package org.apache.knox.gateway.webappsec.deploy;

import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import org.apache.knox.gateway.deploy.DeploymentContext;
import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase;
import org.apache.knox.gateway.descriptor.FilterParamDescriptor;
import org.apache.knox.gateway.descriptor.ResourceDescriptor;
import org.apache.knox.gateway.topology.Provider;
import org.apache.knox.gateway.topology.Service;

/* loaded from: input_file:org/apache/knox/gateway/webappsec/deploy/WebAppSecContributor.class */
public class WebAppSecContributor extends ProviderDeploymentContributorBase {
    private static final String ROLE = "webappsec";
    private static final String NAME = "WebAppSec";
    private static final String CSRF_SUFFIX = "_CSRF";
    private static final String CSRF_FILTER_CLASSNAME = "org.apache.knox.gateway.webappsec.filter.CSRFPreventionFilter";
    private static final String CSRF_ENABLED = "csrf.enabled";
    private static final String CORS_SUFFIX = "_CORS";
    private static final String CORS_FILTER_CLASSNAME = "com.thetransactioncompany.cors.CORSFilter";
    private static final String CORS_ENABLED = "cors.enabled";
    private static final String XFRAME_OPTIONS_SUFFIX = "_XFRAMEOPTIONS";
    private static final String XFRAME_OPTIONS_FILTER_CLASSNAME = "org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter";
    private static final String XFRAME_OPTIONS_ENABLED = "xframe.options.enabled";
    private static final String XCONTENT_TYPE_OPTIONS_SUFFIX = "_XCONTENTTYPEOPTIONS";
    private static final String XCONTENT_TYPE_OPTIONS_FILTER_CLASSNAME = "org.apache.knox.gateway.webappsec.filter.XContentTypeOptionsFilter";
    private static final String XCONTENT_TYPE_OPTIONS_ENABLED = "xcontent-type.options.enabled";
    private static final String XSS_PROTECTION_SUFFIX = "_XSSPROTECTION";
    private static final String XSS_PROTECTION_FILTER_CLASSNAME = "org.apache.knox.gateway.webappsec.filter.XSSProtectionFilter";
    private static final String XSS_PROTECTION_ENABLED = "xss.protection.enabled";
    private static final String STRICT_TRANSPORT_SUFFIX = "_STRICTTRANSPORT";
    private static final String STRICT_TRANSPORT_FILTER_CLASSNAME = "org.apache.knox.gateway.webappsec.filter.StrictTransportFilter";
    private static final String STRICT_TRANSPORT_ENABLED = "strict.transport.enabled";

    public String getRole() {
        return ROLE;
    }

    public String getName() {
        return NAME;
    }

    public void initializeContribution(DeploymentContext deploymentContext) {
        super.initializeContribution(deploymentContext);
    }

    public void contributeFilter(DeploymentContext deploymentContext, Provider provider, Service service, ResourceDescriptor resourceDescriptor, List<FilterParamDescriptor> list) {
        Provider provider2 = deploymentContext.getTopology().getProvider(ROLE, NAME);
        if (provider2 == null || !provider2.isEnabled()) {
            return;
        }
        Map params = provider.getParams();
        if (list == null) {
            list = new ArrayList();
        }
        Map<String, String> params2 = provider.getParams();
        String str = (String) params.get(CORS_ENABLED);
        if (str != null && "true".equals(str)) {
            provisionConfig(resourceDescriptor, params2, list, "cors.");
            resourceDescriptor.addFilter().name(getName() + CORS_SUFFIX).role(getRole()).impl(CORS_FILTER_CLASSNAME).params(list);
        }
        ArrayList arrayList = new ArrayList();
        String str2 = (String) params.get(CSRF_ENABLED);
        if (str2 != null && "true".equals(str2)) {
            provisionConfig(resourceDescriptor, params2, arrayList, "csrf.");
            resourceDescriptor.addFilter().name(getName() + CSRF_SUFFIX).role(getRole()).impl(CSRF_FILTER_CLASSNAME).params(arrayList);
        }
        ArrayList arrayList2 = new ArrayList();
        String str3 = (String) params.get(XFRAME_OPTIONS_ENABLED);
        if (str3 != null && "true".equals(str3)) {
            provisionConfig(resourceDescriptor, params2, arrayList2, "xframe.");
            resourceDescriptor.addFilter().name(getName() + XFRAME_OPTIONS_SUFFIX).role(getRole()).impl(XFRAME_OPTIONS_FILTER_CLASSNAME).params(arrayList2);
        }
        ArrayList arrayList3 = new ArrayList();
        String str4 = (String) params.get(XCONTENT_TYPE_OPTIONS_ENABLED);
        if (str4 != null && "true".equals(str4)) {
            provisionConfig(resourceDescriptor, params2, arrayList3, "xcontent-type.");
            resourceDescriptor.addFilter().name(getName() + XCONTENT_TYPE_OPTIONS_SUFFIX).role(getRole()).impl(XCONTENT_TYPE_OPTIONS_FILTER_CLASSNAME).params(arrayList3);
        }
        ArrayList arrayList4 = new ArrayList();
        String str5 = (String) params.get(XSS_PROTECTION_ENABLED);
        if (str5 != null && "true".equals(str5)) {
            provisionConfig(resourceDescriptor, params2, arrayList4, "xss.");
            resourceDescriptor.addFilter().name(getName() + XSS_PROTECTION_SUFFIX).role(getRole()).impl(XSS_PROTECTION_FILTER_CLASSNAME).params(arrayList4);
        }
        ArrayList arrayList5 = new ArrayList();
        String str6 = (String) params.get(STRICT_TRANSPORT_ENABLED);
        if (str6 == null || !"true".equals(str6)) {
            return;
        }
        provisionConfig(resourceDescriptor, params2, arrayList5, "strict.");
        resourceDescriptor.addFilter().name(getName() + STRICT_TRANSPORT_SUFFIX).role(getRole()).impl(STRICT_TRANSPORT_FILTER_CLASSNAME).params(arrayList5);
    }

    private void provisionConfig(ResourceDescriptor resourceDescriptor, Map<String, String> map, List<FilterParamDescriptor> list, String str) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getKey().startsWith(str)) {
                list.add(resourceDescriptor.createFilterParam().name(entry.getKey().toLowerCase(Locale.ROOT)).value(entry.getValue()));
            }
        }
    }
}
