannelDecisionManagerImpl.class);
        ManagedList managedList = new ManagedList(3);
        RootBeanDefinition rootBeanDefinition3 = new RootBeanDefinition(SecureChannelProcessor.class);
        RootBeanDefinition rootBeanDefinition4 = new RootBeanDefinition(RetryWithHttpEntryPoint.class);
        RootBeanDefinition rootBeanDefinition5 = new RootBeanDefinition(RetryWithHttpsEntryPoint.class);
        RuntimeBeanReference runtimeBeanReference = new RuntimeBeanReference(str);
        rootBeanDefinition4.getPropertyValues().addPropertyValue("portMapper", runtimeBeanReference);
        rootBeanDefinition5.getPropertyValues().addPropertyValue("portMapper", runtimeBeanReference);
        rootBeanDefinition3.getPropertyValues().addPropertyValue("entryPoint", rootBeanDefinition5);
        RootBeanDefinition rootBeanDefinition6 = new RootBeanDefinition(InsecureChannelProcessor.class);
        rootBeanDefinition6.getPropertyValues().addPropertyValue("entryPoint", rootBeanDefinition4);
        managedList.add(rootBeanDefinition3);
        managedList.add(rootBeanDefinition6);
        rootBeanDefinition2.getPropertyValues().addPropertyValue("channelProcessors", managedList);
        rootBeanDefinition.getPropertyValues().addPropertyValue("channelDecisionManager", new RuntimeBeanReference(parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition2)));
        return rootBeanDefinition;
    }

    private RootBeanDefinition createSessionManagementFilter(Element element, ParserContext parserContext, BeanReference beanReference, BeanReference beanReference2) {
        String attribute = element.getAttribute(ATT_SESSION_FIXATION_PROTECTION);
        String attribute2 = element.getAttribute(ATT_INVALID_SESSION_URL);
        if (!StringUtils.hasText(attribute)) {
            attribute = OPT_SESSION_FIXATION_MIGRATE_SESSION;
        }
        boolean z = !attribute.equals("none");
        if (!z && !StringUtils.hasText(attribute2)) {
            return null;
        }
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(SessionManagementFilter.class);
        rootBeanDefinition.addConstructorArgValue(beanReference2);
        if (z) {
            BeanDefinitionBuilder rootBeanDefinition2 = BeanDefinitionBuilder.rootBeanDefinition(DefaultAuthenticatedSessionStrategy.class);
            rootBeanDefinition2.addPropertyValue("migrateSessionAttributes", Boolean.valueOf(attribute.equals(OPT_SESSION_FIXATION_MIGRATE_SESSION)));
            if (beanReference != null) {
                rootBeanDefinition2.addPropertyValue("sessionRegistry", beanReference);
            }
            AbstractBeanDefinition beanDefinition = rootBeanDefinition2.getBeanDefinition();
            String registerWithGeneratedName = parserContext.getReaderContext().registerWithGeneratedName(beanDefinition);
            parserContext.registerBeanComponent(new BeanComponentDefinition(beanDefinition, registerWithGeneratedName));
            rootBeanDefinition.addPropertyReference("authenticatedSessionStrategy", registerWithGeneratedName);
        }
        if (StringUtils.hasText(attribute2)) {
            rootBeanDefinition.addPropertyValue("invalidSessionUrl", attribute2);
        }
        return (RootBeanDefinition) rootBeanDefinition.getBeanDefinition();
    }

