package com.hexagonkt.http.server;

import com.hexagonkt.http.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;

/* compiled from: Cors.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 2, d1 = {"��\u001c\n��\n\u0002\u0010\u000e\n\u0002\b\u0007\n\u0002\u0010\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\u001a\u0014\u0010\b\u001a\u00020\t*\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH��\u001a\u0014\u0010\r\u001a\u00020\t*\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH��\"\u000e\u0010��\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0002\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0003\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0004\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0005\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0006\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��\"\u000e\u0010\u0007\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n��¨\u0006\u000e"}, d2 = {"ALLOW_CREDENTIALS", "", "ALLOW_HEADERS", "ALLOW_ORIGIN", "EXPOSE_HEADERS", "MAX_AGE", "REQUEST_HEADERS", "REQUEST_METHOD", "preFlightRequest", "", "Lcom/hexagonkt/http/server/Call;", "settings", "Lcom/hexagonkt/http/server/CorsSettings;", "simpleRequest", "port_http_server"})
/* loaded from: input_file:com/hexagonkt/http/server/CorsKt.class */
public final class CorsKt {
    private static final String ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String REQUEST_METHOD = "Access-Control-Request-Method";
    private static final String EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    private static final String REQUEST_HEADERS = "Access-Control-Request-Headers";
    private static final String ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String MAX_AGE = "Access-Control-Max-Age";

    public static final void simpleRequest(@NotNull Call call, @NotNull CorsSettings corsSettings) {
        Intrinsics.checkParameterIsNotNull(call, "$this$simpleRequest");
        Intrinsics.checkParameterIsNotNull(corsSettings, "settings");
        String origin = call.getRequest().getOrigin();
        if (origin != null) {
            if (!corsSettings.allowOrigin(origin)) {
                call.halt(403, "Not allowed origin: " + origin);
                throw null;
            }
            call.getResponse().getHeaders().set(ALLOW_ORIGIN, corsSettings.accessControlAllowOrigin(origin));
            if (!Intrinsics.areEqual(r0, "*")) {
                call.getResponse().getHeaders().set("Vary", "Origin");
            }
            if (corsSettings.getSupportCredentials()) {
                call.getResponse().getHeaders().set(ALLOW_CREDENTIALS, true);
            }
            String str = call.getRequest().getHeaders().get(REQUEST_METHOD);
            if (call.getRequest().getMethod() != Method.OPTIONS || str == null) {
                if (!corsSettings.getAllowedMethods().contains(call.getRequest().getMethod())) {
                    call.halt(403, "Not allowed method: " + call.getRequest().getMethod());
                    throw null;
                }
                if (!corsSettings.getExposedHeaders().isEmpty()) {
                    Set set = CollectionsKt.toSet(call.getRequest().getHeadersValues().keySet());
                    ArrayList arrayList = new ArrayList();
                    for (Object obj : set) {
                        if (corsSettings.getExposedHeaders().contains((String) obj)) {
                            arrayList.add(obj);
                        }
                    }
                    call.getResponse().getHeaders().set(EXPOSE_HEADERS, CollectionsKt.joinToString$default(arrayList, ",", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null));
                }
            }
        }
    }

    public static final void preFlightRequest(@NotNull Call call, @NotNull CorsSettings corsSettings) {
        boolean z;
        Intrinsics.checkParameterIsNotNull(call, "$this$preFlightRequest");
        Intrinsics.checkParameterIsNotNull(corsSettings, "settings");
        String str = call.getRequest().getHeaders().get(REQUEST_METHOD);
        if (str == null) {
            call.halt(403, "Access-Control-Request-Method required header not found");
            throw null;
        }
        Method valueOf = Method.valueOf(str);
        if (!corsSettings.getAllowedMethods().contains(valueOf)) {
            call.halt(403, "Not allowed method: " + valueOf);
            throw null;
        }
        List<String> list = call.getRequest().getHeadersValues().get(REQUEST_HEADERS);
        String str2 = list != null ? (String) CollectionsKt.firstOrNull(list) : null;
        if (str2 != null) {
            List<String> split$default = StringsKt.split$default(str2, new String[]{","}, false, 0, 6, (Object) null);
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(split$default, 10));
            for (String str3 : split$default) {
                if (str3 == null) {
                    throw new TypeCastException("null cannot be cast to non-null type kotlin.CharSequence");
                }
                arrayList.add(StringsKt.trim(str3).toString());
            }
            ArrayList arrayList2 = arrayList;
            if (!(arrayList2 instanceof Collection) || !arrayList2.isEmpty()) {
                Iterator it = arrayList2.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (!corsSettings.getAllowedHeaders().contains((String) it.next())) {
                            z = false;
                            break;
                        }
                    } else {
                        z = true;
                        break;
                    }
                }
            } else {
                z = true;
            }
            if (!z) {
                if (!corsSettings.getAllowedHeaders().isEmpty()) {
                    call.halt(403, "Not allowed headers");
                    throw null;
                }
            }
            Set<String> allowedHeaders = corsSettings.getAllowedHeaders();
            call.getResponse().getHeaders().set(ALLOW_HEADERS, CollectionsKt.joinToString$default(allowedHeaders.isEmpty() ? CollectionsKt.toSet(call.getRequest().getHeadersValues().keySet()) : allowedHeaders, ",", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null));
        }
        call.getResponse().getHeaders().set(REQUEST_METHOD, CollectionsKt.joinToString$default(corsSettings.getAllowedMethods(), ",", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null));
        if (corsSettings.getPreFlightMaxAge() > 0) {
            call.getResponse().getHeaders().set(MAX_AGE, Long.valueOf(corsSettings.getPreFlightMaxAge()));
        }
        call.getResponse().setStatus(corsSettings.getPreFlightStatus());
    }
}
