package com.shapesecurity.salvation;

import com.gargoylesoftware.htmlunit.HttpHeader;
import com.shapesecurity.salvation.data.Base64Value;
import com.shapesecurity.salvation.data.Location;
import com.shapesecurity.salvation.data.Notice;
import com.shapesecurity.salvation.data.Origin;
import com.shapesecurity.salvation.data.Policy;
import com.shapesecurity.salvation.data.SchemeHostPortTriple;
import com.shapesecurity.salvation.data.URI;
import com.shapesecurity.salvation.directiveValues.AncestorSource;
import com.shapesecurity.salvation.directiveValues.HashSource;
import com.shapesecurity.salvation.directiveValues.HostSource;
import com.shapesecurity.salvation.directiveValues.KeywordSource;
import com.shapesecurity.salvation.directiveValues.MediaType;
import com.shapesecurity.salvation.directiveValues.NonceSource;
import com.shapesecurity.salvation.directiveValues.None;
import com.shapesecurity.salvation.directiveValues.RFC7230Token;
import com.shapesecurity.salvation.directiveValues.ReportToValue;
import com.shapesecurity.salvation.directiveValues.SchemeSource;
import com.shapesecurity.salvation.directiveValues.SourceExpression;
import com.shapesecurity.salvation.directives.BaseUriDirective;
import com.shapesecurity.salvation.directives.BlockAllMixedContentDirective;
import com.shapesecurity.salvation.directives.ChildSrcDirective;
import com.shapesecurity.salvation.directives.ConnectSrcDirective;
import com.shapesecurity.salvation.directives.DefaultSrcDirective;
import com.shapesecurity.salvation.directives.Directive;
import com.shapesecurity.salvation.directives.FontSrcDirective;
import com.shapesecurity.salvation.directives.FormActionDirective;
import com.shapesecurity.salvation.directives.FrameAncestorsDirective;
import com.shapesecurity.salvation.directives.FrameSrcDirective;
import com.shapesecurity.salvation.directives.ImgSrcDirective;
import com.shapesecurity.salvation.directives.ManifestSrcDirective;
import com.shapesecurity.salvation.directives.MediaSrcDirective;
import com.shapesecurity.salvation.directives.NavigateToDirective;
import com.shapesecurity.salvation.directives.ObjectSrcDirective;
import com.shapesecurity.salvation.directives.PluginTypesDirective;
import com.shapesecurity.salvation.directives.PrefetchSrcDirective;
import com.shapesecurity.salvation.directives.ReferrerDirective;
import com.shapesecurity.salvation.directives.ReportToDirective;
import com.shapesecurity.salvation.directives.ReportUriDirective;
import com.shapesecurity.salvation.directives.RequireSriForDirective;
import com.shapesecurity.salvation.directives.SandboxDirective;
import com.shapesecurity.salvation.directives.ScriptSrcAttrDirective;
import com.shapesecurity.salvation.directives.ScriptSrcDirective;
import com.shapesecurity.salvation.directives.ScriptSrcElemDirective;
import com.shapesecurity.salvation.directives.StyleSrcAttrDirective;
import com.shapesecurity.salvation.directives.StyleSrcDirective;
import com.shapesecurity.salvation.directives.StyleSrcElemDirective;
import com.shapesecurity.salvation.directives.UpgradeInsecureRequestsDirective;
import com.shapesecurity.salvation.directives.WorkerSrcDirective;
import com.shapesecurity.salvation.tokens.DirectiveNameToken;
import com.shapesecurity.salvation.tokens.DirectiveSeparatorToken;
import com.shapesecurity.salvation.tokens.DirectiveValueToken;
import com.shapesecurity.salvation.tokens.PolicySeparatorToken;
import com.shapesecurity.salvation.tokens.SubDirectiveValueToken;
import com.shapesecurity.salvation.tokens.Token;
import com.shapesecurity.salvation.tokens.UnknownToken;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.cookie.ClientCookie;

