package com.atlassian.jira.web.filters.steps.security.csp;

import com.atlassian.jira.JiraFeatureFlagRegistrar;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.mail.util.MimeTypes;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import io.atlassian.util.concurrent.LazyReference;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/web/filters/steps/security/csp/DynamicContentSecurityPolicyResponseWrapperFactory.class */
public class DynamicContentSecurityPolicyResponseWrapperFactory {
    private static final Logger log = LoggerFactory.getLogger(DynamicContentSecurityPolicyResponseWrapperFactory.class);
    private static final Set<String> cspSandboxContentTypeDefaultExceptionList = ImmutableSet.of(MimeTypes.Text.HTML, "text/javascript", "application/javascript");
    private static final Set<String> cspSandboxContentDispositionDefaultApplyList = ImmutableSet.of("attachment");
    private static final String ALLOW_SAME_ORIGIN_POSTFIX = "allow-same-origin";
    private static final String ALLOW_SCRIPTS_POSTFIX = "allow-scripts";
    private static final Map<Browser, String> cspSandboxBrowserDifferentiatedDefaultPostfixes = ImmutableMap.of(Browser.CHROME_DESKTOP, ALLOW_SAME_ORIGIN_POSTFIX, Browser.CHROME_ANDROID, ALLOW_SAME_ORIGIN_POSTFIX, Browser.CHROME_IOS, ALLOW_SCRIPTS_POSTFIX, Browser.SAFARI_DESKTOP, ALLOW_SCRIPTS_POSTFIX, Browser.SAFARI_IOS, ALLOW_SCRIPTS_POSTFIX);
    private static final Set<String> cspSandboxBrowserDifferentiatedDefaultPaths = ImmutableSet.of("/secure/attachment", "/secure/temporaryattachment");
    private static final String PROPERTY_READ_FAILED_MESSAGE = "Failed to read property '{}'. Check if jira.home is set.";

    public static DynamicContentSecurityPolicyResponseWrapper getWrapper(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        boolean booleanValue = ((Boolean) ComponentAccessor.getComponentSafely(FeatureManager.class).map(featureManager -> {
            return Boolean.valueOf(featureManager.isEnabled(JiraFeatureFlagRegistrar.ENABLE_SANDBOX_CONTENT_SECURITY_POLICY));
        }).orElse(true)).booleanValue();
        Optional componentSafely = ComponentAccessor.getComponentSafely(ApplicationProperties.class);
        Set set = (Set) componentSafely.flatMap(readApplicationProperty("jira.security.csp.sandbox.excluded.content.type")).orElse(new HashSet());
        set.addAll(cspSandboxContentTypeDefaultExceptionList);
        Set set2 = (Set) componentSafely.flatMap(readApplicationProperty("jira.security.csp.sandbox.included.content.disposition")).orElse(cspSandboxContentDispositionDefaultApplyList);
        Set set3 = (Set) componentSafely.flatMap(readApplicationProperty("jira.security.csp.sandbox.browser.differentiated.paths")).orElse(new HashSet());
        set3.addAll(cspSandboxBrowserDifferentiatedDefaultPaths);
        return new DynamicContentSecurityPolicyResponseWrapper(httpServletResponse, httpServletRequest, booleanValue, set, set2, set3, (Map) componentSafely.flatMap(readClausesProperty()).orElse(cspSandboxBrowserDifferentiatedDefaultPostfixes));
    }

    private DynamicContentSecurityPolicyResponseWrapperFactory() {
    }

    private static Function<ApplicationProperties, Optional<Set<String>>> readApplicationProperty(String str) {
        return applicationProperties -> {
            try {
                return splitStringToSet(applicationProperties.getDefaultBackedString(str));
            } catch (LazyReference.InitializationException e) {
                log.error(PROPERTY_READ_FAILED_MESSAGE, str, e);
                return Optional.empty();
            }
        };
    }

    private static Function<ApplicationProperties, Optional<Map<Browser, String>>> readClausesProperty() {
        return applicationProperties -> {
            try {
                return splitStringToBrowserMap(applicationProperties.getDefaultBackedString("jira.security.csp.sandbox.browser.differentiated.clauses"));
            } catch (LazyReference.InitializationException e) {
                log.error(PROPERTY_READ_FAILED_MESSAGE, "jira.security.csp.sandbox.browser.differentiated.clauses", e);
                return Optional.empty();
            }
        };
    }

    private static Optional<Set<String>> splitStringToSet(String str) {
        return Optional.ofNullable(str).map(str2 -> {
            return (Set) Arrays.stream(str2.split(";")).collect(Collectors.toSet());
        });
    }

    private static Optional<Map<Browser, String>> splitStringToBrowserMap(String str) {
        return Optional.ofNullable(str).map(str2 -> {
            return (Map) Arrays.stream(str2.split(";")).map(str2 -> {
                return str2.split(":");
            }).filter(strArr -> {
                return strArr.length == 2;
            }).collect(Collectors.toMap(strArr2 -> {
                return Browser.mapStringToBrowser(strArr2[0]);
            }, strArr3 -> {
                return strArr3[1];
            }, (str3, str4) -> {
                return str3 + " " + str4;
            }));
        });
    }
}
