package com.aspectran.web.support.cors;

import com.aspectran.core.activity.Translet;
import com.aspectran.core.util.StringUtils;
import com.aspectran.core.util.logging.Log;
import com.aspectran.core.util.logging.LogFactory;
import com.aspectran.web.support.http.HttpHeaders;
import com.aspectran.web.support.http.MediaType;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/aspectran/web/support/cors/DefaultCorsProcessor.class */
public class DefaultCorsProcessor extends AbstractCorsProcessor {
    private static final Log log = LogFactory.getLog(DefaultCorsProcessor.class);
    private static final String CORS_HTTP_STATUS_CODE = "CORS.HTTP_STATUS_CODE";
    private static final String CORS_HTTP_STATUS_TEXT = "CORS.HTTP_STATUS_TEXT";

    @Override // com.aspectran.web.support.cors.CorsProcessor
    public void processActualRequest(Translet translet) throws CorsException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) translet.getRequestAdaptee();
        HttpServletResponse httpServletResponse = (HttpServletResponse) translet.getResponseAdaptee();
        if (isCorsRequest(httpServletRequest) && checkProcessable(httpServletResponse)) {
            if (!isAllowedMethod(httpServletRequest.getMethod())) {
                rejectRequest(translet, CorsException.UNSUPPORTED_METHOD);
            }
            String header = httpServletRequest.getHeader(HttpHeaders.ORIGIN);
            if (!isAllowedOrigin(header)) {
                rejectRequest(translet, CorsException.ORIGIN_DENIED);
            }
            if (isAllowCredentials()) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, header);
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
                httpServletResponse.addHeader(HttpHeaders.VARY, HttpHeaders.ORIGIN);
            } else {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, hasAllowedOrigins() ? header : MediaType.WILDCARD_TYPE);
                httpServletResponse.addHeader(HttpHeaders.VARY, HttpHeaders.ORIGIN);
            }
            if (getExposedHeadersString() != null) {
                httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, getExposedHeadersString());
            }
        }
    }

    @Override // com.aspectran.web.support.cors.CorsProcessor
    public void processPreflightRequest(Translet translet) throws CorsException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) translet.getRequestAdaptee();
        HttpServletResponse httpServletResponse = (HttpServletResponse) translet.getResponseAdaptee();
        if (!isPreFlightRequest(httpServletRequest)) {
            rejectRequest(translet, CorsException.INVALID_PREFLIGHT_REQUEST);
        }
        if (checkProcessable(httpServletResponse)) {
            if (!isAllowedMethod(httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD))) {
                rejectRequest(translet, CorsException.UNSUPPORTED_METHOD);
            }
            String header = httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
            if (header != null) {
                String[] splitCommaDelimitedString = StringUtils.splitCommaDelimitedString(header);
                if (hasAllowedHeaders() && splitCommaDelimitedString.length > 0) {
                    for (String str : splitCommaDelimitedString) {
                        if (!isAllowedHeader(str)) {
                            rejectRequest(translet, CorsException.UNSUPPORTED_REQUEST_HEADER);
                        }
                    }
                }
            }
            String header2 = httpServletRequest.getHeader(HttpHeaders.ORIGIN);
            if (header2 != null) {
                if (isAllowCredentials()) {
                    httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, header2);
                    httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
                    httpServletResponse.addHeader(HttpHeaders.VARY, HttpHeaders.ORIGIN);
                } else {
                    httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, hasAllowedOrigins() ? header2 : MediaType.WILDCARD_TYPE);
                    httpServletResponse.addHeader(HttpHeaders.VARY, HttpHeaders.ORIGIN);
                }
            }
            if (getAllowedMethodsString() != null) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, getAllowedMethodsString());
            }
            if (getAllowedHeadersString() != null) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, getAllowedHeadersString());
            } else if (header != null) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, header);
            }
            if (getMaxAgeSeconds() > 0) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, Integer.toString(getMaxAgeSeconds()));
            }
        }
    }

    @Override // com.aspectran.web.support.cors.CorsProcessor
    public void sendError(Translet translet) throws IOException {
        Throwable rootCauseOfRaisedException = translet.getRootCauseOfRaisedException();
        if (rootCauseOfRaisedException instanceof CorsException) {
            CorsException corsException = (CorsException) rootCauseOfRaisedException;
            ((HttpServletResponse) translet.getResponseAdaptee()).sendError(corsException.getHttpStatusCode(), corsException.getMessage());
        }
    }

    protected void rejectRequest(Translet translet, CorsException corsException) throws CorsException {
        ((HttpServletResponse) translet.getResponseAdaptee()).setStatus(corsException.getHttpStatusCode());
        translet.setAttribute(CORS_HTTP_STATUS_CODE, Integer.valueOf(corsException.getHttpStatusCode()));
        translet.setAttribute(CORS_HTTP_STATUS_TEXT, corsException.getMessage());
        throw corsException;
    }

    protected boolean checkProcessable(HttpServletResponse httpServletResponse) {
        if (httpServletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) == null) {
            return true;
        }
        log.debug("Skip CORS processing: response already contains \"Access-Control-Allow-Origin\" header");
        return false;
    }
}
