package org.springframework.security.config.web.server;

import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.web.server.AuthenticationEntryPoint;
import org.springframework.security.web.server.DelegatingAuthenticationEntryPoint;
import org.springframework.security.web.server.FormLoginAuthenticationConverter;
import org.springframework.security.web.server.HttpBasicAuthenticationConverter;
import org.springframework.security.web.server.MatcherSecurityWebFilterChain;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationEntryPointFailureHandler;
import org.springframework.security.web.server.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.authentication.RedirectAuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.RedirectAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.logout.LogoutWebFiter;
import org.springframework.security.web.server.authentication.www.HttpBasicAuthenticationEntryPoint;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.security.web.server.authorization.AuthorizationWebFilter;
import org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager;
import org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter;
import org.springframework.security.web.server.context.AuthenticationReactorContextFilter;
import org.springframework.security.web.server.context.SecurityContextRepository;
import org.springframework.security.web.server.context.SecurityContextRepositoryWebFilter;
import org.springframework.security.web.server.context.ServerWebExchangeAttributeSecurityContextRepository;
import org.springframework.security.web.server.context.WebSessionSecurityContextRepository;
import org.springframework.security.web.server.header.CacheControlHttpHeadersWriter;
import org.springframework.security.web.server.header.CompositeHttpHeadersWriter;
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.HttpHeaderWriterWebFilter;
import org.springframework.security.web.server.header.HttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter;
import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.util.Assert;
import org.springframework.web.server.WebFilter;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity.class */
public class HttpSecurity {
    private AuthorizeExchangeBuilder authorizeExchangeBuilder;
    private HeaderBuilder headers;
    private HttpBasicBuilder httpBasic;
    private FormLoginBuilder formLogin;
    private ReactiveAuthenticationManager authenticationManager;
    private SecurityContextRepository securityContextRepository;
    private AuthenticationEntryPoint authenticationEntryPoint;
    private ServerWebExchangeMatcher securityMatcher = ServerWebExchangeMatchers.anyExchange();
    private List<DelegatingAuthenticationEntryPoint.DelegateEntry> defaultEntryPoints = new ArrayList();

    /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$AuthorizeExchangeBuilder.class */
    public class AuthorizeExchangeBuilder extends AbstractServerWebExchangeMatcherRegistry<Access> {
        private DelegatingReactiveAuthorizationManager.Builder managerBldr = DelegatingReactiveAuthorizationManager.builder();
        private ServerWebExchangeMatcher matcher;
        private boolean anyExchangeRegistered;

        /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$AuthorizeExchangeBuilder$Access.class */
        public final class Access {
            public Access() {
            }

            public AuthorizeExchangeBuilder permitAll() {
                return access((mono, authorizationContext) -> {
                    return Mono.just(new AuthorizationDecision(true));
                });
            }

            public AuthorizeExchangeBuilder denyAll() {
                return access((mono, authorizationContext) -> {
                    return Mono.just(new AuthorizationDecision(false));
                });
            }

            public AuthorizeExchangeBuilder hasRole(String str) {
                return access(AuthorityAuthorizationManager.hasRole(str));
            }

            public AuthorizeExchangeBuilder hasAuthority(String str) {
                return access(AuthorityAuthorizationManager.hasAuthority(str));
            }

            public AuthorizeExchangeBuilder authenticated() {
                return access(AuthenticatedAuthorizationManager.authenticated());
            }

            public AuthorizeExchangeBuilder access(ReactiveAuthorizationManager<AuthorizationContext> reactiveAuthorizationManager) {
                AuthorizeExchangeBuilder.this.managerBldr.add(new ServerWebExchangeMatcherEntry(AuthorizeExchangeBuilder.this.matcher, reactiveAuthorizationManager));
                AuthorizeExchangeBuilder.this.matcher = null;
                return AuthorizeExchangeBuilder.this;
            }
        }

        public AuthorizeExchangeBuilder() {
        }

        public HttpSecurity and() {
            return HttpSecurity.this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
        public Access anyExchange() {
            Access access = (Access) super.anyExchange();
            this.anyExchangeRegistered = true;
            return access;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
        public Access registerMatcher(ServerWebExchangeMatcher serverWebExchangeMatcher) {
            if (this.anyExchangeRegistered) {
                throw new IllegalStateException("Cannot register " + serverWebExchangeMatcher + " which would be unreachable because anyExchange() has already been registered.");
            }
            if (this.matcher != null) {
                throw new IllegalStateException("The matcher " + serverWebExchangeMatcher + " does not have an access rule defined");
            }
            this.matcher = serverWebExchangeMatcher;
            return new Access();
        }

        protected WebFilter build() {
            if (this.matcher != null) {
                throw new IllegalStateException("The matcher " + this.matcher + " does not have an access rule defined");
            }
            return new AuthorizationWebFilter(this.managerBldr.build());
        }
    }

