package keywhiz.service.filters;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;

/* loaded from: input_file:keywhiz/service/filters/SecurityHeadersFilter.class */
public class SecurityHeadersFilter implements ContainerResponseFilter {
    private static final long YEAR_OF_SECONDS = TimeUnit.DAYS.convert(365, TimeUnit.SECONDS);

    @Override // javax.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        MultivaluedMap<String, Object> headers = containerResponseContext.getHeaders();
        headers.add(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'");
        headers.add("X-Content-Security-Policy", "default-src 'self'");
        headers.add("X-WebKit-CSP", "default-src 'self'");
        headers.add("Frame-Options", "DENY");
        headers.add(HttpHeaders.X_FRAME_OPTIONS, "DENY");
        headers.add("X-Content-Type-Options", "nosniff");
        headers.add(HttpHeaders.X_XSS_PROTECTION, "1; mode=block");
        headers.add(HttpHeaders.STRICT_TRANSPORT_SECURITY, String.format("max-age=%d; includeSubDomains", Long.valueOf(YEAR_OF_SECONDS)));
    }
}
