package com.atlassian.jira.web.filters.steps.security.csp;

import com.atlassian.validation.Failure;
import com.atlassian.validation.Success;
import com.atlassian.validation.Validator;
import com.google.common.collect.ImmutableSet;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:com/atlassian/jira/web/filters/steps/security/csp/CspSandboxBrowserDifferentiationValidator.class */
public class CspSandboxBrowserDifferentiationValidator implements Validator {
    private static final String OPTION_REGEX = "^$|(^\\w+:[\\w-]+(\\s[\\w-]+)*(;[\\w]+:([\\w-]+)(\\s[\\w-]+)*)*$)";
    private static final Set<String> allowedBrowsers = (Set) Arrays.stream(Browser.values()).map((v0) -> {
        return v0.getKey();
    }).collect(Collectors.toSet());
    private static final Set<String> allowedClauses = ImmutableSet.of("allow-downloads-without-user-activation", "allow-forms", "allow-modals", "allow-orientation-lock", "allow-pointer-lock", "allow-popups", new String[]{"allow-popups-to-escape-sandbox", "allow-presentation", "allow-same-origin", "allow-scripts", "allow-storage-access-by-user-activation", "allow-top-navigation", "allow-top-navigation-by-user-activation"});
    private static final String ALLOWED_BROWSERS_MESSAGE = "Allowed browsers are: " + getAllowedBrowsersString() + ".";
    private static final String CLAUSES_MESSAGE = "Clauses are listed at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox";

    private static String getAllowedBrowsersString() {
        return String.join(", ", allowedBrowsers);
    }

    @Override // com.atlassian.validation.Validator
    public Validator.Result validate(String str) {
        if (!str.matches(OPTION_REGEX)) {
            return new Failure("Bad option formatting, should be 'browser:clause1 clause2;browser:clause...' without semicolon at the end." + ALLOWED_BROWSERS_MESSAGE + "Clauses are listed at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox");
        }
        if (str.trim().isEmpty()) {
            return new Success(str);
        }
        String[] split = str.split(";");
        Set<String> set = (Set) Arrays.stream(split).map(str2 -> {
            return str2.split(":")[0];
        }).collect(Collectors.toSet());
        Set<String> set2 = (Set) Arrays.stream(split).map(str3 -> {
            return str3.split(":")[1];
        }).flatMap(str4 -> {
            return Arrays.stream(str4.split(" "));
        }).collect(Collectors.toSet());
        for (String str5 : set) {
            if (!allowedBrowsers.contains(str5)) {
                return new Failure("Unknown browser: '" + str5 + "'." + ALLOWED_BROWSERS_MESSAGE);
            }
        }
        for (String str6 : set2) {
            if (!allowedClauses.contains(str6)) {
                return new Failure("Unknown sandbox clause: '" + str6 + "'.Clauses are listed at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox");
            }
        }
        return new Success(str);
    }
}
