package sk.eset.era.g2webconsole.server.modules.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sk.eset.era.g2webconsole.server.modules.context.EraServletContext;

/* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/security/EraSecurityFilter.class */
public class EraSecurityFilter implements Filter {
    private Boolean enableHSTS = null;
    private List<String> restrictedMethods;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
        this.enableHSTS = EraServletContext.getModuleFactory(filterConfig.getServletContext()).getConfigModule().getSecuritySettings().getEnableHSTS();
        this.restrictedMethods = Arrays.asList("TRACE", "TRACK", "PUT", "DELETE");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.restrictedMethods.contains(((HttpServletRequest) servletRequest).getMethod())) {
            ((HttpServletResponse) servletResponse).sendError(405);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.enableHSTS != null && servletRequest.isSecure()) {
            if (this.enableHSTS.booleanValue()) {
                httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31622400; includeSubDomains");
            } else {
                httpServletResponse.setHeader("Strict-Transport-Security", "max-age=0");
            }
        }
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        filterChain.doFilter(servletRequest, new SecurityResponseWrapper(httpServletResponse));
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