    /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$FormLoginBuilder.class */
    public class FormLoginBuilder {
        private ReactiveAuthenticationManager authenticationManager;
        private SecurityContextRepository securityContextRepository;
        private AuthenticationEntryPoint authenticationEntryPoint;
        private ServerWebExchangeMatcher requiresAuthenticationMatcher;
        private AuthenticationFailureHandler authenticationFailureHandler;

        public FormLoginBuilder authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
            this.authenticationManager = reactiveAuthenticationManager;
            return this;
        }

        public FormLoginBuilder loginPage(String str) {
            this.authenticationEntryPoint = new RedirectAuthenticationEntryPoint(str);
            this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, new String[]{str});
            this.authenticationFailureHandler = new AuthenticationEntryPointFailureHandler(new RedirectAuthenticationEntryPoint(str + "?error"));
            return this;
        }

        public FormLoginBuilder authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
            this.authenticationEntryPoint = authenticationEntryPoint;
            return this;
        }

        public FormLoginBuilder requiresAuthenticationMatcher(ServerWebExchangeMatcher serverWebExchangeMatcher) {
            this.requiresAuthenticationMatcher = serverWebExchangeMatcher;
            return this;
        }

        public FormLoginBuilder authenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
            this.authenticationFailureHandler = authenticationFailureHandler;
            return this;
        }

        public FormLoginBuilder securityContextRepository(SecurityContextRepository securityContextRepository) {
            this.securityContextRepository = securityContextRepository;
            return this;
        }

        public HttpSecurity and() {
            return HttpSecurity.this;
        }

        public HttpSecurity disable() {
            HttpSecurity.this.formLogin = null;
            return HttpSecurity.this;
        }

        protected AuthenticationWebFilter build() {
            if (this.authenticationEntryPoint == null) {
                loginPage("/login");
            }
            MediaTypeServerWebExchangeMatcher mediaTypeServerWebExchangeMatcher = new MediaTypeServerWebExchangeMatcher(new MediaType[]{MediaType.TEXT_HTML});
            mediaTypeServerWebExchangeMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
            HttpSecurity.this.defaultEntryPoints.add(0, new DelegatingAuthenticationEntryPoint.DelegateEntry(mediaTypeServerWebExchangeMatcher, this.authenticationEntryPoint));
            AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(this.authenticationManager);
            authenticationWebFilter.setRequiresAuthenticationMatcher(this.requiresAuthenticationMatcher);
            authenticationWebFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler);
            authenticationWebFilter.setAuthenticationConverter(new FormLoginAuthenticationConverter());
            authenticationWebFilter.setAuthenticationSuccessHandler(new RedirectAuthenticationSuccessHandler("/"));
            authenticationWebFilter.setSecurityContextRepository(this.securityContextRepository);
            return authenticationWebFilter;
        }

        private FormLoginBuilder() {
            this.securityContextRepository = new WebSessionSecurityContextRepository();
        }
    }

    /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HeaderBuilder.class */
    public class HeaderBuilder {
        private final List<HttpHeadersWriter> writers;
        private CacheControlHttpHeadersWriter cacheControl;
        private ContentTypeOptionsHttpHeadersWriter contentTypeOptions;
        private StrictTransportSecurityHttpHeadersWriter hsts;
        private XFrameOptionsHttpHeadersWriter frameOptions;
        private XXssProtectionHttpHeadersWriter xss;

