package org.apache.myfaces.tobago.internal.util;

import java.util.Map;
import javax.faces.context.FacesContext;
import javax.portlet.MimeResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.myfaces.tobago.context.TobagoContext;
import org.apache.myfaces.tobago.context.UserAgent;
import org.apache.myfaces.tobago.internal.config.ContentSecurityPolicy;
import org.apache.myfaces.tobago.internal.context.Nonce;
import org.apache.myfaces.tobago.portlet.PortletUtils;
import org.jsoup.helper.HttpConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/tobago-core-4.5.2.jar:org/apache/myfaces/tobago/internal/util/ResponseUtils.class */
public final class ResponseUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ResponseUtils.class);

    private ResponseUtils() {
    }

    public static void ensureNoCacheHeader(FacesContext facesContext) {
        Object response = facesContext.getExternalContext().getResponse();
        if (response instanceof HttpServletResponse) {
            ensureNoCacheHeader((HttpServletResponse) response);
        } else if (PortletUtils.isPortletApiAvailable() && (response instanceof MimeResponse)) {
            ensureNoCacheHeader((MimeResponse) response);
        }
    }

    public static void ensureNoCacheHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Cache-Control", "no-cache,no-store,max-age=0,must-revalidate");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        httpServletResponse.setDateHeader("max-age", 0L);
    }

    public static void ensureNoCacheHeader(MimeResponse mimeResponse) {
        mimeResponse.getCacheControl().setExpirationTime(0);
    }

    public static void ensureContentTypeHeader(FacesContext facesContext, String str) {
        Object response = facesContext.getExternalContext().getResponse();
        if (response instanceof HttpServletResponse) {
            ensureContentTypeHeader((HttpServletResponse) response, str);
        } else if (PortletUtils.isPortletApiAvailable() && (response instanceof MimeResponse)) {
            ensureContentTypeHeader((MimeResponse) response, str);
        }
    }

    public static void ensureContentTypeHeader(HttpServletResponse httpServletResponse, String str) {
        if (!httpServletResponse.containsHeader(HttpConnection.CONTENT_TYPE)) {
            httpServletResponse.setContentType(str);
            return;
        }
        String contentType = httpServletResponse.getContentType();
        if (StringUtils.equalsIgnoreCaseAndWhitespace(contentType, str)) {
            return;
        }
        httpServletResponse.setContentType(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Response already contains Header Content-Type '" + contentType + "'. Overwriting with '" + str + "'");
        }
    }

    public static void ensureContentTypeHeader(MimeResponse mimeResponse, String str) {
        String contentType = mimeResponse.getContentType();
        if (StringUtils.equalsIgnoreCaseAndWhitespace(contentType, str)) {
            return;
        }
        mimeResponse.setContentType(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Response already contains Header Content-Type '" + contentType + "'. Overwriting with '" + str + "'");
        }
    }

    public static void ensureContentSecurityPolicyHeader(FacesContext facesContext, ContentSecurityPolicy contentSecurityPolicy) {
        String[] cspReportOnlyHeaders;
        Object response = facesContext.getExternalContext().getResponse();
        if (!(response instanceof HttpServletResponse)) {
            if (PortletUtils.isPortletApiAvailable() && (response instanceof MimeResponse) && contentSecurityPolicy.getMode() != ContentSecurityPolicy.Mode.OFF) {
                LOG.warn("CSP not implemented for Portlet!");
                return;
            }
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        UserAgent userAgent = TobagoContext.getInstance(facesContext).getUserAgent();
        switch (contentSecurityPolicy.getMode()) {
            case OFF:
                cspReportOnlyHeaders = new String[0];
                break;
            case ON:
                cspReportOnlyHeaders = userAgent.getCspHeaders();
                break;
            case REPORT_ONLY:
                cspReportOnlyHeaders = userAgent.getCspReportOnlyHeaders();
                break;
            default:
                throw new IllegalArgumentException("Undefined mode: " + contentSecurityPolicy.getMode());
        }
        StringBuilder sb = new StringBuilder();
        String nonce = Nonce.getNonce(facesContext);
        for (Map.Entry<String, String> entry : contentSecurityPolicy.getDirectiveMap().entrySet()) {
            sb.append(entry.getKey());
            sb.append(" ");
            sb.append(entry.getValue().replace("${nonce}", nonce));
            sb.append(";");
        }
        for (String str : cspReportOnlyHeaders) {
            httpServletResponse.setHeader(str, sb.toString());
        }
    }

    public static void ensureNosniffHeader(FacesContext facesContext) {
        Object response = facesContext.getExternalContext().getResponse();
        if (response instanceof HttpServletResponse) {
            ensureNosniffHeader((HttpServletResponse) response);
        }
    }

    public static void ensureNosniffHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
    }

    public static void ensureXFrameOptionsHeader(FacesContext facesContext) {
        Object response = facesContext.getExternalContext().getResponse();
        if (response instanceof HttpServletResponse) {
            ((HttpServletResponse) response).setHeader("X-Frame-Options", "DENY");
        }
    }
}
