package org.apache.ambari.server.security;

import com.google.inject.Inject;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/security/AbstractSecurityHeaderFilter.class */
public abstract class AbstractSecurityHeaderFilter implements Filter {
    protected static final String STRICT_TRANSPORT_HEADER = "Strict-Transport-Security";
    protected static final String X_FRAME_OPTIONS_HEADER = "X-Frame-Options";
    protected static final String X_XSS_PROTECTION_HEADER = "X-XSS-Protection";
    protected static final String X_CONTENT_TYPE_HEADER = "X-Content-Type-Options";
    protected static final String CACHE_CONTROL_HEADER = "Cache-Control";
    protected static final String PRAGMA_HEADER = "Pragma";
    private static final Logger LOG = LoggerFactory.getLogger(AbstractSecurityHeaderFilter.class);
    protected static final String DENY_HEADER_OVERRIDES_FLAG = "deny.header.overrides.flag";

    @Inject
    private Configuration configuration;
    private boolean sslEnabled = true;
    private String strictTransportSecurity = Configuration.HTTP_STRICT_TRANSPORT_HEADER_VALUE.getDefaultValue();
    private String xFrameOptionsHeader = Configuration.HTTP_X_FRAME_OPTIONS_HEADER_VALUE.getDefaultValue();
    private String xXSSProtectionHeader = Configuration.HTTP_X_XSS_PROTECTION_HEADER_VALUE.getDefaultValue();
    private String xContentTypeHeader = Configuration.HTTP_X_CONTENT_TYPE_HEADER_VALUE.getDefaultValue();
    private String cacheControlHeader = Configuration.HTTP_CACHE_CONTROL_HEADER_VALUE.getDefaultValue();
    private String pragmaHeader = Configuration.HTTP_PRAGMA_HEADER_VALUE.getDefaultValue();
    private String charset = Configuration.HTTP_CHARSET.getDefaultValue();

    public void init(FilterConfig filterConfig) throws ServletException {
        LOG.debug("Initializing {}", getClass().getName());
        if (this.configuration == null) {
            LOG.warn("The Ambari configuration object is not available, all default options will be assumed.");
        } else {
            processConfig(this.configuration);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (checkPrerequisites(servletRequest)) {
            doFilterInternal(servletRequest, servletResponse);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected abstract boolean checkPrerequisites(ServletRequest servletRequest);

    public void destroy() {
        LOG.debug("Destroying {}", getClass().getName());
    }

    protected abstract void processConfig(Configuration configuration);

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSslEnabled(boolean z) {
        this.sslEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setStrictTransportSecurity(String str) {
        this.strictTransportSecurity = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setxFrameOptionsHeader(String str) {
        this.xFrameOptionsHeader = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setxXSSProtectionHeader(String str) {
        this.xXSSProtectionHeader = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setXContentTypeHeader(String str) {
        this.xContentTypeHeader = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCacheControlHeader(String str) {
        this.cacheControlHeader = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setPragmaHeader(String str) {
        this.pragmaHeader = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCharset(String str) {
        this.charset = str;
    }

    private void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (servletResponse instanceof HttpServletResponse) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (this.sslEnabled && !StringUtils.isEmpty(this.strictTransportSecurity)) {
                httpServletResponse.setHeader(STRICT_TRANSPORT_HEADER, this.strictTransportSecurity);
            }
            if (!StringUtils.isEmpty(this.xFrameOptionsHeader)) {
                httpServletResponse.setHeader(X_FRAME_OPTIONS_HEADER, this.xFrameOptionsHeader);
            }
            if (!StringUtils.isEmpty(this.xXSSProtectionHeader)) {
                httpServletResponse.setHeader(X_XSS_PROTECTION_HEADER, this.xXSSProtectionHeader);
            }
            if (!StringUtils.isEmpty(this.xContentTypeHeader)) {
                httpServletResponse.setHeader(X_CONTENT_TYPE_HEADER, this.xContentTypeHeader);
            }
            if (!StringUtils.isEmpty(this.cacheControlHeader)) {
                httpServletResponse.setHeader(CACHE_CONTROL_HEADER, this.cacheControlHeader);
            }
            if (!StringUtils.isEmpty(this.pragmaHeader)) {
                httpServletResponse.setHeader(PRAGMA_HEADER, this.pragmaHeader);
            }
            if (StringUtils.isEmpty(this.charset)) {
                return;
            }
            httpServletResponse.setCharacterEncoding(this.charset);
        }
    }
}
