package com.adobe.acs.commons.etag.impl;

import acscommons.com.google.common.io.BaseEncoding;
import acscommons.com.google.common.net.HttpHeaders;
import com.adobe.acs.commons.assets.FileExtensionMimeTypeConstants;
import com.adobe.acs.commons.images.impl.NamedTransformImageServlet;
import com.adobe.acs.commons.synth.impl.SynthesizedSlingHttpServletRequest;
import com.adobe.acs.commons.util.BufferedServletOutput;
import com.adobe.acs.commons.util.BufferedSlingHttpServletResponse;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"sling.filter.scope=REQUEST"})
/* loaded from: input_file:com/adobe/acs/commons/etag/impl/EtagMessageDigestServletFilter.class */
public class EtagMessageDigestServletFilter implements Filter {
    private static final String WEAK_TAG_PREFIX = "W/";
    private static final Logger log = LoggerFactory.getLogger(EtagMessageDigestServletFilter.class);
    private Config configuration;
    private Collection<String> ignoredHeaderNames;

    @ObjectClassDefinition(name = "ACS AEM Commons - Digest-based ETag Servlet Filter", description = "Sets an ETag response header based on a message digest from the response's content and optionally its' other headers. Enabling it increases the memory consumption as the full response need to be buffered before being sent to the client!")
    /* loaded from: input_file:com/adobe/acs/commons/etag/impl/EtagMessageDigestServletFilter$Config.class */
    public @interface Config {
        @AttributeDefinition(name = "Enabled", description = "If this filter should not be active, rather try to delete this config. Only in cases where this cannot be easily accomplished uncheck this option to disable the filter.")
        boolean enabled() default true;

        @AttributeDefinition(name = "Message Digest Algorithm", description = "The message digest algorithm for calculating the ETag header. Must be one of the supported ones by the JRE (for Oracle JRE8 listed in https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#MessageDigest).")
        String messageDigestAlgorithm() default "MD5";

        @AttributeDefinition(name = "Overwrite existing ETag header", description = "If this is set a previously set ETag header will be disregarded and overwritten by this filter. Otherwise the original ETag is used.")
        boolean overwrite() default false;

        @AttributeDefinition(name = "Service Ranking", description = "Indication of where to place the filter in the filter chain. The higher the number the earlier in the filter chain. This value may span the whole range of integer values. Two filters with equal service.ranking property value (explicitly set or default value of zero) will be ordered according to their service.id service property as described in section 5.2.5, Service Properties, of the OSGi Core Specification R 4.2.")
        int service_ranking() default Integer.MAX_VALUE;

        @AttributeDefinition(name = "Pattern", description = "Restricts the filter to paths that match the supplied regular expression. Requires Sling Engine 2.4.0 or newer.")
        String sling_filter_pattern() default ".*";

        @AttributeDefinition(name = "Consider Response Headers", description = "If checked will also include the existing response headers for the digest calculation, i.e. different headers lead to different ETags. That is usually intended as you cannot send arbitrary response headers with a 304 response (https://tools.ietf.org/html/rfc7232#section-4.1).")
        boolean considerResponseHeaders() default true;

        @AttributeDefinition(name = "Ignored Response Headers", description = "The header names (case-insensitive) which should in no case be considered for the digest calculation as they are considered also for a 304 response (compare with https://tools.ietf.org/html/rfc7232#section-4.1).")
        String[] ignoredResponseHeaders() default {"Date", "Cache-Control", "Expires", "Vary"};

        @AttributeDefinition(name = "Salt", description = "The (optional) salt is also taken into account for the message digest calculation. It is necessary to change that value whenever the response content or the response headers are now modified differently in a proxy instance between client and AEM (e.g. Dispatcher sets additional headers).")
        String salt();

        @AttributeDefinition(name = "Enabled for output streams", description = "If set to 'true' this will also calculate the ETag for response output streams (binary output) and not only for response writers (text output). Enabling this option might lead to heavy memory demands as the full output stream is then buffered (i.e. kept in memory) before being delivered to the client. Especially if you deliver large assets like videos from AEM you should not enable this option.")
        boolean enabledForOutputStream() default false;

