package org.apereo.cas.security;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;

/* loaded from: input_file:WEB-INF/lib/cas-server-security-filter-2.0.10.2.jar:org/apereo/cas/security/ResponseHeadersEnforcementFilter.class */
public class ResponseHeadersEnforcementFilter extends AbstractSecurityFilter implements Filter {
    private static final Logger LOGGER = Logger.getLogger(ResponseHeadersEnforcementFilter.class.getName());
    private static final String INIT_PARAM_ENABLE_CACHE_CONTROL = "enableCacheControl";
    private static final String INIT_PARAM_ENABLE_XCONTENT_OPTIONS = "enableXContentTypeOptions";
    private static final String INIT_PARAM_ENABLE_STRICT_TRANSPORT_SECURITY = "enableStrictTransportSecurity";
    private static final String INIT_PARAM_ENABLE_STRICT_XFRAME_OPTIONS = "enableXFrameOptions";
    private static final String INIT_PARAM_STRICT_XFRAME_OPTIONS = "XFrameOptions";
    private static final String INIT_PARAM_ENABLE_XSS_PROTECTION = "enableXSSProtection";
    private static final String INIT_PARAM_XSS_PROTECTION = "XSSProtection";
    private static final String INIT_PARAM_CONTENT_SECURITY_POLICY = "contentSecurityPolicy";
    private boolean enableCacheControl;
    private boolean enableXContentTypeOptions;
    private boolean enableStrictTransportSecurity;
    private boolean enableXFrameOptions;
    private boolean enableXSSProtection;
    private String contentSecurityPolicy;
    private String XFrameOptions = "DENY";
    private String XSSProtection = "1; mode=block";

    public void setXSSProtection(String str) {
        this.XSSProtection = str;
    }

    public void setXFrameOptions(String str) {
        this.XFrameOptions = str;
    }

    public void setEnableStrictTransportSecurity(boolean z) {
        this.enableStrictTransportSecurity = z;
    }

    public void setEnableCacheControl(boolean z) {
        this.enableCacheControl = z;
    }

    public void setEnableXContentTypeOptions(boolean z) {
        this.enableXContentTypeOptions = z;
    }

    public void setEnableXFrameOptions(boolean z) {
        this.enableXFrameOptions = z;
    }

    public void setEnableXSSProtection(boolean z) {
        this.enableXSSProtection = z;
    }

    public void setContentSecurityPolicy(String str) {
        this.contentSecurityPolicy = str;
    }

    public ResponseHeadersEnforcementFilter() {
        FilterUtils.configureLogging(getLoggerHandlerClassName(), LOGGER);
    }

    @Override // org.apereo.cas.security.AbstractSecurityFilter
    public void setLoggerHandlerClassName(String str) {
        super.setLoggerHandlerClassName(str);
        FilterUtils.configureLogging(getLoggerHandlerClassName(), LOGGER);
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        FilterUtils.configureLogging(getLoggerHandlerClassName(), LOGGER);
        throwIfUnrecognizedParamName(filterConfig.getInitParameterNames());
        String initParameter = filterConfig.getInitParameter(INIT_PARAM_ENABLE_CACHE_CONTROL);
        String initParameter2 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_XCONTENT_OPTIONS);
        String initParameter3 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_STRICT_TRANSPORT_SECURITY);
        String initParameter4 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_STRICT_XFRAME_OPTIONS);
        String initParameter5 = filterConfig.getInitParameter(INIT_PARAM_ENABLE_XSS_PROTECTION);
        try {
            this.enableCacheControl = FilterUtils.parseStringToBooleanDefaultingToFalse(initParameter);
        } catch (Exception e) {
            FilterUtils.logException(LOGGER, new ServletException("Error parsing parameter [enableCacheControl] with value [" + initParameter + "]", e));
        }
        try {
            this.enableXContentTypeOptions = FilterUtils.parseStringToBooleanDefaultingToFalse(initParameter2);
        } catch (Exception e2) {
            FilterUtils.logException(LOGGER, new ServletException("Error parsing parameter [enableXContentTypeOptions] with value [" + initParameter2 + "]", e2));
        }
        try {
            this.enableStrictTransportSecurity = FilterUtils.parseStringToBooleanDefaultingToFalse(initParameter3);
        } catch (Exception e3) {
            FilterUtils.logException(LOGGER, new ServletException("Error parsing parameter [enableStrictTransportSecurity] with value [" + initParameter3 + "]", e3));
        }
        try {
            this.enableXFrameOptions = FilterUtils.parseStringToBooleanDefaultingToFalse(initParameter4);
            if (this.enableXFrameOptions) {
                this.XFrameOptions = filterConfig.getInitParameter(INIT_PARAM_STRICT_XFRAME_OPTIONS);
                if (this.XFrameOptions == null || this.XFrameOptions.isEmpty()) {
                    this.XFrameOptions = "DENY";
                }
            }
        } catch (Exception e4) {
            FilterUtils.logException(LOGGER, new ServletException("Error parsing parameter [enableXFrameOptions] with value [" + initParameter4 + "]", e4));
        }
        try {
            this.enableXSSProtection = FilterUtils.parseStringToBooleanDefaultingToFalse(initParameter5);
            if (this.enableXSSProtection) {
                this.XSSProtection = filterConfig.getInitParameter(INIT_PARAM_XSS_PROTECTION);
                if (this.XSSProtection == null || this.XSSProtection.isEmpty()) {
                    this.XSSProtection = "1; mode=block";
                }
            }
        } catch (Exception e5) {
            FilterUtils.logException(LOGGER, new ServletException("Error parsing parameter [enableXSSProtection] with value [" + initParameter5 + "]", e5));
        }
        this.contentSecurityPolicy = filterConfig.getInitParameter(INIT_PARAM_CONTENT_SECURITY_POLICY);
    }

