package com.lenovo.cloud.framework.custom.security.config;

import com.lenovo.cloud.framework.custom.security.config.properties.SecurityHeadersProperties;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

@EnableConfigurationProperties({SecurityHeadersProperties.class})
@Configuration
@ConditionalOnProperty(prefix = "lenovo.security.headers", name = {"enabled"}, havingValue = "true", matchIfMissing = false)
/* loaded from: input_file:com/lenovo/cloud/framework/custom/security/config/SecurityHeadersConfiguration.class */
public class SecurityHeadersConfiguration {
    private final SecurityHeadersProperties properties;
    private final AntPathMatcher pathMatcher = new AntPathMatcher();

    public SecurityHeadersConfiguration(SecurityHeadersProperties securityHeadersProperties) {
        this.properties = securityHeadersProperties;
    }

    @Bean
    public OncePerRequestFilter securityHeadersFilter() {
        return new OncePerRequestFilter() { // from class: com.lenovo.cloud.framework.custom.security.config.SecurityHeadersConfiguration.1
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                if (!SecurityHeadersConfiguration.this.properties.isEnabled()) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                String requestURI = httpServletRequest.getRequestURI();
                List<String> excludeUrls = SecurityHeadersConfiguration.this.properties.getExcludeUrls();
                if (excludeUrls != null && excludeUrls.stream().anyMatch(str -> {
                    return SecurityHeadersConfiguration.this.pathMatcher.match(str, requestURI);
                })) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                httpServletResponse.setHeader("X-Frame-Options", SecurityHeadersConfiguration.this.properties.getXFrameOptions());
                httpServletResponse.setHeader("X-XSS-Protection", SecurityHeadersConfiguration.this.properties.getXXssProtection());
                httpServletResponse.setHeader("X-Content-Type-Options", SecurityHeadersConfiguration.this.properties.getXContentTypeOptions());
                httpServletResponse.setHeader("Strict-Transport-Security", SecurityHeadersConfiguration.this.properties.getStrictTransportSecurity());
                httpServletResponse.setHeader("Content-Security-Policy", SecurityHeadersConfiguration.this.properties.getContentSecurityPolicy());
                httpServletResponse.setHeader("Referrer-Policy", SecurityHeadersConfiguration.this.properties.getReferrerPolicy());
                httpServletResponse.setHeader("Permissions-Policy", SecurityHeadersConfiguration.this.properties.getPermissionsPolicy());
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        };
    }
}
