package org.kaazing.gateway.transport.http;

import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.session.AttributeKey;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.WriteRequest;
import org.kaazing.gateway.resource.address.ResourceAddress;
import org.kaazing.gateway.resource.address.http.HttpInjectableHeader;
import org.kaazing.gateway.resource.address.http.HttpOriginSecurity;
import org.kaazing.gateway.resource.address.http.HttpResourceAddress;
import org.kaazing.gateway.transport.http.HttpHeaders;
import org.kaazing.gateway.transport.http.HttpMethod;
import org.kaazing.gateway.transport.http.HttpProtocol;
import org.kaazing.gateway.transport.http.HttpStatus;
import org.kaazing.gateway.transport.http.HttpUtils;
import org.kaazing.gateway.transport.http.HttpVersion;
import org.kaazing.gateway.transport.http.bridge.HttpRequestMessage;
import org.kaazing.gateway.transport.http.bridge.HttpResponseMessage;
import org.kaazing.gateway.transport.http.bridge.filter.HttpCodecFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpContentLengthAdjustmentFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpContentMessageInjectionFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpFilterAdapter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpMergeRequestFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpOperationFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpPersistenceFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpProtocolCompatibilityFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpSessionCleanupFilter;
import org.kaazing.gateway.transport.http.bridge.filter.HttpxeProtocolFilter;
import org.kaazing.mina.core.future.DefaultWriteFutureEx;
import org.kaazing.mina.core.session.IoSessionEx;
import org.kaazing.mina.core.write.DefaultWriteRequestEx;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kaazing/gateway/transport/http/HttpAcceptFilter.class */
public enum HttpAcceptFilter {
    CONTENT_LENGTH_ADJUSTMENT("http#content-length", new HttpContentLengthAdjustmentFilter()),
    ELEVATE_EMULATED_REQUEST("http#elevateEmulatedRequest"),
    CODEC("http#codec", new HttpCodecFilter(false)),
    HTTP_SERIALIZE_REQUEST_FILTER("http#serializeRequests"),
    MERGE_REQUEST("http#merge-request", new HttpMergeRequestFilter(LoggerFactory.getLogger(HttpAcceptor.MERGE_REQUEST_LOGGER_NAME))),
    NEXT_PROTOCOL_HEADER("http#next-protocol", new HttpFilterAdapter<IoSession>() { // from class: org.kaazing.gateway.transport.http.bridge.filter.HttpNextProtocolHeaderFilter
        public static final String PROTOCOL_HTTPXE_1_1 = "httpxe/1.1";
        private static final String HEADER_X_NEXT_PROTOCOL = "X-Next-Protocol";
        private static final String QUERY_PARAM_NEXT_PROTOCOL = ".knp";
        private static final String WEB_SOCKET = "WebSocket";
        private static final String HEADER_WEBSOCKET_KEY = "Sec-WebSocket-Key";

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.kaazing.gateway.transport.http.bridge.filter.HttpFilterAdapter
        public void httpRequestReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, HttpRequestMessage httpRequestMessage) throws Exception {
            String removeParameter;
            String header = httpRequestMessage.getHeader(HttpHeaders.HEADER_UPGRADE);
            if (header != null) {
                if (header.equalsIgnoreCase(WEB_SOCKET)) {
                    if (httpRequestMessage.getHeader("Sec-WebSocket-Key") != null) {
                        httpRequestMessage.setHeader("X-Next-Protocol", "ws/rfc6455");
                    } else {
                        httpRequestMessage.setHeader("X-Next-Protocol", "ws/draft-7x");
                    }
                }
            } else if (httpRequestMessage.getHeader("Sec-WebSocket-Key") != null) {
                httpRequestMessage.setHeader("X-Next-Protocol", "ws/rfc6455");
            }
            if (httpRequestMessage.getHeader("X-Next-Protocol") == null && (removeParameter = httpRequestMessage.removeParameter(QUERY_PARAM_NEXT_PROTOCOL)) != null) {
                httpRequestMessage.setHeader("X-Next-Protocol", removeParameter);
            }
            super.httpRequestReceived(nextFilter, ioSession, httpRequestMessage);
        }
    }),
    ORIGIN_HEADER("http#origin", new HttpFilterAdapter<IoSessionEx>() { // from class: org.kaazing.gateway.transport.http.bridge.filter.HttpOriginHeaderFilter
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.kaazing.gateway.transport.http.bridge.filter.HttpFilterAdapter
        public void httpRequestReceived(IoFilter.NextFilter nextFilter, IoSessionEx ioSessionEx, HttpRequestMessage httpRequestMessage) throws Exception {
            emulateOriginHeader(httpRequestMessage);
            super.httpRequestReceived(nextFilter, (IoFilter.NextFilter) ioSessionEx, httpRequestMessage);
        }

