package org.jboss.dashboard.ui.controller;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.jboss.dashboard.ui.HTTPSettings;

/* loaded from: input_file:WEB-INF/lib/dashboard-ui-core-6.5.0.CR1.jar:org/jboss/dashboard/ui/controller/SecureHeaderFilter.class */
public class SecureHeaderFilter implements Filter {
    private HTTPSettings httpSettings;

    public void setHttpSettings(HTTPSettings hTTPSettings) {
        this.httpSettings = hTTPSettings;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        setHttpSettings(HTTPSettings.lookup());
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        addFrameOptions(httpServletResponse);
        addXSSOptions(httpServletResponse);
        filterChain.doFilter((HttpServletRequest) servletRequest, httpServletResponse);
    }

    private void addFrameOptions(HttpServletResponse httpServletResponse) {
        if (this.httpSettings.isXSSProtectionEnabled()) {
            httpServletResponse.setHeader(HttpHeaders.X_XSS_PROTECTION, this.httpSettings.isXSSProtectionBlock() ? "1; mode=block" : SchemaSymbols.ATTVAL_TRUE_1);
        }
    }

    private void addXSSOptions(HttpServletResponse httpServletResponse) {
        if (StringUtils.isBlank(this.httpSettings.getXFrameOptions())) {
            return;
        }
        httpServletResponse.setHeader("X-FRAME-OPTIONS", this.httpSettings.getXFrameOptions());
    }
}
