package org.springframework.security.config.http;

import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.function.Predicate;
import javax.servlet.http.HttpServletRequest;
import org.eclipse.jgit.util.HttpSupport;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/spring-security-config-5.7.5.jar:org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.class */
final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser {
    private static final String ATT_LOGOUT_REQUEST_URL = "logout-request-url";
    private static final String ATT_LOGOUT_RESPONSE_URL = "logout-response-url";
    private static final String ATT_LOGOUT_URL = "logout-url";
    private List<BeanMetadataElement> logoutHandlers;
    private String logoutUrl = "/logout";
    private String logoutRequestUrl = "/logout/saml2/slo";
    private String logoutResponseUrl = "/logout/saml2/slo";
    private BeanMetadataElement logoutSuccessHandler;
    private BeanDefinition logoutRequestFilter;
    private BeanDefinition logoutResponseFilter;
    private BeanDefinition logoutFilter;

    /* loaded from: input_file:WEB-INF/lib/spring-security-config-5.7.5.jar:org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser$ParameterRequestMatcher.class */
    private static class ParameterRequestMatcher implements RequestMatcher {
        Predicate<String> test = (v0) -> {
            return Objects.nonNull(v0);
        };
        String name;

        ParameterRequestMatcher(String str) {
            this.name = str;
        }

        @Override // org.springframework.security.web.util.matcher.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            return this.test.test(httpServletRequest.getParameter(this.name));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-security-config-5.7.5.jar:org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser$Saml2RequestMatcher.class */
    private static class Saml2RequestMatcher implements RequestMatcher {
        private Saml2RequestMatcher() {
        }

        @Override // org.springframework.security.web.util.matcher.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication == null) {
                return false;
            }
            return authentication.getPrincipal() instanceof Saml2AuthenticatedPrincipal;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Saml2LogoutBeanDefinitionParser(ManagedList<BeanMetadataElement> managedList, BeanMetadataElement beanMetadataElement) {
        this.logoutHandlers = managedList;
        this.logoutSuccessHandler = beanMetadataElement;
    }

    @Override // org.springframework.beans.factory.xml.BeanDefinitionParser
    public BeanDefinition parse(Element element, ParserContext parserContext) {
        String attribute = element.getAttribute(ATT_LOGOUT_URL);
        if (StringUtils.hasText(attribute)) {
            this.logoutUrl = attribute;
        }
        String attribute2 = element.getAttribute(ATT_LOGOUT_REQUEST_URL);
        if (StringUtils.hasText(attribute2)) {
            this.logoutRequestUrl = attribute2;
        }
        String attribute3 = element.getAttribute(ATT_LOGOUT_RESPONSE_URL);
        if (StringUtils.hasText(attribute3)) {
            this.logoutResponseUrl = attribute3;
        }
        WebConfigUtils.validateHttpRedirect(this.logoutUrl, parserContext, element);
        WebConfigUtils.validateHttpRedirect(this.logoutRequestUrl, parserContext, element);
        WebConfigUtils.validateHttpRedirect(this.logoutResponseUrl, parserContext, element);
        if (CollectionUtils.isEmpty(this.logoutHandlers)) {
            this.logoutHandlers = createDefaultLogoutHandlers();
        }
        if (this.logoutSuccessHandler == null) {
            this.logoutSuccessHandler = createDefaultLogoutSuccessHandler();
        }
        AbstractBeanDefinition beanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) DefaultRelyingPartyRegistrationResolver.class).addConstructorArgValue(Saml2LogoutBeanDefinitionParserUtils.getRelyingPartyRegistrationRepository(element)).getBeanDefinition();
        BeanMetadataElement logoutResponseResolver = Saml2LogoutBeanDefinitionParserUtils.getLogoutResponseResolver(element, beanDefinition);
        BeanMetadataElement logoutRequestValidator = Saml2LogoutBeanDefinitionParserUtils.getLogoutRequestValidator(element);
        this.logoutRequestFilter = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) Saml2LogoutRequestFilter.class).addConstructorArgValue(beanDefinition).addConstructorArgValue(logoutRequestValidator).addConstructorArgValue(logoutResponseResolver).addConstructorArgValue(this.logoutHandlers).addPropertyValue("logoutRequestMatcher", createSaml2LogoutRequestMatcher()).getBeanDefinition();
        BeanMetadataElement logoutResponseValidator = Saml2LogoutBeanDefinitionParserUtils.getLogoutResponseValidator(element);
        this.logoutResponseFilter = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) Saml2LogoutResponseFilter.class).addConstructorArgValue(beanDefinition).addConstructorArgValue(logoutResponseValidator).addConstructorArgValue(this.logoutSuccessHandler).addPropertyValue("logoutRequestMatcher", createSaml2LogoutResponseMatcher()).addPropertyValue("logoutRequestRepository", Saml2LogoutBeanDefinitionParserUtils.getLogoutRequestRepository(element)).getBeanDefinition();
        this.logoutFilter = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) LogoutFilter.class).addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) Saml2RelyingPartyInitiatedLogoutSuccessHandler.class).addConstructorArgValue(Saml2LogoutBeanDefinitionParserUtils.getLogoutRequestResolver(element, beanDefinition)).getBeanDefinition()).addConstructorArgValue(this.logoutHandlers).addPropertyValue("logoutRequestMatcher", createLogoutRequestMatcher()).getBeanDefinition();
        return null;
    }

