package org.apereo.cas.web.support.filters;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Optional;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-web-api-6.2.2.jar:org/apereo/cas/web/support/filters/ResponseHeadersEnforcementFilter.class */
public class ResponseHeadersEnforcementFilter extends AbstractSecurityFilter implements Filter {
    public static final String INIT_PARAM_ENABLE_CACHE_CONTROL = "enableCacheControl";
    public static final String INIT_PARAM_ENABLE_XCONTENT_OPTIONS = "enableXContentTypeOptions";
    public static final String INIT_PARAM_ENABLE_STRICT_TRANSPORT_SECURITY = "enableStrictTransportSecurity";
    public static final String INIT_PARAM_ENABLE_STRICT_XFRAME_OPTIONS = "enableXFrameOptions";
    public static final String INIT_PARAM_STRICT_XFRAME_OPTIONS = "XFrameOptions";
    public static final String INIT_PARAM_ENABLE_XSS_PROTECTION = "enableXSSProtection";
    public static final String INIT_PARAM_XSS_PROTECTION = "XSSProtection";
    public static final String INIT_PARAM_CONTENT_SECURITY_POLICY = "contentSecurityPolicy";
    private boolean enableCacheControl;
    private boolean enableXContentTypeOptions;
    private boolean enableStrictTransportSecurity;
    private boolean enableXFrameOptions;
    private boolean enableXSSProtection;
    private String contentSecurityPolicy;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ResponseHeadersEnforcementFilter.class);
    private static final Pattern CACHE_CONTROL_STATIC_RESOURCES_PATTERN = Pattern.compile("^.+\\.(css|js|png|txt|jpg|ico|jpeg|bmp|gif)$", 2);
    private final Object lock = new Object();
    private String cacheControlHeader = CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE;
    private String xContentTypeOptionsHeader = "nosniff";
    private String strictTransportSecurityHeader = "max-age=15768000 ; includeSubDomains";
    private String xframeOptions = "DENY";
    private String xssProtection = "1; mode=block";

    private static void throwIfUnrecognizedParamName(Enumeration enumeration) {
        HashSet hashSet = new HashSet();
        hashSet.add(INIT_PARAM_ENABLE_CACHE_CONTROL);
        hashSet.add(INIT_PARAM_ENABLE_XCONTENT_OPTIONS);
        hashSet.add(INIT_PARAM_ENABLE_STRICT_TRANSPORT_SECURITY);
        hashSet.add(INIT_PARAM_ENABLE_STRICT_XFRAME_OPTIONS);
        hashSet.add(INIT_PARAM_STRICT_XFRAME_OPTIONS);
        hashSet.add(INIT_PARAM_CONTENT_SECURITY_POLICY);
        hashSet.add(INIT_PARAM_ENABLE_XSS_PROTECTION);
        hashSet.add(INIT_PARAM_XSS_PROTECTION);
        hashSet.add(AbstractSecurityFilter.THROW_ON_ERROR);
        while (enumeration.hasMoreElements()) {
            String str = (String) enumeration.nextElement();
            if (!hashSet.contains(str)) {
                logException(new ServletException("Unrecognized init parameter [" + str + "]"));
            }
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(AbstractSecurityFilter.THROW_ON_ERROR);
        if (null != initParameter) {
            setThrowOnErrors(Boolean.parseBoolean(initParameter));
        }
        throwIfUnrecognizedParamName(filterConfig.getInitParameterNames());
        String initParameter2 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_CACHE_CONTROL);
        String initParameter3 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_XCONTENT_OPTIONS);
        String initParameter4 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_STRICT_TRANSPORT_SECURITY);
        String initParameter5 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_STRICT_XFRAME_OPTIONS);
        String initParameter6 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_XSS_PROTECTION);
        this.enableCacheControl = Boolean.parseBoolean(initParameter2);
        this.enableXContentTypeOptions = Boolean.parseBoolean(initParameter3);
        this.enableStrictTransportSecurity = Boolean.parseBoolean(initParameter4);
        this.enableXFrameOptions = Boolean.parseBoolean(initParameter5);
        this.xframeOptions = filterConfig.getInitParameter(INIT_PARAM_STRICT_XFRAME_OPTIONS);
        if (this.xframeOptions == null || this.xframeOptions.isEmpty()) {
            this.xframeOptions = "DENY";
        }
        this.enableXSSProtection = Boolean.parseBoolean(initParameter6);
        this.xssProtection = filterConfig.getInitParameter(INIT_PARAM_XSS_PROTECTION);
        if (this.xssProtection == null || this.xssProtection.isEmpty()) {
            this.xssProtection = "1; mode=block";
        }
        this.contentSecurityPolicy = filterConfig.getInitParameter(INIT_PARAM_CONTENT_SECURITY_POLICY);
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            if (servletResponse instanceof HttpServletResponse) {
                HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                Optional<Object> prepareFilterBeforeExecution = prepareFilterBeforeExecution(httpServletResponse, httpServletRequest);
                decideInsertCacheControlHeader(httpServletResponse, httpServletRequest, prepareFilterBeforeExecution);
                decideInsertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest, prepareFilterBeforeExecution);
                decideInsertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest, prepareFilterBeforeExecution);
                decideInsertXFrameOptionsHeader(httpServletResponse, httpServletRequest, prepareFilterBeforeExecution);
                decideInsertXSSProtectionHeader(httpServletResponse, httpServletRequest, prepareFilterBeforeExecution);
                decideInsertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest, prepareFilterBeforeExecution);
            }
        } catch (Exception e) {
            logException(new ServletException(getClass().getSimpleName() + " is blocking this request. Examine the cause in this stack trace to understand why.", e));
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    protected Optional<Object> prepareFilterBeforeExecution(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        return Optional.empty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertContentSecurityPolicyHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        if (this.contentSecurityPolicy == null) {
            return;
        }
        insertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertContentSecurityPolicyHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        insertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest, this.contentSecurityPolicy);
    }

    protected void insertContentSecurityPolicyHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("Content-Security-Policy", str);
        LOGGER.trace("Adding Content-Security-Policy response header [{}] for [{}]", str, requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertXSSProtectionHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        if (this.enableXSSProtection) {
            insertXSSProtectionHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertXSSProtectionHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        insertXSSProtectionHeader(httpServletResponse, httpServletRequest, this.xssProtection);
    }

    protected void insertXSSProtectionHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("X-XSS-Protection", str);
        LOGGER.trace("Adding X-XSS Protection [{}] response headers for [{}]", str, requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertXFrameOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        if (this.enableXFrameOptions) {
            insertXFrameOptionsHeader(httpServletResponse, httpServletRequest);
        }
    }

    protected void insertXFrameOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        insertXFrameOptionsHeader(httpServletResponse, httpServletRequest, this.xframeOptions);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertXFrameOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("X-Frame-Options", str);
        LOGGER.trace("Adding X-Frame Options [{}] response headers for [{}]", str, requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertXContentTypeOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        if (this.enableXContentTypeOptions) {
            insertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertXContentTypeOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        insertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest, this.xContentTypeOptionsHeader);
    }

    protected void insertXContentTypeOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("X-Content-Type-Options", str);
        LOGGER.trace("Adding X-Content Type response headers [{}] for [{}]", str, requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertCacheControlHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        if (this.enableCacheControl) {
            insertCacheControlHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertCacheControlHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        insertCacheControlHeader(httpServletResponse, httpServletRequest, this.cacheControlHeader);
    }

    protected void insertCacheControlHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str) {
        String requestURI = httpServletRequest.getRequestURI();
        if (CACHE_CONTROL_STATIC_RESOURCES_PATTERN.matcher(requestURI).matches()) {
            return;
        }
        httpServletResponse.addHeader("Cache-Control", str);
        httpServletResponse.addHeader("Pragma", CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
        httpServletResponse.addIntHeader("Expires", 0);
        LOGGER.trace("Adding Cache Control response headers for [{}}", requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertStrictTransportSecurityHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        if (this.enableStrictTransportSecurity) {
            insertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertStrictTransportSecurityHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        insertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest, this.strictTransportSecurityHeader);
    }

    protected void insertStrictTransportSecurityHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest.isSecure()) {
            String requestURI = httpServletRequest.getRequestURI();
            httpServletResponse.addHeader("Strict-Transport-Security", str);
            LOGGER.trace("Adding HSTS response headers for [{}]", requestURI);
        }
    }

    @Generated
    public void setEnableCacheControl(boolean z) {
        this.enableCacheControl = z;
    }

    @Generated
    public void setCacheControlHeader(String str) {
        this.cacheControlHeader = str;
    }

    @Generated
    public void setEnableXContentTypeOptions(boolean z) {
        this.enableXContentTypeOptions = z;
    }

    @Generated
    public void setXContentTypeOptionsHeader(String str) {
        this.xContentTypeOptionsHeader = str;
    }

    @Generated
    public void setEnableStrictTransportSecurity(boolean z) {
        this.enableStrictTransportSecurity = z;
    }

    @Generated
    public void setStrictTransportSecurityHeader(String str) {
        this.strictTransportSecurityHeader = str;
    }

    @Generated
    public void setEnableXFrameOptions(boolean z) {
        this.enableXFrameOptions = z;
    }

    @Generated
    public void setXframeOptions(String str) {
        this.xframeOptions = str;
    }

    @Generated
    public void setEnableXSSProtection(boolean z) {
        this.enableXSSProtection = z;
    }

    @Generated
    public void setXssProtection(String str) {
        this.xssProtection = str;
    }

    @Generated
    public void setContentSecurityPolicy(String str) {
        this.contentSecurityPolicy = str;
    }

    @Generated
    public Object getLock() {
        return this.lock;
    }

    @Generated
    public boolean isEnableCacheControl() {
        return this.enableCacheControl;
    }

    @Generated
    public String getCacheControlHeader() {
        return this.cacheControlHeader;
    }

    @Generated
    public boolean isEnableXContentTypeOptions() {
        return this.enableXContentTypeOptions;
    }

    @Generated
    public String getXContentTypeOptionsHeader() {
        return this.xContentTypeOptionsHeader;
    }

    @Generated
    public boolean isEnableStrictTransportSecurity() {
        return this.enableStrictTransportSecurity;
    }

    @Generated
    public String getStrictTransportSecurityHeader() {
        return this.strictTransportSecurityHeader;
    }

    @Generated
    public boolean isEnableXFrameOptions() {
        return this.enableXFrameOptions;
    }

    @Generated
    public String getXframeOptions() {
        return this.xframeOptions;
    }

    @Generated
    public boolean isEnableXSSProtection() {
        return this.enableXSSProtection;
    }

    @Generated
    public String getXssProtection() {
        return this.xssProtection;
    }

    @Generated
    public String getContentSecurityPolicy() {
        return this.contentSecurityPolicy;
    }
}
