package blackboard.platform.servlet;

import blackboard.persist.registry.impl.SystemRegistryCache;
import blackboard.platform.cloud.CloudManager;
import blackboard.platform.config.BbConfig;
import blackboard.platform.config.ConfigurationService;
import blackboard.platform.config.ConfigurationServiceFactory;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.module.ModuleConstants;
import blackboard.util.UrlUtil;
import com.google.common.base.Preconditions;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/servlet/RequestSecurityFilter.class */
public class RequestSecurityFilter implements Filter {
    private static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
    private String _protocol;
    private boolean _useSts;
    private int _stsMaxAge;
    private boolean _validateCloud;

    public void init(FilterConfig filterConfig) throws ServletException {
        ConfigurationService configurationServiceFactory = ConfigurationServiceFactory.getInstance();
        this._protocol = (String) Preconditions.checkNotNull(configurationServiceFactory.getBbProperty(BbConfig.FRONTEND_PROTOCOL));
        this._useSts = Boolean.valueOf(configurationServiceFactory.getBbProperty(BbConfig.APPSERVER_HTTPS_STS_ENABLED)).booleanValue();
        this._stsMaxAge = Integer.valueOf(configurationServiceFactory.getBbProperty(BbConfig.APPSERVER_HTTPS_STS_MAXAGE)).intValue();
        this._validateCloud = CloudManager.Factory.getInstance().isCloudEnabled();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletResponse instanceof HttpServletResponse) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (redirectIfInsecure(httpServletRequest, httpServletResponse) || redirectIfNoCloud(httpServletResponse)) {
                return;
            }
            setSecurityHeaders(httpServletRequest, httpServletResponse);
            setP3PHeader(httpServletResponse);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    private boolean redirectIfInsecure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!UrlUtil.HTTPS_PROTOCOL.equals(this._protocol) || httpServletRequest.isSecure()) {
            return false;
        }
        httpServletResponse.setStatus(301);
        httpServletResponse.setHeader("Location", UrlUtil.calculateHttpsRedirectLocation(httpServletRequest));
        return true;
    }

    private boolean redirectIfNoCloud(HttpServletResponse httpServletResponse) {
        if (!this._validateCloud) {
            return false;
        }
        try {
            if (SystemRegistryCache.getInstance().getEntryByKey("bb_cloud_shared_secret") != null) {
                return false;
            }
        } catch (Exception e) {
            LogServiceFactory.getInstance().logWarning("Could not validate cloud availability", e);
        }
        httpServletResponse.setStatus(403);
        httpServletResponse.setHeader("Warning", ModuleConstants.MAX_NOTIFICATIONS_TO_DISPLAY_DEFAULT);
        return true;
    }

    private void setP3PHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("P3P", "CP=\"CAO PSA OUR\"");
    }

    private void setSecurityHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this._useSts && httpServletRequest.isSecure()) {
            httpServletResponse.setHeader(STRICT_TRANSPORT_SECURITY, "max-age: " + this._stsMaxAge);
        }
        if ("true".equals(ConfigurationServiceFactory.getInstance().getBbProperty("security.send.nosniff.dont.filter.txt.use.whitelist", "false"))) {
            httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        }
    }
}
