package org.springframework.security.web.header.writers.frameoptions;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-5.8.9.jar:org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.class */
public final class XFrameOptionsHeaderWriter implements HeaderWriter {
    public static final String XFRAME_OPTIONS_HEADER = "X-Frame-Options";
    private final AllowFromStrategy allowFromStrategy;
    private final XFrameOptionsMode frameOptionsMode;

    /* loaded from: input_file:WEB-INF/lib/spring-security-web-5.8.9.jar:org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter$XFrameOptionsMode.class */
    public enum XFrameOptionsMode {
        DENY("DENY"),
        SAMEORIGIN("SAMEORIGIN"),
        ALLOW_FROM("ALLOW-FROM");

        private final String mode;

        XFrameOptionsMode(String str) {
            this.mode = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getMode() {
            return this.mode;
        }
    }

    public XFrameOptionsHeaderWriter() {
        this(XFrameOptionsMode.DENY);
    }

    public XFrameOptionsHeaderWriter(XFrameOptionsMode xFrameOptionsMode) {
        Assert.notNull(xFrameOptionsMode, "frameOptionsMode cannot be null");
        Assert.isTrue(!XFrameOptionsMode.ALLOW_FROM.equals(xFrameOptionsMode), "ALLOW_FROM requires an AllowFromStrategy. Please use FrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy) instead");
        this.frameOptionsMode = xFrameOptionsMode;
        this.allowFromStrategy = null;
    }

    @Deprecated
    public XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy) {
        Assert.notNull(allowFromStrategy, "allowFromStrategy cannot be null");
        this.frameOptionsMode = XFrameOptionsMode.ALLOW_FROM;
        this.allowFromStrategy = allowFromStrategy;
    }

    @Override // org.springframework.security.web.header.HeaderWriter
    public void writeHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!XFrameOptionsMode.ALLOW_FROM.equals(this.frameOptionsMode)) {
            httpServletResponse.setHeader("X-Frame-Options", this.frameOptionsMode.getMode());
            return;
        }
        String allowFromValue = this.allowFromStrategy.getAllowFromValue(httpServletRequest);
        if (XFrameOptionsMode.DENY.getMode().equals(allowFromValue)) {
            if (httpServletResponse.containsHeader("X-Frame-Options")) {
                return;
            }
            httpServletResponse.setHeader("X-Frame-Options", XFrameOptionsMode.DENY.getMode());
        } else {
            if (allowFromValue == null || httpServletResponse.containsHeader("X-Frame-Options")) {
                return;
            }
            httpServletResponse.setHeader("X-Frame-Options", XFrameOptionsMode.ALLOW_FROM.getMode() + " " + allowFromValue);
        }
    }
}
