package org.primeframework.mvc.cors;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import org.primeframework.mvc.http.HTTPMethod;
import org.primeframework.mvc.http.HTTPRequest;
import org.primeframework.mvc.http.HTTPResponse;
import org.primeframework.mvc.http.HTTPStrings;
import org.primeframework.mvc.http.HTTPTools;
import org.primeframework.mvc.util.CookieTools;
import org.primeframework.mvc.workflow.WorkflowChain;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/primeframework/mvc/cors/CORSFilter.class */
public final class CORSFilter {
    private static final Collection<HTTPMethod> ComplexHTTPMethods = Set.of(HTTPMethod.PATCH, HTTPMethod.PUT, HTTPMethod.DELETE, HTTPMethod.TRACE, HTTPMethod.CONNECT);
    private static final Collection<String> SimpleHTTPRequestContentTypes = Set.of(HTTPStrings.ContentTypes.Form, "multipart/form-data", HTTPStrings.ContentTypes.Text);
    private static final Logger logger = LoggerFactory.getLogger(CORSFilter.class);
    private final Collection<String> allowedHTTPHeaders = new LinkedHashSet();
    private final Collection<String> allowedHTTPHeadersOriginal = new LinkedHashSet();
    private final Collection<HTTPMethod> allowedHTTPMethods = new LinkedHashSet();
    private final Collection<String> allowedOrigins = new LinkedHashSet();
    private final Collection<String> exposedHeaders = new LinkedHashSet();
    private boolean anyOriginAllowed;
    private boolean debug;
    private CORSDebugger debugger;
    private Pattern excludedPathPattern;
    private long preflightMaxAge;
    private boolean supportsCredentials;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.primeframework.mvc.cors.CORSFilter$1, reason: invalid class name */
    /* loaded from: input_file:org/primeframework/mvc/cors/CORSFilter$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$primeframework$mvc$cors$CORSFilter$CORSRequestType;
        static final /* synthetic */ int[] $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason = new int[InvalidCORSReason.values().length];

        static {
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.PreFlightUnexpected.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.SimpleMethodNotAllowed.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.SimpleOriginNotAllowed.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.PreFlightHeaderNotAllowed.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.PreFlightMethodNotAllowed.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.PreFlightMethodNotRecognized.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.PreFlightOriginNotAllowed.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[InvalidCORSReason.UnhandledCORSRequestType.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            $SwitchMap$org$primeframework$mvc$cors$CORSFilter$CORSRequestType = new int[CORSRequestType.values().length];
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$CORSRequestType[CORSRequestType.SIMPLE.ordinal()] = 1;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$CORSRequestType[CORSRequestType.ACTUAL.ordinal()] = 2;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$CORSRequestType[CORSRequestType.PRE_FLIGHT.ordinal()] = 3;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$primeframework$mvc$cors$CORSFilter$CORSRequestType[CORSRequestType.NOT_CORS.ordinal()] = 4;
            } catch (NoSuchFieldError e12) {
            }
        }
    }

    /* loaded from: input_file:org/primeframework/mvc/cors/CORSFilter$CORSRequestType.class */
    public enum CORSRequestType {
        SIMPLE,
        ACTUAL,
        PRE_FLIGHT,
        NOT_CORS,
        INVALID_CORS
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/primeframework/mvc/cors/CORSFilter$InvalidCORSReason.class */
    public enum InvalidCORSReason {
        PreFlightOriginNotAllowed,
        PreFlightUnexpected,
        PreFlightHeaderNotAllowed,
        PreFlightMethodNotAllowed,
        PreFlightMethodNotRecognized,
        SimpleOriginNotAllowed,
        SimpleMethodNotAllowed,
        UnhandledCORSRequestType
    }

