package org.sdase.commons.server.security.validation;

import io.dropwizard.server.AbstractServerFactory;
import io.dropwizard.server.ServerFactory;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.sdase.commons.server.security.exception.InsecureConfigurationException;

/* loaded from: input_file:org/sdase/commons/server/security/validation/ServerFactorySecurityAdvice.class */
public class ServerFactorySecurityAdvice {
    private static final Set<String> SECURE_HTTP_METHODS = new HashSet(Arrays.asList("OPTIONS", "HEAD", "GET", "POST", "PUT", "PATCH", "DELETE"));
    private AbstractServerFactory abstractServerFactory;

    public ServerFactorySecurityAdvice(ServerFactory serverFactory) {
        this.abstractServerFactory = ServerFactoryUtil.verifyAbstractServerFactory(serverFactory).orElse(null);
    }

    public void applySecureConfiguration() {
        if (this.abstractServerFactory == null) {
            return;
        }
        forceAllowedMethods();
        forceNotStartAsRoot();
    }

    private void forceNotStartAsRoot() {
        if (Boolean.TRUE.equals(this.abstractServerFactory.getStartsAsRoot())) {
            throw new InsecureConfigurationException("Configuration allows server to start as root: server.startAsRoot is " + this.abstractServerFactory.getStartsAsRoot());
        }
        this.abstractServerFactory.setStartsAsRoot(false);
    }

    private void forceAllowedMethods() {
        Set<String> set = (Set) this.abstractServerFactory.getAllowedMethods().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(str -> {
            return !str.trim().isEmpty();
        }).collect(Collectors.toSet());
        HashSet hashSet = new HashSet();
        for (String str2 : set) {
            if (!SECURE_HTTP_METHODS.contains(str2.trim().toUpperCase())) {
                hashSet.add(str2);
            }
        }
        if (!hashSet.isEmpty()) {
            throw new InsecureConfigurationException("Configuration server.allowedMethods contains insecure methods " + String.join(", ", hashSet));
        }
    }
}
