package org.spincast.core.filters;

import com.google.common.net.HttpHeaders;
import java.net.URI;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spincast.core.routing.HttpMethod;
import org.spincast.core.utils.SpincastStatics;
import org.spincast.shaded.org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/spincast/core/filters/CorsFilterDefault.class */
public class CorsFilterDefault implements CorsFilter {
    protected static final Logger logger = LoggerFactory.getLogger((Class<?>) CorsFilterDefault.class);

    @Override // org.spincast.core.filters.CorsFilter
    public CorsFilterResponse apply(CorsFilterClient corsFilterClient) {
        Objects.requireNonNull(corsFilterClient, "corsFilterClient can't be NULL");
        String headerFirst = corsFilterClient.getHeaderFirst("Origin");
        if (headerFirst == null) {
            return CorsFilterResponse.NOT_CORS;
        }
        String headerFirst2 = corsFilterClient.getHeaderFirst("Host");
        if (headerFirst2 != null) {
            try {
                if (headerFirst2.equals(new URI(headerFirst).getHost())) {
                    return CorsFilterResponse.NOT_CORS;
                }
            } catch (Exception e) {
                throw SpincastStatics.runtimize(e);
            }
        }
        if (corsFilterClient.isHeadersSent()) {
            String str = "Headers already sent: if this is a cors request, it will fail. The request URL is: " + corsFilterClient.getFullUrl();
            if (corsFilterClient.getHeaderFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null) {
                logger.error(str);
            } else {
                logger.info(str);
            }
            return CorsFilterResponse.HEADERS_ALREADY_SENT;
        }
        Set<String> allowedOrigins = corsFilterClient.getAllowedOrigins();
        HashSet hashSet = new HashSet();
        if (allowedOrigins == null) {
            allowedOrigins = new HashSet();
        }
        for (String str2 : allowedOrigins) {
            if (str2 != null) {
                hashSet.add(str2.toLowerCase().trim());
            }
        }
        Set<String> extraHeadersAllowedToBeRead = corsFilterClient.getExtraHeadersAllowedToBeRead();
        HashSet hashSet2 = new HashSet();
        if (extraHeadersAllowedToBeRead == null) {
            extraHeadersAllowedToBeRead = new HashSet();
        }
        for (String str3 : extraHeadersAllowedToBeRead) {
            if (str3 != null) {
                hashSet2.add(str3.toLowerCase().trim());
            }
        }
        Set<String> extraHeadersAllowedToBeSent = corsFilterClient.getExtraHeadersAllowedToBeSent();
        HashSet hashSet3 = new HashSet();
        if (extraHeadersAllowedToBeSent == null) {
            extraHeadersAllowedToBeSent = new HashSet();
        }
        for (String str4 : extraHeadersAllowedToBeSent) {
            if (str4 != null) {
                hashSet3.add(str4.toLowerCase().trim());
            }
        }
        Set<HttpMethod> allowedMethods = corsFilterClient.getAllowedMethods();
        if (allowedMethods == null) {
            allowedMethods = new HashSet();
        }
        allowedMethods.add(HttpMethod.OPTIONS);
        if (!isCorsOriginValid(corsFilterClient, hashSet)) {
            corsFilterClient.resetEverything();
            corsFilterClient.setStatusCode(200);
            logger.info("Invalid origin for a cors request : " + headerFirst);
            return CorsFilterResponse.INVALID_CORS_REQUEST;
        }
        if (!isPreflightRequest(corsFilterClient)) {
            corsCore(corsFilterClient, allowedOrigins, corsFilterClient.isAllowCookies());
            corsAddExtraHeadersAllowedToBeRead(corsFilterClient, extraHeadersAllowedToBeRead);
            return CorsFilterResponse.SIMPLE;
        }
        corsFilterClient.resetEverything();
        corsFilterClient.setStatusCode(200);
        boolean z = true;
        if (!isCorsRequestMethodHeaderValid(corsFilterClient, allowedMethods)) {
            logger.info("Invalid 'Access-Control-Allow-Methods' cors header received : " + corsFilterClient.getHeaderFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD));
            z = false;
        }
        if (z && !isCorsRequestedHeadersToBeSentValid(corsFilterClient, hashSet3)) {
            logger.info("Invalid 'Access-Control-Request-Headers' cors header received : " + corsFilterClient.getHeaderFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS));
            z = false;
        }
        if (z) {
            corsCore(corsFilterClient, allowedOrigins, corsFilterClient.isAllowCookies());
            corsAddAllowMethods(corsFilterClient, allowedMethods);
            corsAddExtraHeadersAllowedToBeSent(corsFilterClient, extraHeadersAllowedToBeSent);
            corsAddMaxAge(corsFilterClient, corsFilterClient.getMaxAgeInSeconds());
        }
        return CorsFilterResponse.PREFLIGHT;
    }

