package com.adobe.cq.security.hc.dispatcher.impl;

import java.io.IOException;
import java.net.SocketTimeoutException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Service;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.util.FormattingResultLog;
import org.osgi.service.component.ComponentContext;

@Service({HealthCheck.class})
@Component(metatype = true, label = "Adobe CQ Dispatcher Configuration Health Check", description = "This checks the basic configuration of the Dispatcher component.")
@Properties({@Property(name = "hc.name", value = {"CQ Dispatcher Configuration"}, label = "Name", description = "Name of the health check.", propertyPrivate = true), @Property(name = "hc.tags", unbounded = PropertyUnbounded.ARRAY, value = {"dispatcher", "production", "security"}, label = "Tags", description = "Tags for the health check."), @Property(name = "hc.mbean.name", value = {"dispatcherConfig"}, label = "MBean Name", description = "Name of the JMX mbean to register for this check.", propertyPrivate = true)})
/* loaded from: input_file:com/adobe/cq/security/hc/dispatcher/impl/DispatcherAccessHealthCheck.class */
public class DispatcherAccessHealthCheck implements HealthCheck {

    @Property(value = {""}, label = "Dispatcher Address", description = "The address where the dispatcher is installed.")
    private static final String DISPATCHER_URL = "dispatcher.address";

    @Property(value = {"/content", "/libs/cq/personalization/", "/etc/designs/", "/etc/clientlibs/", "/etc/segmentation.segment.js", "/libs/cq/personalization/components/clickstreamcloud/content/config.json", "/libs/wcm/stats/tracker.js", "/libs/cq/personalization/", "/libs/cq/security/userinfo.json", "/libs/cq/i18n/"}, label = "Unrestricted paths", unbounded = PropertyUnbounded.ARRAY, description = "The paths which should not be restricted by the dispatcher.")
    private static final String ALLOWED_PATHS = "dispatcher.filter.allowed";

    @Property(value = {"/", "/content/", "/etc/", "/libs/", "/etc/replication.xml", "/etc/replication.infinity.xml", "/content.infinity.json", "/content.tidy.json", "/content.sysview.xml", "/content.docview.json", "/content.docview.xml", "/content.0.json", "/content.1.json", "/content.2.json", "/content.feed.xml"}, label = "Restricted paths", unbounded = PropertyUnbounded.ARRAY, description = "The paths which should be restricted by the dispatcher.")
    private static final String NOT_ALLOWED_PATHS = "dispatcher.filter.blocked";

    @Property(value = {"3000"}, label = "Timeout Value(in ms)", unbounded = PropertyUnbounded.DEFAULT, description = "The time out value in milliseconds to be used by dispatcher while checking paths.")
    private static final String DISPATCHER_TIMEOUT = "dispatcher.timeout";
    private int dispatcherTimeout;
    private String dispatcherAddress;
    private List<String> allowedPaths;
    private List<String> blockedPaths;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/adobe/cq/security/hc/dispatcher/impl/DispatcherAccessHealthCheck$HTTP_RESPONSE_STATUS.class */
    public enum HTTP_RESPONSE_STATUS {
        FAILURE,
        SUCCESS,
        TIMEOUT
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.dispatcherAddress = PropertiesUtil.toString(componentContext.getProperties().get(DISPATCHER_URL), "");
        this.allowedPaths = Arrays.asList(PropertiesUtil.toStringArray(componentContext.getProperties().get(ALLOWED_PATHS), new String[0]));
        this.blockedPaths = Arrays.asList(PropertiesUtil.toStringArray(componentContext.getProperties().get(NOT_ALLOWED_PATHS), new String[0]));
        this.dispatcherTimeout = PropertiesUtil.toInteger(componentContext.getProperties().get(DISPATCHER_TIMEOUT), 3000);
    }

    @Modified
    protected void update(ComponentContext componentContext) {
        this.dispatcherAddress = PropertiesUtil.toString(componentContext.getProperties().get(DISPATCHER_URL), "");
        this.allowedPaths = Arrays.asList(PropertiesUtil.toStringArray(componentContext.getProperties().get(ALLOWED_PATHS), new String[0]));
        this.blockedPaths = Arrays.asList(PropertiesUtil.toStringArray(componentContext.getProperties().get(NOT_ALLOWED_PATHS), new String[0]));
        this.dispatcherTimeout = PropertiesUtil.toInteger(componentContext.getProperties().get(DISPATCHER_TIMEOUT), 3000);
    }