        private void emulateOriginHeader(HttpRequestMessage httpRequestMessage) {
            String removeParameter;
            String header = httpRequestMessage.getHeader("Origin");
            if (!httpRequestMessage.hasHeader(HttpHeaders.HEADER_X_ORIGIN) && (removeParameter = httpRequestMessage.removeParameter(".ko")) != null) {
                httpRequestMessage.setHeader(HttpHeaders.HEADER_X_ORIGIN, removeParameter);
            }
            String str = null;
            List<String> headerValues = httpRequestMessage.getHeaderValues(HttpHeaders.HEADER_X_ORIGIN, false);
            if (headerValues != null && !headerValues.isEmpty()) {
                str = header != null ? getEmulatedOriginIfRequestMatchesOrigin(httpRequestMessage, headerValues.get(0)) : headerValues.get(0);
            }
            if (str != null) {
                if ("null".equals(str)) {
                    httpRequestMessage.setHeader("Origin", "null");
                    return;
                }
                try {
                    httpRequestMessage.setHeader("Origin", HttpUtils.getCanonicalURI(str, false).toString());
                } catch (Exception e) {
                    httpRequestMessage.setHeader("Origin", "null");
                }
            }
        }

        private String getEmulatedOriginIfReferrerMatches(HttpRequestMessage httpRequestMessage, String str) {
            URI create;
            String str2 = null;
            String header = httpRequestMessage.getHeader("Referer");
            if (header != null && (create = URI.create(header)) != null) {
                boolean isSecure = httpRequestMessage.isSecure();
                String str3 = isSecure ? "https" : HttpProtocol.NAME;
                String hostAndPort = HttpUtils.getHostAndPort(httpRequestMessage, isSecure);
                String hostAndPort2 = HttpUtils.getHostAndPort(create.getAuthority(), isSecure);
                if (create.getScheme().equals(str3) && hostAndPort2.equals(hostAndPort)) {
                    str2 = str;
                }
            }
            return str2;
        }

        private String getEmulatedOriginIfRequestMatchesOrigin(HttpRequestMessage httpRequestMessage, String str) {
            String str2 = null;
            String header = httpRequestMessage.getHeader("Origin");
            URI canonicalURI = HttpUtils.getCanonicalURI(httpRequestMessage.getRequestURI(), false);
            if (header != null && canonicalURI != null) {
                URI canonicalURI2 = HttpUtils.getCanonicalURI(header, false);
                String scheme = canonicalURI2.getScheme();
                String authority = canonicalURI2.getAuthority();
                if (authority != null && authority.indexOf(58) == -1) {
                    authority = authority + ":" + ("https".equals(scheme) ? 443 : 80);
                }
                boolean isSecure = httpRequestMessage.isSecure();
                String str3 = isSecure ? "https" : HttpProtocol.NAME;
                String hostAndPort = HttpUtils.getHostAndPort(httpRequestMessage, isSecure);
                if (str3.equals(scheme) && hostAndPort.equals(authority)) {
                    str2 = str;
                }
            }
            return str2;
        }
    }),
    HOST_HEADER("http#host", new HttpFilterAdapter<IoSessionEx>() { // from class: org.kaazing.gateway.transport.http.bridge.filter.HttpHostHeaderFilter
        public static final String HEADER_HOST = "Host";

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.kaazing.gateway.transport.http.bridge.filter.HttpFilterAdapter
        public void httpRequestReceived(IoFilter.NextFilter nextFilter, IoSessionEx ioSessionEx, HttpRequestMessage httpRequestMessage) throws Exception {
            List<String> list = httpRequestMessage.getHeaders().get("Host");
            if (list == null || list.size() != 1 || list.get(0).isEmpty()) {
                throw new HttpProtocolDecoderException(HttpStatus.CLIENT_BAD_REQUEST);
            }
            super.httpRequestReceived(nextFilter, (IoFilter.NextFilter) ioSessionEx, httpRequestMessage);
        }
    }),
    PROTOCOL_COMPATIBILITY("http#protocol-compatibility", new HttpProtocolCompatibilityFilter()),
    CONDITIONAL_WRAPPED_RESPONSE("http#conditionalWrappedResponse", new HttpProtocolCompatibilityFilter.HttpConditionalWrappedResponseFilter()),
    PROTOCOL_HTTPXE("http#protocol[httpxe/1.1]", new HttpxeProtocolFilter(false)),
    CONTENT_MESSAGE_INJECTION("http#contentMessageInjection", new HttpContentMessageInjectionFilter()),
    PROTOCOL_HTTP("http#protocol[http/1.1]", new HttpFilterAdapter() { // from class: org.kaazing.gateway.transport.http.bridge.filter.HttpProtocolFilter
        public static final String PROTOCOL_HTTP_1_1 = "http/1.1";

