package net.optionfactory.spring.csp;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.security.SecureRandom;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.web.header.HeaderWriter;

/* loaded from: input_file:net/optionfactory/spring/csp/ContentSecurityPolicyHeaderWriter.class */
public class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
    public static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
    public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
    private final SecureRandom sr = new SecureRandom();
    private final ContentSecurityPolicyMode mode;
    private final String directives;
    private final boolean useNonce;

    /* loaded from: input_file:net/optionfactory/spring/csp/ContentSecurityPolicyHeaderWriter$ContentSecurityPolicyMode.class */
    public enum ContentSecurityPolicyMode {
        DISABLE,
        ENFORCE,
        REPORT
    }

    public ContentSecurityPolicyHeaderWriter(ContentSecurityPolicyMode contentSecurityPolicyMode, String str) {
        this.mode = contentSecurityPolicyMode;
        this.directives = str;
        this.useNonce = str.contains("{cspnonce}");
    }

    public static ContentSecurityPolicyHeaderWriter strict(ContentSecurityPolicyMode contentSecurityPolicyMode) {
        return new ContentSecurityPolicyHeaderWriter(contentSecurityPolicyMode, (String) Stream.of((Object[]) new String[]{"object-src 'none'", "script-src 'nonce-{cspnonce}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:", "base-uri 'none'", "report-uri /csp-violations/"}).collect(Collectors.joining(";")));
    }

    public void writeHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.mode == ContentSecurityPolicyMode.DISABLE) {
            return;
        }
        String str = this.mode == ContentSecurityPolicyMode.ENFORCE ? CONTENT_SECURITY_POLICY_HEADER : CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER;
        if (!this.useNonce) {
            httpServletResponse.setHeader(str, this.directives);
            return;
        }
        byte[] bArr = new byte[16];
        this.sr.nextBytes(bArr);
        String str2 = new String(Hex.encode(bArr));
        httpServletRequest.setAttribute("cspnonce", str2);
        httpServletResponse.setHeader(str, this.directives.replace("{cspnonce}", str2));
    }
}