    public void doFilter(HTTPRequest hTTPRequest, HTTPResponse hTTPResponse, WorkflowChain workflowChain) throws IOException {
        String header = hTTPRequest.getHeader(HTTPStrings.Headers.Origin);
        if (header != null && isSameOrigin(header, hTTPRequest)) {
            workflowChain.continueWorkflow();
            return;
        }
        CORSRequestType checkRequestType = checkRequestType(hTTPRequest, header);
        String path = hTTPRequest.getPath();
        if (excludedRequestURI(path)) {
            if (checkRequestType == CORSRequestType.PRE_FLIGHT) {
                handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.PreFlightUnexpected, path);
                return;
            }
            checkRequestType = CORSRequestType.NOT_CORS;
        }
        switch (AnonymousClass1.$SwitchMap$org$primeframework$mvc$cors$CORSFilter$CORSRequestType[checkRequestType.ordinal()]) {
            case 1:
            case 2:
                handleSimpleCORS(hTTPRequest, hTTPResponse, workflowChain);
                return;
            case CookieTools.HIGHEST_BIT_MASK /* 3 */:
                handlePreflightCORS(hTTPRequest, hTTPResponse);
                return;
            case 4:
                workflowChain.continueWorkflow();
                return;
            default:
                handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.UnhandledCORSRequestType, checkRequestType);
                return;
        }
    }

    public CORSFilter withAllowCredentials(boolean z) {
        this.supportsCredentials = z;
        return this;
    }

    public CORSFilter withAllowedHTTPHeaders(List<String> list) {
        if (list != null) {
            this.allowedHTTPHeaders.clear();
            this.allowedHTTPHeadersOriginal.clear();
            for (String str : list) {
                this.allowedHTTPHeaders.add(str.toLowerCase());
                this.allowedHTTPHeadersOriginal.add(str);
            }
        }
        return this;
    }

    public CORSFilter withAllowedHTTPMethods(List<HTTPMethod> list) {
        if (list != null) {
            this.allowedHTTPMethods.clear();
            this.allowedHTTPMethods.addAll(list);
        }
        return this;
    }

    public CORSFilter withAllowedOrigins(List<URI> list) {
        if (list != null) {
            if (list.contains(URI.create("*"))) {
                this.anyOriginAllowed = true;
            } else {
                this.anyOriginAllowed = false;
                this.allowedOrigins.clear();
                list.forEach(uri -> {
                    this.allowedOrigins.add(uri.toString());
                });
            }
        }
        return this;
    }

    public CORSFilter withDebugEnabled(boolean z) {
        this.debug = z;
        return this;
    }

    public CORSFilter withDebugger(CORSDebugger cORSDebugger) {
        this.debugger = cORSDebugger;
        return this;
    }

    public CORSFilter withExcludedPathPattern(Pattern pattern) {
        this.excludedPathPattern = pattern;
        return this;
    }

    public CORSFilter withExposedHeaders(List<String> list) {
        if (list != null) {
            this.exposedHeaders.clear();
            this.exposedHeaders.addAll(list);
        }
        return this;
    }

    public CORSFilter withPreflightMaxAge(int i) {
        this.preflightMaxAge = i;
        return this;
    }

    private CORSRequestType checkRequestType(HTTPRequest hTTPRequest, String str) {
        if (hTTPRequest == null) {
            throw new IllegalArgumentException("HttpServletRequest object is null");
        }
        if (str == null) {
            return CORSRequestType.NOT_CORS;
        }
        if (str.isBlank() || !isValidOrigin(str)) {
            return CORSRequestType.INVALID_CORS;
        }
        CORSRequestType cORSRequestType = CORSRequestType.INVALID_CORS;
        HTTPMethod method = hTTPRequest.getMethod();
        if (method != null) {
            if (HTTPMethod.OPTIONS.is(method)) {
                String header = hTTPRequest.getHeader(HTTPStrings.Headers.AccessControlRequestMethod);
                if (header != null && !header.isBlank()) {
                    cORSRequestType = CORSRequestType.PRE_FLIGHT;
                } else if (header == null) {
                    cORSRequestType = CORSRequestType.ACTUAL;
                }
            } else if (HTTPMethod.GET.is(method) || HTTPMethod.HEAD.is(method)) {
                cORSRequestType = CORSRequestType.SIMPLE;
            } else if (HTTPMethod.POST.is(method)) {
                String contentType = hTTPRequest.getContentType();
                if (contentType != null) {
                    cORSRequestType = SimpleHTTPRequestContentTypes.contains(contentType.toLowerCase().trim()) ? CORSRequestType.SIMPLE : CORSRequestType.ACTUAL;
                }
            } else if (ComplexHTTPMethods.contains(method)) {
                cORSRequestType = CORSRequestType.ACTUAL;
            }
        }
        return cORSRequestType;
    }