    public Result execute() {
        FormattingResultLog formattingResultLog = new FormattingResultLog();
        int i = 0;
        int i2 = 0;
        if ("".equals(this.dispatcherAddress.trim())) {
            formattingResultLog.warn("Unable to check the dispatcher's basic configuration because its address is not specified.", new Object[0]);
            formattingResultLog.debug("[The address can be specified via the 'Dispatcher Address' property of this health check.]( )", new Object[0]);
            return new Result(formattingResultLog);
        }
        CloseableHttpClient build = HttpClientBuilder.create().setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(this.dispatcherTimeout).setCookieSpec("standard").setConnectionRequestTimeout(this.dispatcherTimeout).setSocketTimeout(this.dispatcherTimeout).build()).build();
        Iterator<String> it = this.allowedPaths.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            HTTP_RESPONSE_STATUS checkPath = checkPath(build, it.next(), true, formattingResultLog);
            if (checkPath.equals(HTTP_RESPONSE_STATUS.TIMEOUT)) {
                i2++;
                break;
            }
            if (checkPath.equals(HTTP_RESPONSE_STATUS.SUCCESS)) {
                i++;
            } else {
                i2++;
            }
        }
        Iterator<String> it2 = this.blockedPaths.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            HTTP_RESPONSE_STATUS checkPath2 = checkPath(build, it2.next(), false, formattingResultLog);
            if (checkPath2.equals(HTTP_RESPONSE_STATUS.TIMEOUT)) {
                i2++;
                break;
            }
            if (checkPath2.equals(HTTP_RESPONSE_STATUS.SUCCESS)) {
                i++;
            } else {
                i2++;
            }
        }
        if (i2 != 0) {
            formattingResultLog.warn("[" + (i2 > 1 ? "{} path access configurations failed during testing. " : "{} path access configuration failed during testing. ") + "When configuring the dispatcher, you should restrict external access as much as possible.]( )", new Object[]{Integer.valueOf(i2)});
            formattingResultLog.debug("[Check the 'Restrict Access via the Dispatcher' section in the security guidelines](https://www.adobe.com/go/aem6_4_docs_security_access_en)", new Object[0]);
            formattingResultLog.debug("[Check the 'Configuring the Dispatcher to prevent DoS' section in the security guidelines](https://www.adobe.com/go/aem6_4_docs_security_dos_en)", new Object[0]);
        } else {
            formattingResultLog.info("[All {} paths checked meet the configuration access guidelines.]( )", new Object[]{Integer.valueOf(i)});
        }
        if (build != null) {
            try {
                build.close();
            } catch (IOException e) {
                formattingResultLog.warn("Could not close HTTP client due to an IOException.", new Object[0]);
            }
        }
        return new Result(formattingResultLog);
    }

    private HTTP_RESPONSE_STATUS checkPath(CloseableHttpClient closeableHttpClient, String str, boolean z, FormattingResultLog formattingResultLog) {
        HTTP_RESPONSE_STATUS http_response_status = HTTP_RESPONSE_STATUS.SUCCESS;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    try {
                        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpGet(this.dispatcherAddress + str));
                        int statusCode = execute.getStatusLine().getStatusCode();
                        if (z != (statusCode == 200 || statusCode == 401 || statusCode == 403)) {
                            if (z) {
                                formattingResultLog.warn("Request to [{}] did not work. It was expected to work.", new Object[]{str});
                            } else {
                                formattingResultLog.warn("Request to [{}] worked. It was expected to fail.", new Object[]{str});
                            }
                            http_response_status = HTTP_RESPONSE_STATUS.FAILURE;
                        } else if (z) {
                            formattingResultLog.debug("Request to [{}] worked, as expected.", new Object[]{str});
                        } else {
                            formattingResultLog.debug("Request to [{}] did not work, as expected.", new Object[]{str});
                        }
                        if (execute != null && execute.getEntity() != null) {
                            try {
                                execute.getEntity().getContent().close();
                            } catch (Exception e) {
                                formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                            }
                        }
                    } catch (ConnectTimeoutException e2) {
                        http_response_status = HTTP_RESPONSE_STATUS.TIMEOUT;
                        formattingResultLog.warn("Requests timing out so skipping rest of the checks", new Object[0]);
                        if (0 != 0 && closeableHttpResponse.getEntity() != null) {
                            try {
                                closeableHttpResponse.getEntity().getContent().close();
                            } catch (Exception e3) {
                                formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                            }
                        }
                    }
                } catch (Exception e4) {
                    http_response_status = HTTP_RESPONSE_STATUS.FAILURE;
                    formattingResultLog.warn("Could not check path [{}].", new Object[]{str});
                    if (0 != 0 && closeableHttpResponse.getEntity() != null) {
                        try {
                            closeableHttpResponse.getEntity().getContent().close();
                        } catch (Exception e5) {
                            formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                        }
                    }
                }
            } catch (SocketTimeoutException e6) {
                http_response_status = HTTP_RESPONSE_STATUS.TIMEOUT;
                formattingResultLog.warn("Requests timing out so skipping rest of the checks", new Object[0]);
                if (0 != 0 && closeableHttpResponse.getEntity() != null) {
                    try {
                        closeableHttpResponse.getEntity().getContent().close();
                    } catch (Exception e7) {
                        formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                    }
                }
            }
            return http_response_status;
        } catch (Throwable th) {
            if (0 != 0 && closeableHttpResponse.getEntity() != null) {
                try {
                    closeableHttpResponse.getEntity().getContent().close();
                } catch (Exception e8) {
                    formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                }
            }
            throw th;
        }
    }
}
