package com.jxdinfo.hussar.support.secure.riskprotect.config;

import com.jxdinfo.hussar.core.config.HussarConfig;
import com.jxdinfo.hussar.otp.credential.AbstractOTPCredentialsMatcher;
import com.jxdinfo.hussar.support.secure.riskprotect.filter.CsrfFilter;
import com.jxdinfo.hussar.support.secure.riskprotect.filter.XssFilter;
import com.jxdinfo.hussar.support.secure.riskprotect.properties.CorsProperties;
import java.util.List;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:com/jxdinfo/hussar/support/secure/riskprotect/config/FirewallConfig.class */
public class FirewallConfig {

    @Resource
    private HussarConfig hussarConfig;

    @Autowired
    AbstractOTPCredentialsMatcher abstractOTPCredentialsMatcher;

    @Autowired
    private CorsProperties corsProperties;

    @Bean
    public FilterRegistrationBean<XssFilter> xssFilterRegistration() {
        XssFilter xssFilter = new XssFilter();
        FilterRegistrationBean<XssFilter> filterRegistrationBean = new FilterRegistrationBean<>(xssFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        xssFilter.setXssLevel(this.hussarConfig.getFirewallXssLevel());
        List<String> xssWhitelist = this.hussarConfig.getXssWhitelist();
        StringBuffer stringBuffer = new StringBuffer("/logout,/static/*,*.js,*.gif,*.jpg,*.png,*.css,*.ico");
        StringBuffer stringBuffer2 = new StringBuffer("*/sqlnet.log,*/sqlnet.trc,*/status.cgi,*.cgi,*.dll,*.exe,*.sh,*.bat*,/servlet/viewsource.jsp,/cgi-bin/htgrep/*,*.asp,*.aspx,*php,*php5,*php4,*php3,*php2,*php1,*.swp");
        if (xssWhitelist != null && xssWhitelist.size() > 0) {
            for (String str : xssWhitelist) {
                stringBuffer.append(",");
                stringBuffer.append(str);
            }
        }
        filterRegistrationBean.addInitParameter("exclusions", stringBuffer.toString());
        List<String> xssBlacklist = this.hussarConfig.getXssBlacklist();
        if (xssBlacklist != null && xssBlacklist.size() > 0) {
            for (String str2 : xssBlacklist) {
                stringBuffer2.append(",");
                stringBuffer2.append(str2);
            }
        }
        filterRegistrationBean.addInitParameter(XssFilter.PARAM_NAME_PATHCHECKS, stringBuffer2.toString());
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean<CsrfFilter> csrfFilterRegistration() {
        CsrfFilter csrfFilter = new CsrfFilter(this.abstractOTPCredentialsMatcher);
        csrfFilter.setCsrfcheck(this.hussarConfig.isCheckCsrfOpen());
        FilterRegistrationBean<CsrfFilter> filterRegistrationBean = new FilterRegistrationBean<>(csrfFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        StringBuffer stringBuffer = new StringBuffer("/logout,/static/*,/monitor,*.js,*.gif,*.jpg,*.png,*.css,*.ico");
        List<String> csrfWhitelist = this.hussarConfig.getCsrfWhitelist();
        if (csrfWhitelist != null && csrfWhitelist.size() > 0) {
            for (String str : csrfWhitelist) {
                stringBuffer.append(",");
                stringBuffer.append(str);
            }
        }
        StringBuffer stringBuffer2 = new StringBuffer();
        List<String> referWhitelist = this.hussarConfig.getReferWhitelist();
        if (referWhitelist == null || referWhitelist.size() <= 0) {
            stringBuffer2.append("http://").append(",").append("https://");
        } else {
            for (String str2 : referWhitelist) {
                stringBuffer2.append(",");
                stringBuffer2.append(str2);
            }
        }
        for (String str3 : this.corsProperties.getAllowedOrigins()) {
            stringBuffer2.append(",");
            stringBuffer2.append(str3);
        }
        csrfFilter.setRefererWhitelist(stringBuffer2.toString());
        filterRegistrationBean.addInitParameter("exclusions", stringBuffer.toString());
        return filterRegistrationBean;
    }
}