    protected boolean isCorsOriginValid(CorsFilterClient corsFilterClient, Set<String> set) {
        return set.contains("*") || set.contains(corsFilterClient.getHeaderFirst("Origin").toLowerCase());
    }

    protected void corsCore(CorsFilterClient corsFilterClient, Set<String> set, boolean z) {
        corsAddAllowOrigin(corsFilterClient);
        if (z) {
            corsAddAllowCookies(corsFilterClient);
        }
    }

    protected boolean isCorsRequestMethodHeaderValid(CorsFilterClient corsFilterClient, Set<HttpMethod> set) {
        String headerFirst;
        String[] split;
        if (set == null || set.size() == 0 || (headerFirst = corsFilterClient.getHeaderFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD)) == null || (split = StringUtils.split(headerFirst, ",")) == null || split.length == 0) {
            return false;
        }
        for (String str : split) {
            HttpMethod fromStringValue = HttpMethod.fromStringValue(str);
            if (fromStringValue == null || !set.contains(fromStringValue)) {
                return false;
            }
        }
        return true;
    }

    protected boolean isCorsRequestedHeadersToBeSentValid(CorsFilterClient corsFilterClient, Set<String> set) {
        String[] split;
        String headerFirst = corsFilterClient.getHeaderFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
        if (headerFirst == null || (split = StringUtils.split(headerFirst, ",")) == null || split.length == 0 || set.contains("*")) {
            return true;
        }
        if (set == null || set.size() == 0) {
            return false;
        }
        for (String str : split) {
            if (!set.contains(str.toLowerCase().trim())) {
                return false;
            }
        }
        return true;
    }

    protected boolean isPreflightRequest(CorsFilterClient corsFilterClient) {
        return corsFilterClient.getHttpMethod() == HttpMethod.OPTIONS && corsFilterClient.getHeaderFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD) != null;
    }

    protected void corsAddExtraHeadersAllowedToBeRead(CorsFilterClient corsFilterClient, Set<String> set) {
        String str = "";
        if (set != null && set.size() > 0) {
            str = StringUtils.join(set, ",");
        }
        corsFilterClient.addHeaderValue(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, str);
    }

    protected void corsAddExtraHeadersAllowedToBeSent(CorsFilterClient corsFilterClient, Set<String> set) {
        String str = "";
        if (set == null || set.size() <= 0) {
            Set<String> defaultHeadersAllowedToBeSent = getDefaultHeadersAllowedToBeSent();
            if (defaultHeadersAllowedToBeSent != null && defaultHeadersAllowedToBeSent.size() > 0) {
                str = StringUtils.join(defaultHeadersAllowedToBeSent, ",");
            }
        } else if (set.contains("*")) {
            String headerFirst = corsFilterClient.getHeaderFirst(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
            if (!StringUtils.isBlank(headerFirst)) {
                str = headerFirst;
            }
        } else {
            str = StringUtils.join(set, ",");
        }
        corsFilterClient.addHeaderValue(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, str);
    }

    protected Set<String> getDefaultHeadersAllowedToBeSent() {
        return null;
    }

    protected void corsAddMaxAge(CorsFilterClient corsFilterClient, int i) {
        if (i > 0) {
            corsFilterClient.addHeaderValue(HttpHeaders.ACCESS_CONTROL_MAX_AGE, String.valueOf(i));
        }
    }

    protected void corsAddAllowMethods(CorsFilterClient corsFilterClient, Set<HttpMethod> set) {
        if (set == null || set.size() == 0) {
            return;
        }
        corsFilterClient.addHeaderValue(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, StringUtils.join(set, ","));
    }

    protected void corsAddAllowCookies(CorsFilterClient corsFilterClient) {
        corsFilterClient.addHeaderValue(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    }

    protected void corsAddAllowOrigin(CorsFilterClient corsFilterClient) {
        corsFilterClient.addHeaderValue(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, corsFilterClient.getHeaderFirst("Origin"));
        corsFilterClient.addHeaderValue("Vary", "Origin");
    }
}