    private static List<BeanMetadataElement> createDefaultLogoutHandlers() {
        ManagedList managedList = new ManagedList();
        managedList.add(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) SecurityContextLogoutHandler.class).getBeanDefinition());
        managedList.add(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) LogoutSuccessEventPublishingLogoutHandler.class).getBeanDefinition());
        return managedList;
    }

    private static BeanMetadataElement createDefaultLogoutSuccessHandler() {
        return BeanDefinitionBuilder.rootBeanDefinition((Class<?>) SimpleUrlLogoutSuccessHandler.class).addPropertyValue("defaultTargetUrl", RedirectServerLogoutSuccessHandler.DEFAULT_LOGOUT_SUCCESS_URL).getBeanDefinition();
    }

    private BeanMetadataElement createLogoutRequestMatcher() {
        return BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AndRequestMatcher.class).addConstructorArgValue(toManagedList(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AntPathRequestMatcher.class).addConstructorArgValue(this.logoutUrl).addConstructorArgValue(HttpSupport.METHOD_POST).getBeanDefinition(), BeanDefinitionBuilder.rootBeanDefinition((Class<?>) Saml2RequestMatcher.class).getBeanDefinition())).getBeanDefinition();
    }

    private BeanMetadataElement createSaml2LogoutRequestMatcher() {
        return BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AndRequestMatcher.class).addConstructorArgValue(toManagedList(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AntPathRequestMatcher.class).addConstructorArgValue(this.logoutRequestUrl).getBeanDefinition(), BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ParameterRequestMatcher.class).addConstructorArgValue("SAMLRequest").getBeanDefinition())).getBeanDefinition();
    }

    private BeanMetadataElement createSaml2LogoutResponseMatcher() {
        return BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AndRequestMatcher.class).addConstructorArgValue(toManagedList(BeanDefinitionBuilder.rootBeanDefinition((Class<?>) AntPathRequestMatcher.class).addConstructorArgValue(this.logoutResponseUrl).getBeanDefinition(), BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ParameterRequestMatcher.class).addConstructorArgValue("SAMLResponse").getBeanDefinition())).getBeanDefinition();
    }

    private static List<BeanMetadataElement> toManagedList(BeanMetadataElement... beanMetadataElementArr) {
        ManagedList managedList = new ManagedList();
        managedList.addAll(Arrays.asList(beanMetadataElementArr));
        return managedList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getLogoutRequestFilter() {
        return this.logoutRequestFilter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getLogoutResponseFilter() {
        return this.logoutResponseFilter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BeanDefinition getLogoutFilter() {
        return this.logoutFilter;
    }
}