    private FilterAndEntryPoint createFormLoginFilter(Element element, ParserContext parserContext, boolean z, boolean z2, BeanReference beanReference, BeanReference beanReference2, BeanReference beanReference3) {
        RootBeanDefinition rootBeanDefinition = null;
        RootBeanDefinition rootBeanDefinition2 = null;
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.FORM_LOGIN);
        if (childElementByTagName != null || z) {
            FormLoginBeanDefinitionParser formLoginBeanDefinitionParser = new FormLoginBeanDefinitionParser("/j_spring_security_check", AUTHENTICATION_PROCESSING_FILTER_CLASS, beanReference3, beanReference);
            formLoginBeanDefinitionParser.parse(childElementByTagName, parserContext);
            rootBeanDefinition = formLoginBeanDefinitionParser.getFilterBean();
            rootBeanDefinition2 = formLoginBeanDefinitionParser.getEntryPointBean();
        }
        if (rootBeanDefinition != null) {
            rootBeanDefinition.getPropertyValues().addPropertyValue("allowSessionCreation", new Boolean(z2));
            rootBeanDefinition.getPropertyValues().addPropertyValue("authenticationManager", beanReference2);
        }
        return new FilterAndEntryPoint(rootBeanDefinition, rootBeanDefinition2);
    }

    private FilterAndEntryPoint createOpenIDLoginFilter(Element element, ParserContext parserContext, boolean z, boolean z2, BeanReference beanReference, BeanReference beanReference2, BeanReference beanReference3) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.OPENID_LOGIN);
        RootBeanDefinition rootBeanDefinition = null;
        RootBeanDefinition rootBeanDefinition2 = null;
        if (childElementByTagName != null) {
            FormLoginBeanDefinitionParser formLoginBeanDefinitionParser = new FormLoginBeanDefinitionParser("/j_spring_openid_security_check", OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS, beanReference3, beanReference);
            formLoginBeanDefinitionParser.parse(childElementByTagName, parserContext);
            rootBeanDefinition = formLoginBeanDefinitionParser.getFilterBean();
            rootBeanDefinition2 = formLoginBeanDefinitionParser.getEntryPointBean();
            Element childElementByTagName2 = DomUtils.getChildElementByTagName(childElementByTagName, Elements.OPENID_ATTRIBUTE_EXCHANGE);
            if (childElementByTagName2 != null) {
                BeanDefinitionBuilder rootBeanDefinition3 = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_CONSUMER_CLASS);
                ManagedList managedList = new ManagedList();
                for (Element element2 : DomUtils.getChildElementsByTagName(childElementByTagName2, Elements.OPENID_ATTRIBUTE)) {
                    String attribute = element2.getAttribute("name");
                    String attribute2 = element2.getAttribute("type");
                    String attribute3 = element2.getAttribute("required");
                    String attribute4 = element2.getAttribute(RowLock.DIAG_COUNT);
                    BeanDefinitionBuilder rootBeanDefinition4 = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_ATTRIBUTE_CLASS);
                    rootBeanDefinition4.addConstructorArgValue(attribute);
                    rootBeanDefinition4.addConstructorArgValue(attribute2);
                    if (StringUtils.hasLength(attribute3)) {
                        rootBeanDefinition4.addPropertyValue("required", Boolean.valueOf(attribute3));
                    }
                    if (StringUtils.hasLength(attribute4)) {
                        rootBeanDefinition4.addPropertyValue(RowLock.DIAG_COUNT, Integer.valueOf(Integer.parseInt(attribute4)));
                    }
                    managedList.add(rootBeanDefinition4.getBeanDefinition());
                }
                rootBeanDefinition3.addConstructorArgValue(managedList);
                rootBeanDefinition.getPropertyValues().addPropertyValue("consumer", rootBeanDefinition3.getBeanDefinition());
            }
        }
        if (rootBeanDefinition != null) {
            rootBeanDefinition.getPropertyValues().addPropertyValue("allowSessionCreation", new Boolean(z2));
            rootBeanDefinition.getPropertyValues().addPropertyValue("authenticationManager", beanReference2);
        }
        return new FilterAndEntryPoint(rootBeanDefinition, rootBeanDefinition2);
    }

