package com.mware.web;

import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.mware.core.config.Configuration;
import java.util.StringJoiner;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;

@Singleton
/* loaded from: input_file:com/mware/web/ContentSecurityPolicy.class */
public class ContentSecurityPolicy {
    protected static final String CONTENT_SECURITY_POLICY = "web.response.header.Content-Security-Policy";
    protected static final String PREFIX = "web.response.header.Content-Security-Policy.";
    protected static final String APPEND = ".append";
    protected static final String DEFAULT_SRC = "default-src";
    protected static final String SCRIPT_SRC = "script-src";
    protected static final String STYLE_SRC = "style-src";
    protected static final String IMG_SRC = "img-src";
    protected static final String CONNECT_SRC = "connect-src";
    protected static final String FONT_SRC = "font-src";
    protected static final String OBJECT_SRC = "object-src";
    protected static final String MEDIA_SRC = "media-src";
    protected static final String FRAME_SRC = "frame-src";
    protected static final String CHILD_SRC = "child-src";
    protected static final String FRAME_ANCESTORS = "frame-ancestors";
    protected static final String FORM_ACTION = "form-action";
    protected static final String SANDBOX = "sandbox";
    protected static final String PLUGIN_TYPES = "plugin-types";
    protected static final String REPORT_URI = "report-uri";
    protected static final String SELF = "'self'";
    protected static final String UNSAFE_INLINE = "'unsafe-inline'";
    protected static final String UNSAFE_EVAL = "'unsafe-eval'";
    protected static final String ALL = "*";
    protected static final String NONE = "'none'";
    protected static final String DATA = "data:";
    protected static final String BLOB = "blob:";
    private final Configuration configuration;
    private String policyTemplate;

    @Inject
    public ContentSecurityPolicy(Configuration configuration) {
        this.configuration = configuration;
    }

    public String generatePolicy(HttpServletRequest httpServletRequest) {
        if (this.policyTemplate == null) {
            this.policyTemplate = this.configuration.get(CONTENT_SECURITY_POLICY, (String) null);
            if (this.policyTemplate == null) {
                this.policyTemplate = buildPolicyTemplate();
            }
        }
        return this.policyTemplate.replace("{{url}}", httpServletRequest.getRequestURL().toString().replace("https://", "").replace("http://", ""));
    }

    private String buildPolicyTemplate() {
        StringBuilder sb = new StringBuilder();
        appendPart(sb, DEFAULT_SRC, SELF);
        appendPart(sb, SCRIPT_SRC, SELF, UNSAFE_INLINE, UNSAFE_EVAL, BLOB);
        appendPart(sb, STYLE_SRC, SELF, UNSAFE_INLINE);
        appendPart(sb, IMG_SRC, ALL, DATA, BLOB);
        appendPart(sb, CONNECT_SRC, SELF, "wss://{{url}}");
        appendPart(sb, FONT_SRC, SELF, DATA);
        appendPart(sb, FRAME_ANCESTORS, NONE);
        appendPart(sb, FORM_ACTION, SELF);
        appendPart(sb, OBJECT_SRC, new String[0]);
        appendPart(sb, MEDIA_SRC, new String[0]);
        appendPart(sb, FRAME_SRC, new String[0]);
        appendPart(sb, CHILD_SRC, new String[0]);
        appendPart(sb, PLUGIN_TYPES, new String[0]);
        appendPart(sb, SANDBOX, new String[0]);
        appendPart(sb, REPORT_URI, true, "/csp-report");
        return sb.toString();
    }

    private void appendPart(StringBuilder sb, String str, String... strArr) {
        appendPart(sb, str, false, strArr);
    }

    private void appendPart(StringBuilder sb, String str, boolean z, String... strArr) {
        String join = String.join(" ", strArr);
        StringJoiner stringJoiner = new StringJoiner(" ");
        String trimNoSemicolon = trimNoSemicolon(this.configuration.get(PREFIX + str, join));
        if (trimNoSemicolon != null) {
            stringJoiner.add(trimNoSemicolon);
        }
        String trimNoSemicolon2 = trimNoSemicolon(this.configuration.get(PREFIX + str + APPEND, (String) null));
        if (trimNoSemicolon2 != null) {
            stringJoiner.add(trimNoSemicolon2);
        }
        if (stringJoiner.length() > 0) {
            sb.append(str);
            sb.append(" ");
            sb.append(stringJoiner);
            sb.append(";");
            if (z) {
                return;
            }
            sb.append(" ");
        }
    }

    private String trimNoSemicolon(String str) {
        return StringUtils.trimToNull(str == null ? null : str.replaceAll("\\s*;\\s*$", ""));
    }
}
