package org.apache.felix.http.sslfilter.internal;

import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.osgi.service.servlet.whiteboard.Preprocessor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = Config.class)
@Component(service = {Preprocessor.class}, configurationPid = {"org.apache.felix.http.sslfilter.Configuration"}, property = {"osgi.http.whiteboard.context.select=(osgi.http.whiteboard.context.name=*)", "osgi.http.whiteboard.filter.pattern=/"})
/* loaded from: input_file:lib/slingcms.far:org/apache/felix/org.apache.felix.http.sslfilter/2.0.2/org.apache.felix.http.sslfilter-2.0.2.jar:org/apache/felix/http/sslfilter/internal/SslFilter.class */
public class SslFilter implements Preprocessor {
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SslFilter.class);
    private volatile Config config;

    @ObjectClassDefinition(name = "Apache Felix Http Service SSL Filter", description = "Configuration for the Http Service SSL Filter. Please consult the documentation of your proxy for the actual headers and values to use.")
    /* loaded from: input_file:lib/slingcms.far:org/apache/felix/org.apache.felix.http.sslfilter/2.0.2/org.apache.felix.http.sslfilter-2.0.2.jar:org/apache/felix/http/sslfilter/internal/SslFilter$Config.class */
    public @interface Config {
        @AttributeDefinition(name = "SSL forward header", description = "HTTP Request header name that indicates a request is a SSL request terminated at a proxy between the client and the originating server. The default value is 'X-Forwarded-SSL' as is customarily used in the wild. Other commonly used names are: 'X-Forwarded-Proto' (Amazon ELB), 'X-Forwarded-Protocol' (alternative), and 'Front-End-Https' (Microsoft IIS).")
        String ssl_forward_header() default "X-Forwarded-SSL";

        @AttributeDefinition(name = "SSL forward value", description = "HTTP Request header value that indicates a request is a SSL request terminated at a proxy. The default value is 'on'. Another commonly used value is 'https'.")
        String ssl_forward_value() default "on";

        @AttributeDefinition(name = "SSL client header", description = "HTTP Request header name that contains the client certificate forwarded by a proxy. The default value is 'X-Forwarded-SSL-Certificate'. Another commonly used value is 'X-Forwarded-SSL-Client-Cert'.")
        String ssl_forward_cert_header() default "X-Forwarded-SSL-Certificate";

        @AttributeDefinition(name = "Rewrite Absolute URLs", description = "If enabled, absolute URLs passed to either sendRedirect or by setting the location header are rewritten as well.")
        boolean rewrite_absolute_urls() default false;
    }

    @Activate
    public SslFilter(Config config) {
        updateConfig(config);
    }

    @Modified
    public void updateConfig(Config config) {
        this.config = config;
        LOGGER.info("SSL filter (re)configured with: rewrite absolute urls = {}; SSL forward header = '{}'; SSL forward value = '{}'; SSL certificate header = '{}'", Boolean.valueOf(config.rewrite_absolute_urls()), config.ssl_forward_header(), config.ssl_forward_value(), config.ssl_forward_cert_header());
    }

    @Override // jakarta.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // jakarta.servlet.Filter
    public void destroy() {
    }

    @Override // jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Config config = this.config;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (config.ssl_forward_value().equalsIgnoreCase(httpServletRequest.getHeader(config.ssl_forward_header()))) {
            httpServletResponse = new SslFilterResponse(httpServletResponse, httpServletRequest, config);
            httpServletRequest = new SslFilterRequest(httpServletRequest, httpServletRequest.getHeader(config.ssl_forward_cert_header()));
        }
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            if (httpServletRequest instanceof SslFilterRequest) {
                ((SslFilterRequest) httpServletRequest).done();
            }
        } catch (Throwable th) {
            if (httpServletRequest instanceof SslFilterRequest) {
                ((SslFilterRequest) httpServletRequest).done();
            }
            throw th;
        }
    }
}
