package com.atlassian.security.csp;

import java.io.IOException;
import java.util.Optional;
import java.util.StringJoiner;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;

@WebFilter(asyncSupported = true)
/* loaded from: input_file:com/atlassian/security/csp/ContentSecurityPolicyHeaderFilter.class */
public class ContentSecurityPolicyHeaderFilter implements Filter {
    private static final String NONCE_ATTRIBUTE_NAME = "cspNonce";
    private static Optional<String> reportOnly;
    private static Optional<String> policy;
    public static final String defaultPolicy = new StringJoiner(";").add("object-src 'none'").add("frame-ancestors 'self'").add(new StringJoiner(" ").add("script-src 'unsafe-eval'").add(" 'nonce-%s' ").add("'unsafe-inline' https: http:").add("'strict-dynamic'").toString()).add("base-uri 'self'").add("report-uri https://csp-report-logger.prod.public.atl-paas.net/").toString();

    public void init(FilterConfig filterConfig) throws ServletException {
        reportOnly = Optional.ofNullable(filterConfig.getInitParameter("report-only"));
        policy = Optional.ofNullable(filterConfig.getInitParameter("policy"));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str = (String) servletRequest.getAttribute(NONCE_ATTRIBUTE_NAME);
        if (str == null) {
            str = ContentSecurityPolicyHeaderGenerator.generateNonce();
        }
        servletRequest.setAttribute(NONCE_ATTRIBUTE_NAME, str);
        ((HttpServletResponse) servletResponse).setHeader(ContentSecurityPolicyHeaderGenerator.generateHeaderName(Boolean.valueOf(reportOnly.orElse("true"))), ContentSecurityPolicyHeaderGenerator.buildCsp(policy.orElse(defaultPolicy), str));
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }
}
