package org.eclipse.jetty.servlets;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: input_file:BOOT-INF/lib/jetty-servlets-9.3.11.v20160721.jar:org/eclipse/jetty/servlets/CrossOriginFilter.class */
public class CrossOriginFilter implements Filter {
    private static final String ORIGIN_HEADER = "Origin";
    public static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER = "Access-Control-Request-Method";
    public static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER = "Access-Control-Request-Headers";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    public static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER = "Access-Control-Allow-Methods";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER = "Access-Control-Allow-Headers";
    public static final String ACCESS_CONTROL_MAX_AGE_HEADER = "Access-Control-Max-Age";
    public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials";
    public static final String ACCESS_CONTROL_EXPOSE_HEADERS_HEADER = "Access-Control-Expose-Headers";
    public static final String TIMING_ALLOW_ORIGIN_HEADER = "Timing-Allow-Origin";
    public static final String ALLOWED_ORIGINS_PARAM = "allowedOrigins";
    public static final String ALLOWED_TIMING_ORIGINS_PARAM = "allowedTimingOrigins";
    public static final String ALLOWED_METHODS_PARAM = "allowedMethods";
    public static final String ALLOWED_HEADERS_PARAM = "allowedHeaders";
    public static final String PREFLIGHT_MAX_AGE_PARAM = "preflightMaxAge";
    public static final String ALLOW_CREDENTIALS_PARAM = "allowCredentials";
    public static final String EXPOSED_HEADERS_PARAM = "exposedHeaders";
    public static final String OLD_CHAIN_PREFLIGHT_PARAM = "forwardPreflight";
    public static final String CHAIN_PREFLIGHT_PARAM = "chainPreflight";
    private static final String ANY_ORIGIN = "*";
    private static final String DEFAULT_ALLOWED_ORIGINS = "*";
    private static final String DEFAULT_ALLOWED_TIMING_ORIGINS = "";
    private boolean anyOriginAllowed;
    private boolean anyTimingOriginAllowed;
    private boolean anyHeadersAllowed;
    private List<String> allowedOrigins = new ArrayList();
    private List<String> allowedTimingOrigins = new ArrayList();
    private List<String> allowedMethods = new ArrayList();
    private List<String> allowedHeaders = new ArrayList();
    private List<String> exposedHeaders = new ArrayList();
    private int preflightMaxAge;
    private boolean allowCredentials;
    private boolean chainPreflight;
    private static final Logger LOG = Log.getLogger((Class<?>) CrossOriginFilter.class);
    private static final List<String> SIMPLE_HTTP_METHODS = Arrays.asList("GET", "POST", "HEAD");
    private static final List<String> DEFAULT_ALLOWED_METHODS = Arrays.asList("GET", "POST", "HEAD");
    private static final List<String> DEFAULT_ALLOWED_HEADERS = Arrays.asList("X-Requested-With", "Content-Type", "Accept", "Origin");

