package org.apache.shiro.biz.web.filter;

import java.util.Optional;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/HttpServletRequestHeaderFilter.class */
public class HttpServletRequestHeaderFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServletRequestHeaderFilter.class);
    public static final String FEATURE_POLICY_KEY = "Feature-Policy";
    private final HttpServletHeaderProperties properties;

    public HttpServletRequestHeaderFilter(HttpServletHeaderProperties httpServletHeaderProperties) {
        this.properties = httpServletHeaderProperties;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        setHeader(http2, "Access-Control-Allow-Credentials", Boolean.toString(this.properties.isAccessControlAllowCredentials()));
        Optional.ofNullable(this.properties.getAccessControlAllowMethods()).ifPresent(str -> {
            setHeader(http2, "Access-Control-Allow-Methods", this.properties.getAccessControlAllowMethods());
        });
        if (this.properties.isAccessControlAllowCredentials()) {
            Optional.ofNullable(this.properties.getAccessControlAllowHeaders()).ifPresent(str2 -> {
                setHeader(http2, "Access-Control-Allow-Headers", this.properties.getAccessControlAllowHeaders());
            });
            Optional.ofNullable(this.properties.getAccessControlAllowOrigin()).ifPresent(str3 -> {
                setHeader(http2, "Access-Control-Allow-Origin", this.properties.getAccessControlAllowOrigin());
            });
            Optional.ofNullable(this.properties.getAccessControlExposeHeaders()).ifPresent(str4 -> {
                setHeader(http2, "Access-Control-Expose-Headers", this.properties.getAccessControlExposeHeaders());
            });
        } else {
            setHeader(http2, "Access-Control-Allow-Headers", HttpServletHeaderProperties.DEFAULT_ACCESS_CONTROL_ALLOW_ALL);
            setHeader(http2, "Access-Control-Allow-Origin", HttpServletHeaderProperties.DEFAULT_ACCESS_CONTROL_ALLOW_ALL);
            setHeader(http2, "Access-Control-Expose-Headers", HttpServletHeaderProperties.DEFAULT_ACCESS_CONTROL_ALLOW_ALL);
        }
        Optional.ofNullable(this.properties.getAccessControlMaxAge()).ifPresent(str5 -> {
            setHeader(http2, "Access-Control-Max-Age", this.properties.getAccessControlMaxAge());
        });
        Optional.ofNullable(this.properties.getCacheControl()).ifPresent(str6 -> {
            setHeader(http2, "Cache-Control", this.properties.getCacheControl());
        });
        Optional.ofNullable(this.properties.getContentSecurityPolicy()).ifPresent(str7 -> {
            setHeader(http2, "X-Content-Security-Policy", this.properties.getContentSecurityPolicy());
        });
        Optional.ofNullable(this.properties.getContentSecurityPolicyReportOnly()).ifPresent(str8 -> {
            setHeader(http2, "X-Content-Security-Policy-Report-Only", this.properties.getContentSecurityPolicyReportOnly());
        });
        Optional.ofNullable(this.properties.getReferrerPolicy()).ifPresent(str9 -> {
            setHeader(http2, FEATURE_POLICY_KEY, this.properties.getReferrerPolicy());
        });
        Optional.ofNullable(this.properties.getFeaturePolicy()).ifPresent(str10 -> {
            setHeader(http2, "Referrer-Policy", this.properties.getFeaturePolicy());
        });
        Optional.ofNullable(this.properties.getStrictTransportSecurity()).ifPresent(str11 -> {
            setHeader(http2, "Strict-Transport-Security", this.properties.getStrictTransportSecurity());
        });
        Optional.ofNullable(this.properties.getTimingAllowOrigin()).ifPresent(str12 -> {
            setHeader(http2, "Timing-Allow-Origin", this.properties.getTimingAllowOrigin());
        });
        Optional.ofNullable(this.properties.getTimingAllowOrigin()).ifPresent(str13 -> {
            setHeader(http2, "X-Content-Type-Options", this.properties.getXContentTypeOptions());
        });
        Optional.ofNullable(this.properties.getXDnsPrefetchControl()).ifPresent(str14 -> {
            setHeader(http2, "X-DNS-Prefetch-Control", this.properties.getXDnsPrefetchControl());
        });
        Optional.ofNullable(this.properties.getXFrameOptions()).ifPresent(str15 -> {
            setHeader(http2, "X-Frame-Options", this.properties.getXFrameOptions());
        });
        Optional.ofNullable(this.properties.getXXssProtection()).ifPresent(str16 -> {
            setHeader(http2, "X-XSS-Protection", this.properties.getXXssProtection());
        });
        if (!http.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return true;
        }
        http2.setStatus(HttpStatus.SC_OK);
        return false;
    }

    protected void setHeader(HttpServletResponse httpServletResponse, String str, String str2) {
        if (!StringUtils.hasText(str2) || httpServletResponse.getHeaderNames().stream().anyMatch(str3 -> {
            return StringUtils.equalsIgnoreCase(str3, str);
        })) {
            return;
        }
        httpServletResponse.setHeader(str, str2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Filter:{} Set HTTP HEADER: {}:{}.", new Object[]{getName(), str, str2});
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        if (!http.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return false;
        }
        http2.setStatus(HttpStatus.SC_OK);
        return false;
    }
}
