package org.apache.shiro.biz.web.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/HttpServletRequestHeaderFilter.class */
public class HttpServletRequestHeaderFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServletRequestHeaderFilter.class);
    public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_KEY = "Access-Control-Allow-Credentials";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS_KEY = "Access-Control-Allow-Headers";
    public static final String ACCESS_CONTROL_ALLOW_METHODS_KEY = "Access-Control-Allow-Methods";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN_KEY = "Access-Control-Allow-Origin";
    public static final String ACCESS_CONTROL_EXPOSE_HEADERS_KEY = "Access-Control-Expose-Headers";
    public static final String ACCESS_CONTROL_MAX_AGE_KEY = "Access-Control-Max-Age";
    public static final String CACHE_CONTROL_KEY = "Cache-Control";
    public static final String CONTENT_SECURITY_POLICY_KEY = "Content-Security-Policy";
    public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_KEY = "Content-Security-Policy-Report-Only";
    public static final String FEATURE_POLICY_KEY = "Feature-Policy";
    public static final String REFERRER_POLICY_KEY = "Referrer-Policy";
    public static final String STRICT_TRANSPORT_SECURITY_KEY = "Strict-Transport-Security";
    public static final String TIMING_ALLOW_ORIGIN_KEY = "Timing-Allow-Origin";
    public static final String X_CONTENT_TYPE_OPTIONS_KEY = "X-Content-Type-Options";
    public static final String X_DNS_PREFETCH_CONTROL_KEY = "X-DNS-Prefetch-Control";
    public static final String X_FRAME_OPTIONS_KEY = "X-Frame-Options";
    public static final String X_XSS_PROTECTION_KEY = "X-XSS-Protection";
    private final HttpServletHeaderProperties properties;

    public HttpServletRequestHeaderFilter(HttpServletHeaderProperties httpServletHeaderProperties) {
        this.properties = httpServletHeaderProperties;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        setHeader(http2, ACCESS_CONTROL_ALLOW_CREDENTIALS_KEY, Boolean.toString(this.properties.isAccessControlAllowCredentials()));
        setHeader(http2, ACCESS_CONTROL_ALLOW_HEADERS_KEY, this.properties.getAccessControlAllowHeaders());
        setHeader(http2, ACCESS_CONTROL_ALLOW_METHODS_KEY, this.properties.getAccessControlAllowMethods());
        setHeader(http2, ACCESS_CONTROL_ALLOW_ORIGIN_KEY, this.properties.getAccessControlAllowOrigin());
        setHeader(http2, ACCESS_CONTROL_EXPOSE_HEADERS_KEY, this.properties.getAccessControlExposeHeaders());
        setHeader(http2, ACCESS_CONTROL_MAX_AGE_KEY, this.properties.getAccessControlMaxAge());
        setHeader(http2, CACHE_CONTROL_KEY, this.properties.getCacheControl());
        setHeader(http2, CONTENT_SECURITY_POLICY_KEY, this.properties.getContentSecurityPolicy());
        setHeader(http2, CONTENT_SECURITY_POLICY_REPORT_ONLY_KEY, this.properties.getContentSecurityPolicyReportOnly());
        setHeader(http2, FEATURE_POLICY_KEY, this.properties.getReferrerPolicy());
        setHeader(http2, REFERRER_POLICY_KEY, this.properties.getFeaturePolicy());
        setHeader(http2, STRICT_TRANSPORT_SECURITY_KEY, this.properties.getStrictTransportSecurity());
        setHeader(http2, TIMING_ALLOW_ORIGIN_KEY, this.properties.getTimingAllowOrigin());
        setHeader(http2, X_CONTENT_TYPE_OPTIONS_KEY, this.properties.getXContentTypeOptions());
        setHeader(http2, X_DNS_PREFETCH_CONTROL_KEY, this.properties.getXDnsPrefetchControl());
        setHeader(http2, X_FRAME_OPTIONS_KEY, this.properties.getXFrameOptions());
        setHeader(http2, X_XSS_PROTECTION_KEY, this.properties.getXXssProtection());
        if (!http.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return true;
        }
        http2.setStatus(HttpStatus.SC_OK);
        return false;
    }

    protected void setHeader(HttpServletResponse httpServletResponse, String str, String str2) {
        if (StringUtils.hasText(str2)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Filter:{} Set HTTP HEADER: {}:{}.", new Object[]{getName(), str, str2});
            }
            httpServletResponse.setHeader(str, str2);
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return true;
    }
}
