package io.bdeploy.jersey;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import org.glassfish.grizzly.filterchain.BaseFilter;
import org.glassfish.grizzly.filterchain.FilterChainBuilder;
import org.glassfish.grizzly.filterchain.FilterChainContext;
import org.glassfish.grizzly.filterchain.NextAction;
import org.glassfish.grizzly.http.HttpContent;
import org.glassfish.grizzly.http.HttpContext;
import org.glassfish.grizzly.http.server.AddOn;
import org.glassfish.grizzly.http.server.FileCacheFilter;
import org.glassfish.grizzly.http.server.HttpServerFilter;
import org.glassfish.grizzly.http.server.NetworkListener;

/* loaded from: input_file:io/bdeploy/jersey/JerseyCspFilter.class */
public class JerseyCspFilter extends BaseFilter {
    private static final String CSP_HDR = "Content-Security-Policy";
    private static final String[] CSP_OPTS = {"default-src 'none'", "frame-ancestors 'self'", "frame-src 'self'", "font-src 'self'", "script-src 'self' 'unsafe-inline' 'unsafe-eval'", "connect-src 'self'", "img-src 'self' https://* data:", "style-src 'self' 'unsafe-inline'", "base-uri 'self'", "form-action 'self'"};

    /* loaded from: input_file:io/bdeploy/jersey/JerseyCspFilter$JerseyCspAddOn.class */
    static final class JerseyCspAddOn implements AddOn {
        @Override // org.glassfish.grizzly.http.server.AddOn
        public void setup(NetworkListener networkListener, FilterChainBuilder filterChainBuilder) {
            filterChainBuilder.add(Math.max(0, Math.min(filterChainBuilder.indexOfType(HttpServerFilter.class), filterChainBuilder.indexOfType(FileCacheFilter.class))), new JerseyCspFilter());
        }
    }

    @Override // org.glassfish.grizzly.filterchain.BaseFilter, org.glassfish.grizzly.filterchain.Filter
    public NextAction handleWrite(FilterChainContext filterChainContext) throws IOException {
        Object message = filterChainContext.getMessage();
        if (message instanceof HttpContent) {
            HttpContent httpContent = (HttpContent) message;
            HttpContext httpContext = HttpContext.get(filterChainContext);
            boolean z = httpContent.getHttpHeader() != null && httpContent.getHttpHeader().getHeader("Content-Security-Policy") == null;
            String requestURI = httpContext.getRequest().getRequestURI();
            if (requestURI.contains("/upx/") || requestURI.equals("/api/proxy")) {
                z = false;
            }
            if (z) {
                httpContent.getHttpHeader().addHeader("Content-Security-Policy", String.join("; ", CSP_OPTS));
                httpContent.getHttpHeader().addHeader(HttpHeaders.X_FRAME_OPTIONS, "DENY");
                httpContent.getHttpHeader().addHeader("X-Content-Type-Options", "nosniff");
            }
        }
        return filterChainContext.getInvokeAction();
    }
}
