package com.liferay.portal.kernel.servlet;

import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.KeyValuePair;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.PropertiesUtil;
import com.liferay.portal.kernel.util.ServerDetector;
import com.liferay.portal.kernel.util.SortedProperties;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.SystemProperties;
import com.liferay.portal.kernel.util.Validator;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Map;
import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/liferay/portal/kernel/servlet/SanitizedServletResponse.class */
public class SanitizedServletResponse extends HttpServletResponseWrapper {
    private static final String _DISABLE_XSS_AUDITOR = SanitizedServletResponse.class.getName() + "DISABLE_XSS_AUDITOR";
    private static final boolean _X_CONTENT_TYPE_OPTIONS = GetterUtil.getBoolean(SystemProperties.get("http.header.secure.x.content.type.options"), true);
    private static final String[] _X_CONTENT_TYPE_OPTIONS_URLS_EXCLUDES = StringUtil.split(SystemProperties.get("http.header.secure.x.content.type.options.urls.excludes"));
    private static final boolean _X_FRAME_OPTIONS;
    private static final String _X_XSS_PROTECTION;
    private static final KeyValuePair[] _xFrameOptionKVPs;

    public static void disableXSSAuditor(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(HttpHeaders.X_XSS_PROTECTION, "0");
    }

    public static void disableXSSAuditor(PortletResponse portletResponse) {
        disableXSSAuditor(PortalUtil.getHttpServletResponse(portletResponse));
    }

    public static void disableXSSAuditorOnNextRequest(HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession().setAttribute(_DISABLE_XSS_AUDITOR, Boolean.TRUE);
    }

    public static void disableXSSAuditorOnNextRequest(PortletRequest portletRequest) {
        disableXSSAuditorOnNextRequest(PortalUtil.getHttpServletRequest(portletRequest));
    }

    public static HttpServletResponse getSanitizedServletResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setXContentOptions(httpServletRequest, httpServletResponse);
        setXFrameOptions(httpServletRequest, httpServletResponse);
        setXXSSProtection(httpServletRequest, httpServletResponse);
        if (ServerDetector.isResin()) {
            httpServletResponse = new SanitizedServletResponse(httpServletResponse);
        }
        return httpServletResponse;
    }

    public void addHeader(String str, String str2) {
        super.addHeader(HttpUtil.sanitizeHeader(str), HttpUtil.sanitizeHeader(str2));
    }

    public void sendRedirect(String str) throws IOException {
        super.sendRedirect(HttpUtil.sanitizeHeader(str));
    }

    public void setCharacterEncoding(String str) {
        super.setCharacterEncoding(HttpUtil.sanitizeHeader(str));
    }

    public void setContentType(String str) {
        super.setContentType(HttpUtil.sanitizeHeader(str));
    }

    public void setHeader(String str, String str2) {
        super.setHeader(HttpUtil.sanitizeHeader(str), HttpUtil.sanitizeHeader(str2));
    }

    protected static void setXContentOptions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (_X_CONTENT_TYPE_OPTIONS) {
            if (_X_CONTENT_TYPE_OPTIONS_URLS_EXCLUDES.length > 0) {
                String requestURI = httpServletRequest.getRequestURI();
                for (String str : _X_CONTENT_TYPE_OPTIONS_URLS_EXCLUDES) {
                    if (requestURI.startsWith(str)) {
                        return;
                    }
                }
            }
            httpServletResponse.setHeader(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff");
        }
    }

    protected static void setXFrameOptions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (_X_FRAME_OPTIONS) {
            String requestURI = httpServletRequest.getRequestURI();
            for (KeyValuePair keyValuePair : _xFrameOptionKVPs) {
                if (requestURI.startsWith(keyValuePair.getKey())) {
                    if (keyValuePair.getValue() != null) {
                        httpServletResponse.setHeader(HttpHeaders.X_FRAME_OPTIONS, keyValuePair.getValue());
                        return;
                    }
                    return;
                }
            }
            httpServletResponse.setHeader(HttpHeaders.X_FRAME_OPTIONS, "DENY");
        }
    }

    protected static void setXXSSProtection(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null && session.getAttribute(_DISABLE_XSS_AUDITOR) != null) {
            session.removeAttribute(_DISABLE_XSS_AUDITOR);
            httpServletResponse.setHeader(HttpHeaders.X_XSS_PROTECTION, "0");
        } else {
            if (_X_XSS_PROTECTION == null) {
                return;
            }
            httpServletResponse.setHeader(HttpHeaders.X_XSS_PROTECTION, _X_XSS_PROTECTION);
        }
    }

    private SanitizedServletResponse(HttpServletResponse httpServletResponse) {
        super(httpServletResponse);
    }

    static {
        SortedProperties sortedProperties = new SortedProperties(new Comparator<String>() { // from class: com.liferay.portal.kernel.servlet.SanitizedServletResponse.1
            @Override // java.util.Comparator
            public int compare(String str, String str2) {
                return GetterUtil.getIntegerStrict(str) - GetterUtil.getIntegerStrict(str2);
            }
        }, PropertiesUtil.getProperties(SystemProperties.getProperties(), "http.header.secure.x.frame.options".concat("."), true));
        ArrayList arrayList = new ArrayList(sortedProperties.size());
        Iterator<Map.Entry<Object, Object>> it = sortedProperties.entrySet().iterator();
        while (it.hasNext()) {
            String[] split = StringUtil.split((String) it.next().getValue(), '|');
            if (split.length <= 2) {
                String trim = StringUtil.trim(split[0]);
                if (!Validator.isNull(trim)) {
                    if (split.length == 1) {
                        arrayList.add(new KeyValuePair(trim, null));
                    } else {
                        String trim2 = StringUtil.trim(split[1]);
                        if (Validator.isNull(trim2)) {
                            trim2 = null;
                        }
                        arrayList.add(new KeyValuePair(trim, trim2));
                    }
                }
            }
        }
        _xFrameOptionKVPs = (KeyValuePair[]) arrayList.toArray(new KeyValuePair[arrayList.size()]);
        if (_xFrameOptionKVPs.length == 0) {
            _X_FRAME_OPTIONS = false;
        } else {
            _X_FRAME_OPTIONS = GetterUtil.getBoolean(SystemProperties.get("http.header.secure.x.frame.options"), true);
        }
        String str = SystemProperties.get("http.header.secure.x.xss.protection");
        if (Validator.isNull(str)) {
            _X_XSS_PROTECTION = null;
        } else {
            _X_XSS_PROTECTION = str;
        }
    }
}
