package info.magnolia.cors;

import com.google.common.base.Joiner;
import info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter;
import info.magnolia.cors.AbstractCorsFilter;
import info.magnolia.util.EscapeUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:info/magnolia/cors/CorsResponseFilter.class */
public class CorsResponseFilter extends OncePerRequestAbstractMgnlFilter {
    private static final String WILDCARD = "*";
    private static final String COMMA = ",";
    private final CorsConfiguration configuration;

    @Inject
    public CorsResponseFilter(CorsConfiguration corsConfiguration) {
        this.configuration = corsConfiguration;
    }

    @Override // info.magnolia.cms.filters.AbstractMgnlFilter
    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader(AbstractCorsFilter.Headers.ORIGIN.getName());
        if (!isOriginAllowed(header)) {
            throw new CorsException(String.format("Origin [%s] not allowed", header));
        }
        if (isPreflightRequest(httpServletRequest)) {
            String header2 = httpServletRequest.getHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_REQUEST_METHOD.getName());
            if (StringUtils.isBlank(header2)) {
                throw new CorsException(String.format("Header [%s] value must not be null or empty", AbstractCorsFilter.Headers.ACCESS_CONTROL_REQUEST_METHOD.getName()));
            }
            if (!isMethodAllowed(header2)) {
                throw new CorsException(String.format("Method [%s] is not allowed", header2.toUpperCase()));
            }
            Set<String> accessControlRequestHeaders = accessControlRequestHeaders(httpServletRequest);
            if (!areHeadersAllowed(accessControlRequestHeaders)) {
                accessControlRequestHeaders.removeAll(this.configuration.getAllowedHeaders());
                throw new CorsException(String.format("Some of the request headers %s are not allowed", accessControlRequestHeaders));
            }
            setVaryHeader(httpServletResponse, AbstractCorsFilter.Headers.ACCESS_CONTROL_REQUEST_METHOD.getName());
            setVaryHeader(httpServletResponse, AbstractCorsFilter.Headers.ACCESS_CONTROL_REQUEST_HEADERS.getName());
            if (this.configuration.getMaxAge() > 0) {
                httpServletResponse.setHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_MAX_AGE.getName(), String.valueOf(this.configuration.getMaxAge()));
            }
            httpServletResponse.setHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_ALLOW_METHODS.getName(), Joiner.on(',').join(this.configuration.getAllowedMethods()));
            httpServletResponse.setHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_ALLOW_HEADERS.getName(), Joiner.on(',').join(this.configuration.getAllowedHeaders()));
            httpServletResponse.setStatus(204);
        } else {
            String method = httpServletRequest.getMethod();
            if (!isMethodAllowed(method)) {
                throw new CorsException(String.format("Method [%s] is not allowed", method.toUpperCase()));
            }
        }
        addStandardHeaders(httpServletRequest, httpServletResponse);
    }

    private boolean isPreflightRequest(HttpServletRequest httpServletRequest) {
        return AbstractCorsFilter.OPTIONS_METHOD.equals(httpServletRequest.getMethod()) && httpServletRequest.getHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_REQUEST_METHOD.getName()) != null;
    }

    private boolean isMethodAllowed(String str) {
        if (this.configuration.getAllowedMethods().contains(WILDCARD)) {
            return true;
        }
        return this.configuration.getAllowedMethods().contains(str);
    }

    private Set<String> accessControlRequestHeaders(HttpServletRequest httpServletRequest) {
        HashSet hashSet = new HashSet();
        Enumeration headers = httpServletRequest.getHeaders(AbstractCorsFilter.Headers.ACCESS_CONTROL_REQUEST_HEADERS.getName());
        while (headers.hasMoreElements()) {
            hashSet.addAll((List) Arrays.stream(((String) headers.nextElement()).toLowerCase().split(COMMA)).map((v0) -> {
                return v0.trim();
            }).collect(Collectors.toList()));
        }
        return hashSet;
    }

    private boolean areHeadersAllowed(Set<String> set) {
        if (this.configuration.getAllowedHeaders().contains(WILDCARD)) {
            return true;
        }
        return this.configuration.getAllowedHeaders().containsAll(set);
    }

    private void addStandardHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(AbstractCorsFilter.Headers.ORIGIN.getName());
        boolean contains = this.configuration.getAllowedOrigins().contains(WILDCARD);
        if (!contains) {
            setVaryHeader(httpServletResponse, AbstractCorsFilter.Headers.ORIGIN.getName());
        }
        if (contains) {
            httpServletResponse.setHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_ALLOW_ORIGIN.getName(), WILDCARD);
        } else {
            httpServletResponse.setHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_ALLOW_ORIGIN.getName(), EscapeUtil.escapeCrlf(header));
        }
        if (this.configuration.isSupportsCredentials()) {
            httpServletResponse.setHeader(AbstractCorsFilter.Headers.ACCESS_CONTROL_ALLOW_CREDENTIALS.getName(), "true");
        }
    }

    private boolean isOriginAllowed(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        if (this.configuration.getAllowedOrigins().contains(WILDCARD)) {
            return true;
        }
        return this.configuration.getAllowedOrigins().contains(str);
    }

    private void setVaryHeader(HttpServletResponse httpServletResponse, String str) {
        Collection headers = httpServletResponse.getHeaders(AbstractCorsFilter.Headers.VARY.getName());
        String trim = str.trim();
        if (headers.size() == 1) {
            Stream stream = headers.stream();
            String str2 = WILDCARD;
            if (stream.anyMatch((v1) -> {
                return r1.equals(v1);
            })) {
                return;
            }
        }
        if (headers.size() == 0) {
            httpServletResponse.addHeader(AbstractCorsFilter.Headers.VARY.getName(), trim);
            return;
        }
        if (WILDCARD.equals(trim)) {
            httpServletResponse.setHeader(AbstractCorsFilter.Headers.VARY.getName(), WILDCARD);
            return;
        }
        Stream map = headers.stream().map((v0) -> {
            return v0.trim();
        });
        Objects.requireNonNull(trim);
        if (map.anyMatch((v1) -> {
            return r1.equals(v1);
        })) {
            return;
        }
        ArrayList arrayList = new ArrayList(headers);
        arrayList.add(trim);
        httpServletResponse.setHeader(AbstractCorsFilter.Headers.VARY.getName(), Joiner.on(',').join(arrayList));
    }
}
