package info.magnolia.cms.filters;

import info.magnolia.cms.beans.config.MIMEMapping;
import info.magnolia.cms.beans.config.ServerConfiguration;
import info.magnolia.cms.core.AggregationState;
import info.magnolia.cms.security.SecurityCallbackFilter;
import info.magnolia.cms.util.ServletUtil;
import info.magnolia.context.MgnlContext;
import info.magnolia.util.EscapeUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import javax.inject.Inject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-core-5.5.5.jar:info/magnolia/cms/filters/ContentTypeFilter.class */
public class ContentTypeFilter extends AbstractMgnlFilter {
    private boolean sanitizeXssUri = true;
    private boolean registeredExtensionsOnly = false;
    private boolean validateContentType = false;
    private ServerConfiguration serverConfiguration;
    private static final Logger log = LoggerFactory.getLogger(ContentTypeFilter.class);
    private static final String AGGREGATION_STATE_INITIALIZED = ContentTypeFilter.class.getName() + ".aggregationStateInitialized";

    @Deprecated
    public ContentTypeFilter() {
    }

    @Inject
    public ContentTypeFilter(ServerConfiguration serverConfiguration) {
        this.serverConfiguration = serverConfiguration;
    }

    @Override // info.magnolia.cms.filters.AbstractMgnlFilter
    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecurityCallbackFilter.StatusSniffingResponseWrapper statusSniffingResponseWrapper = httpServletResponse instanceof SecurityCallbackFilter.StatusSniffingResponseWrapper ? (SecurityCallbackFilter.StatusSniffingResponseWrapper) httpServletResponse : new SecurityCallbackFilter.StatusSniffingResponseWrapper(httpServletResponse);
        if (httpServletRequest.getAttribute(AGGREGATION_STATE_INITIALIZED) != null) {
            MgnlContext.resetAggregationState();
        } else {
            httpServletRequest.setAttribute(AGGREGATION_STATE_INITIALIZED, Boolean.TRUE);
        }
        String originalRequestURI = ServletUtil.getOriginalRequestURI(httpServletRequest);
        String originalRequestURLIncludingQueryString = ServletUtil.getOriginalRequestURLIncludingQueryString(httpServletRequest);
        String uriExtension = getUriExtension(originalRequestURI);
        String mimeType = getMimeType(uriExtension, statusSniffingResponseWrapper);
        if (isRegisteredExtensionsOnly() && mimeType == null && !statusSniffingResponseWrapper.isCommitted()) {
            statusSniffingResponseWrapper.sendError(400, String.format("Unsupported extension=%1$s.", uriExtension));
            return;
        }
        String str = setupCharacterEncoding(mimeType, httpServletRequest, statusSniffingResponseWrapper);
        AggregationState aggregationState = MgnlContext.getAggregationState();
        aggregationState.setCharacterEncoding(str);
        aggregationState.setOriginalURI(decodeUri(originalRequestURI, str));
        try {
            aggregationState.setOriginalURL(decodeUri(originalRequestURLIncludingQueryString, str));
            aggregationState.setOriginalBrowserURI(originalRequestURI);
            aggregationState.setOriginalBrowserURL(originalRequestURLIncludingQueryString);
            aggregationState.setCurrentURI(decodeUri(URI.create(ServletUtil.getRequestUri(httpServletRequest)).normalize().getRawPath(), str));
            aggregationState.setExtension(uriExtension);
            aggregationState.setQueryString(httpServletRequest.getQueryString());
            if (isValidateContentType()) {
                filterChain.doFilter(httpServletRequest, new ContentTypeCheckingResponseWrapper(statusSniffingResponseWrapper, uriExtension));
            } else {
                filterChain.doFilter(httpServletRequest, statusSniffingResponseWrapper);
            }
            if (statusSniffingResponseWrapper.getContentType() == null) {
                if (statusSniffingResponseWrapper.getStatus() != 200) {
                    log.debug("Content type for {} is not set, status code of response is {}.", originalRequestURLIncludingQueryString, Integer.valueOf(statusSniffingResponseWrapper.getStatus()));
                    return;
                }
                log.warn("Content type for {} is not set.", originalRequestURLIncludingQueryString);
                if (statusSniffingResponseWrapper.isCommitted()) {
                    return;
                }
                log.warn("Response is not committed yet. Setting content type: {}.", mimeType);
                statusSniffingResponseWrapper.setContentType(mimeType);
            }
        } catch (IllegalArgumentException e) {
            if (statusSniffingResponseWrapper.isCommitted()) {
                return;
            }
            statusSniffingResponseWrapper.sendError(400, "URL is malformed (not encoded properly).");
        }
    }

    protected String getUriExtension(String str) {
        return StringUtils.substringAfterLast(StringUtils.substringAfterLast(str, "/"), ".");
    }

    protected String getMimeType(String str, HttpServletResponse httpServletResponse) {
        String mIMETypeOrDefault;
        if (isRegisteredExtensionsOnly()) {
            if (StringUtils.isBlank(str)) {
                str = this.serverConfiguration.getDefaultExtension();
                if (StringUtils.isBlank(str)) {
                    str = "html";
                }
            }
            mIMETypeOrDefault = MIMEMapping.getMIMEType(str);
            if (mIMETypeOrDefault == null) {
                return null;
            }
        } else {
            mIMETypeOrDefault = MIMEMapping.getMIMETypeOrDefault(str);
        }
        return mIMETypeOrDefault;
    }

    protected String setupCharacterEncoding(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String contentEncodingOrDefault = MIMEMapping.getContentEncodingOrDefault(str);
        try {
            if (httpServletRequest.getCharacterEncoding() == null) {
                httpServletRequest.setCharacterEncoding(contentEncodingOrDefault);
            }
        } catch (UnsupportedEncodingException e) {
            log.error("Can't set character encoding for the request (mimetype={})", str, e);
        }
        httpServletResponse.setCharacterEncoding(contentEncodingOrDefault);
        return contentEncodingOrDefault;
    }

    private String sanitizeXss(String str) {
        String substringAfterLast = StringUtils.substringAfterLast(str, ".");
        if (!StringUtils.isNotEmpty(substringAfterLast)) {
            return str;
        }
        return StringUtils.removeEnd(str, substringAfterLast).concat(EscapeUtil.escapeXss(substringAfterLast));
    }

    private String decodeUri(String str, String str2) throws UnsupportedEncodingException {
        String decode = URLDecoder.decode(str, str2);
        return isSanitizeXssUri() ? sanitizeXss(decode) : decode;
    }

    public boolean isSanitizeXssUri() {
        return this.sanitizeXssUri;
    }

    public void setSanitizeXssUri(boolean z) {
        this.sanitizeXssUri = z;
    }

    public boolean isRegisteredExtensionsOnly() {
        return this.registeredExtensionsOnly;
    }

    public void setRegisteredExtensionsOnly(boolean z) {
        this.registeredExtensionsOnly = z;
    }

    public boolean isValidateContentType() {
        return this.validateContentType;
    }

    public void setValidateContentType(boolean z) {
        this.validateContentType = z;
    }

    @Deprecated
    protected String setupContentTypeAndCharacterEncoding(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return setupCharacterEncoding(setupContentType(str, httpServletResponse), httpServletRequest, httpServletResponse);
    }

    @Deprecated
    protected String setupContentType(String str, HttpServletResponse httpServletResponse) {
        return getMimeType(str, httpServletResponse);
    }
}
