package com.atlassian.jira.web.filters.steps.security.csp;

import com.atlassian.jira.util.UserAgentUtil;
import com.atlassian.jira.util.UserAgentUtilImpl;
import java.util.Arrays;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

/* loaded from: input_file:com/atlassian/jira/web/filters/steps/security/csp/DynamicContentSecurityPolicyResponseWrapper.class */
public class DynamicContentSecurityPolicyResponseWrapper extends HttpServletResponseWrapper {
    private static final String CONTENT_SECURITY_POLICY_SANDBOX_VALUE = "sandbox";
    private final Set<String> sandboxContentTypeExceptionList;
    private final Set<String> sandboxContentDispositionApplyList;
    private final Set<String> sandboxBrowserDifferentiatedPaths;
    private final Map<Browser, String> sandboxBrowserDifferentiatedPostfixes;
    private final boolean featureFlagEnabled;
    private final HttpServletResponse response;
    private final HttpServletRequest request;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DynamicContentSecurityPolicyResponseWrapper(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, boolean z, Set<String> set, Set<String> set2, Set<String> set3, Map<Browser, String> map) {
        super(httpServletResponse);
        this.featureFlagEnabled = z;
        this.sandboxContentTypeExceptionList = set;
        this.sandboxContentDispositionApplyList = set2;
        this.sandboxBrowserDifferentiatedPaths = set3;
        this.sandboxBrowserDifferentiatedPostfixes = map;
        this.response = httpServletResponse;
        this.request = httpServletRequest;
    }

    public void setContentType(String str) {
        super.setContentType(str);
        if (this.featureFlagEnabled) {
            if (str == null || isContentTypeSandboxed(str)) {
                setContentSecurityPolicyHeader();
            }
        }
    }

    public void setHeader(String str, String str2) {
        super.setHeader(str, str2);
        if (shouldHeaderBeSandboxed(str, str2)) {
            setContentSecurityPolicyHeader();
        }
    }

    public void addHeader(String str, String str2) {
        super.addHeader(str, str2);
        if (shouldHeaderBeSandboxed(str, str2)) {
            setContentSecurityPolicyHeader();
        }
    }

    private boolean shouldHeaderBeSandboxed(String str, String str2) {
        return this.featureFlagEnabled && ((str.equalsIgnoreCase("Content-Disposition") && isContentDispositionSandboxed(str2)) || (str.equalsIgnoreCase("Content-Type") && isContentTypeSandboxed(str2)));
    }

    private void setContentSecurityPolicyHeader() {
        this.response.setHeader("Content-Security-Policy", getSandboxClause());
    }

    private String getSandboxClause() {
        Optional empty = Optional.empty();
        if (this.sandboxBrowserDifferentiatedPaths.contains(this.request.getServletPath())) {
            empty = Optional.ofNullable(this.sandboxBrowserDifferentiatedPostfixes.get(getBrowserBasedOnUserAgent()));
        }
        return (String) empty.map(str -> {
            return "sandbox " + str;
        }).orElse(CONTENT_SECURITY_POLICY_SANDBOX_VALUE);
    }

    private boolean isContentTypeSandboxed(String str) {
        Stream stream = Arrays.stream(str.split(";"));
        Set<String> set = this.sandboxContentTypeExceptionList;
        set.getClass();
        return stream.noneMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    private boolean isContentDispositionSandboxed(String str) {
        Stream stream = Arrays.stream(str.split(";"));
        Set<String> set = this.sandboxContentDispositionApplyList;
        set.getClass();
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    private Browser getBrowserBasedOnUserAgent() {
        UserAgentUtil.UserAgent userAgentInfo = new UserAgentUtilImpl().getUserAgentInfo(this.request.getHeader("User-Agent"));
        UserAgentUtil.BrowserFamily browserFamily = userAgentInfo.getBrowser().getBrowserFamily();
        UserAgentUtil.OperatingSystem.OperatingSystemFamily operatingSystemFamily = userAgentInfo.getOperatingSystem().getOperatingSystemFamily();
        return browserFamily.equals(UserAgentUtil.BrowserFamily.FIREFOX) ? Browser.FIREFOX_DESKTOP : browserFamily.equals(UserAgentUtil.BrowserFamily.CHROME_IOS) ? Browser.CHROME_IOS : browserFamily.equals(UserAgentUtil.BrowserFamily.CHROME) ? operatingSystemFamily.equals(UserAgentUtil.OperatingSystem.OperatingSystemFamily.ANDROID) ? Browser.CHROME_ANDROID : Browser.CHROME_DESKTOP : browserFamily.equals(UserAgentUtil.BrowserFamily.EDGE_LEGACY) ? Browser.EDGE_LEGACY_DESKTOP : browserFamily.equals(UserAgentUtil.BrowserFamily.ANDROID) ? Browser.ANDROID : browserFamily.equals(UserAgentUtil.BrowserFamily.SAFARI) ? (operatingSystemFamily.equals(UserAgentUtil.OperatingSystem.OperatingSystemFamily.IPHONE) || operatingSystemFamily.equals(UserAgentUtil.OperatingSystem.OperatingSystemFamily.IPAD)) ? Browser.SAFARI_IOS : Browser.SAFARI_DESKTOP : Browser.OTHER;
    }
}
