package org.apache.wicket.markup.head.filter;

import org.apache.wicket.markup.head.AbstractCspHeaderItem;
import org.apache.wicket.markup.head.HeaderItem;
import org.apache.wicket.markup.head.IHeaderResponse;
import org.apache.wicket.markup.head.IWrappedHeaderItem;
import org.apache.wicket.markup.head.MetaDataHeaderItem;
import org.apache.wicket.markup.html.DecoratingHeaderResponse;

/* loaded from: input_file:org/apache/wicket/markup/head/filter/CspNonceHeaderResponse.class */
public class CspNonceHeaderResponse extends DecoratingHeaderResponse {
    private static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
    private boolean policyRendered;
    private String nonce;

    public CspNonceHeaderResponse(IHeaderResponse iHeaderResponse, String str) {
        super(iHeaderResponse);
        this.policyRendered = false;
        this.nonce = str;
    }

    @Override // org.apache.wicket.markup.html.DecoratingHeaderResponse, org.apache.wicket.markup.head.IHeaderResponse
    public void render(HeaderItem headerItem) {
        while (headerItem instanceof IWrappedHeaderItem) {
            headerItem = ((IWrappedHeaderItem) headerItem).getWrapped();
        }
        if (headerItem instanceof AbstractCspHeaderItem) {
            if (!this.policyRendered) {
                this.policyRendered = true;
                super.render(MetaDataHeaderItem.forHttpEquiv(CONTENT_SECURITY_POLICY, getContentSecurityPolicy(this.nonce)));
            }
            ((AbstractCspHeaderItem) headerItem).setNonce(this.nonce);
        }
        super.render(headerItem);
    }

    protected String getContentSecurityPolicy(String str) {
        return String.format("script-src 'unsafe-eval' 'nonce-%1$s'; style-src 'nonce-%1$s';", str);
    }
}
