package org.springframework.security.config.web.server;

import java.util.ArrayList;
import java.util.Optional;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.web.server.MatcherSecurityWebFilterChain;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.security.web.server.authorization.AuthorizationWebFilter;
import org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager;
import org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter;
import org.springframework.security.web.server.context.SecurityContextRepository;
import org.springframework.security.web.server.context.SecurityContextRepositoryWebFilter;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.util.Assert;
import org.springframework.web.server.WebFilter;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity.class */
public class HttpSecurity {
    private AuthorizeExchangeBuilder authorizeExchangeBuilder;
    private HttpBasicBuilder httpBasic;
    private ReactiveAuthenticationManager authenticationManager;
    private ServerWebExchangeMatcher securityMatcher = ServerWebExchangeMatchers.anyExchange();
    private HeaderBuilder headers = new HeaderBuilder();
    private Optional<SecurityContextRepository> securityContextRepository = Optional.empty();

    /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$AuthorizeExchangeBuilder.class */
    public class AuthorizeExchangeBuilder extends AbstractServerWebExchangeMatcherRegistry<Access> {
        private DelegatingReactiveAuthorizationManager.Builder managerBldr = DelegatingReactiveAuthorizationManager.builder();
        private ServerWebExchangeMatcher matcher;
        private boolean anyExchangeRegistered;

        /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$AuthorizeExchangeBuilder$Access.class */
        public final class Access {
            public Access() {
            }

            public AuthorizeExchangeBuilder permitAll() {
                return access((mono, authorizationContext) -> {
                    return Mono.just(new AuthorizationDecision(true));
                });
            }

            public AuthorizeExchangeBuilder denyAll() {
                return access((mono, authorizationContext) -> {
                    return Mono.just(new AuthorizationDecision(false));
                });
            }

            public AuthorizeExchangeBuilder hasRole(String str) {
                return access(AuthorityAuthorizationManager.hasRole(str));
            }

            public AuthorizeExchangeBuilder hasAuthority(String str) {
                return access(AuthorityAuthorizationManager.hasAuthority(str));
            }

            public AuthorizeExchangeBuilder authenticated() {
                return access(AuthenticatedAuthorizationManager.authenticated());
            }

            public AuthorizeExchangeBuilder access(ReactiveAuthorizationManager<AuthorizationContext> reactiveAuthorizationManager) {
                AuthorizeExchangeBuilder.this.managerBldr.add(new ServerWebExchangeMatcherEntry(AuthorizeExchangeBuilder.this.matcher, reactiveAuthorizationManager));
                AuthorizeExchangeBuilder.this.matcher = null;
                return AuthorizeExchangeBuilder.this;
            }
        }

        public AuthorizeExchangeBuilder() {
        }

        public HttpSecurity and() {
            return HttpSecurity.this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
        public Access anyExchange() {
            Access access = (Access) super.anyExchange();
            this.anyExchangeRegistered = true;
            return access;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
        public Access registerMatcher(ServerWebExchangeMatcher serverWebExchangeMatcher) {
            if (this.anyExchangeRegistered) {
                throw new IllegalStateException("Cannot register " + serverWebExchangeMatcher + " which would be unreachable because anyExchange() has already been registered.");
            }
            if (this.matcher != null) {
                throw new IllegalStateException("The matcher " + serverWebExchangeMatcher + " does not have an access rule defined");
            }
            this.matcher = serverWebExchangeMatcher;
            return new Access();
        }

        protected WebFilter build() {
            if (this.matcher != null) {
                throw new IllegalStateException("The matcher " + this.matcher + " does not have an access rule defined");
            }
            return new AuthorizationWebFilter(this.managerBldr.build());
        }
    }

    /* loaded from: input_file:org/springframework/security/config/web/server/HttpSecurity$HttpBasicSpec.class */
    public class HttpBasicSpec extends HttpBasicBuilder {
        public HttpBasicSpec() {
        }

        public HttpSecurity disable() {
            HttpSecurity.this.httpBasic = null;
            return HttpSecurity.this;
        }
    }

    public HttpSecurity securityMatcher(ServerWebExchangeMatcher serverWebExchangeMatcher) {
        Assert.notNull(serverWebExchangeMatcher, "matcher cannot be null");
        this.securityMatcher = serverWebExchangeMatcher;
        return this;
    }

    private ServerWebExchangeMatcher getSecurityMatcher() {
        return this.securityMatcher;
    }

    public HttpSecurity securityContextRepository(SecurityContextRepository securityContextRepository) {
        Assert.notNull(securityContextRepository, "securityContextRepository cannot be null");
        this.securityContextRepository = Optional.of(securityContextRepository);
        return this;
    }

    public HttpBasicBuilder httpBasic() {
        if (this.httpBasic == null) {
            this.httpBasic = new HttpBasicBuilder();
        }
        return this.httpBasic;
    }

    public HeaderBuilder headers() {
        return this.headers;
    }

    public AuthorizeExchangeBuilder authorizeExchange() {
        if (this.authorizeExchangeBuilder == null) {
            this.authorizeExchangeBuilder = new AuthorizeExchangeBuilder();
        }
        return this.authorizeExchangeBuilder;
    }

    public HttpSecurity authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
        this.authenticationManager = reactiveAuthenticationManager;
        return this;
    }

    public SecurityWebFilterChain build() {
        ArrayList arrayList = new ArrayList();
        if (this.headers != null) {
            arrayList.add(this.headers.build());
        }
        securityContextRepositoryWebFilter().ifPresent(securityContextRepositoryWebFilter -> {
            arrayList.add(securityContextRepositoryWebFilter);
        });
        if (this.httpBasic != null) {
            this.httpBasic.authenticationManager(this.authenticationManager);
            this.securityContextRepository.ifPresent(securityContextRepository -> {
                this.httpBasic.securityContextRepository(securityContextRepository);
            });
            arrayList.add(this.httpBasic.build());
        }
        if (this.authorizeExchangeBuilder != null) {
            arrayList.add(new ExceptionTranslationWebFilter());
            arrayList.add(this.authorizeExchangeBuilder.build());
        }
        return new MatcherSecurityWebFilterChain(getSecurityMatcher(), arrayList);
    }

    public static HttpSecurity http() {
        return new HttpSecurity();
    }

    private Optional<SecurityContextRepositoryWebFilter> securityContextRepositoryWebFilter() {
        return this.securityContextRepository.flatMap(securityContextRepository -> {
            return Optional.of(new SecurityContextRepositoryWebFilter(securityContextRepository));
        });
    }

    private HttpSecurity() {
    }
}
