package me.geso.avans.csp;

import java.security.SecureRandom;
import java.util.Base64;
import me.geso.avans.Controller;
import me.geso.avans.trigger.ResponseFilter;
import me.geso.webscrew.response.WebResponse;

/* loaded from: input_file:me/geso/avans/csp/NoncePlugin.class */
public interface NoncePlugin extends Controller {
    public static final int nonceLength = 64;

    default String getNonce() {
        return (String) computePluginStashValueIfAbsent(getClass(), "nonce", () -> {
            byte[] bArr = new byte[64];
            new SecureRandom().nextBytes(bArr);
            return Base64.getEncoder().encodeToString(bArr);
        });
    }

    @ResponseFilter
    default void injectResponse(WebResponse webResponse) {
        webResponse.addHeader("Content-Security-Policy", "unsafe-inline; script-src 'nonce-" + getNonce() + "'");
    }
}
