package io.hawt.web.filters;

import com.google.common.net.HttpHeaders;
import io.hawt.web.ServletHelpers;
import io.hawt.web.auth.keycloak.KeycloakServlet;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-2.16.3.jar:io/hawt/web/filters/ContentSecurityPolicyFilter.class */
public class ContentSecurityPolicyFilter extends HttpHeaderFilter {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) ContentSecurityPolicyFilter.class);
    private static final String POLICY_TEMPLATE = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' %s; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' %s; frame-src 'self' %s; frame-ancestors %s";
    private String policy = "";

    @Override // io.hawt.web.filters.HttpHeaderFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        String configParameter = getConfigParameter(KeycloakServlet.KEYCLOAK_CLIENT_CONFIG);
        if (System.getProperty(KeycloakServlet.HAWTIO_KEYCLOAK_CLIENT_CONFIG) != null) {
            configParameter = System.getProperty(KeycloakServlet.HAWTIO_KEYCLOAK_CLIENT_CONFIG);
        }
        String str = isXFrameSameOriginAllowed() ? "'self'" : "'none'";
        boolean z = false;
        if (configParameter != null && !configParameter.trim().equals("")) {
            try {
                InputStream loadFile = ServletHelpers.loadFile(configParameter);
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(loadFile));
                    try {
                        URI create = URI.create((String) ServletHelpers.readObject(bufferedReader).get("url"));
                        LOG.info("Found Keycloak URL: {}", create);
                        String str2 = create.getScheme() + "://" + create.getHost();
                        if (create.getPort() >= 0) {
                            str2 = str2 + ParameterizedMessage.ERROR_MSG_SEPARATOR + create.getPort();
                        }
                        this.policy = String.format(POLICY_TEMPLATE, str2, str2, str2, str);
                        z = true;
                        bufferedReader.close();
                        if (loadFile != null) {
                            loadFile.close();
                        }
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (IOException e) {
                LOG.error("Can't read keycloak configuration file", (Throwable) e);
            }
        }
        if (z) {
            return;
        }
        this.policy = String.format(POLICY_TEMPLATE, "", "", "", str);
    }

    @Override // io.hawt.web.filters.HttpHeaderFilter
    protected void addHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader(HttpHeaders.CONTENT_SECURITY_POLICY, this.policy);
    }
}