    private BeanReference createOpenIDProvider(Element element, ParserContext parserContext) {
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.OPENID_LOGIN);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
        String attribute = childElementByTagName.getAttribute(ATT_USER_SERVICE_REF);
        if (StringUtils.hasText(attribute)) {
            rootBeanDefinition.addPropertyReference("userDetailsService", attribute);
        }
        return new RuntimeBeanReference(parserContext.getReaderContext().registerWithGeneratedName(rootBeanDefinition.getBeanDefinition()));
    }

    private BeanMetadataElement selectEntryPoint(Element element, ParserContext parserContext, FilterAndEntryPoint filterAndEntryPoint, FilterAndEntryPoint filterAndEntryPoint2, FilterAndEntryPoint filterAndEntryPoint3, FilterAndEntryPoint filterAndEntryPoint4) {
        String attribute = element.getAttribute(ATT_ENTRY_POINT_REF);
        if (StringUtils.hasText(attribute)) {
            return new RuntimeBeanReference(attribute);
        }
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.BASIC_AUTH);
        Element childElementByTagName2 = DomUtils.getChildElementByTagName(element, Elements.FORM_LOGIN);
        Element childElementByTagName3 = DomUtils.getChildElementByTagName(element, Elements.OPENID_LOGIN);
        if (childElementByTagName != null && childElementByTagName2 == null && childElementByTagName3 == null) {
            return filterAndEntryPoint.entryPoint;
        }
        String loginFormUrl = getLoginFormUrl(filterAndEntryPoint3.entryPoint);
        if (filterAndEntryPoint2.filter != null && loginFormUrl == null) {
            return filterAndEntryPoint2.entryPoint;
        }
        if (filterAndEntryPoint3.filter != null && filterAndEntryPoint2.filter == null) {
            return filterAndEntryPoint3.entryPoint;
        }
        if (DomUtils.getChildElementByTagName(element, Elements.X509) != null) {
            return filterAndEntryPoint4.entryPoint;
        }
        parserContext.getReaderContext().error("No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute ", parserContext.extractSource(element));
        return null;
    }

    private String getLoginFormUrl(RootBeanDefinition rootBeanDefinition) {
        PropertyValue propertyValue;
        if (rootBeanDefinition == null || (propertyValue = rootBeanDefinition.getPropertyValues().getPropertyValue("loginFormUrl")) == null) {
            return null;
        }
        return (String) propertyValue.getValue();
    }

    BeanDefinition createLoginPageFilterIfNeeded(FilterAndEntryPoint filterAndEntryPoint, String str, FilterAndEntryPoint filterAndEntryPoint2, String str2) {
        boolean z = (filterAndEntryPoint.filter == null && filterAndEntryPoint2.filter == null) ? false : true;
        String loginFormUrl = getLoginFormUrl(filterAndEntryPoint.entryPoint);
        if (DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL == loginFormUrl) {
            loginFormUrl = null;
        }
        String loginFormUrl2 = getLoginFormUrl(filterAndEntryPoint2.entryPoint);
        if (!z || loginFormUrl != null || loginFormUrl2 != null) {
            return null;
        }
        logger.info("No login page configured. The default internal one will be used. Use the 'login-page' attribute to set the URL of the login page.");
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class);
        if (filterAndEntryPoint.filter != null) {
            rootBeanDefinition.addConstructorArgReference(str);
        }
        if (filterAndEntryPoint2.filter != null) {
            rootBeanDefinition.addConstructorArgReference(str2);
        }
        return rootBeanDefinition.getBeanDefinition();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static UrlMatcher createUrlMatcher(Element element) {
        String attribute = element.getAttribute(ATT_PATH_TYPE);
        if (!StringUtils.hasText(attribute)) {
            attribute = DEF_PATH_TYPE_ANT;
        }
        boolean equals = attribute.equals(OPT_PATH_TYPE_REGEX);
        UrlMatcher antUrlPathMatcher = new AntUrlPathMatcher();
        if (equals) {
            antUrlPathMatcher = new RegexUrlPathMatcher();
        }
        String attribute2 = element.getAttribute(ATT_LOWERCASE_COMPARISONS);
        if (!StringUtils.hasText(attribute2)) {
            attribute2 = null;
        }
        if ("true".equals(attribute2)) {
            if (equals) {
                ((RegexUrlPathMatcher) antUrlPathMatcher).setRequiresLowerCaseUrl(true);
            }
        } else if ("false".equals(attribute2) && !equals) {
            ((AntUrlPathMatcher) antUrlPathMatcher).setRequiresLowerCaseUrl(false);
        }
        return antUrlPathMatcher;
    }

