package org.apache.struts2.interceptor.csp;

import com.opensymphony.xwork2.ActionContext;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.function.Supplier;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/struts2-core-6.0.0.jar:org/apache/struts2/interceptor/csp/DefaultCspSettings.class */
public class DefaultCspSettings implements CspSettings {
    private String reportUri;
    private final SecureRandom sRand = new SecureRandom();
    private final Supplier<String> lazyPolicyBuilder = new Supplier<String>() { // from class: org.apache.struts2.interceptor.csp.DefaultCspSettings.1
        boolean hasBeenCalled;
        String policyFormat;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public String get() {
            if (!this.hasBeenCalled) {
                StringBuilder append = new StringBuilder().append(CspSettings.OBJECT_SRC).append(String.format(" '%s'; ", "none")).append(CspSettings.SCRIPT_SRC).append(" 'nonce-%s' ").append(String.format("'%s' ", CspSettings.STRICT_DYNAMIC)).append(String.format("%s %s; ", CspSettings.HTTP, CspSettings.HTTPS)).append(CspSettings.BASE_URI).append(String.format(" '%s'; ", "none"));
                if (DefaultCspSettings.this.reportUri != null) {
                    append.append(CspSettings.REPORT_URI).append(String.format(" %s", DefaultCspSettings.this.reportUri));
                }
                this.policyFormat = append.toString();
            }
            return String.format(this.policyFormat, DefaultCspSettings.this.getNonceString());
        }
    };
    private String cspHeader = CspSettings.CSP_REPORT_HEADER;

    @Override // org.apache.struts2.interceptor.csp.CspSettings
    public void addCspHeaders(HttpServletResponse httpServletResponse) {
        associateNonceWithSession();
        httpServletResponse.setHeader(this.cspHeader, this.lazyPolicyBuilder.get());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getNonceString() {
        return (String) ActionContext.getContext().getSession().get("nonce");
    }

    private void associateNonceWithSession() {
        ActionContext.getContext().getSession().put("nonce", Base64.getUrlEncoder().encodeToString(getRandomBytes()));
    }

    private byte[] getRandomBytes() {
        byte[] bArr = new byte[18];
        this.sRand.nextBytes(bArr);
        return bArr;
    }

    @Override // org.apache.struts2.interceptor.csp.CspSettings
    public void setEnforcingMode(boolean z) {
        if (z) {
            this.cspHeader = CspSettings.CSP_ENFORCE_HEADER;
        }
    }

    @Override // org.apache.struts2.interceptor.csp.CspSettings
    public void setReportUri(String str) {
        this.reportUri = str;
    }
}
