package org.apache.struts2.interceptor.csp;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.config.ConfigurationException;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opensymphony.xwork2.util.ClassLoaderUtil;
import java.net.URI;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.action.CspSettingsAware;

/* loaded from: input_file:WEB-INF/lib/struts2-core-6.7.0.jar:org/apache/struts2/interceptor/csp/CspInterceptor.class */
public final class CspInterceptor extends AbstractInterceptor {
    private static final Logger LOG = LogManager.getLogger((Class<?>) CspInterceptor.class);
    private boolean enforcingMode;
    private String reportUri;
    private String reportTo;
    private boolean prependServletContext = true;
    private String cspSettingsClassName = DefaultCspSettings.class.getName();

    @Override // com.opensymphony.xwork2.interceptor.AbstractInterceptor, com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        Object action = actionInvocation.getAction();
        if (action instanceof CspSettingsAware) {
            LOG.trace("Using CspSettings provided by the action: {}", action);
            applySettings(actionInvocation, ((CspSettingsAware) action).getCspSettings());
        } else {
            LOG.trace("Using {} with action: {}", this.cspSettingsClassName, action);
            applySettings(actionInvocation, createCspSettings(actionInvocation));
        }
        return actionInvocation.invoke();
    }

    private CspSettings createCspSettings(ActionInvocation actionInvocation) throws ClassNotFoundException {
        try {
            Class loadClass = ClassLoaderUtil.loadClass(this.cspSettingsClassName, getClass());
            if (CspSettings.class.isAssignableFrom(loadClass)) {
                return (CspSettings) actionInvocation.getInvocationContext().getContainer().inject(loadClass);
            }
            throw new ConfigurationException(String.format("The class %s doesn't implement %s!", this.cspSettingsClassName, CspSettings.class.getName()));
        } catch (ClassNotFoundException e) {
            throw new ConfigurationException(String.format("The class %s doesn't exist!", this.cspSettingsClassName));
        }
    }

    private void applySettings(ActionInvocation actionInvocation, CspSettings cspSettings) {
        HttpServletRequest servletRequest = actionInvocation.getInvocationContext().getServletRequest();
        HttpServletResponse servletResponse = actionInvocation.getInvocationContext().getServletResponse();
        LOG.trace("Applying: {} to enforcingMode", Boolean.valueOf(this.enforcingMode));
        cspSettings.setEnforcingMode(this.enforcingMode);
        if (this.reportUri != null) {
            LOG.trace("Applying: {} to reportUri", this.reportUri);
            String str = this.reportUri;
            if (this.prependServletContext && servletRequest.getContextPath() != null && !servletRequest.getContextPath().isEmpty()) {
                str = servletRequest.getContextPath() + str;
            }
            cspSettings.setReportUri(str);
            if (this.reportTo != null) {
                LOG.trace("Applying: {} to reportTo", this.reportTo);
                cspSettings.setReportTo(this.reportTo);
            }
        }
        actionInvocation.addPreResultListener((actionInvocation2, str2) -> {
            LOG.trace("Applying CSP header: {} to the request", cspSettings);
            cspSettings.addCspHeaders(servletRequest, servletResponse);
        });
    }

    public void setReportUri(String str) {
        Optional<URI> buildUri = buildUri(str);
        if (!buildUri.isPresent()) {
            throw new IllegalArgumentException("Could not parse configured report URI for CSP interceptor: " + str);
        }
        if (!buildUri.get().isAbsolute() && !str.startsWith("/")) {
            throw new IllegalArgumentException("Illegal configuration: report URI is not relative to the root. Please set a report URI that starts with /");
        }
        this.reportUri = str;
    }

    public void setReportTo(String str) {
        this.reportTo = str;
    }

    private Optional<URI> buildUri(String str) {
        try {
            return Optional.of(URI.create(str));
        } catch (IllegalArgumentException e) {
            return Optional.empty();
        }
    }

    public void setEnforcingMode(boolean z) {
        this.enforcingMode = z;
    }

    public void setPrependServletContext(boolean z) {
        this.prependServletContext = z;
    }

    public void setCspSettingsClassName(String str) {
        this.cspSettingsClassName = str;
    }
}
