package org.springframework.security.web.header.writers;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.util.JSONUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-4.1.3.RELEASE.jar:org/springframework/security/web/header/writers/HpkpHeaderWriter.class */
public final class HpkpHeaderWriter implements HeaderWriter {
    private static final long DEFAULT_MAX_AGE_SECONDS = 5184000;
    private static final String HPKP_HEADER_NAME = "Public-Key-Pins";
    private static final String HPKP_RO_HEADER_NAME = "Public-Key-Pins-Report-Only";
    private final Log logger;
    private final RequestMatcher requestMatcher;
    private Map<String, String> pins;
    private long maxAgeInSeconds;
    private boolean includeSubDomains;
    private boolean reportOnly;
    private URI reportUri;
    private String hpkpHeaderValue;

    /* loaded from: input_file:WEB-INF/lib/spring-security-web-4.1.3.RELEASE.jar:org/springframework/security/web/header/writers/HpkpHeaderWriter$SecureRequestMatcher.class */
    private static final class SecureRequestMatcher implements RequestMatcher {
        private SecureRequestMatcher() {
        }

        @Override // org.springframework.security.web.util.matcher.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            return httpServletRequest.isSecure();
        }
    }

    public HpkpHeaderWriter(long j, boolean z, boolean z2) {
        this.logger = LogFactory.getLog(getClass());
        this.requestMatcher = new SecureRequestMatcher();
        this.pins = new LinkedHashMap();
        this.maxAgeInSeconds = j;
        this.includeSubDomains = z;
        this.reportOnly = z2;
        updateHpkpHeaderValue();
    }

    public HpkpHeaderWriter(long j, boolean z) {
        this(j, z, true);
    }

    public HpkpHeaderWriter(long j) {
        this(j, false);
    }

    public HpkpHeaderWriter() {
        this(DEFAULT_MAX_AGE_SECONDS);
    }

    @Override // org.springframework.security.web.header.HeaderWriter
    public void writeHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.requestMatcher.matches(httpServletRequest)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Not injecting HPKP header since it wasn't a secure connection");
            }
        } else {
            if (!this.pins.isEmpty()) {
                httpServletResponse.setHeader(this.reportOnly ? HPKP_RO_HEADER_NAME : HPKP_HEADER_NAME, this.hpkpHeaderValue);
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Not injecting HPKP header since there aren't any pins");
            }
        }
    }

    public void setPins(Map<String, String> map) {
        Assert.notNull(map, "pins cannot be null");
        this.pins = map;
        updateHpkpHeaderValue();
    }

    public void addSha256Pins(String... strArr) {
        for (String str : strArr) {
            Assert.notNull(str, "pin cannot be null");
            this.pins.put(str, "sha256");
        }
        updateHpkpHeaderValue();
    }

    public void setMaxAgeInSeconds(long j) {
        if (j < 0) {
            throw new IllegalArgumentException("maxAgeInSeconds must be non-negative. Got " + j);
        }
        this.maxAgeInSeconds = j;
        updateHpkpHeaderValue();
    }

    public void setIncludeSubDomains(boolean z) {
        this.includeSubDomains = z;
        updateHpkpHeaderValue();
    }

    public void setReportOnly(boolean z) {
        this.reportOnly = z;
    }

    public void setReportUri(URI uri) {
        this.reportUri = uri;
        updateHpkpHeaderValue();
    }

    public void setReportUri(String str) {
        try {
            this.reportUri = new URI(str);
            updateHpkpHeaderValue();
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private void updateHpkpHeaderValue() {
        String str = "max-age=" + this.maxAgeInSeconds;
        for (Map.Entry<String, String> entry : this.pins.entrySet()) {
            str = str + " ; pin-" + entry.getValue() + "=\"" + entry.getKey() + JSONUtils.DOUBLE_QUOTE;
        }
        if (this.reportUri != null) {
            str = str + " ; report-uri=\"" + this.reportUri.toString() + JSONUtils.DOUBLE_QUOTE;
        }
        if (this.includeSubDomains) {
            str = str + " ; includeSubDomains";
        }
        this.hpkpHeaderValue = str;
    }
}