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.kaazing.gateway.transport.http.bridge.filter.HttpFilterAdapter
        public void filterWriteHttpResponse(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest, HttpResponseMessage httpResponseMessage) throws Exception {
            Set<HttpInjectableHeader> injectableHeaders = httpResponseMessage.getInjectableHeaders();
            if (injectableHeaders.contains(HttpInjectableHeader.SERVER)) {
                httpResponseMessage.setHeader("Server", "Kaazing Gateway");
            }
            if (injectableHeaders.contains(HttpInjectableHeader.DATE) && !httpResponseMessage.hasHeader(HttpHeaders.HEADER_DATE)) {
                httpResponseMessage.setHeader(HttpHeaders.HEADER_DATE, HttpUtils.formatDateHeader(System.currentTimeMillis()));
            }
            super.filterWriteHttpResponse(nextFilter, ioSession, writeRequest, httpResponseMessage);
        }
    }),
    SESSION_CLEANUP("http#session-cleanup", new HttpSessionCleanupFilter()),
    NEXT_ADDRESS("http#next-address"),
    PERSISTENCE("http#persistence", new HttpPersistenceFilter()),
    OPERATION("http#operation", new HttpOperationFilter()),
    ORIGIN_SECURITY("http#origin-security", new HttpFilterAdapter<IoSessionEx>() { // from class: org.kaazing.gateway.transport.http.bridge.filter.HttpOriginSecurityFilter
        private static final String PARAM_ACCESS_CONTROL = ".kac";
        private static final String PARAM_VALUE_ACCESS_CONTROL_EXPLICIT = "ex";
        private static final AttributeKey ACCESS_CONTROL_ALLOW_ORIGIN_KEY = new AttributeKey(HttpOriginSecurityFilter.class, "accessControlAllowOrigin");
        private final Logger logger = LoggerFactory.getLogger(HttpOriginSecurityFilter.class);