/* loaded from: input_file:com/shapesecurity/salvation/Parser.class */
public class Parser {
    private static final DirectiveParseException MISSING_DIRECTIVE_NAME = new DirectiveParseException("Missing directive-name");
    private static final DirectiveParseException INVALID_DIRECTIVE_NAME = new DirectiveParseException("Invalid directive-name");
    private static final DirectiveParseException INVALID_DIRECTIVE_VALUE = new DirectiveParseException("Invalid directive-value");
    private static final DirectiveParseException INVALID_MEDIA_TYPE_LIST = new DirectiveParseException("Invalid media-type-list");
    private static final DirectiveValueParseException INVALID_MEDIA_TYPE = new DirectiveValueParseException("Invalid media-type");
    private static final DirectiveParseException INVALID_SOURCE_LIST = new DirectiveParseException("Invalid source-list");
    private static final DirectiveValueParseException INVALID_SOURCE_EXPR = new DirectiveValueParseException("Invalid source-expression");
    private static final DirectiveParseException INVALID_ANCESTOR_SOURCE_LIST = new DirectiveParseException("Invalid ancestor-source-list");
    private static final DirectiveValueParseException INVALID_ANCESTOR_SOURCE = new DirectiveValueParseException("Invalid ancestor-source");
    private static final DirectiveParseException INVALID_REFERRER_TOKEN = new DirectiveParseException("Invalid referrer token");
    private static final DirectiveParseException INVALID_REPORT_TO_TOKEN = new DirectiveParseException("Invalid report-to token");
    private static final DirectiveParseException INVALID_REQUIRE_SRI_FOR_TOKEN_LIST = new DirectiveParseException("Invalid require-sri-for token list");
    private static final DirectiveValueParseException INVALID_REQUIRE_SRI_FOR_TOKEN = new DirectiveValueParseException("Invalid require-sri-for token");
    private static final DirectiveParseException INVALID_SANDBOX_TOKEN_LIST = new DirectiveParseException("Invalid sandbox token list");
    private static final DirectiveValueParseException INVALID_SANDBOX_TOKEN = new DirectiveValueParseException("Invalid sandbox token");
    private static final DirectiveParseException INVALID_URI_REFERENCE_LIST = new DirectiveParseException("Invalid uri-reference list");
    private static final DirectiveValueParseException INVALID_URI_REFERENCE = new DirectiveValueParseException("Invalid uri-reference");
    private static final DirectiveParseException NON_EMPTY_VALUE_TOKEN_LIST = new DirectiveParseException("Non-empty directive-value list");
    private static final String explanation = "Ensure that this pattern is only used for backwards compatibility with older CSP implementations and is not an oversight.";
    private static final String unsafeInlineWarningMessage = "The \"'unsafe-inline'\" keyword-source has no effect in source lists that contain hash-source or nonce-source in CSP2 and later. Ensure that this pattern is only used for backwards compatibility with older CSP implementations and is not an oversight.";
    private static final String strictDynamicWarningMessage = "The host-source and scheme-source expressions, as well as the \"'unsafe-inline'\" and \"'self'\" keyword-sources have no effect in source lists that contain \"'strict-dynamic'\" in CSP3 and later. Ensure that this pattern is only used for backwards compatibility with older CSP implementations and is not an oversight.";
    private static final String unsafeHashesWithoutHashWarningMessage = "The \"'unsafe-hashes'\" keyword-source has no effect in source lists that do not contain hash-source in CSP3 and later.";

    @Nonnull
    protected final Token[] tokens;

    @Nonnull
    private final Origin origin;
    protected int index = 0;

    @Nullable
    protected Collection<Notice> noticesOut;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/shapesecurity/salvation/Parser$DirectiveParseException.class */
    public static class DirectiveParseException extends Exception {

        @Nullable
        Location startLocation;

        @Nullable
        Location endLocation;

        private DirectiveParseException(@Nonnull String str) {
            super(str);
        }

        @Override // java.lang.Throwable
        @Nonnull
        public String getMessage() {
            return this.startLocation == null ? super.getMessage() : this.startLocation.show() + ": " + super.getMessage();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/shapesecurity/salvation/Parser$DirectiveValueParseException.class */
    public static class DirectiveValueParseException extends Exception {

        @Nullable
        Location startLocation;

        @Nullable
        Location endLocation;

        private DirectiveValueParseException(@Nonnull String str) {
            super(str);
        }

        @Override // java.lang.Throwable
        @Nonnull
        public String getMessage() {
            return this.startLocation == null ? super.getMessage() : this.startLocation.show() + ": " + super.getMessage();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/shapesecurity/salvation/Parser$SeenStates.class */
    public enum SeenStates {
        SEEN_HASH,
        SEEN_HOST_OR_SCHEME_SOURCE,
        SEEN_NONE,
        SEEN_NONCE,
        SEEN_SELF,
        SEEN_STRICT_DYNAMIC,
        SEEN_UNSAFE_EVAL,
        SEEN_UNSAFE_INLINE,
        SEEN_UNSAFE_HASHES,
        SEEN_REPORT_SAMPLE,
        SEEN_UNSAFE_ALLOW_REDIRECTS
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Parser(@Nonnull Token[] tokenArr, @Nonnull Origin origin, @Nullable Collection<Notice> collection) {
        this.origin = origin;
        this.tokens = tokenArr;
        this.noticesOut = collection;
    }

    @Nonnull
    public static Policy parse(@Nonnull String str, @Nonnull Origin origin) {
        return new Parser(Tokeniser.tokenise(str), origin, null).parsePolicyAndAssertEOF();
    }

    @Nonnull
    public static Policy parse(@Nonnull String str, @Nonnull String str2) {
        return new Parser(Tokeniser.tokenise(str), URI.parse(str2), null).parsePolicyAndAssertEOF();
    }

    @Nonnull
    public static Policy parse(@Nonnull String str, @Nonnull Origin origin, @Nonnull Collection<Notice> collection) {
        return new Parser(Tokeniser.tokenise(str), origin, collection).parsePolicyAndAssertEOF();
    }

    @Nonnull
    public static Policy parse(@Nonnull String str, @Nonnull String str2, @Nonnull Collection<Notice> collection) {
        return new Parser(Tokeniser.tokenise(str), URI.parse(str2), collection).parsePolicyAndAssertEOF();
    }