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(ALLOWED_ORIGINS_PARAM);
        String initParameter2 = filterConfig.getInitParameter(ALLOWED_TIMING_ORIGINS_PARAM);
        this.anyOriginAllowed = generateAllowedOrigins(this.allowedOrigins, initParameter, "*");
        this.anyTimingOriginAllowed = generateAllowedOrigins(this.allowedTimingOrigins, initParameter2, "");
        String initParameter3 = filterConfig.getInitParameter(ALLOWED_METHODS_PARAM);
        if (initParameter3 == null) {
            this.allowedMethods.addAll(DEFAULT_ALLOWED_METHODS);
        } else {
            this.allowedMethods.addAll(Arrays.asList(StringUtil.csvSplit(initParameter3)));
        }
        String initParameter4 = filterConfig.getInitParameter(ALLOWED_HEADERS_PARAM);
        if (initParameter4 == null) {
            this.allowedHeaders.addAll(DEFAULT_ALLOWED_HEADERS);
        } else if ("*".equals(initParameter4)) {
            this.anyHeadersAllowed = true;
        } else {
            this.allowedHeaders.addAll(Arrays.asList(StringUtil.csvSplit(initParameter4)));
        }
        String initParameter5 = filterConfig.getInitParameter(PREFLIGHT_MAX_AGE_PARAM);
        if (initParameter5 == null) {
            initParameter5 = "1800";
        }
        try {
            this.preflightMaxAge = Integer.parseInt(initParameter5);
        } catch (NumberFormatException e) {
            LOG.info("Cross-origin filter, could not parse '{}' parameter as integer: {}", PREFLIGHT_MAX_AGE_PARAM, initParameter5);
        }
        String initParameter6 = filterConfig.getInitParameter(ALLOW_CREDENTIALS_PARAM);
        if (initParameter6 == null) {
            initParameter6 = "true";
        }
        this.allowCredentials = Boolean.parseBoolean(initParameter6);
        String initParameter7 = filterConfig.getInitParameter(EXPOSED_HEADERS_PARAM);
        if (initParameter7 == null) {
            initParameter7 = "";
        }
        this.exposedHeaders.addAll(Arrays.asList(StringUtil.csvSplit(initParameter7)));
        String initParameter8 = filterConfig.getInitParameter(OLD_CHAIN_PREFLIGHT_PARAM);
        if (initParameter8 != null) {
            LOG.warn("DEPRECATED CONFIGURATION: Use chainPreflight instead of forwardPreflight", new Object[0]);
        } else {
            initParameter8 = filterConfig.getInitParameter(CHAIN_PREFLIGHT_PARAM);
        }
        if (initParameter8 == null) {
            initParameter8 = "true";
        }
        this.chainPreflight = Boolean.parseBoolean(initParameter8);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Cross-origin filter configuration: allowedOrigins = " + initParameter + ", " + ALLOWED_TIMING_ORIGINS_PARAM + " = " + initParameter2 + ", " + ALLOWED_METHODS_PARAM + " = " + initParameter3 + ", " + ALLOWED_HEADERS_PARAM + " = " + initParameter4 + ", " + PREFLIGHT_MAX_AGE_PARAM + " = " + initParameter5 + ", " + ALLOW_CREDENTIALS_PARAM + " = " + initParameter6 + "," + EXPOSED_HEADERS_PARAM + " = " + initParameter7 + "," + CHAIN_PREFLIGHT_PARAM + " = " + initParameter8, new Object[0]);
        }
    }

    private boolean generateAllowedOrigins(List<String> list, String str, String str2) {
        if (str == null) {
            str = str2;
        }
        for (String str3 : StringUtil.csvSplit(str)) {
            if (str3.length() > 0) {
                if ("*".equals(str3)) {
                    list.clear();
                    return true;
                }
                list.add(str3);
            }
        }
        return false;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        handle((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader("Origin");
        if (header != null && isEnabled(httpServletRequest)) {
            if (this.anyOriginAllowed || originMatches(this.allowedOrigins, header)) {
                if (isSimpleRequest(httpServletRequest)) {
                    LOG.debug("Cross-origin request to {} is a simple cross-origin request", httpServletRequest.getRequestURI());
                    handleSimpleResponse(httpServletRequest, httpServletResponse, header);
                } else if (isPreflightRequest(httpServletRequest)) {
                    LOG.debug("Cross-origin request to {} is a preflight cross-origin request", httpServletRequest.getRequestURI());
                    handlePreflightResponse(httpServletRequest, httpServletResponse, header);
                    if (!this.chainPreflight) {
                        return;
                    } else {
                        LOG.debug("Preflight cross-origin request to {} forwarded to application", httpServletRequest.getRequestURI());
                    }
                } else {
                    LOG.debug("Cross-origin request to {} is a non-simple cross-origin request", httpServletRequest.getRequestURI());
                    handleSimpleResponse(httpServletRequest, httpServletResponse, header);
                }
                if (this.anyTimingOriginAllowed || originMatches(this.allowedTimingOrigins, header)) {
                    httpServletResponse.setHeader(TIMING_ALLOW_ORIGIN_HEADER, header);
                } else {
                    LOG.debug("Cross-origin request to " + httpServletRequest.getRequestURI() + " with origin " + header + " does not match allowed timing origins " + this.allowedTimingOrigins, new Object[0]);
                }
            } else {
                LOG.debug("Cross-origin request to " + httpServletRequest.getRequestURI() + " with origin " + header + " does not match allowed origins " + this.allowedOrigins, new Object[0]);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected boolean isEnabled(HttpServletRequest httpServletRequest) {
        Enumeration<String> headers = httpServletRequest.getHeaders("Connection");
        while (headers.hasMoreElements()) {
            if ("Upgrade".equalsIgnoreCase(headers.nextElement())) {
                Enumeration<String> headers2 = httpServletRequest.getHeaders("Upgrade");
                while (headers2.hasMoreElements()) {
                    if ("WebSocket".equalsIgnoreCase(headers2.nextElement())) {
                        return false;
                    }
                }
            }
        }
        return true;
    }