    void parseInterceptUrlsForChannelSecurityAndEmptyFilterChains(List<Element> list, Map<String, List<BeanMetadataElement>> map, Map<RequestKey, List<ConfigAttribute>> map2, boolean z, ParserContext parserContext) {
        for (Element element : list) {
            String attribute = element.getAttribute(ATT_PATH_PATTERN);
            if (!StringUtils.hasText(attribute)) {
                parserContext.getReaderContext().error("path attribute cannot be empty or null", element);
            }
            if (z) {
                attribute = attribute.toLowerCase();
            }
            String attribute2 = element.getAttribute(ATT_REQUIRES_CHANNEL);
            if (StringUtils.hasText(attribute2)) {
                String str = null;
                if (attribute2.equals("https")) {
                    str = "REQUIRES_SECURE_CHANNEL";
                } else if (attribute2.equals("http")) {
                    str = "REQUIRES_INSECURE_CHANNEL";
                } else if (attribute2.equals(OPT_ANY_CHANNEL)) {
                    str = ChannelDecisionManagerImpl.ANY_CHANNEL;
                } else {
                    parserContext.getReaderContext().error("Unsupported channel " + attribute2, element);
                }
                map2.put(new RequestKey(attribute), SecurityConfig.createList(StringUtils.commaDelimitedListToStringArray(str)));
            }
            String attribute3 = element.getAttribute(ATT_FILTERS);
            if (StringUtils.hasText(attribute3)) {
                if (!attribute3.equals("none")) {
                    parserContext.getReaderContext().error("Currently only 'none' is supported as the custom filters attribute", element);
                }
                map.put(attribute, Collections.emptyList());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LinkedHashMap<RequestKey, List<ConfigAttribute>> parseInterceptUrlsForFilterInvocationRequestMap(List<Element> list, boolean z, boolean z2, ParserContext parserContext) {
        List<ConfigAttribute> createList;
        LinkedHashMap<RequestKey, List<ConfigAttribute>> linkedHashMap = new LinkedHashMap<>();
        for (Element element : list) {
            String attribute = element.getAttribute(ATT_ACCESS_CONFIG);
            if (StringUtils.hasText(attribute)) {
                String attribute2 = element.getAttribute(ATT_PATH_PATTERN);
                if (!StringUtils.hasText(attribute2)) {
                    parserContext.getReaderContext().error("path attribute cannot be empty or null", element);
                }
                if (z) {
                    attribute2 = attribute2.toLowerCase();
                }
                String attribute3 = element.getAttribute("method");
                if (!StringUtils.hasText(attribute3)) {
                    attribute3 = null;
                }
                RequestKey requestKey = new RequestKey(attribute2, attribute3);
                if (z2) {
                    logger.info("Creating access control expression attribute '" + attribute + "' for " + requestKey);
                    createList = new ArrayList(1);
                    createList.add(new SecurityConfig(attribute));
                } else {
                    createList = SecurityConfig.createList(StringUtils.commaDelimitedListToStringArray(attribute));
                }
                if (linkedHashMap.containsKey(requestKey)) {
                    logger.warn("Duplicate URL defined: " + requestKey + ". The original attribute values will be overwritten");
                }
                linkedHashMap.put(requestKey, createList);
            }
        }
        return linkedHashMap;
    }
}
