package sk.eset.era.g3webserver.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import sk.eset.era.commons.common.constants.Version;

/* loaded from: input_file:WEB-INF/lib/g3-server-0.0.1-SNAPSHOT.jar:sk/eset/era/g3webserver/security/SecurityResponseWrapper.class */
class SecurityResponseWrapper extends HttpServletResponseWrapper {
    private final String csp;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityResponseWrapper(HttpServletResponse httpServletResponse) {
        super(httpServletResponse);
        this.csp = cspHeader();
        updateSecHeaders(httpServletResponse.getContentType());
    }

    private static String cspHeader() {
        String str;
        str = "'self'";
        str = Version.isDevToolsEnabled() ? str + " http://localhost:8080 http://localhost:8090 http://localhost:9876 ws://localhost:8090 http://localhost:8091 ws://localhost:8091" : "'self'";
        List list = (List) Stream.of((Object[]) new String[]{"object-src", "media-src"}).map(str2 -> {
            return str2 + " 'none'";
        }).collect(Collectors.toList());
        ArrayList arrayList = new ArrayList(Arrays.asList("default-src " + str, "script-src " + str + " 'unsafe-inline' 'unsafe-eval'", "style-src " + str + " 'unsafe-inline'", "img-src " + str + " data: ", "connect-src " + str + " https://*.welivesecurity.com https://*.eset.com"));
        arrayList.addAll(list);
        return (String) arrayList.stream().map(str3 -> {
            return str3 + ";";
        }).collect(Collectors.joining(" "));
    }

    @Override // javax.servlet.ServletResponseWrapper, javax.servlet.ServletResponse
    public void setContentType(String str) {
        super.setContentType(str);
        updateSecHeaders(str);
    }

    private void updateSecHeaders(String str) {
        if (str != null) {
            if (str.startsWith("text/html") || str.startsWith("image/svg+xml")) {
                setHeader("Content-Security-Policy", this.csp);
                setHeader("Feature-Policy", "accelerometer 'none';camera 'none';gyroscope 'none';magnetometer 'none';geolocation 'none';sync-xhr 'none';microphone 'none';fullscreen 'none';payment 'none';autoplay 'none';");
                if (str.startsWith("text/html")) {
                    setHeader("X-Frame-Options", "SAMEORIGIN");
                }
            }
        }
    }
}