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.kaazing.gateway.transport.http.bridge.filter.HttpFilterAdapter
        public void httpRequestReceived(IoFilter.NextFilter nextFilter, IoSessionEx ioSessionEx, HttpRequestMessage httpRequestMessage) throws Exception {
            ResourceAddress localAddress = httpRequestMessage.getLocalAddress();
            if (localAddress == null) {
                throw new IllegalStateException("localAddress is null");
            }
            String header = httpRequestMessage.getHeader("Origin");
            if (header != null && !"null".equals(header)) {
                try {
                    URI uri = new URI(header);
                    String scheme = uri.getScheme();
                    String hostAndPort = HttpUtils.getHostAndPort(uri.getAuthority(), scheme.equals("https"));
                    if (!hostAndPort.equals(uri.getAuthority())) {
                        header = scheme + "://" + hostAndPort;
                    }
                    if (!localAddress.getResource().getAuthority().equals(hostAndPort)) {
                        Collection<URI> collection = (Collection) localAddress.getOption(HttpResourceAddress.BALANCE_ORIGINS);
                        if (collection != null && !collection.isEmpty()) {
                            for (URI uri2 : collection) {
                                boolean equals = "https".equals(uri2.getScheme());
                                String scheme2 = uri2.getScheme();
                                String hostAndPort2 = HttpUtils.getHostAndPort(uri2.getAuthority(), equals);
                                if ("privileged".equals(scheme) || (scheme2.equals(scheme) && hostAndPort2.equals(hostAndPort))) {
                                    header = null;
                                    break;
                                }
                            }
                        } else {
                            boolean isSecure = httpRequestMessage.isSecure();
                            String str = isSecure ? "https" : HttpProtocol.NAME;
                            String hostAndPort3 = HttpUtils.getHostAndPort(httpRequestMessage, isSecure);
                            if ("privileged".equals(scheme) || (str.equals(scheme) && hostAndPort3.equals(hostAndPort))) {
                                header = null;
                            }
                        }
                    } else {
                        header = null;
                    }
                } catch (Exception e) {
                    header = "null";
                }
            }
            HttpOriginSecurity.HttpOriginConstraint httpOriginConstraint = null;
            HttpOriginSecurity httpOriginSecurity = (HttpOriginSecurity) localAddress.getOption(HttpResourceAddress.ORIGIN_SECURITY);
            if (httpOriginSecurity != null) {
                httpOriginConstraint = httpOriginSecurity.getConstraint(header);
                if (httpOriginConstraint == null && header != null) {
                    httpOriginConstraint = httpOriginSecurity.getConstraint("*");
                }
            }
            String allowOrigin = httpOriginConstraint != null ? httpOriginConstraint.getAllowOrigin() : null;
            HttpRequestProfile valueOf = HttpRequestProfile.valueOf(httpRequestMessage);
            boolean equals2 = PARAM_VALUE_ACCESS_CONTROL_EXPLICIT.equals(httpRequestMessage.getParameter(PARAM_ACCESS_CONTROL));
            if (allowOrigin != null || equals2 || valueOf.equals(HttpRequestProfile.EMULATED_WEB_SOCKET_DOWNSTREAM)) {
                allowOrigin = header;
            }
            ioSessionEx.setAttribute(ACCESS_CONTROL_ALLOW_ORIGIN_KEY, allowOrigin);
            HttpMethod method = httpRequestMessage.getMethod();
            switch (method) {
                case OPTIONS:
                    String header2 = httpRequestMessage.getHeader("Access-Control-Request-Method");
                    String header3 = httpRequestMessage.getHeader("Access-Control-Request-Headers");
                    if (header != null && (header2 != null || header3 != null)) {
                        HttpResponseMessage httpResponseMessage = new HttpResponseMessage();
                        httpResponseMessage.setVersion(HttpVersion.HTTP_1_1);
                        httpResponseMessage.setStatus(HttpStatus.SUCCESS_OK);
                        if (httpOriginConstraint != null) {
                            String allowMethods = httpOriginConstraint.getAllowMethods();
                            String allowHeaders = httpOriginConstraint.getAllowHeaders();
                            Integer maximumAge = httpOriginConstraint.getMaximumAge();
                            if (allowMethods != null) {
                                httpResponseMessage.setHeader("Access-Control-Allow-Methods", allowMethods);
                            }
                            if (allowHeaders != null) {
                                httpResponseMessage.setHeader("Access-Control-Allow-Headers", allowHeaders);
                            }
                            httpResponseMessage.setHeader("Access-Control-Allow-Credentials", "true");
                            if (maximumAge != null) {
                                httpResponseMessage.setHeader("Access-Control-Max-Age", maximumAge.toString());
                                httpResponseMessage.setHeader(HttpHeaders.HEADER_MAX_AGE, maximumAge.toString());
                            }
                        }
                        filterWrite(nextFilter, ioSessionEx, new DefaultWriteRequestEx(httpResponseMessage, new DefaultWriteFutureEx(ioSessionEx)));
                        return;
                    }
                    break;
            }
            if (header == null || (httpOriginConstraint != null && httpOriginConstraint.getAllowMethods().contains(method.toString()))) {
                super.httpRequestReceived(nextFilter, (IoFilter.NextFilter) ioSessionEx, httpRequestMessage);
                return;
            }
            HttpResponseMessage httpResponseMessage2 = new HttpResponseMessage();
            httpResponseMessage2.setVersion(HttpVersion.HTTP_1_1);
            httpResponseMessage2.setStatus(HttpStatus.CLIENT_FORBIDDEN);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Rejected cross-origin request for location \"{}\" from origin \"{}\"", new Object[]{localAddress.getExternalURI(), header});
            }
            filterWrite(nextFilter, ioSessionEx, new DefaultWriteRequestEx(httpResponseMessage2, new DefaultWriteFutureEx(ioSessionEx)));
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.kaazing.gateway.transport.http.bridge.filter.HttpFilterAdapter
        public Object doFilterWriteHttpResponse(IoFilter.NextFilter nextFilter, IoSessionEx ioSessionEx, WriteRequest writeRequest, HttpResponseMessage httpResponseMessage) throws Exception {
            String str = (String) ioSessionEx.removeAttribute(ACCESS_CONTROL_ALLOW_ORIGIN_KEY);
            if (str != null) {
                httpResponseMessage.setHeader("Access-Control-Allow-Origin", str);
                httpResponseMessage.setHeader("Access-Control-Allow-Credentials", "true");
                httpResponseMessage.getHeaderValues("Access-Control-Allow-Headers").addAll(Arrays.asList("content-type", "authorization", "x-websocket-extensions", "x-websocket-version", "x-websocket-protocol"));
            }
            return super.doFilterWriteHttpResponse(nextFilter, (IoFilter.NextFilter) ioSessionEx, writeRequest, httpResponseMessage);
        }
    }),
    SUBJECT_SECURITY("http#subject-security");

    private final String filterName;
    private final IoFilter filter;

    HttpAcceptFilter(String str) {
        this(str, null);
    }

    HttpAcceptFilter(String str, IoFilter ioFilter) {
        this.filterName = str;
        this.filter = ioFilter;
    }

    public String filterName() {
        return this.filterName;
    }

    public IoFilter filter() {
        if (this.filter == null) {
            throw new IllegalStateException(String.format("%s acceptor filter is not shared", this.filterName));
        }
        return this.filter;
    }
}
