package info.magnolia.cors;

import com.machinezoo.noexception.Exceptions;
import info.magnolia.cms.filters.MgnlFilter;
import info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cors/AbstractCorsFilter.class */
public abstract class AbstractCorsFilter extends OncePerRequestAbstractMgnlFilter {
    public static final String OPTIONS_METHOD = "OPTIONS";
    private static final Logger log = LoggerFactory.getLogger(AbstractCorsFilter.class);

    /* loaded from: input_file:info/magnolia/cors/AbstractCorsFilter$Headers.class */
    public enum Headers {
        ACCESS_CONTROL_REQUEST_METHOD("Access-Control-Request-Method"),
        ACCESS_CONTROL_REQUEST_HEADERS("Access-Control-Request-Headers"),
        ACCESS_CONTROL_ALLOW_ORIGIN("Access-Control-Allow-Origin"),
        ACCESS_CONTROL_ALLOW_CREDENTIALS("Access-Control-Allow-Credentials"),
        ACCESS_CONTROL_MAX_AGE("Access-Control-Max-Age"),
        ACCESS_CONTROL_ALLOW_METHODS("Access-Control-Allow-Methods"),
        ACCESS_CONTROL_ALLOW_HEADERS("Access-Control-Allow-Headers"),
        ORIGIN("Origin"),
        VARY("Vary");

        private final String headerName;

        Headers(String str) {
            this.headerName = str;
        }

        public String getName() {
            return this.headerName;
        }
    }

    /* loaded from: input_file:info/magnolia/cors/AbstractCorsFilter$RequestType.class */
    public enum RequestType {
        CORS,
        PRE_FLIGHT,
        NOT_CORS,
        INVALID_CORS;

        public static RequestType from(String str, HttpServletRequest httpServletRequest) {
            String header = httpServletRequest.getHeader(Headers.ORIGIN.getName());
            if (header == null) {
                return NOT_CORS;
            }
            if (header.isEmpty() || !isValidOrigin(header)) {
                return INVALID_CORS;
            }
            if (isSameOrigin(str, header)) {
                return NOT_CORS;
            }
            String method = httpServletRequest.getMethod();
            if (method == null) {
                return INVALID_CORS;
            }
            if (!AbstractCorsFilter.OPTIONS_METHOD.equals(method)) {
                return CORS;
            }
            String header2 = httpServletRequest.getHeader(Headers.ACCESS_CONTROL_REQUEST_METHOD.getName());
            return StringUtils.isNotBlank(header2) ? PRE_FLIGHT : (header2 == null || !header2.isEmpty()) ? CORS : INVALID_CORS;
        }

        private static boolean isValidOrigin(String str) {
            if (StringUtils.contains(str, 37)) {
                return false;
            }
            try {
                return new URI(str).getScheme() != null;
            } catch (URISyntaxException e) {
                return false;
            }
        }

        private static boolean isSameOrigin(String str, String str2) {
            return str.equals(str2);
        }
    }

    @Override // info.magnolia.cms.filters.AbstractMgnlFilter
    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            switch (RequestType.from(currentHost(httpServletRequest), httpServletRequest)) {
                case NOT_CORS:
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    break;
                case PRE_FLIGHT:
                    Optional<MgnlFilter> corsResponseFilter = getCorsResponseFilter();
                    if (!corsResponseFilter.isPresent()) {
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        break;
                    } else {
                        corsResponseFilter.get().doFilter(httpServletRequest, httpServletResponse, filterChain);
                        break;
                    }
                case CORS:
                    getCorsResponseFilter().ifPresent(Exceptions.wrap().consumer(mgnlFilter -> {
                        mgnlFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
                    }));
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    break;
                default:
                    handleInvalid(httpServletResponse);
                    break;
            }
        } catch (CorsException e) {
            log.warn("CORS failed due to: {}", e.getMessage());
            handleInvalid(httpServletResponse);
        }
    }

    protected abstract Optional<MgnlFilter> getCorsResponseFilter();

    private String currentHost(HttpServletRequest httpServletRequest) throws MalformedURLException {
        URL url = new URL(httpServletRequest.getRequestURL().toString());
        return String.format("%s://%s", url.getProtocol(), url.getAuthority());
    }

    private void handleInvalid(HttpServletResponse httpServletResponse) {
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.setStatus(403);
        httpServletResponse.resetBuffer();
    }
}
