package eu.cec.digit.ecas.client.http;

import eu.cec.digit.ecas.client.EcasUtil;
import eu.cec.digit.ecas.client.configuration.ConfigurationDependent;
import eu.cec.digit.ecas.client.configuration.EcasConfigurationIntf;
import java.io.IOException;
import java.io.Serializable;
import java.util.List;
import java.util.Locale;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:eu/cec/digit/ecas/client/http/JavascriptRedirectionEngine.class */
public final class JavascriptRedirectionEngine implements RedirectionEngine, ConfigurationDependent, Serializable {
    private static final long serialVersionUID = -1668564805248970823L;
    public static final String DEFAULT_ENCODING = "UTF-8";
    public static final String HTTP_CRLF = "\r\n";
    private EcasConfigurationIntf configuration;

    @Override // eu.cec.digit.ecas.client.http.RedirectionEngine
    public void engineSendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        httpServletResponse.setStatus(200);
        List redirectionInterceptors = this.configuration.getRedirectionInterceptors();
        int size = redirectionInterceptors.size();
        for (int i = 0; i < size; i++) {
            RedirectionInterceptor redirectionInterceptor = (RedirectionInterceptor) redirectionInterceptors.get(i);
            redirectionInterceptor.enrichResponseOnRedirection(httpServletRequest, httpServletResponse);
            if (httpServletResponse.isCommitted()) {
                throw new ServletException(new StringBuffer().append("Bad RedirectionInterceptor prevented redirection to the ECAS Server by committing the response: \"").append(redirectionInterceptor.getClass().getName()).append("\"").toString());
            }
        }
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache,no-store");
        httpServletResponse.setDateHeader("Expires", -1L);
        httpServletResponse.setHeader("X-Webkit-CSP", "default-src 'none'; img-src 'self'; reflected-xss 'block'; script-src 'self' 'sha512-oeMOGKz3vBpMY0Bz/S8V1QpuVLUZxlLI3bLM76MFdjhb+KqIlWFqu+VK87jFC0NxVOCkOOuIJTaDroWW0tnArQ==';");
        httpServletResponse.setHeader("X-Content-Security-Policy", "default-src 'none'; img-src 'self'; reflected-xss 'block'; script-src 'self' 'sha512-oeMOGKz3vBpMY0Bz/S8V1QpuVLUZxlLI3bLM76MFdjhb+KqIlWFqu+VK87jFC0NxVOCkOOuIJTaDroWW0tnArQ==';");
        httpServletResponse.setHeader("Content-Security-Policy", "default-src 'none'; img-src 'self'; reflected-xss 'block'; script-src 'self' 'sha512-oeMOGKz3vBpMY0Bz/S8V1QpuVLUZxlLI3bLM76MFdjhb+KqIlWFqu+VK87jFC0NxVOCkOOuIJTaDroWW0tnArQ==';");
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.setContentType(new StringBuffer().append("text/html; charset=").append("UTF-8".toLowerCase(Locale.ENGLISH)).toString());
        String filterHtml = EcasUtil.filterHtml(str);
        httpServletResponse.getWriter().write(new StringBuffer().append("<html><head><title>Redirecting To ECAS</title>").append("<meta http-equiv=\"Refresh\" content=\"0; url=").append(filterHtml).append("\" />").append("</head>").append("\r\n").append("<body bgcolor=\"#FFFFFF\">").append("\r\n").append("<p>This document you requested requires ECAS Authentication.</p>").append("\r\n").append("<p>You may authenticate to access this document at <a id=\"redirection\" href=\"").append(filterHtml).append("\">").append(filterHtml).append("</a>.</p>").append("\r\n").append("<script>").append("window.location.href=document.getElementById('redirection').href;").append("</script>").append("\r\n").append("</body></html>").toString());
        httpServletResponse.flushBuffer();
    }

    @Override // eu.cec.digit.ecas.client.configuration.ConfigurationDependent
    public void setConfiguration(EcasConfigurationIntf ecasConfigurationIntf) {
        this.configuration = ecasConfigurationIntf;
    }

    @Override // eu.cec.digit.ecas.client.configuration.ConfigurationDependent
    public EcasConfigurationIntf getConfiguration() {
        return this.configuration;
    }
}
