package org.sdase.commons.server.security;

import io.dropwizard.core.Configuration;
import io.dropwizard.core.ConfiguredBundle;
import io.dropwizard.core.server.ServerFactory;
import io.dropwizard.core.setup.Bootstrap;
import io.dropwizard.core.setup.Environment;
import org.sdase.commons.server.security.filter.WebSecurityApiOnlyHeaderFilter;
import org.sdase.commons.server.security.filter.WebSecurityFrontendSupportHeaderFilter;
import org.sdase.commons.server.security.handler.ObscuringErrorHandler;
import org.sdase.commons.server.security.validation.BufferLimitsAdvice;
import org.sdase.commons.server.security.validation.CustomErrorHandlerSecurityAdvice;
import org.sdase.commons.server.security.validation.HttpConnectorSecurityAdvice;
import org.sdase.commons.server.security.validation.ServerFactorySecurityAdvice;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sdase/commons/server/security/SecurityBundle.class */
public class SecurityBundle<T extends Configuration> implements ConfiguredBundle<T> {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityBundle.class);
    private Bootstrap<?> bootstrap;
    private final boolean disableBufferLimitValidation;
    private final boolean supportFrontend;

    /* loaded from: input_file:org/sdase/commons/server/security/SecurityBundle$Builder.class */
    public static class Builder {
        private boolean disableBufferLimitValidation;
        private boolean supportFrontend;

        public Builder disableBufferLimitValidation() {
            this.disableBufferLimitValidation = true;
            return this;
        }

        public Builder withFrontendSupport() {
            this.supportFrontend = true;
            return this;
        }

        public SecurityBundle<Configuration> build() {
            return new SecurityBundle<>(this.disableBufferLimitValidation, this.supportFrontend);
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    private SecurityBundle(boolean z, boolean z2) {
        this.disableBufferLimitValidation = z;
        this.supportFrontend = z2;
    }

    public void initialize(Bootstrap<?> bootstrap) {
        this.bootstrap = bootstrap;
    }

    public void run(T t, Environment environment) {
        ServerFactory serverFactory = t.getServerFactory();
        new ServerFactorySecurityAdvice(serverFactory).applySecureConfiguration();
        new HttpConnectorSecurityAdvice(serverFactory).applySecureConfiguration();
        new CustomErrorHandlerSecurityAdvice(serverFactory, this.bootstrap).applySecureConfiguration();
        new BufferLimitsAdvice(serverFactory, this.disableBufferLimitValidation).applySecureConfiguration();
        environment.getApplicationContext().setErrorHandler(createNewErrorHandler(environment));
        environment.getAdminContext().setErrorHandler(createNewErrorHandler(environment));
        if (!this.supportFrontend) {
            environment.jersey().register(WebSecurityApiOnlyHeaderFilter.class);
        } else {
            LOG.info("Content-Security-Policy headers are configured to support frontends. Services that only serve APIs don't enable this feature.");
            environment.jersey().register(WebSecurityFrontendSupportHeaderFilter.class);
        }
    }

    private ObscuringErrorHandler createNewErrorHandler(Environment environment) {
        return new ObscuringErrorHandler(environment.getObjectMapper());
    }
}