    @Nonnull
    public static List<Policy> parseMulti(@Nonnull String str, @Nonnull Origin origin) {
        return new Parser(Tokeniser.tokenise(str), origin, null).parsePolicyListAndAssertEOF();
    }

    @Nonnull
    public static List<Policy> parseMulti(@Nonnull String str, @Nonnull String str2) {
        return new Parser(Tokeniser.tokenise(str), URI.parse(str2), null).parsePolicyListAndAssertEOF();
    }

    @Nonnull
    public static List<Policy> parseMulti(@Nonnull String str, @Nonnull Origin origin, @Nonnull Collection<Notice> collection) {
        return new Parser(Tokeniser.tokenise(str), origin, collection).parsePolicyListAndAssertEOF();
    }

    @Nonnull
    public static List<Policy> parseMulti(@Nonnull String str, @Nonnull String str2, @Nonnull Collection<Notice> collection) {
        return new Parser(Tokeniser.tokenise(str), URI.parse(str2), collection).parsePolicyListAndAssertEOF();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Notice createNotice(@Nonnull Notice.Type type, @Nonnull String str) {
        return new Notice(type, str);
    }

    @Nonnull
    protected Notice createNotice(@Nullable Token token, @Nonnull Notice.Type type, @Nonnull String str) {
        return new Notice(type, str);
    }

    private void warn(@Nullable Token token, @Nonnull String str) {
        if (this.noticesOut != null) {
            this.noticesOut.add(createNotice(token, Notice.Type.WARNING, str));
        }
    }

    private void error(@Nullable Token token, @Nonnull String str) {
        if (this.noticesOut != null) {
            this.noticesOut.add(createNotice(token, Notice.Type.ERROR, str));
        }
    }

    private void info(@Nullable Token token, @Nonnull String str) {
        if (this.noticesOut != null) {
            this.noticesOut.add(createNotice(token, Notice.Type.INFO, str));
        }
    }

    @Nonnull
    private Token advance() {
        Token[] tokenArr = this.tokens;
        int i = this.index;
        this.index = i + 1;
        return tokenArr[i];
    }

    protected boolean hasNext() {
        return this.index < this.tokens.length;
    }

    private boolean hasNext(@Nonnull Class<? extends Token> cls) {
        return hasNext() && cls.isAssignableFrom(this.tokens[this.index].getClass());
    }

    private boolean eat(@Nonnull Class<? extends Token> cls) {
        if (!hasNext(cls)) {
            return false;
        }
        advance();
        return true;
    }

    @Nonnull
    protected Policy parsePolicy() {
        Policy policy = new Policy(this.origin);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        while (hasNext() && !hasNext(PolicySeparatorToken.class)) {
            if (!eat(DirectiveSeparatorToken.class)) {
                try {
                    Directive<?> parseDirective = parseDirective();
                    if (linkedHashMap.containsKey(parseDirective.getClass())) {
                        warn(this.tokens[this.index - 2], "Policy contains more than one " + parseDirective.name + " directive. All but the first instance will be ignored.");
                    } else {
                        linkedHashMap.put(parseDirective.getClass(), parseDirective);
                    }
                } catch (DirectiveParseException e) {
                }
            }
        }
        policy.addDirectives(linkedHashMap.values());
        return policy;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Policy parsePolicyAndAssertEOF() {
        Policy parsePolicy = parsePolicy();
        if (hasNext()) {
            Token advance = advance();
            error(advance, "Expecting end of policy but found \"" + advance.value + "\".");
        }
        return parsePolicy;
    }

    @Nonnull
    protected List<Policy> parsePolicyList() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(parsePolicy());
        while (hasNext(PolicySeparatorToken.class)) {
            do {
            } while (eat(PolicySeparatorToken.class));
            arrayList.add(parsePolicy());
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public List<Policy> parsePolicyListAndAssertEOF() {
        List<Policy> parsePolicyList = parsePolicyList();
        if (hasNext()) {
            Token advance = advance();
            error(advance, "Expecting end of policy list but found \"" + advance.value + "\".");
        }
        return parsePolicyList;
    }

