package com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.csp;

import com.contrastsecurity.agent.messages.app.activity.assessment.properties.CSPInstruction;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderAndMetaTagHttpWatcher;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ProviderUtil;
import com.contrastsecurity.agent.util.C0224u;
import com.contrastsecurity.agent.util.W;

/* compiled from: CSPHeaderValidationWatcher.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/security/policy/rules/providers/internal/csp/a.class */
public class a extends HeaderAndMetaTagHttpWatcher {
    CSPInstruction c;
    static final String[] d = {"content-security-policy", "x-content-security-policy", "x-webkit-csp"};
    private static final String e = "csp-header-insecure";

    public a(ProviderUtil providerUtil) {
        super(providerUtil);
        this.c = new CSPInstruction();
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.DoNothingHttpWatcher, com.contrastsecurity.agent.plugins.security.policy.rules.providers.HttpWatcher
    public void onHeaderSet(String str, String str2) {
        if (c(str)) {
            d(str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderHttpWatcher
    public boolean a() {
        return this.c.isFormActionSecure() && this.c.isFrameAncestorsSecure() && this.c.isPluginTypesSecure() && this.c.isReflectedXssSecure() && this.c.isBaseUriSecure() && this.c.isRefererSecure() && d();
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderHttpWatcher
    protected String b() {
        return e;
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderHttpWatcher
    protected String c() {
        return C0224u.a(this.c);
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderAndMetaTagHttpWatcher
    protected void a(String str, String str2, String str3) {
        if (c(str2)) {
            d(str3);
        }
    }

    private boolean c(String str) {
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < d.length; i++) {
            if (d[i].equals(lowerCase)) {
                return true;
            }
        }
        return false;
    }

    private void d(String str) {
        String lowerCase = str.toLowerCase();
        boolean e2 = e(lowerCase);
        if (!this.c.isBaseUriSecure()) {
            String b = b(CSPInstruction.BASE_URI, lowerCase);
            this.c.setBaseUriSecure(!W.a(b) && (e2 || e(b)));
            this.c.setBaseUriValue(b);
        }
        if (!this.c.isDefaultSrcSecure()) {
            String b2 = b(CSPInstruction.DEFAULT_SRC, lowerCase);
            this.c.setDefaultSrcSecure(!W.a(b2) && (e2 || e(b2)));
            this.c.setDefaultSrcValue(b2);
        }
        if (!this.c.isChildSrcSecure()) {
            String b3 = b(CSPInstruction.CHILD_SRC, lowerCase);
            this.c.setChildSrcSecure(!W.a(b3) && (e2 || e(b3)));
            this.c.setChildSrcValue(b3);
        }
        if (!this.c.isConnectSrcSecure()) {
            String b4 = b(CSPInstruction.CONNECT_SRC, lowerCase);
            this.c.setConnectSrcSecure(!W.a(b4) && (e2 || e(b4)));
            this.c.setConnectSrcValue(b4);
        }
        if (!this.c.isFrameSrcSecure()) {
            String b5 = b(CSPInstruction.FRAME_SRC, lowerCase);
            this.c.setFrameSrcSecure(!W.a(b5) && (e2 || e(b5)));
            this.c.setFrameSrcValue(b5);
        }
        if (!this.c.isMediaSrcSecure()) {
            String b6 = b(CSPInstruction.MEDIA_SRC, lowerCase);
            this.c.setMediaSrcSecure(!W.a(b6) && (e2 || e(b6)));
            this.c.setMediaSrcValue(b6);
        }
        if (!this.c.isObjectSrcSecure()) {
            String b7 = b(CSPInstruction.OBJECT_SRC, lowerCase);
            this.c.setObjectSrcSecure(!W.a(b7) && (e2 || e(b7)));
            this.c.setObjectSrcValue(b7);
        }
        if (!this.c.isScriptSrcSecure()) {
            String b8 = b(CSPInstruction.SCRIPT_SRC, lowerCase);
            this.c.setScriptSrcSecure(!W.a(b8) && (e2 || e(b8)) && f(b8));
            this.c.setScriptSrcValue(b8);
        }
        if (!this.c.isStyleSrcSecure()) {
            String b9 = b(CSPInstruction.STYLE_SRC, lowerCase);
            this.c.setStyleSrcSecure(!W.a(b9) && (e2 || e(b9)) && f(b9));
            this.c.setStyleSrcValue(b9);
        }
        if (!this.c.isFormActionSecure()) {
            String b10 = b(CSPInstruction.FORM_ACTION, lowerCase);
            this.c.setFormActionSecure(!W.a(b10) && (e2 || e(b10)));
            this.c.setFormActionValue(b10);
        }
        if (!this.c.isFrameAncestorsSecure()) {
            String b11 = b(CSPInstruction.FRAME_ANCESTORS, lowerCase);
            this.c.setFrameAncestorsSecure(!W.a(b11) && (e2 || e(b11)));
            this.c.setFrameAncestorsValue(b11);
        }
        if (!this.c.isPluginTypesSecure()) {
            String b12 = b(CSPInstruction.PLUGIN_TYPES, lowerCase);
            this.c.setPluginTypesSecure(!W.a(b12) && (e2 || e(b12)));
            this.c.setPluginTypesValue(b12);
        }
        if (!this.c.isReflectedXssSecure()) {
            String b13 = b("reflected-xss", lowerCase);
            this.c.setReflectedXssSecure("1".equals(b13));
            this.c.setReflectedXssValue(b13);
        }
        if (this.c.isRefererSecure()) {
            return;
        }
        String b14 = b(CSPInstruction.REFERER, lowerCase);
        this.c.setRefererSecure(!W.a(b14) && (e2 || e(b14)) && g(b14));
        this.c.setRefererValue(b14);
    }

    private String b(String str, String str2) {
        int indexOf = str2.indexOf(str);
        String str3 = null;
        if (indexOf != -1) {
            int length = indexOf + str.length() + 1;
            int indexOf2 = str2.indexOf(59, length);
            str3 = indexOf2 == -1 ? str2.substring(length) : str2.substring(length, indexOf2);
        }
        return str3;
    }

    private boolean e(String str) {
        return !str.contains("*");
    }

    private boolean f(String str) {
        return (str.contains("unsafe-inline") || str.contains("unsafe-eval")) ? false : true;
    }

    private boolean g(String str) {
        return !str.contains("unsafe-url");
    }

    boolean d() {
        if (!this.c.isDefaultSrcSecure()) {
            return this.c.isChildSrcSecure() && this.c.isConnectSrcSecure() && this.c.isFrameSrcSecure() && this.c.isMediaSrcSecure() && this.c.isObjectSrcSecure() && this.c.isScriptSrcSecure() && this.c.isStyleSrcSecure();
        }
        if (!this.c.isChildSrcSecure() && !W.a(this.c.getChildSrcValue())) {
            return false;
        }
        if (!this.c.isFrameSrcSecure() && !W.a(this.c.getFrameSrcValue())) {
            return false;
        }
        if (!this.c.isConnectSrcSecure() && !W.a(this.c.getConnectSrcValue())) {
            return false;
        }
        if (!this.c.isMediaSrcSecure() && !W.a(this.c.getMediaSrcValue())) {
            return false;
        }
        if (!this.c.isObjectSrcSecure() && !W.a(this.c.getObjectSrcValue())) {
            return false;
        }
        if (this.c.isScriptSrcSecure() || W.a(this.c.getScriptSrcValue())) {
            return this.c.isStyleSrcSecure() || W.a(this.c.getStyleSrcValue());
        }
        return false;
    }
}
