package com.almworks.structure.confluence.helper.security;

import com.atlassian.applinks.api.ReadOnlyApplicationLink;
import com.atlassian.applinks.api.ReadOnlyApplicationLinkService;
import com.atlassian.applinks.api.event.ApplicationLinkEvent;
import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheLoader;
import com.atlassian.cache.CacheManager;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.fugue.Iterables;
import com.atlassian.fugue.Option;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;

/* loaded from: input_file:com/almworks/structure/confluence/helper/security/SecurityInterceptorEnhancer.class */
public class SecurityInterceptorEnhancer implements DisposableBean {
    public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
    private static final int DAY_IN_SECONDS = 86400;
    private static final String REFERRER_COOKIE = "structure.pages.referrer";
    private static final String SAME_ORIGIN = "SAMEORIGIN";
    private final Cache<String, String> myFrameAncestorsCache;
    private final ReadOnlyApplicationLinkService myLinkService;
    private final EventPublisher myEventPublisher;
    private final Cache<String, Option<String>> myKnownReferrerCache;
    private final Function<String, Option<String>> myKnownReferrerLookup = new Function<String, Option<String>>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.6
        public Option<String> apply(String str) {
            return (Option) SecurityInterceptorEnhancer.this.myKnownReferrerCache.get(str);
        }
    };
    private static final Logger logger = LoggerFactory.getLogger(SecurityInterceptorEnhancer.class);
    private static final Function<URI, Option<String>> URL_TO_STRING = new Function<URI, Option<String>>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.1
        public Option<String> apply(URI uri) {
            return Option.some(uri.toString());
        }
    };
    private static final Function<Cookie, Option<String>> COOKIE_VALUE = new Function<Cookie, Option<String>>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.2
        public Option<String> apply(Cookie cookie) {
            return Option.option(cookie.getValue());
        }
    };
    private static final Function<URI, String> URL_ORIGIN = new Function<URI, String>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.3
        public String apply(URI uri) {
            return SecurityInterceptorEnhancer.getOrigin(uri.getHost(), uri.getPort());
        }
    };
    private static final Predicate<Cookie> IS_REFERRER_COOKIE = new Predicate<Cookie>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.4
        public boolean apply(Cookie cookie) {
            return StringUtils.equalsIgnoreCase(cookie.getName(), SecurityInterceptorEnhancer.REFERRER_COOKIE);
        }
    };
    private static final Function<Cookie[], Option<String>> GET_STRUCTURE_REFERRER_COOKIE = new Function<Cookie[], Option<String>>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.5
        public Option<String> apply(Cookie[] cookieArr) {
            return Iterables.findFirst(Arrays.asList(cookieArr), SecurityInterceptorEnhancer.IS_REFERRER_COOKIE).flatMap(SecurityInterceptorEnhancer.COOKIE_VALUE);
        }
    };

    /* loaded from: input_file:com/almworks/structure/confluence/helper/security/SecurityInterceptorEnhancer$FrameAncestorsLoader.class */
    private class FrameAncestorsLoader implements CacheLoader<String, String> {
        private FrameAncestorsLoader() {
        }

        @NotNull
        public String load(@NotNull String str) {
            return "frame-ancestors " + StringUtils.join(ImmutableList.builder().add("'self'").addAll(com.google.common.collect.Iterables.transform(SecurityInterceptorEnhancer.this.getKnownReferrers(), SecurityInterceptorEnhancer.URL_ORIGIN)).build(), " ");
        }
    }

    /* loaded from: input_file:com/almworks/structure/confluence/helper/security/SecurityInterceptorEnhancer$KnownReferrerLoader.class */
    private class KnownReferrerLoader implements CacheLoader<String, Option<String>> {
        private KnownReferrerLoader() {
        }

        @Nonnull
        public Option<String> load(@Nonnull String str) {
            Set knownReferrers = SecurityInterceptorEnhancer.this.getKnownReferrers();
            if (CollectionUtils.isEmpty(knownReferrers)) {
                return Option.none();
            }
            try {
                return Iterables.findFirst(knownReferrers, SecurityInterceptorEnhancer.this.sameOrigin((String) SecurityInterceptorEnhancer.URL_ORIGIN.apply(new URI(str)))).flatMap(SecurityInterceptorEnhancer.URL_TO_STRING);
            } catch (URISyntaxException e) {
                SecurityInterceptorEnhancer.logger.error("Cannot load know referrer", e);
                return Option.none();
            }
        }
    }