    @Nonnull
    private Directive<?> parseDirective() throws DirectiveParseException {
        Directive frameSrcDirective;
        if (!hasNext(DirectiveNameToken.class)) {
            Token advance = advance();
            error(advance, "Expecting directive-name but found \"" + advance.value.split(StringUtils.SPACE, 2)[0] + "\".");
            throw MISSING_DIRECTIVE_NAME;
        }
        DirectiveNameToken directiveNameToken = (DirectiveNameToken) advance();
        try {
            switch (directiveNameToken.subtype) {
                case BaseUri:
                    frameSrcDirective = new BaseUriDirective(parseSourceList());
                    break;
                case BlockAllMixedContent:
                    warnFutureDirective(directiveNameToken);
                    enforceMissingDirectiveValue(directiveNameToken);
                    frameSrcDirective = new BlockAllMixedContentDirective();
                    break;
                case ChildSrc:
                    warn(directiveNameToken, "The child-src directive is deprecated as of CSP level 3. Authors who wish to regulate nested browsing contexts and workers SHOULD use the frame-src and worker-src directives, respectively.");
                    frameSrcDirective = new ChildSrcDirective(parseSourceList());
                    break;
                case ConnectSrc:
                    frameSrcDirective = new ConnectSrcDirective(parseSourceList());
                    break;
                case DefaultSrc:
                    frameSrcDirective = new DefaultSrcDirective(parseSourceList());
                    break;
                case FontSrc:
                    frameSrcDirective = new FontSrcDirective(parseSourceList());
                    break;
                case FormAction:
                    frameSrcDirective = new FormActionDirective(parseSourceList());
                    break;
                case FrameAncestors:
                    frameSrcDirective = new FrameAncestorsDirective(parseAncestorSourceList());
                    break;
                case ImgSrc:
                    frameSrcDirective = new ImgSrcDirective(parseSourceList());
                    break;
                case ManifestSrc:
                    warnFutureDirective(directiveNameToken);
                    frameSrcDirective = new ManifestSrcDirective(parseSourceList());
                    break;
                case MediaSrc:
                    frameSrcDirective = new MediaSrcDirective(parseSourceList());
                    break;
                case NavigateTo:
                    frameSrcDirective = new NavigateToDirective(parseSourceList());
                    break;
                case ObjectSrc:
                    frameSrcDirective = new ObjectSrcDirective(parseSourceList());
                    break;
                case PluginTypes:
                    Set<MediaType> parseMediaTypeList = parseMediaTypeList();
                    if (!parseMediaTypeList.isEmpty()) {
                        if (parseMediaTypeList.stream().anyMatch(mediaType -> {
                            return mediaType.type.equals("*") || mediaType.subtype.equals("*");
                        })) {
                            warn(directiveNameToken, "Media types can only be matched literally. Make sure using `*` is not an oversight.");
                        }
                        frameSrcDirective = new PluginTypesDirective(parseMediaTypeList);
                        break;
                    } else {
                        error(directiveNameToken, "The media-type-list must contain at least one media-type.");
                        throw INVALID_MEDIA_TYPE_LIST;
                    }
                case PrefetchSrc:
                    frameSrcDirective = new PrefetchSrcDirective(parseSourceList());
                    break;
                case Referrer:
                    warn(directiveNameToken, "The referrer directive was an experimental directive that was proposed but never added to the CSP specification. Support for this directive will be removed. See Referrer Policy specification.");
                    frameSrcDirective = new ReferrerDirective(parseReferrerToken(directiveNameToken));
                    break;
                case ReportTo:
                    frameSrcDirective = new ReportToDirective(parseReportToToken(directiveNameToken));
                    break;
                case ReportUri:
                    info(directiveNameToken, "A draft of the next version of CSP deprecates report-uri in favour of a new report-to directive.");
                    Set<URI> parseUriList = parseUriList();
                    if (!parseUriList.isEmpty()) {
                        frameSrcDirective = new ReportUriDirective(parseUriList);
                        break;
                    } else {
                        error(directiveNameToken, "The report-uri directive must contain at least one uri-reference.");
                        throw INVALID_URI_REFERENCE_LIST;
                    }
                case RequireSriFor:
                    frameSrcDirective = new RequireSriForDirective(parseRequireSriForTokenList(directiveNameToken));
                    break;
                case Sandbox:
                    frameSrcDirective = new SandboxDirective(parseSandboxTokenList());
                    break;
                case ScriptSrc:
                    frameSrcDirective = new ScriptSrcDirective(parseSourceList());
                    break;
                case ScriptSrcElem:
                    frameSrcDirective = new ScriptSrcElemDirective(parseSourceList());
                    break;
                case ScriptSrcAttr:
                    frameSrcDirective = new ScriptSrcAttrDirective(parseSourceList());
                    break;
                case StyleSrc:
                    frameSrcDirective = new StyleSrcDirective(parseSourceList());
                    break;
                case StyleSrcElem:
                    frameSrcDirective = new StyleSrcElemDirective(parseSourceList());
                    break;
                case StyleSrcAttr:
                    frameSrcDirective = new StyleSrcAttrDirective(parseSourceList());
                    break;
                case UpgradeInsecureRequests:
                    warnFutureDirective(directiveNameToken);
                    enforceMissingDirectiveValue(directiveNameToken);
                    frameSrcDirective = new UpgradeInsecureRequestsDirective();
                    break;
                case WorkerSrc:
                    frameSrcDirective = new WorkerSrcDirective(parseSourceList());
                    break;
                case Allow:
                    error(directiveNameToken, "The allow directive has been replaced with default-src and is not in the CSP specification.");
                    eat(DirectiveValueToken.class);
                    throw INVALID_DIRECTIVE_NAME;
                case FrameSrc:
                    frameSrcDirective = new FrameSrcDirective(parseSourceList());
                    break;
                case Options:
                    error(directiveNameToken, "The options directive has been replaced with 'unsafe-inline' and 'unsafe-eval' and is not in the CSP specification.");
                    eat(DirectiveValueToken.class);
                    throw INVALID_DIRECTIVE_NAME;
                case Unrecognised:
                default:
                    error(directiveNameToken, "Unrecognised directive-name: \"" + directiveNameToken.value + "\".");
                    eat(DirectiveValueToken.class);
                    throw INVALID_DIRECTIVE_NAME;
            }
            if (!hasNext(UnknownToken.class)) {
                return frameSrcDirective;
            }
            Token advance2 = advance();
            int codePointAt = advance2.value.codePointAt(0);
            error(advance2, String.format("Expecting directive-value but found U+%04X (%s). Non-ASCII and non-printable characters must be percent-encoded.", Integer.valueOf(codePointAt), new String(new int[]{codePointAt}, 0, 1)));
            throw INVALID_DIRECTIVE_VALUE;
        } catch (Throwable th) {
            if (!hasNext(UnknownToken.class)) {
                throw th;
            }
            Token advance3 = advance();
            int codePointAt2 = advance3.value.codePointAt(0);
            error(advance3, String.format("Expecting directive-value but found U+%04X (%s). Non-ASCII and non-printable characters must be percent-encoded.", Integer.valueOf(codePointAt2), new String(new int[]{codePointAt2}, 0, 1)));
            throw INVALID_DIRECTIVE_VALUE;
        }
    }

