package io.jenkins.plugins.csp;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.ExtensionList;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import jenkins.security.ResourceDomainConfiguration;
import jenkins.util.HttpServletFilter;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.accmod.restrictions.suppressions.SuppressRestrictedWarnings;

@Extension
@Restricted({NoExternalUse.class})
/* loaded from: input_file:io/jenkins/plugins/csp/ContentSecurityPolicyFilter.class */
public class ContentSecurityPolicyFilter implements HttpServletFilter {
    static String getConfiguredRules() {
        String rule = ((ContentSecurityPolicyConfiguration) ExtensionList.lookupSingleton(ContentSecurityPolicyConfiguration.class)).getRule();
        if (rule == null) {
            return null;
        }
        return StringUtils.removeEnd(rule.trim(), ";");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getHeader() {
        return ((ContentSecurityPolicyConfiguration) ExtensionList.lookupSingleton(ContentSecurityPolicyConfiguration.class)).isReportOnly() ? "Content-Security-Policy-Report-Only" : "Content-Security-Policy";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getValue(@NonNull String str) {
        String rootUrl;
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        return (instanceOrNull == null || (rootUrl = instanceOrNull.getRootUrl()) == null || !instanceOrNull.hasPermission(Jenkins.READ)) ? getConfiguredRules() : getConfiguredRules() + "; report-uri " + rootUrl + "/content-security-policy-reporting-endpoint/" + str;
    }

    @SuppressRestrictedWarnings({ResourceDomainConfiguration.class})
    public boolean handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = getHeader();
        if (httpServletResponse.getHeader(header) != null || ResourceDomainConfiguration.isResourceRequest(httpServletRequest)) {
            return false;
        }
        httpServletResponse.setHeader(header, getValue(Context.encodeContext("", Jenkins.getAuthentication2(), StringUtils.removeStart(httpServletRequest.getRequestURI(), httpServletRequest.getContextPath()))));
        return false;
    }
}
