package io.hawt.web;

import com.google.common.net.HttpHeaders;
import io.hawt.web.keycloak.KeycloakServlet;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.net.URI;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.lib.RefDatabase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-1.4.0.redhat-630387.jar:io/hawt/web/ContentSecurityPolicyFilter.class */
public class ContentSecurityPolicyFilter extends HttpHeaderFilter {
    private static final transient Logger LOG = LoggerFactory.getLogger(ContentSecurityPolicyFilter.class);
    private static String POLICY = RefDatabase.ALL;
    private static final String POLICY_TEMPLATE = "default-src 'self'; script-src 'self'%s 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'%s; frame-src 'self'%s";

    @Override // io.hawt.web.HttpHeaderFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        String configParameter = getConfigParameter(KeycloakServlet.KEYCLOAK_CLIENT_CONFIG);
        if (configParameter == null && System.getProperty(KeycloakServlet.HAWTIO_KEYCLOAK_CLIENT_CONFIG) != null) {
            configParameter = System.getProperty(KeycloakServlet.HAWTIO_KEYCLOAK_CLIENT_CONFIG);
        }
        boolean z = false;
        if (configParameter != null) {
            try {
                FileReader fileReader = new FileReader(configParameter);
                Throwable th = null;
                try {
                    try {
                        URI create = URI.create((String) ServletHelpers.readObject(new BufferedReader(fileReader)).get("auth-server-url"));
                        LOG.info("Found Keycloak URL: {}", create);
                        Object[] objArr = new Object[2];
                        objArr[0] = create.getHost();
                        objArr[1] = Integer.valueOf(create.getPort() > 0 ? create.getPort() : "https".equals(create.getScheme()) ? 443 : 80);
                        String format = String.format(" %s:%d", objArr);
                        POLICY = String.format(POLICY_TEMPLATE, format, format, format);
                        z = true;
                        if (fileReader != null) {
                            if (0 != 0) {
                                try {
                                    fileReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileReader.close();
                            }
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } finally {
                }
            } catch (IOException e) {
                LOG.error("Can't read keycloak configuration file", e);
            }
        }
        if (z) {
            return;
        }
        POLICY = String.format(POLICY_TEMPLATE, RefDatabase.ALL, RefDatabase.ALL, RefDatabase.ALL);
    }

    @Override // io.hawt.web.HttpHeaderFilter
    protected void addHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader(HttpHeaders.CONTENT_SECURITY_POLICY, POLICY);
    }
}