    private void warnFutureDirective(DirectiveNameToken directiveNameToken) {
        warn(directiveNameToken, "The " + directiveNameToken.value + " directive is an experimental directive that will be likely added to the CSP specification.");
    }

    private void enforceMissingDirectiveValue(@Nonnull Token token) throws DirectiveParseException {
        if (eat(DirectiveValueToken.class)) {
            error(token, "The " + token.value + " directive must not contain any value.");
            throw NON_EMPTY_VALUE_TOKEN_LIST;
        }
    }

    @Nonnull
    private Set<MediaType> parseMediaTypeList() throws DirectiveParseException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        while (hasNext(SubDirectiveValueToken.class)) {
            try {
                linkedHashSet.add(parseMediaType());
            } catch (DirectiveValueParseException e) {
                z = true;
            }
        }
        if (z) {
            throw INVALID_MEDIA_TYPE_LIST;
        }
        return linkedHashSet;
    }

    @Nonnull
    private MediaType parseMediaType() throws DirectiveValueParseException {
        Token advance = advance();
        Matcher matcher = Constants.mediaTypePattern.matcher(advance.value);
        if (matcher.find()) {
            return new MediaType(matcher.group("type"), matcher.group("subtype"));
        }
        error(advance, "Expecting media-type but found \"" + advance.value + "\".");
        throw INVALID_MEDIA_TYPE;
    }

    @Nonnull
    private Set<SourceExpression> parseSourceList() throws DirectiveParseException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        HashSet hashSet = new HashSet();
        while (hasNext(SubDirectiveValueToken.class)) {
            try {
                SourceExpression parseSourceExpression = parseSourceExpression(hashSet, !linkedHashSet.isEmpty());
                if (parseSourceExpression == None.INSTANCE) {
                    hashSet.add(SeenStates.SEEN_NONE);
                } else if (parseSourceExpression == KeywordSource.UnsafeEval) {
                    hashSet.add(SeenStates.SEEN_UNSAFE_EVAL);
                } else if (parseSourceExpression == KeywordSource.Self) {
                    hashSet.add(SeenStates.SEEN_SELF);
                } else if (parseSourceExpression == KeywordSource.UnsafeInline) {
                    hashSet.add(SeenStates.SEEN_UNSAFE_INLINE);
                } else if (parseSourceExpression instanceof HashSource) {
                    hashSet.add(SeenStates.SEEN_HASH);
                } else if (parseSourceExpression instanceof NonceSource) {
                    hashSet.add(SeenStates.SEEN_NONCE);
                } else if (parseSourceExpression == KeywordSource.StrictDynamic) {
                    hashSet.add(SeenStates.SEEN_STRICT_DYNAMIC);
                } else if ((parseSourceExpression instanceof HostSource) || (parseSourceExpression instanceof SchemeSource)) {
                    hashSet.add(SeenStates.SEEN_HOST_OR_SCHEME_SOURCE);
                } else if (parseSourceExpression == KeywordSource.UnsafeHashes) {
                    hashSet.add(SeenStates.SEEN_UNSAFE_HASHES);
                } else if (parseSourceExpression == KeywordSource.ReportSample) {
                    hashSet.add(SeenStates.SEEN_REPORT_SAMPLE);
                } else if (parseSourceExpression == KeywordSource.UnsafeAllowRedirects) {
                    hashSet.add(SeenStates.SEEN_UNSAFE_ALLOW_REDIRECTS);
                }
                if (!linkedHashSet.add(parseSourceExpression)) {
                    warn(this.tokens[this.index - 1], "Source list contains duplicate source expression \"" + parseSourceExpression.show() + "\". All but the first instance will be ignored.");
                }
            } catch (DirectiveValueParseException e) {
                z = true;
            }
        }
        if (hashSet.contains(SeenStates.SEEN_UNSAFE_HASHES) && !hashSet.contains(SeenStates.SEEN_HASH)) {
            warn(this.tokens[0], unsafeHashesWithoutHashWarningMessage);
        }
        if (z) {
            throw INVALID_SOURCE_LIST;
        }
        return linkedHashSet;
    }

