package com.adobe.cq.security.hc.webserver.impl;

import java.io.IOException;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Service;
import org.apache.http.Header;
import org.apache.http.HeaderIterator;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.util.FormattingResultLog;
import org.osgi.service.component.ComponentContext;

@Service({HealthCheck.class})
@Component(metatype = true, label = "Web Server Configuration Health Check", description = "This checks if the web server sets the X-FRAME-OPTIONS HTTP header to SAMEORIGIN or DENY.")
@Properties({@Property(name = "hc.name", value = {"Web Server Configuration"}, label = "Name", description = "Name of the health check.", propertyPrivate = true), @Property(name = "hc.tags", unbounded = PropertyUnbounded.ARRAY, value = {"webserver", "production", "security", "clickjacking"}, label = "Tags", description = "Tags for the health check."), @Property(name = "hc.mbean.name", value = {"webServerConfig"}, label = "MBean Name", description = "Name of the JMX mbean to register for this check.", propertyPrivate = true)})
/* loaded from: input_file:com/adobe/cq/security/hc/webserver/impl/ClickjackingHealthCheck.class */
public class ClickjackingHealthCheck implements HealthCheck {

    @Property(value = {""}, label = "Public Address", description = "The public address for the site.")
    private static final String WEBSERVER_URL = "webserver.address";

    @Property(value = {"3000"}, label = "Timeout Value(in ms)", unbounded = PropertyUnbounded.DEFAULT, description = "The time out value in milliseconds to be used while sending requests to  webserver.")
    private static final String WEBSERVER_TIMEOUT = "webserver.timeout";
    private String webserverUrl;
    private int webserverTimeout;

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.webserverUrl = PropertiesUtil.toString(componentContext.getProperties().get(WEBSERVER_URL), "");
        this.webserverTimeout = PropertiesUtil.toInteger(componentContext.getProperties().get(WEBSERVER_TIMEOUT), 3000);
    }

    @Modified
    protected void update(ComponentContext componentContext) {
        this.webserverUrl = PropertiesUtil.toString(componentContext.getProperties().get(WEBSERVER_URL), "");
        this.webserverTimeout = PropertiesUtil.toInteger(componentContext.getProperties().get(WEBSERVER_TIMEOUT), 3000);
    }

    public Result execute() {
        FormattingResultLog formattingResultLog = new FormattingResultLog();
        boolean z = true;
        boolean z2 = false;
        if (this.webserverUrl.trim().equals("")) {
            formattingResultLog.warn("The URL of the website served by the server is not configured.", new Object[0]);
            formattingResultLog.debug("[You can configure the website URL via the Public Address property of this health check.]( )", new Object[0]);
            return new Result(formattingResultLog);
        }
        HttpGet httpGet = new HttpGet(this.webserverUrl);
        CloseableHttpClient closeableHttpClient = null;
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                closeableHttpClient = HttpClientBuilder.create().setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(this.webserverTimeout).setConnectionRequestTimeout(this.webserverTimeout).setSocketTimeout(this.webserverTimeout).build()).build();
                closeableHttpResponse = closeableHttpClient.execute(httpGet);
                formattingResultLog.debug("[In order to prevent clickjacking, it is recommended to set the web server X-FRAME-OPTIONS HTTP response header to SAMEORIGIN or DENY.]( )", new Object[0]);
                if (closeableHttpResponse != null) {
                    HeaderIterator headerIterator = closeableHttpResponse.headerIterator();
                    while (headerIterator.hasNext()) {
                        Header nextHeader = headerIterator.nextHeader();
                        if ("X-FRAME-OPTIONS".equals(nextHeader.getName().toUpperCase())) {
                            z2 = true;
                            String upperCase = nextHeader.getValue().toUpperCase();
                            if ("SAMEORIGIN".equals(upperCase)) {
                                formattingResultLog.debug("The X-FRAME-OPTIONS HTTP response header is set to SAMEORIGIN.", new Object[0]);
                            } else if ("DENY".equals(upperCase)) {
                                formattingResultLog.debug("The X-FRAME-OPTIONS HTTP response header is set to DENY.", new Object[0]);
                            } else {
                                formattingResultLog.warn("The X-FRAME-OPTIONS HTTP response header is set to {}. It is recommended to set it to SAMEORIGIN or DENY.", new Object[]{upperCase});
                                z = false;
                            }
                        }
                    }
                }
                if (!z || !z2) {
                    formattingResultLog.debug("[Check the 'Clickjacking' section of the security guidelines.](https://www.adobe.com/go/aem6_4_docs_security_click_en)", new Object[0]);
                }
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e) {
                        formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                    }
                }
                if (closeableHttpClient != null) {
                    try {
                        closeableHttpClient.close();
                    } catch (IOException e2) {
                        formattingResultLog.warn("Could not close the HTTP client due to an IOException", new Object[0]);
                    }
                }
            } catch (Throwable th) {
                if (closeableHttpResponse != null) {
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e3) {
                        formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                    }
                }
                if (closeableHttpClient != null) {
                    try {
                        closeableHttpClient.close();
                    } catch (IOException e4) {
                        formattingResultLog.warn("Could not close the HTTP client due to an IOException", new Object[0]);
                    }
                }
                throw th;
            }
        } catch (Exception e5) {
            formattingResultLog.warn("Could not check the HTTP headers returned by the web server. Please check the website URL.", new Object[0]);
            formattingResultLog.debug("[You can configure the website URL via the Public Address property of this health check.]( )", new Object[0]);
            if (closeableHttpResponse != null) {
                try {
                    closeableHttpResponse.close();
                } catch (IOException e6) {
                    formattingResultLog.warn("Could not close the HTTP response due to an IOException.", new Object[0]);
                }
            }
            if (closeableHttpClient != null) {
                try {
                    closeableHttpClient.close();
                } catch (IOException e7) {
                    formattingResultLog.warn("Could not close the HTTP client due to an IOException", new Object[0]);
                }
            }
        }
        return new Result(formattingResultLog);
    }
}