        /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HeaderBuilder$CacheSpec.class */
        public class CacheSpec {
            public void disable() {
                HeaderBuilder.this.writers.remove(HeaderBuilder.this.cacheControl);
            }

            private CacheSpec() {
            }
        }

        /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HeaderBuilder$ContentTypeOptionsSpec.class */
        public class ContentTypeOptionsSpec {
            public void disable() {
                HeaderBuilder.this.writers.remove(HeaderBuilder.this.contentTypeOptions);
            }

            private ContentTypeOptionsSpec() {
            }
        }

        /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HeaderBuilder$FrameOptionsSpec.class */
        public class FrameOptionsSpec {
            public void mode(XFrameOptionsHttpHeadersWriter.Mode mode) {
                HeaderBuilder.this.frameOptions.setMode(mode);
            }

            public void disable() {
                HeaderBuilder.this.writers.remove(HeaderBuilder.this.frameOptions);
            }

            private FrameOptionsSpec() {
            }
        }

        /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HeaderBuilder$HstsSpec.class */
        public class HstsSpec {
            public void maxAge(Duration duration) {
                HeaderBuilder.this.hsts.setMaxAge(duration);
            }

            public void includeSubdomains(boolean z) {
                HeaderBuilder.this.hsts.setIncludeSubDomains(z);
            }

            public void disable() {
                HeaderBuilder.this.writers.remove(HeaderBuilder.this.hsts);
            }

            private HstsSpec() {
            }
        }

        /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HeaderBuilder$XssProtectionSpec.class */
        public class XssProtectionSpec {
            public void disable() {
                HeaderBuilder.this.writers.remove(HeaderBuilder.this.xss);
            }

            private XssProtectionSpec() {
            }
        }

        public HttpSecurity and() {
            return HttpSecurity.this;
        }

        public CacheSpec cache() {
            return new CacheSpec();
        }

        public ContentTypeOptionsSpec contentTypeOptions() {
            return new ContentTypeOptionsSpec();
        }

        public FrameOptionsSpec frameOptions() {
            return new FrameOptionsSpec();
        }

        public HstsSpec hsts() {
            return new HstsSpec();
        }

        protected HttpHeaderWriterWebFilter build() {
            return new HttpHeaderWriterWebFilter(new CompositeHttpHeadersWriter(this.writers));
        }

        public XssProtectionSpec xssProtection() {
            return new XssProtectionSpec();
        }

        private HeaderBuilder() {
            this.cacheControl = new CacheControlHttpHeadersWriter();
            this.contentTypeOptions = new ContentTypeOptionsHttpHeadersWriter();
            this.hsts = new StrictTransportSecurityHttpHeadersWriter();
            this.frameOptions = new XFrameOptionsHttpHeadersWriter();
            this.xss = new XXssProtectionHttpHeadersWriter();
            this.writers = new ArrayList(Arrays.asList(this.cacheControl, this.contentTypeOptions, this.hsts, this.frameOptions, this.xss));
        }
    }

    /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HttpBasicBuilder.class */
    public class HttpBasicBuilder {
        private ReactiveAuthenticationManager authenticationManager;
        private SecurityContextRepository securityContextRepository;
        private AuthenticationEntryPoint entryPoint;

        public HttpBasicBuilder authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
            this.authenticationManager = reactiveAuthenticationManager;
            return this;
        }

        public HttpBasicBuilder securityContextRepository(SecurityContextRepository securityContextRepository) {
            this.securityContextRepository = securityContextRepository;
            return this;
        }

        public HttpSecurity and() {
            return HttpSecurity.this;
        }

        public HttpSecurity disable() {
            HttpSecurity.this.httpBasic = null;
            return HttpSecurity.this;
        }

        protected AuthenticationWebFilter build() {
            MediaTypeServerWebExchangeMatcher mediaTypeServerWebExchangeMatcher = new MediaTypeServerWebExchangeMatcher(new MediaType[]{MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML});
            mediaTypeServerWebExchangeMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
            HttpSecurity.this.defaultEntryPoints.add(new DelegatingAuthenticationEntryPoint.DelegateEntry(mediaTypeServerWebExchangeMatcher, this.entryPoint));
            AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(this.authenticationManager);
            authenticationWebFilter.setAuthenticationFailureHandler(new AuthenticationEntryPointFailureHandler(this.entryPoint));
            authenticationWebFilter.setAuthenticationConverter(new HttpBasicAuthenticationConverter());
            if (this.securityContextRepository != null) {
                authenticationWebFilter.setSecurityContextRepository(this.securityContextRepository);
            }
            return authenticationWebFilter;
        }

        private HttpBasicBuilder() {
            this.securityContextRepository = new ServerWebExchangeAttributeSecurityContextRepository();
            this.entryPoint = new HttpBasicAuthenticationEntryPoint();
        }
    }

