package org.apache.druid.server.initialization.jetty;

import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject;
import java.io.IOException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nullable;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.CharUtils;
import org.apache.druid.java.util.common.IAE;
import org.apache.druid.server.initialization.ServerConfig;
import org.eclipse.jetty.client.api.Response;

/* loaded from: input_file:org/apache/druid/server/initialization/jetty/StandardResponseHeaderFilterHolder.class */
public class StandardResponseHeaderFilterHolder implements ServletFilterHolder {
    private static final Set<String> STANDARD_HEADERS = ImmutableSet.of("Cache-Control", "Content-Security-Policy", "Strict-Transport-Security");
    private static final String DEFAULT_CONTENT_SECURITY_POLICY = "frame-ancestors 'none'";
    private final String contentSecurityPolicy;

    /* loaded from: input_file:org/apache/druid/server/initialization/jetty/StandardResponseHeaderFilterHolder$StandardResponseHeaderFilter.class */
    static class StandardResponseHeaderFilter implements Filter {
        private final String contentSecurityPolicy;

        public StandardResponseHeaderFilter(String str) {
            this.contentSecurityPolicy = str;
        }

        @Override // javax.servlet.Filter
        public void init(FilterConfig filterConfig) {
        }

        @Override // javax.servlet.Filter
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (!"POST".equals(((HttpServletRequest) servletRequest).getMethod())) {
                httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, max-age=0");
                httpServletResponse.setHeader("Content-Security-Policy", this.contentSecurityPolicy);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }

        @Override // javax.servlet.Filter
        public void destroy() {
        }
    }

    @Inject
    public StandardResponseHeaderFilterHolder(ServerConfig serverConfig) {
        this.contentSecurityPolicy = asContentSecurityPolicyHeaderValue(serverConfig.getContentSecurityPolicy());
    }

    public static void deduplicateHeadersInProxyServlet(HttpServletResponse httpServletResponse, Response response) {
        for (String str : STANDARD_HEADERS) {
            if (response.getHeaders().containsKey(str) && httpServletResponse.containsHeader(str)) {
                ((org.eclipse.jetty.server.Response) httpServletResponse).getHttpFields().remove(str);
            }
        }
    }

    static String asContentSecurityPolicyHeaderValue(@Nullable String str) {
        if (str == null || str.trim().isEmpty()) {
            return DEFAULT_CONTENT_SECURITY_POLICY;
        }
        for (int i = 0; i < str.length(); i++) {
            if (!CharUtils.isAscii(str.charAt(i))) {
                throw new IAE("Content-Security-Policy header value must be fully ASCII", new Object[0]);
            }
        }
        return str;
    }

    @Override // org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public Filter getFilter() {
        return new StandardResponseHeaderFilter(this.contentSecurityPolicy);
    }

    @Override // org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public Class<? extends Filter> getFilterClass() {
        return StandardResponseHeaderFilter.class;
    }

    @Override // org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public Map<String, String> getInitParameters() {
        return Collections.emptyMap();
    }

    @Override // org.apache.druid.server.initialization.jetty.ServletFilterHolder
    public String getPath() {
        return "/*";
    }

    @Override // org.apache.druid.server.initialization.jetty.ServletFilterHolder
    @Nullable
    public EnumSet<DispatcherType> getDispatcherType() {
        return null;
    }
}
