package com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.csp;

import com.contrastsecurity.agent.d.f;
import com.contrastsecurity.agent.d.g;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.assessment.properties.CSPInstruction;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderAndMetaTagHttpWatcher;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ProviderUtil;
import com.contrastsecurity.agent.util.C0215m;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;

/* compiled from: CSPHeaderValidationWatcher.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/policy/rules/providers/internal/csp/a.class */
public class a extends HeaderAndMetaTagHttpWatcher {
    private static final f.a<CSPInstruction> d = f.a.a(CSPInstruction.class);
    static final String[] c = {"content-security-policy", "x-content-security-policy", "x-webkit-csp"};
    private static final String e = "csp-header-insecure";

    public a(ProviderUtil providerUtil) {
        super(providerUtil);
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.DoNothingHttpWatcher, com.contrastsecurity.agent.plugins.security.policy.rules.providers.HttpWatcher
    public void onHeaderSet(String str, String str2, HttpRequest httpRequest) {
        if (!c(str) || StringUtils.isEmpty(str2)) {
            return;
        }
        httpRequest.context().a((f.a<f.a<CSPInstruction>>) d, (f.a<CSPInstruction>) CSPInstruction.create(str2.toLowerCase()));
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderAndMetaTagHttpWatcher
    protected void a(String str, String str2, String str3, g gVar) {
        if (!c(str2) || StringUtils.isEmpty(str3)) {
            return;
        }
        gVar.a((f.a<f.a<CSPInstruction>>) d, (f.a<CSPInstruction>) CSPInstruction.create(str3.toLowerCase()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderHttpWatcher
    public boolean a(g gVar) {
        if (gVar.a(d) == null) {
            return false;
        }
        return ((CSPInstruction) gVar.a(d)).isSafe();
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderHttpWatcher
    protected String a() {
        return e;
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HeaderHttpWatcher
    protected String b(g gVar) {
        return gVar.a(d) == null ? C0215m.a(CSPInstruction.empty()) : C0215m.a(gVar.a(d));
    }

    private boolean c(String str) {
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < c.length; i++) {
            if (c[i].equals(lowerCase)) {
                return true;
            }
        }
        return false;
    }
}
