package org.wso2.carbon.apimgt.gateway.handlers.security;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.ManagedLifecycle;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.API;
import org.apache.synapse.rest.AbstractHandler;
import org.apache.synapse.rest.RESTUtils;
import org.apache.synapse.rest.Resource;
import org.apache.synapse.rest.dispatch.RESTDispatcher;
import org.wso2.carbon.apimgt.gateway.handlers.Utils;
import org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/handlers/security/CORSRequestHandler.class */
public class CORSRequestHandler extends AbstractHandler implements ManagedLifecycle {
    private static final Log log = LogFactory.getLog(CORSRequestHandler.class);
    private String inline;
    private String allowHeaders;
    private List<String> allowedOrigins;
    private boolean headerStatus;

    public void init(SynapseEnvironment synapseEnvironment) {
        if (log.isDebugEnabled()) {
            log.debug("Initializing CORSRequest Handler instance");
        }
        if (ServiceReferenceHolder.getInstance().getApiManagerConfigurationService() != null) {
            this.headerStatus = initializeHeaders();
        }
    }

    public boolean initializeHeaders() {
        if (this.allowHeaders == null) {
            this.allowHeaders = Utils.getAllowedHeaders();
        }
        if (this.allowedOrigins != null) {
            return true;
        }
        this.allowedOrigins = Arrays.asList(ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getFirstProperty("CORSConfiguration.Access-Control-Allow-Origin").split(","));
        return true;
    }

    public void destroy() {
        if (log.isDebugEnabled()) {
            log.debug("Destroying CORSRequest Handler handler instance");
        }
    }

    public boolean handleRequest(MessageContext messageContext) {
        boolean z;
        if (!this.headerStatus) {
            this.headerStatus = initializeHeaders();
        }
        String str = (String) messageContext.getProperty("REST_API_CONTEXT");
        String str2 = (String) messageContext.getProperty("SYNAPSE_REST_API_VERSION");
        String str3 = (String) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("HTTP_METHOD");
        API api = null;
        Resource resource = null;
        Resource resource2 = null;
        Iterator it = messageContext.getConfiguration().getAPIs().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            API api2 = (API) it.next();
            if (str.equals(api2.getContext()) && str2.equals(api2.getVersion())) {
                api = api2;
                break;
            }
        }
        String fullRequestPath = RESTUtils.getFullRequestPath(messageContext);
        String substring = api.getVersionStrategy().getVersionType().equals("url") ? fullRequestPath.substring(api.getContext().length() + api.getVersionStrategy().getVersion().length() + 1) : fullRequestPath.substring(api.getContext().length());
        if ("".equals(substring)) {
            substring = "/";
        }
        messageContext.setProperty("REST_SUB_REQUEST_PATH", substring);
        if (api.getResources().length > 0) {
            Iterator it2 = RESTUtils.getDispatchers().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Resource findResource = ((RESTDispatcher) it2.next()).findResource(messageContext, Arrays.asList(api.getResources()));
                if (findResource != null) {
                    resource2 = findResource;
                    if (Arrays.asList(findResource.getMethods()).contains(str3)) {
                        resource = findResource;
                        break;
                    }
                }
            }
        }
        String string = resource != null ? resource.getDispatcherHelper().getString() : null;
        String resourceInfoDTOCacheKey = APIUtil.getResourceInfoDTOCacheKey(str, str2, string, str3);
        messageContext.setProperty("API_ELECTED_RESOURCE", string);
        messageContext.setProperty("API_RESOURCE_CACHE_KEY", resourceInfoDTOCacheKey);
        setCORSHeaders(messageContext, resource);
        if (resource2 != null && resource != null) {
            if ("inline".equalsIgnoreCase(this.inline)) {
                messageContext.getSequence("_cors_request_handler_").mediate(messageContext);
            }
            z = true;
        } else if (resource2 == null || resource != null) {
            z = true;
        } else if ("OPTIONS".equalsIgnoreCase(str3)) {
            messageContext.getSequence("_cors_request_handler_").mediate(messageContext);
            Utils.send(messageContext, 200);
            z = false;
        } else {
            z = true;
        }
        return z;
    }

    public boolean handleResponse(MessageContext messageContext) {
        messageContext.getSequence("_cors_request_handler_").mediate(messageContext);
        return true;
    }

    public void setCORSHeaders(MessageContext messageContext, Resource resource) {
        Map map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty("TRANSPORT_HEADERS");
        messageContext.setProperty("Access-Control-Allow-Origin", getAllowedOrigins((String) map.get("Origin")));
        String str = "";
        if (resource != null) {
            for (String str2 : resource.getMethods()) {
                str = str + str2 + ",";
            }
            if (!str.isEmpty()) {
                str = str.substring(0, str.length() - 1);
            }
        } else {
            str = Utils.getAllowedMethods();
        }
        if ("*".equals(this.allowHeaders)) {
            str = (String) map.get("Access-Control-Request-Headers");
        }
        messageContext.setProperty("CORSConfiguration.Enabled", Boolean.valueOf(Utils.isCORSEnabled()));
        messageContext.setProperty("Access-Control-Allow-Methods", str);
        messageContext.setProperty("Access-Control-Allow-Headers", this.allowHeaders);
    }

    public String getInline() {
        return this.inline;
    }

    public void setInline(String str) {
        this.inline = str;
    }

    public String getAllowHeaders() {
        return this.allowHeaders;
    }

    public void setAllowHeaders(String str) {
        this.allowHeaders = str;
    }

    public String getAllowedOrigins(String str) {
        if (this.allowedOrigins.contains("*")) {
            return "*";
        }
        if (this.allowedOrigins.contains(str)) {
            return str;
        }
        return null;
    }

    public void setAllowedOrigins(String str) {
        this.allowedOrigins = Arrays.asList(str.split(","));
    }
}
