package org.jahia.modules.csp;

import java.nio.ByteBuffer;
import java.util.Base64;
import java.util.UUID;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.jahia.modules.csp.actions.ReportOnlyAction;
import org.jahia.services.content.decorator.JCRSiteNode;
import org.jahia.services.render.RenderContext;
import org.jahia.services.render.Resource;
import org.jahia.services.render.filter.AbstractFilter;
import org.jahia.services.render.filter.RenderChain;
import org.jahia.settings.SettingsBean;

/* loaded from: input_file:org/jahia/modules/csp/AddContentSecurityPolicy.class */
public final class AddContentSecurityPolicy extends AbstractFilter {
    private static final String CSP_SEPARATOR = ";";
    private static final String CSP_PROPERTY = "policy";
    private static final String CSP_HEADER = "Content-Security-Policy";
    private static final String CSP_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
    private static final String CSP_WEB_NONCE_PLACEHOLDER = "nonce-";
    public static final String CSP_NONCE_PLACEHOLDER_PROP = "contentSecurityPolicy.nonce.placeHolder";
    private final Base64.Encoder encoder = Base64.getUrlEncoder();
    private final String cspNoncePlaceHolder = SettingsBean.getInstance().getPropertiesFile().getProperty(CSP_NONCE_PLACEHOLDER_PROP, "XXXXX");

    public String execute(String str, RenderContext renderContext, Resource resource, RenderChain renderChain) throws Exception {
        String str2;
        HttpServletResponse response = renderContext.getResponse();
        StringBuilder sb = new StringBuilder();
        JCRSiteNode site = renderContext.getSite();
        String string = site.hasProperty(CSP_PROPERTY) ? site.getProperty(CSP_PROPERTY).getString() : null;
        String nonceValue = getNonceValue();
        if (StringUtils.isNotEmpty(string)) {
            sb.append(string.replace(CSP_WEB_NONCE_PLACEHOLDER, CSP_WEB_NONCE_PLACEHOLDER + nonceValue));
            if (site.hasProperty(ReportOnlyAction.CSP_REPORT_ONLY) && site.getProperty(ReportOnlyAction.CSP_REPORT_ONLY).getBoolean()) {
                sb.append(CSP_SEPARATOR).append(" report-uri ").append(renderContext.getRequest().getContextPath() + resource.getNodePath() + ".contentSecurityPolicyReportOnly.do");
                str2 = CSP_REPORT_ONLY_HEADER;
            } else {
                str2 = CSP_HEADER;
            }
            response.setHeader(str2, sb.toString());
        }
        return site.getInstalledModules().contains("content-security-policy") ? str.replaceAll("nonce=\"" + this.cspNoncePlaceHolder + "\"", "nonce=\"" + nonceValue + "\"") : str;
    }

    private String getNonceValue() {
        UUID randomUUID = UUID.randomUUID();
        return this.encoder.encodeToString(ByteBuffer.wrap(new byte[16]).putLong(randomUUID.getMostSignificantBits()).putLong(randomUUID.getLeastSignificantBits()).array()).substring(0, 22);
    }
}
