package org.springframework.security.web.header.writers;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-3.2.1.RELEASE.jar:org/springframework/security/web/header/writers/HstsHeaderWriter.class */
public final class HstsHeaderWriter implements HeaderWriter {
    private static final long DEFAULT_MAX_AGE_SECONDS = 31536000;
    private static final String HSTS_HEADER_NAME = "Strict-Transport-Security";
    private final Log logger;
    private RequestMatcher requestMatcher;
    private long maxAgeInSeconds;
    private boolean includeSubDomains;
    private String hstsHeaderValue;

    /* loaded from: input_file:WEB-INF/lib/spring-security-web-3.2.1.RELEASE.jar:org/springframework/security/web/header/writers/HstsHeaderWriter$SecureRequestMatcher.class */
    private static final class SecureRequestMatcher implements RequestMatcher {
        private SecureRequestMatcher() {
        }

        @Override // org.springframework.security.web.util.matcher.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            return httpServletRequest.isSecure();
        }
    }

    public HstsHeaderWriter(RequestMatcher requestMatcher, long j, boolean z) {
        this.logger = LogFactory.getLog(getClass());
        this.requestMatcher = requestMatcher;
        this.maxAgeInSeconds = j;
        this.includeSubDomains = z;
        updateHstsHeaderValue();
    }

    public HstsHeaderWriter(long j, boolean z) {
        this(new SecureRequestMatcher(), j, z);
    }

    public HstsHeaderWriter(long j) {
        this(new SecureRequestMatcher(), j, true);
    }

    public HstsHeaderWriter(boolean z) {
        this(new SecureRequestMatcher(), 31536000L, z);
    }

    public HstsHeaderWriter() {
        this(31536000L);
    }

    @Override // org.springframework.security.web.header.HeaderWriter
    public void writeHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.requestMatcher.matches(httpServletRequest)) {
            httpServletResponse.setHeader(HSTS_HEADER_NAME, this.hstsHeaderValue);
        } else if (this.logger.isDebugEnabled()) {
            this.logger.debug("Not injecting HSTS header since it did not match the requestMatcher " + this.requestMatcher);
        }
    }

    public void setRequestMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requestMatcher cannot be null");
        this.requestMatcher = requestMatcher;
    }

    public void setMaxAgeInSeconds(long j) {
        if (j < 0) {
            throw new IllegalArgumentException("maxAgeInSeconds must be non-negative. Got " + j);
        }
        this.maxAgeInSeconds = j;
        updateHstsHeaderValue();
    }

    public void setIncludeSubDomains(boolean z) {
        this.includeSubDomains = z;
        updateHstsHeaderValue();
    }

    private void updateHstsHeaderValue() {
        String str = "max-age=" + this.maxAgeInSeconds;
        if (this.includeSubDomains) {
            str = str + " ; includeSubDomains";
        }
        this.hstsHeaderValue = str;
    }
}
