package org.apache.catalina.filters;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-8.5.43.jar:org/apache/catalina/filters/HttpHeaderSecurityFilter.class */
public class HttpHeaderSecurityFilter extends FilterBase {
    private static final String HSTS_HEADER_NAME = "Strict-Transport-Security";
    private String hstsHeaderValue;
    private static final String ANTI_CLICK_JACKING_HEADER_NAME = "X-Frame-Options";
    private URI antiClickJackingUri;
    private String antiClickJackingHeaderValue;
    private static final String BLOCK_CONTENT_TYPE_SNIFFING_HEADER_NAME = "X-Content-Type-Options";
    private static final String BLOCK_CONTENT_TYPE_SNIFFING_HEADER_VALUE = "nosniff";
    private static final String XSS_PROTECTION_HEADER_NAME = "X-XSS-Protection";
    private static final String XSS_PROTECTION_HEADER_VALUE = "1; mode=block";
    private final Log log = LogFactory.getLog((Class<?>) HttpHeaderSecurityFilter.class);
    private boolean hstsEnabled = true;
    private int hstsMaxAgeSeconds = 0;
    private boolean hstsIncludeSubDomains = false;
    private boolean hstsPreload = false;
    private boolean antiClickJackingEnabled = true;
    private XFrameOption antiClickJackingOption = XFrameOption.DENY;
    private boolean blockContentTypeSniffingEnabled = true;
    private boolean xssProtectionEnabled = true;

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-8.5.43.jar:org/apache/catalina/filters/HttpHeaderSecurityFilter$XFrameOption.class */
    private enum XFrameOption {
        DENY("DENY"),
        SAME_ORIGIN("SAMEORIGIN"),
        ALLOW_FROM("ALLOW-FROM");

        private final String headerValue;

        XFrameOption(String str) {
            this.headerValue = str;
        }

        public String getHeaderValue() {
            return this.headerValue;
        }
    }

    @Override // org.apache.catalina.filters.FilterBase, javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        StringBuilder sb = new StringBuilder("max-age=");
        sb.append(this.hstsMaxAgeSeconds);
        if (this.hstsIncludeSubDomains) {
            sb.append(";includeSubDomains");
        }
        if (this.hstsPreload) {
            sb.append(";preload");
        }
        this.hstsHeaderValue = sb.toString();
        StringBuilder sb2 = new StringBuilder(this.antiClickJackingOption.headerValue);
        if (this.antiClickJackingOption == XFrameOption.ALLOW_FROM) {
            sb2.append(' ');
            sb2.append(this.antiClickJackingUri);
        }
        this.antiClickJackingHeaderValue = sb2.toString();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletResponse instanceof HttpServletResponse) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (servletResponse.isCommitted()) {
                throw new ServletException(sm.getString("httpHeaderSecurityFilter.committed"));
            }
            if (this.hstsEnabled && servletRequest.isSecure()) {
                httpServletResponse.setHeader(HSTS_HEADER_NAME, this.hstsHeaderValue);
            }
            if (this.antiClickJackingEnabled) {
                httpServletResponse.setHeader(ANTI_CLICK_JACKING_HEADER_NAME, this.antiClickJackingHeaderValue);
            }
            if (this.blockContentTypeSniffingEnabled) {
                httpServletResponse.setHeader(BLOCK_CONTENT_TYPE_SNIFFING_HEADER_NAME, BLOCK_CONTENT_TYPE_SNIFFING_HEADER_VALUE);
            }
            if (this.xssProtectionEnabled) {
                httpServletResponse.setHeader(XSS_PROTECTION_HEADER_NAME, XSS_PROTECTION_HEADER_VALUE);
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.filters.FilterBase
    public Log getLogger() {
        return this.log;
    }

    @Override // org.apache.catalina.filters.FilterBase
    protected boolean isConfigProblemFatal() {
        return true;
    }

    public boolean isHstsEnabled() {
        return this.hstsEnabled;
    }

    public void setHstsEnabled(boolean z) {
        this.hstsEnabled = z;
    }

    public int getHstsMaxAgeSeconds() {
        return this.hstsMaxAgeSeconds;
    }

    public void setHstsMaxAgeSeconds(int i) {
        if (i < 0) {
            this.hstsMaxAgeSeconds = 0;
        } else {
            this.hstsMaxAgeSeconds = i;
        }
    }

    public boolean isHstsIncludeSubDomains() {
        return this.hstsIncludeSubDomains;
    }

    public void setHstsIncludeSubDomains(boolean z) {
        this.hstsIncludeSubDomains = z;
    }

    public boolean isHstsPreload() {
        return this.hstsPreload;
    }

    public void setHstsPreload(boolean z) {
        this.hstsPreload = z;
    }

    public boolean isAntiClickJackingEnabled() {
        return this.antiClickJackingEnabled;
    }

    public void setAntiClickJackingEnabled(boolean z) {
        this.antiClickJackingEnabled = z;
    }

    public String getAntiClickJackingOption() {
        return this.antiClickJackingOption.toString();
    }

    public void setAntiClickJackingOption(String str) {
        for (XFrameOption xFrameOption : XFrameOption.values()) {
            if (xFrameOption.getHeaderValue().equalsIgnoreCase(str)) {
                this.antiClickJackingOption = xFrameOption;
                return;
            }
        }
        throw new IllegalArgumentException(sm.getString("httpHeaderSecurityFilter.clickjack.invalid", str));
    }

    public String getAntiClickJackingUri() {
        return this.antiClickJackingUri.toString();
    }

    public boolean isBlockContentTypeSniffingEnabled() {
        return this.blockContentTypeSniffingEnabled;
    }

    public void setBlockContentTypeSniffingEnabled(boolean z) {
        this.blockContentTypeSniffingEnabled = z;
    }

    public void setAntiClickJackingUri(String str) {
        try {
            this.antiClickJackingUri = new URI(str);
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public boolean isXssProtectionEnabled() {
        return this.xssProtectionEnabled;
    }

    public void setXssProtectionEnabled(boolean z) {
        this.xssProtectionEnabled = z;
    }
}
