package org.geoserver.security.web.csp;

import java.io.BufferedReader;
import java.io.IOException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.servlet.AsyncContext;
import javax.servlet.DispatcherType;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpUpgradeHandler;
import javax.servlet.http.Part;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.wicket.Component;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink;
import org.apache.wicket.markup.html.form.Button;
import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.SubmitLink;
import org.apache.wicket.markup.html.form.TextArea;
import org.apache.wicket.model.CompoundPropertyModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.model.PropertyModel;
import org.geoserver.security.csp.CSPConfiguration;
import org.geoserver.security.csp.CSPHeaderDAO;
import org.geoserver.web.GeoServerApplication;
import org.geoserver.web.GeoServerSecuredPage;

/* loaded from: input_file:org/geoserver/security/web/csp/CSPConfigurationPage.class */
public class CSPConfigurationPage extends GeoServerSecuredPage {
    private static final long serialVersionUID = -5935887226717780789L;
    private TextArea<String> testResultField;
    private String testUrl = "";
    private CSPConfiguration config = new CSPConfiguration(getCSPHeaderDAO().getConfig());

    public CSPConfigurationPage() throws IOException {
        Model model = new Model(this.config);
        Form form = new Form("form", new CompoundPropertyModel(model));
        form.add(new Component[]{new CheckBox("enabled", new PropertyModel(model, "enabled"))});
        form.add(new Component[]{new CheckBox("reportOnly", new PropertyModel(model, "reportOnly"))});
        form.add(new Component[]{new CheckBox("allowOverride", new PropertyModel(model, "allowOverride"))});
        form.add(new Component[]{new CheckBox("injectProxyBase", new PropertyModel(model, "injectProxyBase"))});
        form.add(new Component[]{new TextArea("remoteResources", new PropertyModel(model, "remoteResources"))});
        form.add(new Component[]{new TextArea("frameAncestors", new PropertyModel(model, "frameAncestors"))});
        form.add(new Component[]{new CSPPolicyPanel("policies", this.config)});
        form.add(new Component[]{new TextArea("testUrl", new PropertyModel(this, "testUrl"))});
        form.add(new Component[]{new AjaxSubmitLink("testLink") { // from class: org.geoserver.security.web.csp.CSPConfigurationPage.1
            private static final long serialVersionUID = 1700932575669734348L;

            protected void onSubmit(AjaxRequestTarget ajaxRequestTarget) {
                CSPConfigurationPage.this.testContentSecurityPolicy(ajaxRequestTarget);
            }
        }});
        this.testResultField = new TextArea<>("testResult", new Model(""));
        form.add(new Component[]{this.testResultField.setOutputMarkupId(true).setEnabled(false)});
        form.add(new Component[]{new SubmitLink("save", form) { // from class: org.geoserver.security.web.csp.CSPConfigurationPage.2
            private static final long serialVersionUID = -8900006356449150190L;

            public void onSubmit() {
                CSPConfigurationPage.this.saveConfiguration(true);
            }
        }});
        form.add(new Component[]{new Button("apply") { // from class: org.geoserver.security.web.csp.CSPConfigurationPage.3
            private static final long serialVersionUID = -3327108081898697618L;

            public void onSubmit() {
                CSPConfigurationPage.this.saveConfiguration(false);
            }
        }});
        form.add(new Component[]{new Button("cancel") { // from class: org.geoserver.security.web.csp.CSPConfigurationPage.4
            private static final long serialVersionUID = 7567566240358171893L;

            public void onSubmit() {
                CSPConfigurationPage.this.doReturn();
            }
        }});
        add(new Component[]{form});
    }

    private CSPHeaderDAO getCSPHeaderDAO() {
        return (CSPHeaderDAO) getGeoServerApplication().getBeanOfType(CSPHeaderDAO.class);
    }

    private void saveConfiguration(boolean z) {
        try {
            getCSPHeaderDAO().setConfig(new CSPConfiguration(this.config));
            if (z) {
                doReturn();
            }
        } catch (Exception e) {
            error(e);
        }
    }

