package org.apereo.cas.config;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import java.io.IOException;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apache.catalina.filters.CsrfPreventionFilter;
import org.apache.catalina.filters.RemoteAddrFilter;
import org.apache.catalina.filters.RequestFilter;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.features.CasFeatureModule;
import org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatRemoteAddressProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.spring.boot.ConditionalOnFeatureEnabled;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.HttpStatus;

@AutoConfiguration
@ConditionalOnFeatureEnabled(feature = {CasFeatureModule.FeatureCatalog.ApacheTomcat})
/* loaded from: input_file:org/apereo/cas/config/CasEmbeddedContainerTomcatFiltersConfiguration.class */
class CasEmbeddedContainerTomcatFiltersConfiguration {

    /* loaded from: input_file:org/apereo/cas/config/CasEmbeddedContainerTomcatFiltersConfiguration$ClientInfoRemoteAddrFilter.class */
    private static final class ClientInfoRemoteAddrFilter extends RequestFilter {
        private final Log logger = LogFactory.getLog(ClientInfoRemoteAddrFilter.class);

        private ClientInfoRemoteAddrFilter() {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
            Optional map = Optional.ofNullable(ClientInfoHolder.getClientInfo()).map((v0) -> {
                return v0.getClientIpAddress();
            });
            Objects.requireNonNull(servletRequest);
            String str = (String) map.orElseGet(servletRequest::getRemoteAddr);
            this.logger.trace(String.format("Remote address to process is [%s]", str));
            process(str, servletRequest, servletResponse, filterChain);
        }

        @Generated
        protected Log getLogger() {
            return this.logger;
        }
    }

    CasEmbeddedContainerTomcatFiltersConfiguration() {
    }

    @ConditionalOnMissingBean(name = {"tomcatCsrfPreventionFilter"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public FilterRegistrationBean<CsrfPreventionFilter> tomcatCsrfPreventionFilter(CasConfigurationProperties casConfigurationProperties) {
        FilterRegistrationBean<CsrfPreventionFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new CsrfPreventionFilter());
        filterRegistrationBean.setUrlPatterns(CollectionUtils.wrap("/*"));
        filterRegistrationBean.setName("tomcatCsrfPreventionFilter");
        filterRegistrationBean.setAsyncSupported(true);
        filterRegistrationBean.setEnabled(casConfigurationProperties.getServer().getTomcat().getCsrf().isEnabled());
        return filterRegistrationBean;
    }

    @ConditionalOnMissingBean(name = {"tomcatRemoteAddressFilter"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public FilterRegistrationBean<RemoteAddrFilter> tomcatRemoteAddressFilter(CasConfigurationProperties casConfigurationProperties) {
        FilterRegistrationBean<RemoteAddrFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        CasEmbeddedApacheTomcatRemoteAddressProperties remoteAddr = casConfigurationProperties.getServer().getTomcat().getRemoteAddr();
        ClientInfoRemoteAddrFilter clientInfoRemoteAddrFilter = new ClientInfoRemoteAddrFilter();
        clientInfoRemoteAddrFilter.setAllow(remoteAddr.getAllowedClientIpAddressRegex());
        clientInfoRemoteAddrFilter.setDeny(remoteAddr.getDeniedClientIpAddressRegex());
        clientInfoRemoteAddrFilter.setDenyStatus(HttpStatus.UNAUTHORIZED.value());
        filterRegistrationBean.setFilter(clientInfoRemoteAddrFilter);
        filterRegistrationBean.setUrlPatterns(CollectionUtils.wrap("/*"));
        filterRegistrationBean.setName("tomcatRemoteAddressFilter");
        filterRegistrationBean.setEnabled(remoteAddr.isEnabled());
        filterRegistrationBean.setAsyncSupported(true);
        return filterRegistrationBean;
    }

    @ConditionalOnMissingBean(name = {"tomcatAsyncRequestsFilter"})
    @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
    @Bean
    public FilterRegistrationBean<RemoteAddrFilter> tomcatAsyncRequestsFilter(CasConfigurationProperties casConfigurationProperties) {
        FilterRegistrationBean<RemoteAddrFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new Filter(this) { // from class: org.apereo.cas.config.CasEmbeddedContainerTomcatFiltersConfiguration.1
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                servletRequest.setAttribute("org.apache.catalina.ASYNC_SUPPORTED", true);
                filterChain.doFilter(servletRequest, servletResponse);
            }
        });
        filterRegistrationBean.setUrlPatterns(CollectionUtils.wrap("/*"));
        filterRegistrationBean.setName("tomcatRemoteAddressFilter");
        filterRegistrationBean.setEnabled(true);
        filterRegistrationBean.setAsyncSupported(true);
        filterRegistrationBean.setOrder(Integer.MIN_VALUE);
        return filterRegistrationBean;
    }
}