    @Nonnull
    private SourceExpression parseSourceExpression(Set<SeenStates> set, boolean z) throws DirectiveValueParseException {
        int parseInt;
        HashSource.HashAlgorithm hashAlgorithm;
        Token advance = advance();
        if (set.contains(SeenStates.SEEN_NONE) || (z && advance.value.equalsIgnoreCase("'none'"))) {
            error(advance, "'none' must not be combined with any other source-expression.");
            throw INVALID_SOURCE_EXPR;
        }
        String lowerCase = advance.value.toLowerCase();
        boolean z2 = -1;
        switch (lowerCase.hashCode()) {
            case -2030605269:
                if (lowerCase.equals("'unsafe-hashes'")) {
                    z2 = 6;
                    break;
                }
                break;
            case -777349266:
                if (lowerCase.equals("'unsafe-inline'")) {
                    z2 = 3;
                    break;
                }
                break;
            case -180931573:
                if (lowerCase.equals("'report-sample'")) {
                    z2 = 7;
                    break;
                }
                break;
            case -102286709:
                if (lowerCase.equals("'unsafe-redirect'")) {
                    z2 = 5;
                    break;
                }
                break;
            case 491072325:
                if (lowerCase.equals("'strict-dynamic'")) {
                    z2 = 2;
                    break;
                }
                break;
            case 1221539880:
                if (lowerCase.equals("'none'")) {
                    z2 = false;
                    break;
                }
                break;
            case 1225857684:
                if (lowerCase.equals("'self'")) {
                    z2 = true;
                    break;
                }
                break;
            case 1416952267:
                if (lowerCase.equals("'unsafe-eval'")) {
                    z2 = 4;
                    break;
                }
                break;
            case 1611678004:
                if (lowerCase.equals("'unsafe-allow-redirects'")) {
                    z2 = 8;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                return None.INSTANCE;
            case true:
                if (set.contains(SeenStates.SEEN_STRICT_DYNAMIC)) {
                    info(advance, strictDynamicWarningMessage);
                }
                return KeywordSource.Self;
            case true:
                if (set.contains(SeenStates.SEEN_UNSAFE_INLINE) || set.contains(SeenStates.SEEN_HOST_OR_SCHEME_SOURCE) || set.contains(SeenStates.SEEN_SELF)) {
                    info(advance, strictDynamicWarningMessage);
                }
                return KeywordSource.StrictDynamic;
            case true:
                if (set.contains(SeenStates.SEEN_HASH) || set.contains(SeenStates.SEEN_NONCE)) {
                    info(advance, unsafeInlineWarningMessage);
                }
                if (set.contains(SeenStates.SEEN_STRICT_DYNAMIC)) {
                    info(advance, strictDynamicWarningMessage);
                }
                return KeywordSource.UnsafeInline;
            case true:
                return KeywordSource.UnsafeEval;
            case true:
                warn(advance, "'unsafe-redirect' has been removed from CSP as of version 2.0.");
                return KeywordSource.UnsafeRedirect;
            case true:
                return KeywordSource.UnsafeHashes;
            case true:
                return KeywordSource.ReportSample;
            case true:
                return KeywordSource.UnsafeAllowRedirects;
            default:
                checkForUnquotedKeyword(advance);
                if (advance.value.startsWith("'nonce-")) {
                    NonceSource nonceSource = new NonceSource(advance.value.substring(7, advance.value.length() - 1));
                    nonceSource.validationErrors().forEach(str -> {
                        warn(advance, str);
                    });
                    if (set.contains(SeenStates.SEEN_UNSAFE_INLINE)) {
                        info(advance, unsafeInlineWarningMessage);
                    }
                    return nonceSource;
                }
                if (!advance.value.toLowerCase().startsWith("'sha")) {
                    if (advance.value.matches("^[a-zA-Z][a-zA-Z0-9+\\-.]*:$")) {
                        if (set.contains(SeenStates.SEEN_STRICT_DYNAMIC)) {
                            info(advance, strictDynamicWarningMessage);
                        }
                        return new SchemeSource(advance.value.substring(0, advance.value.length() - 1));
                    }
                    if (advance.value.equalsIgnoreCase("'unsafe-hashed-attributes'")) {
                        warn(advance, "The CSP specification renamed 'unsafe-hashed-attributes' to 'unsafe-hashes' (June 2018).");
                    } else {
                        Matcher matcher = Constants.hostSourcePattern.matcher(advance.value);
                        if (matcher.find()) {
                            String group = matcher.group("scheme");
                            if (group != null) {
                                group = group.substring(0, group.length() - 3);
                            }
                            String group2 = matcher.group(ClientCookie.PORT_ATTR);
                            if (group2 == null) {
                                parseInt = group == null ? -1 : SchemeHostPortTriple.defaultPortForProtocol(group);
                            } else {
                                parseInt = group2.equals(":*") ? Constants.WILDCARD_PORT : Integer.parseInt(group2.substring(1));
                            }
                            if (set.contains(SeenStates.SEEN_STRICT_DYNAMIC)) {
                                info(advance, strictDynamicWarningMessage);
                            }
                            return new HostSource(group, matcher.group(HttpHeader.HOST_LC), parseInt, matcher.group("path"));
                        }
                    }
                    error(advance, "Expecting source-expression but found \"" + advance.value + "\".");
                    throw INVALID_SOURCE_EXPR;
                }
                String substring = advance.value.substring(4, 7);
                boolean z3 = -1;
                switch (substring.hashCode()) {
                    case 49747:
                        if (substring.equals("256")) {
                            z3 = false;
                            break;
                        }
                        break;
                    case 50799:
                        if (substring.equals("384")) {
                            z3 = true;
                            break;
                        }
                        break;
                    case 52502:
                        if (substring.equals("512")) {
                            z3 = 2;
                            break;
                        }
                        break;
                }
                switch (z3) {
                    case false:
                        hashAlgorithm = HashSource.HashAlgorithm.SHA256;
                        break;
                    case true:
                        hashAlgorithm = HashSource.HashAlgorithm.SHA384;
                        break;
                    case true:
                        hashAlgorithm = HashSource.HashAlgorithm.SHA512;
                        break;
                    default:
                        error(advance, "Unrecognised hash algorithm: \"" + advance.value.substring(1, 7) + "\".");
                        throw INVALID_SOURCE_EXPR;
                }
                String substring2 = advance.value.substring(8, advance.value.length() - 1);
                try {
                    Base64Value base64Value = new Base64Value(substring2.replace('-', '+').replace('_', '/'));
                    if (substring2.contains("-") || substring2.contains("_")) {
                        warn(advance, "Invalid base64-value (characters are not in the base64-value grammar). Consider using RFC4648 compliant base64 encoding implementation.");
                    }
                    HashSource hashSource = new HashSource(hashAlgorithm, base64Value);
                    try {
                        hashSource.validationErrors();
                        if (set.contains(SeenStates.SEEN_UNSAFE_INLINE)) {
                            info(advance, unsafeInlineWarningMessage);
                        }
                        return hashSource;
                    } catch (IllegalArgumentException e) {
                        error(advance, e.getMessage());
                        throw INVALID_SOURCE_EXPR;
                    }
                } catch (IllegalArgumentException e2) {
                    error(advance, e2.getMessage());
                    throw INVALID_SOURCE_EXPR;
                }
        }
    }

