package net.optionfactory.spring.csp;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.security.web.header.HeaderWriter;

/* loaded from: input_file:net/optionfactory/spring/csp/StrictContentSecurityPolicyHeaderWriter.class */
public class StrictContentSecurityPolicyHeaderWriter implements HeaderWriter {
    public static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
    public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
    private final ContentSecurityPolicyMode mode;
    private final String directives = (String) Stream.of((Object[]) new String[]{"object-src 'none'", "script-src 'nonce-{cspnonce}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:", "base-uri 'self'", "report-uri /csp-violations/"}).collect(Collectors.joining(";"));

    /* loaded from: input_file:net/optionfactory/spring/csp/StrictContentSecurityPolicyHeaderWriter$ContentSecurityPolicyMode.class */
    public enum ContentSecurityPolicyMode {
        DISABLE,
        ENFORCE,
        REPORT
    }

    public StrictContentSecurityPolicyHeaderWriter(ContentSecurityPolicyMode contentSecurityPolicyMode) {
        this.mode = contentSecurityPolicyMode;
    }

    public void writeHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.mode == ContentSecurityPolicyMode.DISABLE) {
            return;
        }
        String str = this.mode == ContentSecurityPolicyMode.ENFORCE ? CONTENT_SECURITY_POLICY_HEADER : CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER;
        String str2 = (String) httpServletRequest.getAttribute("cspnonce");
        if (str2 == null) {
            throw new IllegalStateException("cspnonce filter is not configured");
        }
        httpServletResponse.setHeader(str, this.directives.replace("{cspnonce}", str2));
    }
}