    private void testContentSecurityPolicy(AjaxRequestTarget ajaxRequestTarget) {
        String str = "Enter URL";
        try {
            if (StringUtils.isNotBlank(this.testUrl)) {
                HttpServletRequest httpRequest = getHttpRequest(new URL(this.testUrl.trim()));
                this.config.parseFilters();
                str = CSPHeaderDAO.getContentSecurityPolicy(this.config, httpRequest, true);
            }
        } catch (Exception e) {
            str = "ERROR";
            error(e);
            addFeedbackPanels(ajaxRequestTarget);
        }
        ajaxRequestTarget.add(new Component[]{this.testResultField.setDefaultModelObject(str)});
    }

    private static HttpServletRequest getHttpRequest(final URL url) throws IOException {
        final String str = url.getHost() + (url.getPort() == -1 ? "" : Integer.valueOf(58 + url.getPort()));
        String decode = URLDecoder.decode(url.getPath(), "UTF-8");
        String contextPath = GeoServerApplication.get().servletRequest().getContextPath();
        final String substring = decode.startsWith(contextPath) ? decode.substring(contextPath.length()) : decode;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        URLEncodedUtils.parse(url.getQuery(), StandardCharsets.UTF_8, new char[]{'&'}).forEach(nameValuePair -> {
            ((List) linkedHashMap.computeIfAbsent(nameValuePair.getName(), str2 -> {
                return new ArrayList();
            })).add(nameValuePair.getValue());
        });
        final LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap.forEach((str2, list) -> {
            linkedHashMap2.put(str2, (String[]) list.toArray(new String[list.size()]));
        });
        return new HttpServletRequest() { // from class: org.geoserver.security.web.csp.CSPConfigurationPage.5
            public String getHeader(String str3) {
                if ("Host".equals(str3)) {
                    return str;
                }
                return null;
            }

            public String getMethod() {
                return "GET";
            }

            public Map<String, String[]> getParameterMap() {
                return Collections.unmodifiableMap(linkedHashMap2);
            }

            public String getPathInfo() {
                return substring;
            }

            public String getQueryString() {
                return url.getQuery();
            }

            public String getRequestURI() {
                return url.getPath();
            }

            public String getScheme() {
                return url.getProtocol();
            }

            public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) {
                throw new UnsupportedOperationException();
            }

            public AsyncContext startAsync() {
                throw new UnsupportedOperationException();
            }

            public void setCharacterEncoding(String str3) {
                throw new UnsupportedOperationException();
            }

            public void setAttribute(String str3, Object obj) {
                throw new UnsupportedOperationException();
            }

            public void removeAttribute(String str3) {
                throw new UnsupportedOperationException();
            }

            public boolean isSecure() {
                throw new UnsupportedOperationException();
            }

            public boolean isAsyncSupported() {
                throw new UnsupportedOperationException();
            }

            public boolean isAsyncStarted() {
                throw new UnsupportedOperationException();
            }

            public ServletContext getServletContext() {
                throw new UnsupportedOperationException();
            }

            public int getServerPort() {
                throw new UnsupportedOperationException();
            }

            public String getServerName() {
                throw new UnsupportedOperationException();
            }

            public RequestDispatcher getRequestDispatcher(String str3) {
                throw new UnsupportedOperationException();
            }

            public int getRemotePort() {
                throw new UnsupportedOperationException();
            }

            public String getRemoteHost() {
                throw new UnsupportedOperationException();
            }

            public String getRemoteAddr() {
                throw new UnsupportedOperationException();
            }

            public String getRealPath(String str3) {
                throw new UnsupportedOperationException();
            }

            public BufferedReader getReader() {
                throw new UnsupportedOperationException();
            }

            public String getProtocol() {
                throw new UnsupportedOperationException();
            }

