package org.apereo.cas.config;

import java.util.Collections;
import java.util.HashMap;
import org.apache.commons.lang3.BooleanUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.security.RequestParameterPolicyEnforcementFilter;
import org.apereo.cas.security.ResponseHeadersEnforcementFilter;
import org.apereo.cas.web.support.CurrentCredentialsAndAuthenticationClearingFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.CharacterEncodingFilter;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("casFiltersConfiguration")
/* loaded from: input_file:WEB-INF/lib/cas-server-webapp-config-5.0.10.jar:org/apereo/cas/config/CasFiltersConfiguration.class */
public class CasFiltersConfiguration {

    @Autowired
    private CasConfigurationProperties casProperties;

    @RefreshScope
    @Bean
    public FilterRegistrationBean characterEncodingFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new CharacterEncodingFilter(this.casProperties.getHttpWebRequest().getWeb().getEncoding(), this.casProperties.getHttpWebRequest().getWeb().isForceEncoding()));
        filterRegistrationBean.setUrlPatterns(Collections.singleton("/*"));
        filterRegistrationBean.setName("characterEncodingFilter");
        return filterRegistrationBean;
    }

    @RefreshScope
    @Bean
    public FilterRegistrationBean responseHeadersSecurityFilter() {
        HashMap hashMap = new HashMap();
        hashMap.put("enableCacheControl", BooleanUtils.toStringTrueFalse(this.casProperties.getHttpWebRequest().getHeader().isCache()));
        hashMap.put("enableXContentTypeOptions", BooleanUtils.toStringTrueFalse(this.casProperties.getHttpWebRequest().getHeader().isXcontent()));
        hashMap.put("enableStrictTransportSecurity", BooleanUtils.toStringTrueFalse(this.casProperties.getHttpWebRequest().getHeader().isHsts()));
        hashMap.put("enableXFrameOptions", BooleanUtils.toStringTrueFalse(this.casProperties.getHttpWebRequest().getHeader().isXframe()));
        hashMap.put("enableXSSProtection", BooleanUtils.toStringTrueFalse(this.casProperties.getHttpWebRequest().getHeader().isXss()));
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new ResponseHeadersEnforcementFilter());
        filterRegistrationBean.setUrlPatterns(Collections.singleton("/*"));
        filterRegistrationBean.setInitParameters(hashMap);
        filterRegistrationBean.setName("responseHeadersSecurityFilter");
        return filterRegistrationBean;
    }

    @RefreshScope
    @Bean
    public FilterRegistrationBean requestParameterSecurityFilter() {
        HashMap hashMap = new HashMap();
        hashMap.put(RequestParameterPolicyEnforcementFilter.PARAMETERS_TO_CHECK, this.casProperties.getHttpWebRequest().getParamsToCheck());
        hashMap.put(RequestParameterPolicyEnforcementFilter.CHARACTERS_TO_FORBID, "none");
        hashMap.put(RequestParameterPolicyEnforcementFilter.ALLOW_MULTI_VALUED_PARAMETERS, BooleanUtils.toStringTrueFalse(this.casProperties.getHttpWebRequest().isAllowMultiValueParameters()));
        hashMap.put(RequestParameterPolicyEnforcementFilter.ONLY_POST_PARAMETERS, this.casProperties.getHttpWebRequest().getOnlyPostParams());
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new RequestParameterPolicyEnforcementFilter());
        filterRegistrationBean.setUrlPatterns(Collections.singleton("/*"));
        filterRegistrationBean.setName("requestParameterSecurityFilter");
        filterRegistrationBean.setInitParameters(hashMap);
        return filterRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean currentCredentialsAndAuthenticationClearingFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new CurrentCredentialsAndAuthenticationClearingFilter());
        filterRegistrationBean.setUrlPatterns(Collections.singleton("/*"));
        filterRegistrationBean.setName("currentCredentialsAndAuthenticationClearingFilter");
        filterRegistrationBean.setAsyncSupported(true);
        return filterRegistrationBean;
    }
}