    @Nonnull
    private Set<AncestorSource> parseAncestorSourceList() throws DirectiveParseException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        boolean z2 = false;
        while (hasNext(SubDirectiveValueToken.class)) {
            try {
                AncestorSource parseAncestorSource = parseAncestorSource(z2, !linkedHashSet.isEmpty());
                if (parseAncestorSource == None.INSTANCE) {
                    z2 = true;
                }
                linkedHashSet.add(parseAncestorSource);
            } catch (DirectiveValueParseException e) {
                z = true;
            }
        }
        if (z) {
            throw INVALID_ANCESTOR_SOURCE_LIST;
        }
        return linkedHashSet;
    }

    @Nonnull
    private AncestorSource parseAncestorSource(boolean z, boolean z2) throws DirectiveValueParseException {
        int parseInt;
        Token advance = advance();
        if (z || (z2 && advance.value.equalsIgnoreCase("'none'"))) {
            error(advance, "'none' must not be combined with any other ancestor-source.");
            throw INVALID_ANCESTOR_SOURCE;
        }
        if (advance.value.equalsIgnoreCase("'none'")) {
            return None.INSTANCE;
        }
        if (advance.value.equalsIgnoreCase("'self'")) {
            return KeywordSource.Self;
        }
        checkForUnquotedKeyword(advance);
        if (advance.value.matches("^[a-zA-Z][a-zA-Z0-9+\\-.]*:$")) {
            return new SchemeSource(advance.value.substring(0, advance.value.length() - 1));
        }
        Matcher matcher = Constants.hostSourcePattern.matcher(advance.value);
        if (!matcher.find()) {
            error(advance, "Expecting ancestor-source but found \"" + advance.value + "\".");
            throw INVALID_ANCESTOR_SOURCE;
        }
        String group = matcher.group("scheme");
        if (group != null) {
            group = group.substring(0, group.length() - 3);
        }
        String group2 = matcher.group(ClientCookie.PORT_ATTR);
        if (group2 == null) {
            parseInt = group == null ? -1 : SchemeHostPortTriple.defaultPortForProtocol(group);
        } else {
            parseInt = group2.equals(":*") ? Constants.WILDCARD_PORT : Integer.parseInt(group2.substring(1));
        }
        return new HostSource(group, matcher.group(HttpHeader.HOST_LC), parseInt, matcher.group("path"));
    }

    private void checkForUnquotedKeyword(@Nonnull Token token) {
        if (Constants.unquotedKeywordPattern.matcher(token.value).find()) {
            warn(token, "This host name is unusual, and likely meant to be a keyword that is missing the required quotes: '" + token.value + "'.");
        }
    }

