package org.apache.hadoop.hbase.http;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseInterfaceAudience;
import org.apache.hadoop.hbase.shaded.org.apache.commons.lang3.StringUtils;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({HBaseInterfaceAudience.CONFIG})
/* loaded from: input_file:org/apache/hadoop/hbase/http/SecurityHeadersFilter.class */
public class SecurityHeadersFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityHeadersFilter.class);
    private static final String DEFAULT_HSTS = "max-age=63072000;includeSubDomains;preload";
    private static final String DEFAULT_CSP = "default-src https: data: 'unsafe-inline' 'unsafe-eval'";
    private FilterConfig filterConfig;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        LOG.info("Added security headers filter");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.addHeader("X-XSS-Protection", "1; mode=block");
        String initParameter = this.filterConfig.getInitParameter("hsts");
        if (StringUtils.isNotBlank(initParameter)) {
            httpServletResponse.addHeader("Strict-Transport-Security", initParameter);
        }
        String initParameter2 = this.filterConfig.getInitParameter("csp");
        if (StringUtils.isNotBlank(initParameter2)) {
            httpServletResponse.addHeader("Content-Security-Policy", initParameter2);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    public static Map<String, String> getDefaultParameters(Configuration configuration, boolean z) {
        HashMap hashMap = new HashMap();
        hashMap.put("hsts", configuration.get("hbase.http.filter.hsts.value", z ? DEFAULT_HSTS : ""));
        hashMap.put("csp", configuration.get("hbase.http.filter.csp.value", z ? DEFAULT_CSP : ""));
        return hashMap;
    }
}