            public String[] getParameterValues(String str3) {
                throw new UnsupportedOperationException();
            }

            public Enumeration<String> getParameterNames() {
                throw new UnsupportedOperationException();
            }

            public String getParameter(String str3) {
                throw new UnsupportedOperationException();
            }

            public Enumeration<Locale> getLocales() {
                throw new UnsupportedOperationException();
            }

            public Locale getLocale() {
                throw new UnsupportedOperationException();
            }

            public int getLocalPort() {
                throw new UnsupportedOperationException();
            }

            public String getLocalName() {
                throw new UnsupportedOperationException();
            }

            public String getLocalAddr() {
                throw new UnsupportedOperationException();
            }

            public ServletInputStream getInputStream() {
                throw new UnsupportedOperationException();
            }

            public DispatcherType getDispatcherType() {
                throw new UnsupportedOperationException();
            }

            public String getContentType() {
                throw new UnsupportedOperationException();
            }

            public int getContentLength() {
                throw new UnsupportedOperationException();
            }

            public long getContentLengthLong() {
                throw new UnsupportedOperationException();
            }

            public String getCharacterEncoding() {
                throw new UnsupportedOperationException();
            }

            public Enumeration<String> getAttributeNames() {
                throw new UnsupportedOperationException();
            }

            public Object getAttribute(String str3) {
                throw new UnsupportedOperationException();
            }

            public AsyncContext getAsyncContext() {
                throw new UnsupportedOperationException();
            }

            public void logout() throws ServletException {
                throw new UnsupportedOperationException();
            }

            public void login(String str3, String str4) {
                throw new UnsupportedOperationException();
            }

            public boolean isUserInRole(String str3) {
                throw new UnsupportedOperationException();
            }

            public boolean isRequestedSessionIdValid() {
                throw new UnsupportedOperationException();
            }

            public boolean isRequestedSessionIdFromUrl() {
                throw new UnsupportedOperationException();
            }

            public boolean isRequestedSessionIdFromURL() {
                throw new UnsupportedOperationException();
            }

            public boolean isRequestedSessionIdFromCookie() {
                throw new UnsupportedOperationException();
            }

            public Principal getUserPrincipal() {
                throw new UnsupportedOperationException();
            }

            public HttpSession getSession(boolean z) {
                throw new UnsupportedOperationException();
            }

            public HttpSession getSession() {
                throw new UnsupportedOperationException();
            }

            public String changeSessionId() {
                throw new UnsupportedOperationException();
            }

            public String getServletPath() {
                throw new UnsupportedOperationException();
            }

            public String getRequestedSessionId() {
                throw new UnsupportedOperationException();
            }

            public StringBuffer getRequestURL() {
                throw new UnsupportedOperationException();
            }

            public String getRemoteUser() {
                throw new UnsupportedOperationException();
            }

            public String getPathTranslated() {
                throw new UnsupportedOperationException();
            }

            public Collection<Part> getParts() {
                throw new UnsupportedOperationException();
            }

            public Part getPart(String str3) {
                throw new UnsupportedOperationException();
            }

            public <T extends HttpUpgradeHandler> T upgrade(Class<T> cls) throws IOException, ServletException {
                throw new UnsupportedOperationException();
            }

            public int getIntHeader(String str3) {
                throw new UnsupportedOperationException();
            }

            public Enumeration<String> getHeaders(String str3) {
                throw new UnsupportedOperationException();
            }

            public Enumeration<String> getHeaderNames() {
                throw new UnsupportedOperationException();
            }

            public long getDateHeader(String str3) {
                throw new UnsupportedOperationException();
            }

            public Cookie[] getCookies() {
                throw new UnsupportedOperationException();
            }

            public String getContextPath() {
                throw new UnsupportedOperationException();
            }

            public String getAuthType() {
                throw new UnsupportedOperationException();
            }

            public boolean authenticate(HttpServletResponse httpServletResponse) {
                throw new UnsupportedOperationException();
            }
        };
    }
}