    private boolean originMatches(List<String> list, String str) {
        if (str.trim().length() == 0) {
            return false;
        }
        for (String str2 : str.split(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR)) {
            if (str2.trim().length() != 0) {
                for (String str3 : list) {
                    if (str3.contains("*")) {
                        if (createMatcher(str2, str3).matches()) {
                            return true;
                        }
                    } else if (str3.equals(str2)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private Matcher createMatcher(String str, String str2) {
        return Pattern.compile(parseAllowedWildcardOriginToRegex(str2)).matcher(str);
    }

    private String parseAllowedWildcardOriginToRegex(String str) {
        return str.replace(".", "\\.").replace("*", ".*");
    }

    private boolean isSimpleRequest(HttpServletRequest httpServletRequest) {
        return SIMPLE_HTTP_METHODS.contains(httpServletRequest.getMethod()) && httpServletRequest.getHeader("Access-Control-Request-Method") == null;
    }

    private boolean isPreflightRequest(HttpServletRequest httpServletRequest) {
        return "OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod()) && httpServletRequest.getHeader("Access-Control-Request-Method") != null;
    }

    private void handleSimpleResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", str);
        if (!this.anyOriginAllowed) {
            httpServletResponse.addHeader("Vary", "Origin");
        }
        if (this.allowCredentials) {
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        }
        if (this.exposedHeaders.isEmpty()) {
            return;
        }
        httpServletResponse.setHeader("Access-Control-Expose-Headers", commify(this.exposedHeaders));
    }

    private void handlePreflightResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (isMethodAllowed(httpServletRequest)) {
            List<String> accessControlRequestHeaders = getAccessControlRequestHeaders(httpServletRequest);
            if (areHeadersAllowed(accessControlRequestHeaders)) {
                httpServletResponse.setHeader("Access-Control-Allow-Origin", str);
                if (!this.anyOriginAllowed) {
                    httpServletResponse.addHeader("Vary", "Origin");
                }
                if (this.allowCredentials) {
                    httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
                }
                if (this.preflightMaxAge > 0) {
                    httpServletResponse.setHeader("Access-Control-Max-Age", String.valueOf(this.preflightMaxAge));
                }
                httpServletResponse.setHeader("Access-Control-Allow-Methods", commify(this.allowedMethods));
                if (this.anyHeadersAllowed) {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", commify(accessControlRequestHeaders));
                } else {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", commify(this.allowedHeaders));
                }
            }
        }
    }

    private boolean isMethodAllowed(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Access-Control-Request-Method");
        LOG.debug("{} is {}", "Access-Control-Request-Method", header);
        boolean z = false;
        if (header != null) {
            z = this.allowedMethods.contains(header);
        }
        LOG.debug("Method {} is" + (z ? "" : " not") + " among allowed methods {}", header, this.allowedMethods);
        return z;
    }

    private List<String> getAccessControlRequestHeaders(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Access-Control-Request-Headers");
        LOG.debug("{} is {}", "Access-Control-Request-Headers", header);
        if (header == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (String str : StringUtil.csvSplit(header)) {
            String trim = str.trim();
            if (trim.length() > 0) {
                arrayList.add(trim);
            }
        }
        return arrayList;
    }

    private boolean areHeadersAllowed(List<String> list) {
        if (this.anyHeadersAllowed) {
            LOG.debug("Any header is allowed", new Object[0]);
            return true;
        }
        boolean z = true;
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            boolean z2 = false;
            Iterator<String> it2 = this.allowedHeaders.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (next.equalsIgnoreCase(it2.next().trim())) {
                    z2 = true;
                    break;
                }
            }
            if (!z2) {
                z = false;
                break;
            }
        }
        LOG.debug("Headers [{}] are" + (z ? "" : " not") + " among allowed headers {}", list, this.allowedHeaders);
        return z;
    }

    private String commify(List<String> list) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            if (i > 0) {
                sb.append(",");
            }
            sb.append(list.get(i));
        }
        return sb.toString();
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        this.anyOriginAllowed = false;
        this.allowedOrigins.clear();
        this.allowedMethods.clear();
        this.allowedHeaders.clear();
        this.preflightMaxAge = 0;
        this.allowCredentials = false;
    }
}
