package org.apereo.cas.services.web.support;

import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-web-api-6.5.1.jar:org/apereo/cas/services/web/support/RegisteredServiceResponseHeadersEnforcementFilter.class */
public class RegisteredServiceResponseHeadersEnforcementFilter extends ResponseHeadersEnforcementFilter {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RegisteredServiceResponseHeadersEnforcementFilter.class);
    private final ServicesManager servicesManager;
    private final ArgumentExtractor argumentExtractor;
    private final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies;
    private final AuditableExecution registeredServiceAccessStrategyEnforcer;

    private static String getStringProperty(Optional<Object> optional, RegisteredServiceProperty.RegisteredServiceProperties registeredServiceProperties) {
        if (!optional.isPresent()) {
            LOGGER.trace("Resolved registered service from request can not be located");
            return null;
        }
        RegisteredService registeredService = (RegisteredService) RegisteredService.class.cast(optional.get());
        LOGGER.trace("Resolved registered service [{}] from request to enforce response headers", registeredService);
        Map<String, RegisteredServiceProperty> properties = registeredService.getProperties();
        if (properties.containsKey(registeredServiceProperties.getPropertyName())) {
            return properties.get(registeredServiceProperties.getPropertyName()).getValue();
        }
        LOGGER.trace("Resolved registered service [{}] from request does not contain a property definition for [{}]", registeredService.getName(), registeredServiceProperties.getPropertyName());
        return null;
    }

    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    protected Optional<Object> prepareFilterBeforeExecution(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        try {
            return getRegisteredServiceFromRequest(httpServletRequest);
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
            return Optional.empty();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertContentSecurityPolicyHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CONTENT_SECURITY_POLICY);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            super.insertContentSecurityPolicyHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("ContentSecurityPolicy header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertXSSProtectionHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XSS_PROTECTION);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertXSSProtectionHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            super.insertXSSProtectionHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("XSSProtection header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertXFrameOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XFRAME_OPTIONS);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertXFrameOptionsHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            super.insertXFrameOptionsHeader(httpServletResponse, httpServletRequest, getStringProperty(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_XFRAME_OPTIONS));
        } else {
            LOGGER.trace("XFrameOptions header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertXContentTypeOptionsHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XCONTENT_OPTIONS);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            super.insertXContentTypeOptionsHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("XContentOptions header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertCacheControlHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CACHE_CONTROL);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertCacheControlHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            super.insertCacheControlHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("EnableCacheControl header disabled by service definition");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter
    public void decideInsertStrictTransportSecurityHeader(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, Optional<Object> optional) {
        Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse = shouldHttpHeaderBeInjectedIntoResponse(optional, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_STRICT_TRANSPORT_SECURITY);
        if (!shouldHttpHeaderBeInjectedIntoResponse.isPresent()) {
            super.decideInsertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest, optional);
        } else if (shouldHttpHeaderBeInjectedIntoResponse.get().booleanValue()) {
            super.insertStrictTransportSecurityHeader(httpServletResponse, httpServletRequest);
        } else {
            LOGGER.trace("StrictTransportSecurity header disabled by service definition");
        }
    }

    private static Optional<Boolean> shouldHttpHeaderBeInjectedIntoResponse(Optional<Object> optional, RegisteredServiceProperty.RegisteredServiceProperties registeredServiceProperties) {
        String stringProperty = getStringProperty(optional, registeredServiceProperties);
        return stringProperty != null ? Optional.of(Boolean.valueOf(BooleanUtils.toBoolean(stringProperty))) : Optional.empty();
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    private Optional<Object> getRegisteredServiceFromRequest(HttpServletRequest httpServletRequest) {
        WebApplicationService extractService = this.argumentExtractor.extractService(httpServletRequest);
        if (extractService == null) {
            LOGGER.trace("Service could not be extracted from request to enforce response headers");
            return Optional.empty();
        }
        LOGGER.trace("Attempting to resolve service for [{}]", extractService);
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(this.authenticationRequestServiceSelectionStrategies.resolveService(extractService));
        this.registeredServiceAccessStrategyEnforcer.execute(AuditableContext.builder().registeredService(findServiceBy).service(extractService).build()).throwExceptionIfNeeded();
        return Optional.of(findServiceBy);
    }

    @Generated
    public RegisteredServiceResponseHeadersEnforcementFilter(ServicesManager servicesManager, ArgumentExtractor argumentExtractor, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, AuditableExecution auditableExecution) {
        this.servicesManager = servicesManager;
        this.argumentExtractor = argumentExtractor;
        this.authenticationRequestServiceSelectionStrategies = authenticationServiceSelectionPlan;
        this.registeredServiceAccessStrategyEnforcer = auditableExecution;
    }
}