    static void throwIfUnrecognizedParamName(Enumeration enumeration) {
        HashSet hashSet = new HashSet();
        hashSet.add(INIT_PARAM_ENABLE_CACHE_CONTROL);
        hashSet.add(INIT_PARAM_ENABLE_XCONTENT_OPTIONS);
        hashSet.add(INIT_PARAM_ENABLE_STRICT_TRANSPORT_SECURITY);
        hashSet.add(INIT_PARAM_ENABLE_STRICT_XFRAME_OPTIONS);
        hashSet.add(INIT_PARAM_STRICT_XFRAME_OPTIONS);
        hashSet.add(INIT_PARAM_CONTENT_SECURITY_POLICY);
        hashSet.add(AbstractSecurityFilter.LOGGER_HANDLER_CLASS_NAME);
        hashSet.add(INIT_PARAM_ENABLE_XSS_PROTECTION);
        hashSet.add(INIT_PARAM_XSS_PROTECTION);
        while (enumeration.hasMoreElements()) {
            String str = (String) enumeration.nextElement();
            if (!hashSet.contains(str)) {
                FilterUtils.logException(LOGGER, new ServletException("Unrecognized init parameter [" + str + "].  Failing safe.  Typo in the web.xml configuration?  Misunderstanding about the configuration " + RequestParameterPolicyEnforcementFilter.class.getSimpleName() + " expects?"));
            }
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            if (servletResponse instanceof HttpServletResponse) {
                HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                decideInsertCacheControlHeader(httpServletResponse, httpServletRequest);
                decideInsertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest);
                decideInsertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest);
                decideInsertXFrameOptionsHeader(httpServletResponse, httpServletRequest);
                decideInsertXSSProtectionHeader(httpServletResponse, httpServletRequest);
                decideInsertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest);
            }
        } catch (Exception e) {
            FilterUtils.logException(LOGGER, new ServletException(getClass().getSimpleName() + " is blocking this request. Examine the cause in this stack trace to understand why.", e));
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertContentSecurityPolicyHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        if (this.contentSecurityPolicy == null) {
            return;
        }
        insertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertContentSecurityPolicyHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("Content-Security-Policy", this.contentSecurityPolicy);
        LOGGER.fine("Adding Content-Security-Policy response header " + this.contentSecurityPolicy + " for " + requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertXSSProtectionHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        if (this.enableXSSProtection) {
            insertXSSProtectionHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertXSSProtectionHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("X-XSS-Protection", this.XSSProtection);
        LOGGER.fine("Adding X-XSS Protection " + this.XSSProtection + " response headers for " + requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertXFrameOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        if (this.enableXFrameOptions) {
            insertXFrameOptionsHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertXFrameOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("X-Frame-Options", this.XFrameOptions);
        LOGGER.fine("Adding X-Frame Options " + this.XFrameOptions + " response headers for [{}]" + requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertXContentTypeOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        if (this.enableXContentTypeOptions) {
            insertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertXContentTypeOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
        LOGGER.fine("Adding X-Content Type response headers for " + requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertCacheControlHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        if (this.enableCacheControl) {
            insertCacheControlHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertCacheControlHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.endsWith(".css") || requestURI.endsWith(".js") || requestURI.endsWith(".png") || requestURI.endsWith(".txt") || requestURI.endsWith(".jpg") || requestURI.endsWith(".ico") || requestURI.endsWith(".jpeg") || requestURI.endsWith(".bmp") || requestURI.endsWith(".gif")) {
            return;
        }
        httpServletResponse.addHeader("Cache-Control", CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
        httpServletResponse.addHeader("Pragma", "no-cache");
        httpServletResponse.addIntHeader("Expires", 0);
        LOGGER.fine("Adding Cache Control response headers for " + requestURI);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decideInsertStrictTransportSecurityHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        if (this.enableStrictTransportSecurity) {
            insertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertStrictTransportSecurityHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        if (httpServletRequest.isSecure()) {
            String requestURI = httpServletRequest.getRequestURI();
            httpServletResponse.addHeader("Strict-Transport-Security", "max-age=15768000 ; includeSubDomains");
            LOGGER.fine("Adding HSTS response headers for " + requestURI);
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
