package io.hawt.web.filters;

import io.hawt.util.Strings;
import io.hawt.web.ServletHelpers;
import io.hawt.web.auth.AuthenticationConfiguration;
import io.hawt.web.auth.keycloak.KeycloakServlet;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/hawt/web/filters/ContentSecurityPolicyFilter.class */
public class ContentSecurityPolicyFilter extends HttpHeaderFilter {
    private static final Logger LOG = LoggerFactory.getLogger(ContentSecurityPolicyFilter.class);
    private String policy = "";

    @Override // io.hawt.web.filters.HttpHeaderFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        URL providerURL;
        super.init(filterConfig);
        ArrayList arrayList = new ArrayList(List.of("'self'"));
        ArrayList arrayList2 = new ArrayList(List.of("'self'"));
        ArrayList arrayList3 = new ArrayList(List.of("'self'", "data:"));
        ArrayList arrayList4 = new ArrayList(List.of("'self'"));
        ArrayList arrayList5 = new ArrayList(List.of("'self'", "data:"));
        ArrayList arrayList6 = new ArrayList(List.of("'self'"));
        ArrayList arrayList7 = new ArrayList(List.of("'self'"));
        ArrayList arrayList8 = new ArrayList(List.of("'self'"));
        ArrayList arrayList9 = new ArrayList(List.of("'self'"));
        ArrayList arrayList10 = new ArrayList(List.of("'self'"));
        ArrayList arrayList11 = new ArrayList(List.of("'self'"));
        ArrayList arrayList12 = new ArrayList(List.of("'self'"));
        ArrayList arrayList13 = new ArrayList(List.of("'self'"));
        ArrayList arrayList14 = new ArrayList(List.of("'self'"));
        ArrayList arrayList15 = new ArrayList();
        if (isXFrameSameOriginAllowed()) {
            arrayList15.add("'self'");
        } else {
            arrayList15.add("'none'");
        }
        arrayList10.add("'unsafe-inline'");
        arrayList13.add("'unsafe-inline'");
        arrayList11.add("blob:");
        String configParameter = getConfigParameter(KeycloakServlet.KEYCLOAK_CLIENT_CONFIG);
        if (System.getProperty(KeycloakServlet.HAWTIO_KEYCLOAK_CLIENT_CONFIG) != null) {
            configParameter = System.getProperty(KeycloakServlet.HAWTIO_KEYCLOAK_CLIENT_CONFIG);
        }
        if (Strings.isNotBlank(configParameter)) {
            LOG.debug("Reading Keycloak config file from {}", configParameter);
            try {
                InputStream loadFile = ServletHelpers.loadFile(configParameter);
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) Objects.requireNonNull(loadFile)));
                    try {
                        URI create = URI.create((String) ServletHelpers.readObject(bufferedReader).get("url"));
                        LOG.info("Found Keycloak URL: {}", create);
                        String str = create.getScheme() + "://" + create.getHost();
                        if (create.getPort() >= 0) {
                            str = str + ":" + create.getPort();
                        }
                        arrayList2.add(str);
                        arrayList4.add(str);
                        arrayList9.add(str);
                        bufferedReader.close();
                        if (loadFile != null) {
                            loadFile.close();
                        }
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (Exception e) {
                LOG.error("Can't read keycloak configuration file", e);
            }
        }
        AuthenticationConfiguration configuration = AuthenticationConfiguration.getConfiguration(filterConfig.getServletContext());
        if (configuration.isEnabled() && configuration.getOidcConfiguration() != null && configuration.getOidcConfiguration().isEnabled() && (providerURL = configuration.getOidcConfiguration().getProviderURL()) != null) {
            Object[] objArr = new Object[3];
            objArr[0] = providerURL.getProtocol();
            objArr[1] = providerURL.getHost();
            objArr[2] = providerURL.getPort() > 0 ? ":" + providerURL.getPort() : "";
            String format = String.format("%s://%s%s", objArr);
            arrayList2.add(format);
            arrayList4.add(format);
            arrayList9.add(format);
        }
        StringBuilder sb = new StringBuilder();
        addPolicy(sb, "default-src", arrayList);
        addPolicy(sb, "script-src", arrayList9);
        addPolicy(sb, "style-src", arrayList10);
        addPolicy(sb, "font-src", arrayList3);
        addPolicy(sb, "img-src", arrayList5);
        addPolicy(sb, "connect-src", arrayList2);
        addPolicy(sb, "frame-src", arrayList4);
        addPolicy(sb, "manifest-src", arrayList6);
        addPolicy(sb, "media-src", arrayList7);
        addPolicy(sb, "object-src", arrayList8);
        addPolicy(sb, "worker-src", arrayList11);
        addPolicy(sb, "frame-ancestors", arrayList15);
        addPolicy(sb, "script-src-elem", arrayList12);
        addPolicy(sb, "style-src-elem", arrayList13);
        addPolicy(sb, "form-action", arrayList14);
        this.policy = sb.toString().trim();
        this.policy = this.policy.substring(0, this.policy.length() - 1);
    }

    private void addPolicy(StringBuilder sb, String str, List<String> list) {
        sb.append(str);
        list.forEach(str2 -> {
            sb.append(" ").append(str2);
        });
        sb.append("; ");
    }

    @Override // io.hawt.web.filters.HttpHeaderFilter
    protected void addHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("Content-Security-Policy", this.policy);
    }
}