    public SecurityInterceptorEnhancer(ReadOnlyApplicationLinkService readOnlyApplicationLinkService, CacheManager cacheManager, EventPublisher eventPublisher) {
        this.myLinkService = readOnlyApplicationLinkService;
        this.myEventPublisher = eventPublisher;
        this.myFrameAncestorsCache = cacheManager.getCache("com.almworks.structure.confluence.helper.app-links", new FrameAncestorsLoader());
        this.myKnownReferrerCache = cacheManager.getCache("com.almworks.structure.confluence.helper.known-referrer", new KnownReferrerLoader());
        eventPublisher.register(this);
    }

    public void setContentSecurityPolicy(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(CONTENT_SECURITY_POLICY, (String) this.myFrameAncestorsCache.get("*"));
    }

    public void setXFrameOptions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Option flatMap = Option.option(httpServletRequest.getCookies()).flatMap(GET_STRUCTURE_REFERRER_COOKIE).flatMap(this.myKnownReferrerLookup);
        Option orElse = flatMap.orElse(headerReferrerSupplier(httpServletRequest));
        if (!orElse.isDefined()) {
            logger.debug("Unknown referrer: " + getOrigin(httpServletRequest));
            httpServletResponse.setHeader("X-Frame-Options", SAME_ORIGIN);
            return;
        }
        String str = (String) orElse.get();
        logger.debug("Known referrer: " + str);
        httpServletResponse.setHeader("X-Frame-Options", "Allow-From " + str);
        if (flatMap.isEmpty()) {
            Cookie cookie = new Cookie(REFERRER_COOKIE, str);
            cookie.setPath(org.apache.commons.lang.StringUtils.defaultIfEmpty(org.apache.commons.lang.StringUtils.removeEnd(httpServletRequest.getContextPath(), "/"), "/"));
            cookie.setMaxAge(DAY_IN_SECONDS);
            httpServletResponse.addCookie(cookie);
            setCompactPrivacyPolicy(httpServletResponse);
        }
    }

    @NotNull
    private Supplier<Option<String>> headerReferrerSupplier(final HttpServletRequest httpServletRequest) {
        return new Supplier<Option<String>>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.7
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Option<String> m129get() {
                try {
                    return Option.option(httpServletRequest.getHeader("Referer")).flatMap(SecurityInterceptorEnhancer.this.myKnownReferrerLookup);
                } catch (Exception e) {
                    SecurityInterceptorEnhancer.logger.error("Cannot get referrer", e);
                    return Option.none();
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotNull
    public Predicate<URI> sameOrigin(final String str) {
        return new Predicate<URI>() { // from class: com.almworks.structure.confluence.helper.security.SecurityInterceptorEnhancer.8
            public boolean apply(URI uri) {
                return StringUtils.equalsIgnoreCase((CharSequence) SecurityInterceptorEnhancer.URL_ORIGIN.apply(uri), str);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotNull
    public Set<URI> getKnownReferrers() {
        Iterable<ReadOnlyApplicationLink> applicationLinks = this.myLinkService.getApplicationLinks();
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        for (ReadOnlyApplicationLink readOnlyApplicationLink : applicationLinks) {
            newLinkedHashSet.add(cutUrl(readOnlyApplicationLink.getDisplayUrl()));
            newLinkedHashSet.add(cutUrl(readOnlyApplicationLink.getRpcUrl()));
        }
        return newLinkedHashSet;
    }

    public static boolean hasOurCookie(HttpServletRequest httpServletRequest) {
        return com.google.common.collect.Iterables.any(Arrays.asList(httpServletRequest.getCookies()), IS_REFERRER_COOKIE);
    }

    public static void setCompactPrivacyPolicy(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("P3P", "CP=\"This is a work around IE support of P3P added by Structure.Pages Helper plugin, it is not an actual policy\"");
        logger.debug("P3P header set for response " + httpServletResponse);
    }

    @NotNull
    private static URI cutUrl(@NotNull URI uri) {
        try {
            return new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), null, null, null);
        } catch (URISyntaxException e) {
            logger.error("Cannot cut the URL " + uri, e);
            return uri;
        }
    }

    private static String getOrigin(HttpServletRequest httpServletRequest) {
        return getOrigin(httpServletRequest.getServerName(), httpServletRequest.getServerPort());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getOrigin(@NotNull String str, int i) {
        return (i <= 0 || i == 80) ? str : str + ":" + i;
    }

    public void destroy() throws Exception {
        logger.warn(this + " stopping");
        this.myEventPublisher.unregister(this);
    }

    @EventListener
    public void onAppLinkEvent(ApplicationLinkEvent applicationLinkEvent) {
        this.myKnownReferrerCache.removeAll();
        this.myFrameAncestorsCache.removeAll();
    }
}