        @AttributeDefinition(name = "Add as HTML comment", description = "If set to 'true' this filter will also emit a HTML comment at the very end of each HTML document exposing the ETag. This may be helpful to debug issues with stale HTML cache entries in case the ETag header is not properly propagated.")
        boolean addAsHtmlComment() default false;
    }

    @Activate
    public void activate(Config config) {
        this.configuration = config;
        if (config.ignoredResponseHeaders() == null || config.ignoredResponseHeaders().length <= 0) {
            this.ignoredHeaderNames = Collections.emptySet();
        } else {
            this.ignoredHeaderNames = (Collection) Arrays.asList(config.ignoredResponseHeaders()).stream().map((v0) -> {
                return v0.toLowerCase();
            }).collect(Collectors.toSet());
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletResponse instanceof SlingHttpServletResponse) || !(servletRequest instanceof SlingHttpServletRequest)) {
            throw new IllegalStateException("Filter not properly registered as Sling Servlet Filter");
        }
        if (this.configuration.enabled()) {
            log.debug("ETag filter enabled");
            SlingHttpServletResponse slingHttpServletResponse = (SlingHttpServletResponse) servletResponse;
            SlingHttpServletRequest slingHttpServletRequest = (SlingHttpServletRequest) servletRequest;
            if (slingHttpServletRequest.getMethod().equals(SynthesizedSlingHttpServletRequest.METHOD_HEAD) || slingHttpServletRequest.getMethod().equals(SynthesizedSlingHttpServletRequest.METHOD_GET)) {
                log.debug("Method is GET or HEAD, calculating ETag...");
                doFilterWithMessageDigest(slingHttpServletRequest, slingHttpServletResponse, filterChain);
                return;
            }
            log.debug("Method neither GET or HEAD: {}, no ETag necessary!", slingHttpServletRequest.getMethod());
        } else {
            log.debug("ETag filter disabled");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void doFilterWithMessageDigest(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String calculateDigestFromResponse;
        BufferedSlingHttpServletResponse bufferedSlingHttpServletResponse = new BufferedSlingHttpServletResponse(slingHttpServletResponse, new StringWriter(), this.configuration.enabledForOutputStream() ? new ByteArrayOutputStream() : null);
        try {
            filterChain.doFilter(slingHttpServletRequest, bufferedSlingHttpServletResponse);
            if (!this.configuration.overwrite() && slingHttpServletResponse.containsHeader(HttpHeaders.ETAG)) {
                log.debug("Do not overwrite existing ETag header with value '{}'", slingHttpServletResponse.getHeader(HttpHeaders.ETAG));
                bufferedSlingHttpServletResponse.close();
                return;
            }
            if (!this.configuration.enabledForOutputStream() && bufferedSlingHttpServletResponse.getBufferedServletOutput().getWriteMethod() == BufferedServletOutput.ResponseWriteMethod.OUTPUTSTREAM) {
                log.debug("Can not calculate message digest as response was written via output stream which was not buffered.");
                bufferedSlingHttpServletResponse.close();
                return;
            }
            if (slingHttpServletResponse.isCommitted()) {
                log.warn("Can not send ETag header because response is already committed, try to give this filter a higher ranking!");
                bufferedSlingHttpServletResponse.close();
                return;
            }
            try {
                calculateDigestFromResponse = calculateDigestFromResponse(bufferedSlingHttpServletResponse);
                slingHttpServletRequest.getRequestProgressTracker().log("ETag from digest calculated with {0}: {1}", new Object[]{this.configuration.messageDigestAlgorithm(), calculateDigestFromResponse});
                slingHttpServletResponse.setHeader(HttpHeaders.ETAG, "\"" + calculateDigestFromResponse + "\"");
            } catch (NoSuchAlgorithmException e) {
                log.error("The algorithm configured for this servlet filter is invalid: " + this.configuration.messageDigestAlgorithm(), e);
            }
            if (isUnmodified(slingHttpServletRequest.getHeaders(HttpHeaders.IF_NONE_MATCH), calculateDigestFromResponse)) {
                log.debug("Digest is equal to one of the given ETags in the If-None-Match request header, returning empty response with a 304");
                bufferedSlingHttpServletResponse.resetBuffer();
                slingHttpServletResponse.setStatus(304);
                bufferedSlingHttpServletResponse.close();
                return;
            }
            if (this.configuration.addAsHtmlComment() && bufferedSlingHttpServletResponse.getBufferedServletOutput().getWriteMethod() == BufferedServletOutput.ResponseWriteMethod.WRITER && slingHttpServletResponse.getContentType() != null && slingHttpServletResponse.getContentType().startsWith(FileExtensionMimeTypeConstants.EXT_HTML)) {
                bufferedSlingHttpServletResponse.getWriter().println(String.format("%n<!-- ETag: %s -->", calculateDigestFromResponse));
            }
            bufferedSlingHttpServletResponse.close();
        } catch (Throwable th) {
            try {
                bufferedSlingHttpServletResponse.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static boolean isUnmodified(Enumeration<String> enumeration, String str) {
        if (enumeration == null) {
            log.debug("Can not access request headers or no NoneMatchETags header given!");
            return false;
        }
        while (enumeration.hasMoreElements()) {
            String nextElement = enumeration.nextElement();
            if (nextElement.equals("*")) {
                return true;
            }
            if (nextElement.startsWith(WEAK_TAG_PREFIX)) {
                nextElement = nextElement.substring(WEAK_TAG_PREFIX.length());
            }
            if (!nextElement.startsWith("\"") || !nextElement.endsWith("\"")) {
                log.debug("Ignoring invalid ETag not starting and ending with quotes: {}", nextElement);
            } else if (nextElement.substring(1, nextElement.length() - 1).equals(str)) {
                return true;
            }
        }
        return false;
    }

