package net.shibboleth.utilities.java.support.net;

import com.google.common.base.Predicates;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.HttpCookie;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/java-support-8.3.1.jar:net/shibboleth/utilities/java/support/net/SameSiteCookieHeaderFilter.class */
public class SameSiteCookieHeaderFilter implements Filter {

    @NotEmpty
    @Nonnull
    private static final String SAMESITE_ATTRIBITE_NAME = "SameSite";

    @Nullable
    private SameSiteValue defaultValue;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(SameSiteCookieHeaderFilter.class);

    @NonnullElements
    @Nonnull
    private Map<String, SameSiteValue> sameSiteCookies = Collections.emptyMap();

    @Nonnull
    private Predicate<ServletRequest> activationCondition = Predicates.alwaysTrue();

    /* loaded from: input_file:WEB-INF/lib/java-support-8.3.1.jar:net/shibboleth/utilities/java/support/net/SameSiteCookieHeaderFilter$SameSiteResponseProxy.class */
    private class SameSiteResponseProxy extends HttpServletResponseWrapper {

        @Nonnull
        private final HttpServletResponse response;

        public SameSiteResponseProxy(@Nonnull HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
            this.response = httpServletResponse;
        }

        public void sendError(int i) throws IOException {
            appendSameSite();
            super.sendError(i);
        }

        public PrintWriter getWriter() throws IOException {
            appendSameSite();
            return super.getWriter();
        }

        public void sendError(int i, String str) throws IOException {
            appendSameSite();
            super.sendError(i, str);
        }

        public void sendRedirect(String str) throws IOException {
            appendSameSite();
            super.sendRedirect(str);
        }

        public ServletOutputStream getOutputStream() throws IOException {
            appendSameSite();
            return super.getOutputStream();
        }

        private void appendSameSite() {
            boolean z = true;
            for (String str : this.response.getHeaders("Set-Cookie")) {
                if (StringSupport.trimOrNull(str) != null) {
                    List<HttpCookie> list = null;
                    try {
                        list = HttpCookie.parse(str);
                    } catch (IllegalArgumentException e) {
                        SameSiteCookieHeaderFilter.this.log.trace("Cookie header '{}' violates the cookie specification and will be ignored", str);
                    }
                    if (list != null && list.size() == 1) {
                        SameSiteValue sameSiteValue = SameSiteCookieHeaderFilter.this.sameSiteCookies.get(list.get(0).getName());
                        if (sameSiteValue != null) {
                            if (sameSiteValue != SameSiteValue.Null) {
                                appendSameSiteAttribute(str, sameSiteValue.getValue(), z);
                            } else if (z) {
                                this.response.setHeader("Set-Cookie", str);
                            } else {
                                this.response.addHeader("Set-Cookie", str);
                            }
                        } else if (SameSiteCookieHeaderFilter.this.defaultValue != null && SameSiteCookieHeaderFilter.this.defaultValue != SameSiteValue.Null) {
                            appendSameSiteAttribute(str, SameSiteCookieHeaderFilter.this.defaultValue.getValue(), z);
                        } else if (z) {
                            this.response.setHeader("Set-Cookie", str);
                        } else {
                            this.response.addHeader("Set-Cookie", str);
                        }
                        z = false;
                    }
                }
            }
        }

        private void appendSameSiteAttribute(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2, @Nonnull boolean z) {
            String str3 = str;
            if (!str.contains(SameSiteCookieHeaderFilter.SAMESITE_ATTRIBITE_NAME)) {
                str3 = String.format("%s; %s", str, "SameSite=" + str2);
            }
            if (z) {
                this.response.setHeader("Set-Cookie", str3);
            } else {
                this.response.addHeader("Set-Cookie", str3);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/java-support-8.3.1.jar:net/shibboleth/utilities/java/support/net/SameSiteCookieHeaderFilter$SameSiteValue.class */
    public enum SameSiteValue {
        Strict("Strict"),
        Lax("Lax"),
        None("None"),
        Null("Null");


        @NotEmpty
        @Nonnull
        private String value;

        SameSiteValue(@NotEmpty @Nonnull String str) {
            this.value = Constraint.isNotEmpty(str, "the same-site attribute value can not be empty");
        }

        public String getValue() {
            return this.value;
        }
    }

    public void setActivationCondition(@Nonnull Predicate<ServletRequest> predicate) {
        this.activationCondition = (Predicate) Constraint.isNotNull(predicate, "Activation condition cannot be null");
    }

    public void setDefaultValue(@Nullable SameSiteValue sameSiteValue) {
        this.defaultValue = sameSiteValue;
    }

    public void setSameSiteCookies(@NonnullElements @Nullable Map<SameSiteValue, List<String>> map) {
        if (map == null) {
            this.sameSiteCookies = Collections.emptyMap();
            return;
        }
        this.sameSiteCookies = new HashMap(4);
        for (Map.Entry<SameSiteValue, List<String>> entry : map.entrySet()) {
            for (String str : entry.getValue()) {
                if (this.sameSiteCookies.get(str) != null) {
                    this.log.error("Duplicate cookie name '{}' found in SameSite cookie map, please check configuration.", str);
                    throw new IllegalArgumentException("Duplicate cookie name found in SameSite cookie map");
                }
                if (StringSupport.trimOrNull(str) != null) {
                    this.sameSiteCookies.put(str, entry.getKey());
                }
            }
        }
    }

    public void init(@Nonnull FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!this.activationCondition.test(servletRequest)) {
            this.log.trace("Filter not active for request");
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            if (!(servletResponse instanceof HttpServletResponse)) {
                throw new ServletException("Response is not an instance of HttpServletResponse");
            }
            filterChain.doFilter(servletRequest, new SameSiteResponseProxy((HttpServletResponse) servletResponse));
        }
    }
}
