package org.apache.struts2.interceptor.csp;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.net.URI;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.action.CspSettingsAware;

/* loaded from: input_file:WEB-INF/lib/struts2-core-6.3.0.1.jar:org/apache/struts2/interceptor/csp/CspInterceptor.class */
public final class CspInterceptor extends AbstractInterceptor {
    private static final Logger LOG = LogManager.getLogger((Class<?>) CspInterceptor.class);
    private Boolean enforcingMode;
    private String reportUri;

    @Override // com.opensymphony.xwork2.interceptor.AbstractInterceptor, com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        Object action = actionInvocation.getAction();
        if (action instanceof CspSettingsAware) {
            LOG.trace("Using CspSettings provided by the action: {}", action);
            applySettings(actionInvocation, ((CspSettingsAware) action).getCspSettings());
        } else {
            LOG.trace("Using DefaultCspSettings with action: {}", action);
            applySettings(actionInvocation, new DefaultCspSettings());
        }
        return actionInvocation.invoke();
    }

    private void applySettings(ActionInvocation actionInvocation, CspSettings cspSettings) {
        if (this.enforcingMode != null) {
            LOG.trace("Applying: {} to enforcingMode", this.enforcingMode);
            cspSettings.setEnforcingMode(this.enforcingMode.booleanValue());
        }
        if (this.reportUri != null) {
            LOG.trace("Applying: {} to reportUri", this.reportUri);
            cspSettings.setReportUri(this.reportUri);
        }
        HttpServletRequest servletRequest = actionInvocation.getInvocationContext().getServletRequest();
        HttpServletResponse servletResponse = actionInvocation.getInvocationContext().getServletResponse();
        actionInvocation.addPreResultListener((actionInvocation2, str) -> {
            LOG.trace("Applying CSP header: {} to the request", cspSettings);
            cspSettings.addCspHeaders(servletRequest, servletResponse);
        });
    }

    public void setReportUri(String str) {
        Optional<URI> buildUri = buildUri(str);
        if (!buildUri.isPresent()) {
            throw new IllegalArgumentException("Could not parse configured report URI for CSP interceptor: " + str);
        }
        if (!buildUri.get().isAbsolute() && !str.startsWith("/")) {
            throw new IllegalArgumentException("Illegal configuration: report URI is not relative to the root. Please set a report URI that starts with /");
        }
        this.reportUri = str;
    }

    private Optional<URI> buildUri(String str) {
        try {
            return Optional.of(URI.create(str));
        } catch (IllegalArgumentException e) {
            return Optional.empty();
        }
    }

    public void setEnforcingMode(String str) {
        this.enforcingMode = Boolean.valueOf(Boolean.parseBoolean(str));
    }
}