    String calculateDigestFromResponse(BufferedSlingHttpServletResponse bufferedSlingHttpServletResponse) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance(this.configuration.messageDigestAlgorithm());
        if (bufferedSlingHttpServletResponse.getBufferedServletOutput().getWriteMethod() == BufferedServletOutput.ResponseWriteMethod.OUTPUTSTREAM) {
            messageDigest.update(bufferedSlingHttpServletResponse.getBufferedServletOutput().getBufferedBytes());
        } else if (bufferedSlingHttpServletResponse.getBufferedServletOutput().getWriteMethod() == BufferedServletOutput.ResponseWriteMethod.WRITER) {
            String characterEncoding = bufferedSlingHttpServletResponse.getCharacterEncoding();
            if (characterEncoding == null) {
                characterEncoding = StandardCharsets.ISO_8859_1.name();
            }
            messageDigest.update(bufferedSlingHttpServletResponse.getBufferedServletOutput().getBufferedString().getBytes(characterEncoding));
        }
        if (this.configuration.considerResponseHeaders()) {
            for (String str : bufferedSlingHttpServletResponse.getHeaderNames()) {
                String lowerCase = str.toLowerCase();
                if (!this.ignoredHeaderNames.contains(lowerCase)) {
                    String str2 = lowerCase + NamedTransformImageServlet.PARAM_SEPARATOR + StringUtils.join(bufferedSlingHttpServletResponse.getHeaders(str), ',');
                    messageDigest.update(str2.getBytes(StandardCharsets.US_ASCII));
                    log.debug("Considering header {} for the digest calculation", str2);
                }
            }
        }
        if (!StringUtils.isEmpty(this.configuration.salt())) {
            log.debug("Considering salt {} for the digest calculation", this.configuration.salt());
            messageDigest.update(this.configuration.salt().getBytes(StandardCharsets.UTF_8));
        }
        String encode = BaseEncoding.base16().lowerCase().encode(messageDigest.digest());
        log.debug("ETag based on {} digest of the response is {}", messageDigest.getAlgorithm(), encode);
        return encode;
    }

    public void destroy() {
    }
}
