package org.geoserver.security.csp;

import java.util.ArrayList;

/* loaded from: input_file:org/geoserver/security/csp/CSPDefaultConfiguration.class */
public final class CSPDefaultConfiguration {
    private CSPDefaultConfiguration() {
    }

    public static CSPConfiguration newInstance() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CSPRule("static-html-files", "Allow unsafe scripts and remote resources on static HTML pages unless disabled by a property.", true, "PATH(^/www/.*\\.html?$) AND PROP(GEOSERVER_DISABLE_STATIC_WEB_FILES,(?i)^(?!true$).*$) AND PROP(GEOSERVER_STATIC_WEB_FILES_SCRIPT,(?i)^(UNSAFE)?$)", "base-uri 'self'; form-action 'self'; default-src 'none'; child-src 'self'; connect-src 'self'; font-src 'self' ${geoserver.csp.remoteResources}; img-src 'self' ${geoserver.csp.remoteResources} data:; style-src 'self' ${geoserver.csp.remoteResources} 'unsafe-inline'; script-src 'self' ${geoserver.csp.remoteResources} 'unsafe-inline' 'unsafe-eval';"));
        arrayList.add(new CSPRule("ows-wms-featureinfo-html", "Allow unsafe scripts and remote resources on WMS GetFeatureInfo HTML output if enabled by a property.", true, "PATH(^/([^/]+/){0,2}ows/?$) AND PARAM((?i)^service$,(?i)^wms$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^info_format$,(?i)^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)", ""));
        arrayList.add(new CSPRule("wms-featureinfo-html", "Allow unsafe scripts and remote resources on WMS GetFeatureInfo HTML output if enabled by a property.", true, "PATH(^/([^/]+/){0,2}wms/?$) AND PARAM((?i)^service$,(?i)^(wms)?$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^info_format$,(?i)^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)", ""));
        arrayList.add(new CSPRule("wtms-kvp-featureinfo-html", "Allow unsafe scripts and remote resources on WMTS GetFeatureInfo HTML output if enabled by a property.", true, "PATH(^/([^/]+/){0,2}gwc/service/wmts/?$) AND PARAM((?i)^service$,(?i)^(wmts)?$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^infoformat$,^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)", ""));
        arrayList.add(new CSPRule("wtms-rest-featureinfo-html", "Allow unsafe scripts and remote resources on WMTS GetFeatureInfo HTML output if enabled by a property.", true, "PATH(^/([^/]+/){0,2}gwc/service/wmts/rest(/[^/]*){7,8}$) AND PARAM(^format$,^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)", ""));
        arrayList.add(new CSPRule("index-page", "Allow unsafe scripts on the index.html page.", true, "PATH(^/index\\.html$)", "base-uri 'self'; form-action 'self'; default-src 'none'; child-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';"));
        arrayList.add(new CSPRule("other-requests", "Block unsafe scripts on all other requests.", true, "", "base-uri 'self'; form-action 'self'; default-src 'none'; child-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self';"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new CSPRule("frame-ancestors-property", "Set frame-ancestors based on the CSP frame ancestors property or setting when it is configured.", true, "PROP(geoserver.csp.frameAncestors,(?i)^[a-z0-9'\\*][a-z0-9_\\-':/\\.\\* ]{4,}$)", "frame-ancestors ${geoserver.csp.frameAncestors};"));
        arrayList2.add(new CSPRule("frame-ancestors-self", "Pages can be displayed in frames with the same origin. This rule depends on the properties for the X-Frame-Options header.", true, "PROP(geoserver.xframe.shouldSetPolicy,(?i)^(true)?$) AND PROP(geoserver.xframe.policy,^(SAMEORIGIN)?$)", "frame-ancestors 'self';"));
        arrayList2.add(new CSPRule("frame-ancestors-none", "Pages can not be displayed in any frames. This rule depends on the properties for the X-Frame-Options header.", true, "PROP(geoserver.xframe.shouldSetPolicy,(?i)^(true)?$) AND PROP(geoserver.xframe.policy,^DENY$)", "frame-ancestors 'none';"));
        arrayList2.add(new CSPRule("frame-ancestors-not-set", "Pages can be displayed in frames with any origin. This rule depends on the properties for the X-Frame-Options header.", true, "", "NONE"));
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(new CSPPolicy("other-directives", "Rules to set the base-uri, form-action and fetch directives", true, arrayList));
        arrayList3.add(new CSPPolicy("frame-ancestors", "Rules to set the frame-ancestors directive", true, arrayList2));
        CSPConfiguration cSPConfiguration = new CSPConfiguration();
        cSPConfiguration.setPolicies(arrayList3);
        return cSPConfiguration.parseFilters();
    }
}
