package org.apache.shiro.web.filter.authz;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/shiro-web-1.7.1.jar:org/apache/shiro/web/filter/authz/SslFilter.class */
public class SslFilter extends PortFilter {
    public static final int DEFAULT_HTTPS_PORT = 443;
    public static final String HTTPS_SCHEME = "https";
    private HSTS hsts;

    /* loaded from: input_file:WEB-INF/lib/shiro-web-1.7.1.jar:org/apache/shiro/web/filter/authz/SslFilter$HSTS.class */
    public class HSTS {
        public static final String HTTP_HEADER = "Strict-Transport-Security";
        public static final boolean DEFAULT_ENABLED = false;
        public static final int DEFAULT_MAX_AGE = 31536000;
        public static final boolean DEFAULT_INCLUDE_SUB_DOMAINS = false;
        private boolean enabled = false;
        private int maxAge = 31536000;
        private boolean includeSubDomains = false;

        public HSTS() {
        }

        public boolean isEnabled() {
            return this.enabled;
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        public int getMaxAge() {
            return this.maxAge;
        }

        public void setMaxAge(int i) {
            this.maxAge = i;
        }

        public boolean isIncludeSubDomains() {
            return this.includeSubDomains;
        }

        public void setIncludeSubDomains(boolean z) {
            this.includeSubDomains = z;
        }
    }

    public SslFilter() {
        setPort(DEFAULT_HTTPS_PORT);
        this.hsts = new HSTS();
    }

    public HSTS getHsts() {
        return this.hsts;
    }

    public void setHsts(HSTS hsts) {
        this.hsts = hsts;
    }

    @Override // org.apache.shiro.web.filter.authz.PortFilter
    protected String getScheme(String str, int i) {
        return i == 80 ? "http" : HTTPS_SCHEME;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authz.PortFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        return super.isAccessAllowed(servletRequest, servletResponse, obj) && servletRequest.isSecure();
    }

    @Override // org.apache.shiro.web.servlet.AdviceFilter
    protected void postHandle(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (this.hsts.isEnabled()) {
            StringBuilder append = new StringBuilder(64).append("max-age=").append(this.hsts.getMaxAge());
            if (this.hsts.isIncludeSubDomains()) {
                append.append("; includeSubDomains");
            }
            ((HttpServletResponse) servletResponse).addHeader("Strict-Transport-Security", append.toString());
        }
    }
}
