package org.wso2.carbon.apimgt.rest.api.util.interceptors.response;

import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;

/* loaded from: input_file:org/wso2/carbon/apimgt/rest/api/util/interceptors/response/ResponseOutInterceptor.class */
public class ResponseOutInterceptor extends AbstractPhaseInterceptor<Message> {
    private static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
    private static final String X_XSS_PROTECTION = "X-XSS-Protection";
    private static final String NO_SNIFF = "nosniff";
    private static final String XSS_PROTECTION_MODE_BLOCK = "1; mode=block";

    public ResponseOutInterceptor() {
        super("pre-protocol");
    }

    public void handleMessage(Message message) throws Fault {
        MetadataMap metadataMap = (MetadataMap) message.get(Message.PROTOCOL_HEADERS);
        if (metadataMap == null) {
            metadataMap = new MetadataMap();
        }
        setOutBoundHeaders(message, metadataMap);
    }

    private void setOutBoundHeaders(Message message, MultivaluedMap<String, Object> multivaluedMap) {
        multivaluedMap.add(X_CONTENT_TYPE_OPTIONS, NO_SNIFF);
        multivaluedMap.add(X_XSS_PROTECTION, XSS_PROTECTION_MODE_BLOCK);
        message.put(Message.PROTOCOL_HEADERS, multivaluedMap);
    }
}
