package com.atlassian.stash.internal.web.filters;

import com.atlassian.config.db.HibernateConfigurator;
import com.atlassian.plugins.rest.common.security.jersey.AntiSniffingResponseFilter;
import com.atlassian.stash.internal.server.InternalApplicationPropertiesService;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component("standardResponseHeadersFilter")
/* loaded from: input_file:WEB-INF/classes/com/atlassian/stash/internal/web/filters/StandardResponseHeadersFilter.class */
public class StandardResponseHeadersFilter extends OncePerRequestFilter {
    static final String X_FRAME_OPTIONS_PLUGINS_SERVLET_PATH_PROPERTY = "plugins.servlet.std.headers.x-frame-options.path.patterns";
    private static final String LOGIN_PATH = "/mvc/login";
    private static final String PLUGINS_SERVLET_PATH_PREFIX = "/plugins/servlet/";
    private final Map<String, Iterable<BiFunction<HttpServletRequest, String, Boolean>>> exemptListByHeader;
    private final Map<String, Iterable<BiFunction<HttpServletRequest, String, Boolean>>> mandatoryListByHeader;
    private final List<BiFunction<HttpServletRequest, String, Boolean>> pluginsServletPatternMatchers;
    static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options".toLowerCase();
    static final String X_FRAME_OPTIONS = "X-Frame-Options".toLowerCase();
    static final String X_XSS_PROTECTION = HttpHeaders.X_XSS_PROTECTION.toLowerCase();
    private static final Logger log = LoggerFactory.getLogger((Class<?>) StandardResponseHeadersFilter.class);

    public StandardResponseHeadersFilter(@Nonnull InternalApplicationPropertiesService internalApplicationPropertiesService) {
        Objects.requireNonNull(internalApplicationPropertiesService, "propertiesService");
        this.exemptListByHeader = ImmutableMap.of(X_FRAME_OPTIONS, ImmutableList.of((httpServletRequest, str) -> {
            return Boolean.valueOf(str.startsWith(PLUGINS_SERVLET_PATH_PREFIX));
        }, (httpServletRequest2, str2) -> {
            return Boolean.valueOf(str2.equalsIgnoreCase(LOGIN_PATH) && Boolean.parseBoolean(httpServletRequest2.getParameter(HibernateConfigurator.DATABASE_TYPE_EMBEDDED)));
        }));
        this.pluginsServletPatternMatchers = collectPathPatterns(internalApplicationPropertiesService, X_FRAME_OPTIONS_PLUGINS_SERVLET_PATH_PROPERTY);
        this.mandatoryListByHeader = ImmutableMap.of(X_FRAME_OPTIONS, ImmutableList.of((httpServletRequest3, str3) -> {
            return Boolean.valueOf(str3.startsWith(PLUGINS_SERVLET_PATH_PREFIX) && anyMatching(this.pluginsServletPatternMatchers, httpServletRequest3, str3));
        }));
    }

    private boolean anyMatching(List<BiFunction<HttpServletRequest, String, Boolean>> list, HttpServletRequest httpServletRequest, String str) {
        return list.stream().anyMatch(biFunction -> {
            return ((Boolean) biFunction.apply(httpServletRequest, str)).booleanValue();
        });
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (shouldSetHeader(httpServletRequest, httpServletResponse, X_XSS_PROTECTION)) {
            httpServletResponse.setHeader(X_XSS_PROTECTION, "1; mode=block");
        }
        if (shouldSetHeader(httpServletRequest, httpServletResponse, X_FRAME_OPTIONS)) {
            httpServletResponse.setHeader(X_FRAME_OPTIONS, "SAMEORIGIN");
        }
        httpServletResponse.setHeader(X_CONTENT_TYPE_OPTIONS, AntiSniffingResponseFilter.ANTI_SNIFFING_HEADER_VALUE);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private List<BiFunction<HttpServletRequest, String, Boolean>> collectPathPatterns(InternalApplicationPropertiesService internalApplicationPropertiesService, String str) {
        return (List) Splitter.on(Pattern.compile("\\s+")).splitToList(internalApplicationPropertiesService.getProperty(str, "")).stream().map(StringUtils::trimToNull).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(str2 -> {
            return toValidPattern(str, str2);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).map(pattern -> {
            return (httpServletRequest, str3) -> {
                return Boolean.valueOf(pattern.matcher(str3.substring(PLUGINS_SERVLET_PATH_PREFIX.length() - 1)).matches());
            };
        }).collect(Collectors.toList());
    }

    private boolean isRequestExemptFromHeader(String str, HttpServletRequest httpServletRequest) {
        return isListed(str, httpServletRequest, this.exemptListByHeader);
    }

    private boolean isHeaderMandatoryForRequest(String str, HttpServletRequest httpServletRequest) {
        return isListed(str, httpServletRequest, this.mandatoryListByHeader);
    }

    private boolean isListed(String str, HttpServletRequest httpServletRequest, Map<String, Iterable<BiFunction<HttpServletRequest, String, Boolean>>> map) {
        String str2 = httpServletRequest.getServletPath() + httpServletRequest.getPathInfo();
        return map.containsKey(str) && Iterables.any(map.get(str), biFunction -> {
            return ((Boolean) biFunction.apply(httpServletRequest, str2)).booleanValue();
        });
    }

    private boolean shouldSetHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String lowerCase = str.toLowerCase();
        return !httpServletResponse.containsHeader(lowerCase) && (isHeaderMandatoryForRequest(lowerCase, httpServletRequest) || !isRequestExemptFromHeader(lowerCase, httpServletRequest));
    }

    private Optional<Pattern> toValidPattern(String str, String str2) {
        try {
            return Optional.of(Pattern.compile(str2));
        } catch (Exception e) {
            log.warn("Invalid regex for property {}: {}. Standard headers will not be applied to URLs for this path pattern", str, str2, e);
            return Optional.empty();
        }
    }
}