    @Nonnull
    private RFC7230Token parseReferrerToken(@Nonnull Token token) throws DirectiveParseException {
        if (!hasNext(DirectiveValueToken.class)) {
            error(token, "The referrer directive must contain exactly one referrer directive value.");
            throw INVALID_DIRECTIVE_VALUE;
        }
        Token advance = advance();
        if (Constants.referrerTokenPattern.matcher(Tokeniser.trimRHSWS(advance.value)).find()) {
            return new RFC7230Token(advance.value);
        }
        error(advance, "Expecting referrer directive value but found \"" + advance.value + "\".");
        throw INVALID_REFERRER_TOKEN;
    }

    @Nonnull
    private ReportToValue parseReportToToken(@Nonnull Token token) throws DirectiveParseException {
        if (hasNext(DirectiveValueToken.class)) {
            Token advance = advance();
            if (Constants.rfc7230TokenPattern.matcher(Tokeniser.trimRHSWS(advance.value)).find()) {
                return new ReportToValue(advance.value);
            }
            error(advance, "Expecting RFC 7230 token but found \"" + advance.value + "\".");
        } else {
            error(token, "The report-to directive must contain exactly one RFC 7230 token.");
        }
        throw INVALID_REPORT_TO_TOKEN;
    }

    @Nonnull
    private Set<RFC7230Token> parseRequireSriForTokenList(@Nonnull Token token) throws DirectiveParseException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        while (hasNext(SubDirectiveValueToken.class)) {
            try {
                RFC7230Token parseRequireSriForToken = parseRequireSriForToken();
                if (!linkedHashSet.add(parseRequireSriForToken)) {
                    warn(token, "The require-sri-for directive contains duplicate token: \"" + parseRequireSriForToken.show() + "\".");
                }
            } catch (DirectiveValueParseException e) {
                z = true;
            }
        }
        if (z) {
            throw INVALID_REQUIRE_SRI_FOR_TOKEN_LIST;
        }
        if (linkedHashSet.isEmpty()) {
            warn(token, "Empty require-sri-for directive has no effect.");
        }
        return linkedHashSet;
    }

    @Nonnull
    private RFC7230Token parseRequireSriForToken() throws DirectiveValueParseException {
        Token advance = advance();
        if (Constants.requireSriForEnumeratedTokenPattern.matcher(advance.value).find()) {
            return new RFC7230Token(advance.value.toLowerCase());
        }
        warn(advance, "The require-sri-for directive should contain only \"script\", \"style\" tokens.");
        if (Constants.rfc7230TokenPattern.matcher(advance.value).find()) {
            return new RFC7230Token(advance.value);
        }
        error(advance, "Expecting RFC 7230 token but found \"" + advance.value + "\".");
        throw INVALID_REQUIRE_SRI_FOR_TOKEN;
    }

    @Nonnull
    private Set<RFC7230Token> parseSandboxTokenList() throws DirectiveParseException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        while (hasNext(SubDirectiveValueToken.class)) {
            try {
                linkedHashSet.add(parseSandboxToken());
            } catch (DirectiveValueParseException e) {
                z = true;
            }
        }
        if (z) {
            throw INVALID_SANDBOX_TOKEN_LIST;
        }
        return linkedHashSet;
    }

    @Nonnull
    private RFC7230Token parseSandboxToken() throws DirectiveValueParseException {
        Token advance = advance();
        if (Constants.sandboxEnumeratedTokenPattern.matcher(advance.value).find()) {
            return new RFC7230Token(advance.value);
        }
        warn(advance, "The sandbox directive should contain only allow-forms, allow-modals, allow-pointer-lock, allow-popups, allow-popups-to-escape-sandbox, allow-same-origin, allow-scripts, or allow-top-navigation.");
        if (Constants.rfc7230TokenPattern.matcher(advance.value).find()) {
            return new RFC7230Token(advance.value);
        }
        error(advance, "Expecting RFC 7230 token but found \"" + advance.value + "\".");
        throw INVALID_SANDBOX_TOKEN;
    }

    @Nonnull
    private Set<URI> parseUriList() throws DirectiveParseException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        while (hasNext(SubDirectiveValueToken.class)) {
            try {
                linkedHashSet.add(parseUri());
            } catch (DirectiveValueParseException e) {
                z = true;
            }
        }
        if (z) {
            throw INVALID_URI_REFERENCE_LIST;
        }
        return linkedHashSet;
    }

    @Nonnull
    private URI parseUri() throws DirectiveValueParseException {
        Token advance = advance();
        try {
            return URI.parseWithOrigin(this.origin, advance.value);
        } catch (IllegalArgumentException e) {
            error(advance, "Expecting uri-reference but found \"" + advance.value + "\".");
            throw INVALID_URI_REFERENCE;
        }
    }
}
