package org.springframework.security.config.annotation.web.configurers;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.PortMapper;
import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.channel.ChannelProcessor;
import org.springframework.security.web.access.channel.InsecureChannelProcessor;
import org.springframework.security.web.access.channel.RetryWithHttpEntryPoint;
import org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint;
import org.springframework.security.web.access.channel.SecureChannelProcessor;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.RequestMatcher;

/* loaded from: input_file:org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.class */
public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractRequestMatcherMappingConfigurer<H, ChannelSecurityConfigurer<H>.RequiresChannelUrl, DefaultSecurityFilterChain> {
    private ChannelProcessingFilter channelFilter = new ChannelProcessingFilter();
    private LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
    private List<ChannelProcessor> channelProcessors;

    /* loaded from: input_file:org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer$RequiresChannelUrl.class */
    public final class RequiresChannelUrl {
        private List<RequestMatcher> requestMatchers;

        private RequiresChannelUrl(List<RequestMatcher> list) {
            this.requestMatchers = list;
        }

        public ChannelSecurityConfigurer<H> requiresSecure() {
            return requires("REQUIRES_SECURE_CHANNEL");
        }

        public ChannelSecurityConfigurer<H> requiresInsecure() {
            return requires("REQUIRES_INSECURE_CHANNEL");
        }

        public ChannelSecurityConfigurer<H> requires(String str) {
            return ChannelSecurityConfigurer.this.addAttribute(str, this.requestMatchers);
        }
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) throws Exception {
        ChannelDecisionManagerImpl channelDecisionManagerImpl = new ChannelDecisionManagerImpl();
        channelDecisionManagerImpl.setChannelProcessors(getChannelProcessors(h));
        this.channelFilter.setChannelDecisionManager((ChannelDecisionManagerImpl) postProcess(channelDecisionManagerImpl));
        this.channelFilter.setSecurityMetadataSource(new DefaultFilterInvocationSecurityMetadataSource(this.requestMap));
        this.channelFilter = (ChannelProcessingFilter) postProcess(this.channelFilter);
        h.addFilter(this.channelFilter);
    }

    public ChannelSecurityConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) {
        addObjectPostProcessor(objectPostProcessor);
        return this;
    }

    public ChannelSecurityConfigurer<H> channelProcessors(List<ChannelProcessor> list) {
        this.channelProcessors = list;
        return this;
    }

    private List<ChannelProcessor> getChannelProcessors(H h) {
        if (this.channelProcessors != null) {
            return this.channelProcessors;
        }
        InsecureChannelProcessor insecureChannelProcessor = new InsecureChannelProcessor();
        SecureChannelProcessor secureChannelProcessor = new SecureChannelProcessor();
        PortMapper portMapper = (PortMapper) h.getSharedObject(PortMapper.class);
        if (portMapper != null) {
            RetryWithHttpEntryPoint retryWithHttpEntryPoint = new RetryWithHttpEntryPoint();
            retryWithHttpEntryPoint.setPortMapper(portMapper);
            insecureChannelProcessor.setEntryPoint(retryWithHttpEntryPoint);
            RetryWithHttpsEntryPoint retryWithHttpsEntryPoint = new RetryWithHttpsEntryPoint();
            retryWithHttpsEntryPoint.setPortMapper(portMapper);
            secureChannelProcessor.setEntryPoint(retryWithHttpsEntryPoint);
        }
        return Arrays.asList((InsecureChannelProcessor) postProcess(insecureChannelProcessor), (SecureChannelProcessor) postProcess(secureChannelProcessor));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ChannelSecurityConfigurer<H> addAttribute(String str, List<RequestMatcher> list) {
        Iterator<RequestMatcher> it = list.iterator();
        while (it.hasNext()) {
            this.requestMap.put(it.next(), Arrays.asList(new SecurityConfig(str)));
        }
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractRequestMatcherMappingConfigurer
    protected ChannelSecurityConfigurer<H>.RequiresChannelUrl chainRequestMatchersInternal(List<RequestMatcher> list) {
        return new RequiresChannelUrl(list);
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractRequestMatcherMappingConfigurer
    protected /* bridge */ /* synthetic */ Object chainRequestMatchersInternal(List list) {
        return chainRequestMatchersInternal((List<RequestMatcher>) list);
    }
}
