package com.helger.phoss.smp.servlet;

import com.helger.commons.http.CHttpHeader;
import com.helger.css.utils.CSSDataURLHelper;
import com.helger.http.csp.CSP2Directive;
import com.helger.http.csp.CSP2Policy;
import com.helger.http.csp.CSP2SourceList;
import com.helger.phoss.smp.app.SMPWebAppConfiguration;
import com.helger.photon.core.servlet.AbstractApplicationXServletHandler;
import com.helger.servlet.response.UnifiedResponse;
import com.helger.web.scope.IRequestWebScopeWithoutResponse;
import jakarta.servlet.ServletException;
import java.io.IOException;

/* loaded from: input_file:WEB-INF/lib/phoss-smp-webapp-7.1.7.jar:com/helger/phoss/smp/servlet/SMPApplicationXServletHandler.class */
public abstract class SMPApplicationXServletHandler extends AbstractApplicationXServletHandler {
    @Override // com.helger.photon.core.servlet.AbstractApplicationXServletHandler, com.helger.xservlet.handler.simple.IXServletSimpleHandler
    public void handleRequest(IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse, UnifiedResponse unifiedResponse) throws IOException, ServletException {
        if (SMPWebAppConfiguration.isCSPEnabled()) {
            boolean isCSPReportingOnly = SMPWebAppConfiguration.isCSPReportingOnly();
            boolean z = isCSPReportingOnly || SMPWebAppConfiguration.isCSPReportingEnabled();
            CSP2SourceList addKeywordUnsafeInline = new CSP2SourceList().addKeywordSelf().addKeywordUnsafeInline();
            CSP2SourceList addKeywordUnsafeInline2 = new CSP2SourceList().addKeywordSelf().addKeywordUnsafeInline();
            CSP2SourceList addHost = new CSP2SourceList().addKeywordSelf().addHost(CSSDataURLHelper.PREFIX_DATA_URL);
            CSP2SourceList addKeywordSelf = new CSP2SourceList().addKeywordSelf();
            CSP2SourceList addKeywordSelf2 = new CSP2SourceList().addKeywordSelf();
            CSP2Policy cSP2Policy = new CSP2Policy();
            cSP2Policy.addDirective(CSP2Directive.createDefaultSrc(new CSP2SourceList().addKeywordNone())).addDirective(CSP2Directive.createScriptSrc(addKeywordUnsafeInline)).addDirective(CSP2Directive.createStyleSrc(addKeywordUnsafeInline2)).addDirective(CSP2Directive.createImgSrc(addHost)).addDirective(CSP2Directive.createConnectSrc(addKeywordSelf)).addDirective(CSP2Directive.createFontSrc(addKeywordSelf2));
            if (z) {
                cSP2Policy.addDirective(CSP2Directive.createReportURI(iRequestWebScopeWithoutResponse.getContextPath() + "/smp-cspreporting"));
            }
            unifiedResponse.addCustomResponseHeader(isCSPReportingOnly ? CHttpHeader.CONTENT_SECURITY_POLICY_REPORT_ONLY : CHttpHeader.CONTENT_SECURITY_POLICY, cSP2Policy.getAsString());
            unifiedResponse.addCustomResponseHeader(isCSPReportingOnly ? CHttpHeader.X_CONTENT_SECURITY_POLICY_REPORT_ONLY : CHttpHeader.X_CONTENT_SECURITY_POLICY, cSP2Policy.getAsString());
        }
        super.handleRequest(iRequestWebScopeWithoutResponse, unifiedResponse);
    }
}
