package sk.eset.era.g3webserver.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sk.eset.era.g2webconsole.server.modules.authorization.SecuritySettings;
import sk.eset.era.g2webconsole.server.modules.security.SecurityReqAttributes;
import sk.eset.era.g2webconsole.server.modules.security.WebServerFeatures;

/* loaded from: input_file:WEB-INF/lib/g3-server-0.0.1-SNAPSHOT.jar:sk/eset/era/g3webserver/security/EraSecurityFilter.class */
public class EraSecurityFilter implements Filter {

    @Inject
    static Provider<SecuritySettings> settingsProvider;

    @Inject
    static Provider<WebServerFeatures> webServerFeaturesProvider;
    private Boolean enableHSTS = null;
    private List<String> restrictedMethods;
    private SecuritySettings.RemoteAddressSource remoteAddressSource;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
        SecuritySettings securitySettings = settingsProvider.get();
        this.enableHSTS = securitySettings.getEnableHSTS();
        this.remoteAddressSource = securitySettings.getRemoteAddressSource();
        this.restrictedMethods = Arrays.asList("TRACE", "TRACK", "PUT", "DELETE");
    }

    private String getRemoteAddress(HttpServletRequest httpServletRequest) {
        switch (this.remoteAddressSource) {
            case X_FORWARDED_FOR_LAST:
                String header = httpServletRequest.getHeader("X-Forwarded-For");
                if (header != null) {
                    String[] split = header.split(",");
                    if (split.length != 0) {
                        return split[split.length - 1].trim();
                    }
                }
                break;
            case X_FORWARDED_FOR_FIRST:
                String header2 = httpServletRequest.getHeader("X-Forwarded-For");
                if (header2 != null) {
                    String[] split2 = header2.split(",");
                    if (split2.length != 0) {
                        return split2[0].trim();
                    }
                }
                break;
        }
        return httpServletRequest.getRemoteAddr();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String remoteAddress = getRemoteAddress(httpServletRequest);
        String header = httpServletRequest.getHeader("User-Agent");
        String header2 = httpServletRequest.getHeader("Accept-Language");
        servletRequest.setAttribute(SecurityReqAttributes.REQ_ATTR_IP, remoteAddress != null ? remoteAddress : "");
        servletRequest.setAttribute(SecurityReqAttributes.REQ_ATTR_USER_AGENT, header != null ? header : "");
        servletRequest.setAttribute(SecurityReqAttributes.REQ_ATTR_ACCEPT_LANGUAGE, header2 != null ? header2 : "");
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.restrictedMethods.contains(httpServletRequest.getMethod())) {
            httpServletResponse.sendError(405);
            return;
        }
        if (this.enableHSTS != null && servletRequest.isSecure()) {
            if (this.enableHSTS.booleanValue()) {
                httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31622400; includeSubDomains");
            } else {
                httpServletResponse.setHeader("Strict-Transport-Security", "max-age=0");
            }
        }
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        filterChain.doFilter(servletRequest, new SecurityResponseWrapper(httpServletResponse, webServerFeaturesProvider.get()));
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
