package org.apache.nifi.web.server.filter;

import jakarta.servlet.Filter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.processor.DataUnit;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.requests.ContentLengthFilter;
import org.apache.nifi.web.server.log.RequestAuthenticationFilter;
import org.eclipse.jetty.ee10.servlet.FilterHolder;
import org.eclipse.jetty.ee10.servlets.DoSFilter;
import org.springframework.security.web.header.HeaderWriterFilter;
import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;
import org.springframework.security.web.header.writers.HstsHeaderWriter;
import org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;

/* loaded from: input_file:org/apache/nifi/web/server/filter/StandardRequestFilterProvider.class */
public class StandardRequestFilterProvider implements RequestFilterProvider {
    private static final int MAX_CONTENT_SIZE_DISABLED = 0;
    private static final String STANDARD_CONTENT_POLICY = "frame-ancestors 'self'";

    @Override // org.apache.nifi.web.server.filter.RequestFilterProvider
    public List<FilterHolder> getFilters(NiFiProperties niFiProperties) {
        Objects.requireNonNull(niFiProperties, "Properties required");
        ArrayList arrayList = new ArrayList();
        if (niFiProperties.isHTTPSConfigured()) {
            arrayList.add(getFilterHolder(RequestAuthenticationFilter.class));
        }
        arrayList.add(getHeaderWriterFilter());
        int maxContentSize = getMaxContentSize(niFiProperties);
        if (maxContentSize > 0) {
            arrayList.add(getContentLengthFilter(maxContentSize));
        }
        arrayList.add(getDenialOfServiceFilter(niFiProperties, DataTransferExcludedDoSFilter.class));
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FilterHolder getDenialOfServiceFilter(NiFiProperties niFiProperties, Class<? extends DoSFilter> cls) {
        FilterHolder filterHolder = new FilterHolder(cls);
        filterHolder.setInitParameter("maxRequestsPerSec", Integer.toString(niFiProperties.getMaxWebRequestsPerSecond().intValue()));
        filterHolder.setInitParameter("maxRequestMs", Long.toString(getWebRequestTimeout(niFiProperties)));
        filterHolder.setInitParameter("ipWhitelist", niFiProperties.getWebRequestIpWhitelist());
        filterHolder.setName(DoSFilter.class.getSimpleName());
        return filterHolder;
    }

    private FilterHolder getHeaderWriterFilter() {
        FilterHolder filterHolder = new FilterHolder(new HeaderWriterFilter(Arrays.asList(new ContentSecurityPolicyHeaderWriter(STANDARD_CONTENT_POLICY), new HstsHeaderWriter(), new XContentTypeOptionsHeaderWriter(), new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN), new XXssProtectionHeaderWriter())));
        filterHolder.setName(HeaderWriterFilter.class.getSimpleName());
        return filterHolder;
    }

    private FilterHolder getFilterHolder(Class<? extends Filter> cls) {
        FilterHolder filterHolder = new FilterHolder(cls);
        filterHolder.setName(cls.getSimpleName());
        return filterHolder;
    }

    private FilterHolder getContentLengthFilter(int i) {
        FilterHolder filterHolder = getFilterHolder(ContentLengthFilter.class);
        filterHolder.setInitParameter("maxContentLength", Integer.toString(i));
        filterHolder.setName(ContentLengthFilter.class.getSimpleName());
        return filterHolder;
    }

    private int getMaxContentSize(NiFiProperties niFiProperties) {
        String webMaxContentSize = niFiProperties.getWebMaxContentSize();
        try {
            return StringUtils.isBlank(webMaxContentSize) ? MAX_CONTENT_SIZE_DISABLED : DataUnit.parseDataSize(webMaxContentSize, DataUnit.B).intValue();
        } catch (IllegalArgumentException e) {
            throw new IllegalStateException(String.format("Property [%s] format invalid", "nifi.web.max.content.size"), e);
        }
    }

    protected long getWebRequestTimeout(NiFiProperties niFiProperties) {
        try {
            return Math.round(FormatUtils.getPreciseTimeDuration(niFiProperties.getWebRequestTimeout(), TimeUnit.MILLISECONDS));
        } catch (NumberFormatException e) {
            throw new IllegalStateException(String.format("Property [%s] format invalid", "nifi.web.request.timeout"), e);
        }
    }
}
