package com.adobe.granite.bundles.hc.impl;

import java.io.IOException;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.util.FormattingResultLog;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;

@Designate(ocd = HCConfiguration.class)
@Component(service = {HealthCheck.class}, property = {"hc.name=Sling Referrer Filter", "hc.mbean.name=slingReferrerFilter"})
/* loaded from: input_file:com/adobe/granite/bundles/hc/impl/SlingReferrerFilterHealthCheck.class */
public class SlingReferrerFilterHealthCheck implements HealthCheck {

    @Reference
    private ConfigurationAdmin configurationAdmin;
    protected static final String SLING_REFERRER_FILTER_PID = "org.apache.sling.security.impl.ReferrerFilter";
    protected static final String ALLOW_EMPTY_PROP = "allow.empty";

    @ObjectClassDefinition(name = "Apache Sling Referrer Filter Health Check", description = "Checks if the Sling Referrer Filter is configured in order to prevent CSRF attacks.")
    /* loaded from: input_file:com/adobe/granite/bundles/hc/impl/SlingReferrerFilterHealthCheck$HCConfiguration.class */
    public @interface HCConfiguration {
        @AttributeDefinition(name = "Health Check Tags", description = "Health Check Tags")
        String[] hc_tags() default {"sling", "security", "production", "csrf"};
    }

    @Activate
    protected void activate(HCConfiguration hCConfiguration) {
    }

    public Result execute() {
        Configuration[] listConfigurations;
        FormattingResultLog formattingResultLog = new FormattingResultLog();
        boolean z = true;
        try {
            listConfigurations = this.configurationAdmin.listConfigurations("(service.pid=org.apache.sling.security.impl.ReferrerFilter)");
        } catch (IOException e) {
            formattingResultLog.warn("Could not access the configuration for the Sling Referrer Filter.", new Object[0]);
        } catch (InvalidSyntaxException e2) {
            formattingResultLog.warn("Could not access the configuration for the Sling Referrer Filter.", new Object[0]);
        }
        if (listConfigurations == null) {
            formattingResultLog.debug("The Sling Referrer Filter does not allow empty or missing referrers. This improves protection against CSRF attacks.", new Object[0]);
            return new Result(formattingResultLog);
        }
        for (Configuration configuration : listConfigurations) {
            if (PropertiesUtil.toBoolean(configuration.getProperties().get(ALLOW_EMPTY_PROP), false)) {
                formattingResultLog.warn("The Sling Referrer Filter  allows empty or missing referrers. The system might be exposed to CSRF attacks.", new Object[0]);
                z = false;
            }
        }
        if (z) {
            formattingResultLog.debug("The Sling Referrer Filter does not allow empty or missing referrers. This improves protection against CSRF attacks.", new Object[0]);
        } else {
            formattingResultLog.debug("[You can change the Sling Referrer Filter settings via the configuration manager.]({})", new Object[]{"/system/console/configMgr/org.apache.sling.security.impl.ReferrerFilter"});
            formattingResultLog.warn("[Check Issues with Cross-Site Request Forgery in the security guidelines](https://www.adobe.com/go/aem6_4_docs_security_siteforgery_en)", new Object[0]);
        }
        return new Result(formattingResultLog);
    }
}
