package org.apereo.cas.services.web.support;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Map;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:org/apereo/cas/services/web/support/RegisteredServiceResponseHeadersEnforcementFilter.class */
public class RegisteredServiceResponseHeadersEnforcementFilter extends ResponseHeadersEnforcementFilter {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RegisteredServiceResponseHeadersEnforcementFilter.class);
    private final ObjectProvider<ServicesManager> servicesManagerProvider;
    private final ObjectProvider<ArgumentExtractor> argumentExtractor;
    private final ObjectProvider<AuthenticationServiceSelectionPlan> authenticationRequestServiceSelectionStrategies;
    private final ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;
    private final WebEndpointProperties webEndpointProperties;

    private static String getStringProperty(Optional<RegisteredService> optional, RegisteredServiceProperty.RegisteredServiceProperties registeredServiceProperties) {
        if (!optional.isPresent()) {
            LOGGER.trace("Resolved registered service from request can not be located");
            return null;
        }
        RegisteredService registeredService = optional.get();
        LOGGER.trace("Resolved registered service [{}] from request to enforce response headers", registeredService);
        Map properties = registeredService.getProperties();
        if (properties.containsKey(registeredServiceProperties.getPropertyName())) {
            return ((RegisteredServiceProperty) properties.get(registeredServiceProperties.getPropertyName())).value();
        }
        LOGGER.trace("Resolved registered service [{}] from request does not contain a property definition for [{}]", registeredService.getName(), registeredServiceProperties.getPropertyName());
        return null;
    }

    private static Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse(Optional<RegisteredService> optional, RegisteredServiceProperty.RegisteredServiceProperties registeredServiceProperties) {
        String stringProperty = getStringProperty(optional, registeredServiceProperties);
        return stringProperty != null ? Optional.of(Boolean.valueOf(BooleanUtils.toBoolean(stringProperty))) : Optional.empty();
    }

    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    protected Optional<RegisteredService> prepareFilterBeforeExecution(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Throwable {
        WebApplicationService extractService;
        if (!httpServletRequest.getRequestURI().contains(this.webEndpointProperties.getBasePath()) && (extractService = ((ArgumentExtractor) this.argumentExtractor.getObject()).extractService(httpServletRequest)) != null) {
            LOGGER.trace("Attempting to resolve service for [{}]", extractService);
            Service resolveService = ((AuthenticationServiceSelectionPlan) this.authenticationRequestServiceSelectionStrategies.getObject()).resolveService(extractService);
            ServicesManager servicesManager = (ServicesManager) this.servicesManagerProvider.getObject();
            RegisteredService findServiceBy = NumberUtils.isCreatable(resolveService.getId()) ? servicesManager.findServiceBy(Long.parseLong(resolveService.getId())) : servicesManager.findServiceBy(resolveService);
            AuditableExecutionResult execute = ((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).execute(AuditableContext.builder().registeredService(findServiceBy).service(extractService).build());
            if (!execute.isExecutionFailure()) {
                return Optional.of(findServiceBy);
            }
            httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
            httpServletRequest.setAttribute("jakarta.servlet.error.exception", execute.getException().orElse(null));
            return Optional.empty();
        }
        return Optional.empty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertContentSecurityPolicyHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<RegisteredService> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CONTENT_SECURITY_POLICY);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            insertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("ContentSecurityPolicy header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertXSSProtectionHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<RegisteredService> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XSS_PROTECTION);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertXSSProtectionHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            insertXSSProtectionHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("XSSProtection header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertXFrameOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<RegisteredService> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XFRAME_OPTIONS);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertXFrameOptionsHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            insertXFrameOptionsHeader(httpServletResponse, httpServletRequest, getStringProperty(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_XFRAME_OPTIONS));
        } else {
            LOGGER.trace("XFrameOptions header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertXContentTypeOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<RegisteredService> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XCONTENT_OPTIONS);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            insertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("XContentOptions header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertCacheControlHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<RegisteredService> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CACHE_CONTROL);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertCacheControlHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            insertCacheControlHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("EnableCacheControl header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertStrictTransportSecurityHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<RegisteredService> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_STRICT_TRANSPORT_SECURITY);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            insertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest, (String) StringUtils.defaultIfBlank(getStringProperty(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_STRICT_TRANSPORT_SECURITY), getStrictTransportSecurityHeader()));
        } else {
            LOGGER.trace("StrictTransportSecurity header disabled by service definition");
        }
    }

    @Generated
    public RegisteredServiceResponseHeadersEnforcementFilter(ObjectProvider<ServicesManager> objectProvider, ObjectProvider<ArgumentExtractor> objectProvider2, ObjectProvider<AuthenticationServiceSelectionPlan> objectProvider3, ObjectProvider<AuditableExecution> objectProvider4, WebEndpointProperties webEndpointProperties) {
        this.servicesManagerProvider = objectProvider;
        this.argumentExtractor = objectProvider2;
        this.authenticationRequestServiceSelectionStrategies = objectProvider3;
        this.registeredServiceAccessStrategyEnforcer = objectProvider4;
        this.webEndpointProperties = webEndpointProperties;
    }
}