    public HttpSecurity securityMatcher(ServerWebExchangeMatcher serverWebExchangeMatcher) {
        Assert.notNull(serverWebExchangeMatcher, "matcher cannot be null");
        this.securityMatcher = serverWebExchangeMatcher;
        return this;
    }

    private ServerWebExchangeMatcher getSecurityMatcher() {
        return this.securityMatcher;
    }

    public HttpSecurity securityContextRepository(SecurityContextRepository securityContextRepository) {
        Assert.notNull(securityContextRepository, "securityContextRepository cannot be null");
        this.securityContextRepository = securityContextRepository;
        return this;
    }

    public HttpBasicBuilder httpBasic() {
        if (this.httpBasic == null) {
            this.httpBasic = new HttpBasicBuilder();
        }
        return this.httpBasic;
    }

    public FormLoginBuilder formLogin() {
        if (this.formLogin == null) {
            this.formLogin = new FormLoginBuilder();
        }
        return this.formLogin;
    }

    public HeaderBuilder headers() {
        if (this.headers == null) {
            this.headers = new HeaderBuilder();
        }
        return this.headers;
    }

    public AuthorizeExchangeBuilder authorizeExchange() {
        if (this.authorizeExchangeBuilder == null) {
            this.authorizeExchangeBuilder = new AuthorizeExchangeBuilder();
        }
        return this.authorizeExchangeBuilder;
    }

    public HttpSecurity authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
        this.authenticationManager = reactiveAuthenticationManager;
        return this;
    }

    public SecurityWebFilterChain build() {
        ArrayList arrayList = new ArrayList();
        if (this.headers != null) {
            arrayList.add(this.headers.build());
        }
        SecurityContextRepositoryWebFilter securityContextRepositoryWebFilter = securityContextRepositoryWebFilter();
        if (securityContextRepositoryWebFilter != null) {
            arrayList.add(securityContextRepositoryWebFilter);
        }
        if (this.httpBasic != null) {
            this.httpBasic.authenticationManager(this.authenticationManager);
            if (this.securityContextRepository != null) {
                this.httpBasic.securityContextRepository(this.securityContextRepository);
            }
            arrayList.add(this.httpBasic.build());
        }
        if (this.formLogin != null) {
            this.formLogin.authenticationManager(this.authenticationManager);
            if (this.securityContextRepository != null) {
                this.formLogin.securityContextRepository(this.securityContextRepository);
            }
            if (this.formLogin.authenticationEntryPoint == null) {
                arrayList.add(new LoginPageGeneratingWebFilter());
            }
            arrayList.add(this.formLogin.build());
            arrayList.add(new LogoutWebFiter());
        }
        arrayList.add(new AuthenticationReactorContextFilter());
        if (this.authorizeExchangeBuilder != null) {
            AuthenticationEntryPoint authenticationEntryPoint = getAuthenticationEntryPoint();
            ExceptionTranslationWebFilter exceptionTranslationWebFilter = new ExceptionTranslationWebFilter();
            if (authenticationEntryPoint != null) {
                exceptionTranslationWebFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
            }
            arrayList.add(exceptionTranslationWebFilter);
            arrayList.add(this.authorizeExchangeBuilder.build());
        }
        return new MatcherSecurityWebFilterChain(getSecurityMatcher(), arrayList);
    }

    private AuthenticationEntryPoint getAuthenticationEntryPoint() {
        if (this.authenticationEntryPoint != null || this.defaultEntryPoints.isEmpty()) {
            return this.authenticationEntryPoint;
        }
        if (this.defaultEntryPoints.size() == 1) {
            return this.defaultEntryPoints.get(0).getEntryPoint();
        }
        DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint = new DelegatingAuthenticationEntryPoint(this.defaultEntryPoints);
        delegatingAuthenticationEntryPoint.setDefaultEntryPoint(this.defaultEntryPoints.get(this.defaultEntryPoints.size() - 1).getEntryPoint());
        return delegatingAuthenticationEntryPoint;
    }

    public static HttpSecurity http() {
        return new HttpSecurity();
    }

    private SecurityContextRepositoryWebFilter securityContextRepositoryWebFilter() {
        SecurityContextRepository securityContextRepository = this.securityContextRepository;
        if (securityContextRepository == null) {
            return null;
        }
        return new SecurityContextRepositoryWebFilter(securityContextRepository);
    }

    private HttpSecurity() {
    }
}