    private boolean excludedRequestURI(String str) {
        return this.excludedPathPattern != null && this.excludedPathPattern.matcher(str).find();
    }

    private void handleInvalidCORS(HTTPRequest hTTPRequest, HTTPResponse hTTPResponse, InvalidCORSReason invalidCORSReason, Object obj) {
        if (logger.isDebugEnabled() || this.debug) {
            logRequest(hTTPRequest, invalidCORSReason, obj);
        }
        hTTPResponse.setContentType(HTTPStrings.ContentTypes.Text);
        hTTPResponse.setStatus(403);
    }

    private void handlePreflightCORS(HTTPRequest hTTPRequest, HTTPResponse hTTPResponse) {
        String header = hTTPRequest.getHeader(HTTPStrings.Headers.Origin);
        if (!isOriginAllowed(header)) {
            handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.PreFlightOriginNotAllowed, header);
            return;
        }
        String header2 = hTTPRequest.getHeader(HTTPStrings.Headers.AccessControlRequestMethod);
        HTTPMethod of = header2 != null ? HTTPMethod.of(header2.trim()) : null;
        if (of == null) {
            handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.PreFlightMethodNotRecognized, null);
            return;
        }
        String header3 = hTTPRequest.getHeader(HTTPStrings.Headers.AccessControlRequestHeaders);
        LinkedList<Object> linkedList = new LinkedList();
        if (header3 != null && !header3.trim().isEmpty()) {
            for (String str : header3.trim().split(",")) {
                linkedList.add(str.trim().toLowerCase());
            }
        }
        if (!this.allowedHTTPMethods.contains(of)) {
            handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.PreFlightMethodNotAllowed, of);
            return;
        }
        if (!linkedList.isEmpty()) {
            for (Object obj : linkedList) {
                if (!this.allowedHTTPHeaders.contains(obj)) {
                    handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.PreFlightHeaderNotAllowed, obj);
                    return;
                }
            }
        }
        if (this.supportsCredentials) {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowOrigin, header);
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowCredentials, "true");
            hTTPResponse.addHeader("Vary", HTTPStrings.Headers.Origin);
        } else if (this.anyOriginAllowed) {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowOrigin, "*");
        } else {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowOrigin, header);
            hTTPResponse.addHeader("Vary", HTTPStrings.Headers.Origin);
        }
        if (this.preflightMaxAge > 0) {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlMaxAge, String.valueOf(this.preflightMaxAge));
        }
        hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowMethods, of.toString());
        if (!this.allowedHTTPHeaders.isEmpty()) {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowHeaders, String.join(",", this.allowedHTTPHeadersOriginal));
        }
        hTTPResponse.setStatus(204);
    }

    private void handleSimpleCORS(HTTPRequest hTTPRequest, HTTPResponse hTTPResponse, WorkflowChain workflowChain) throws IOException {
        String header = hTTPRequest.getHeader(HTTPStrings.Headers.Origin);
        HTTPMethod method = hTTPRequest.getMethod();
        if (!isOriginAllowed(header)) {
            handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.SimpleOriginNotAllowed, header);
            return;
        }
        if (!this.allowedHTTPMethods.contains(method)) {
            handleInvalidCORS(hTTPRequest, hTTPResponse, InvalidCORSReason.SimpleMethodNotAllowed, method);
            return;
        }
        if (!this.anyOriginAllowed || this.supportsCredentials) {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowOrigin, header);
            hTTPResponse.addHeader("Vary", HTTPStrings.Headers.Origin);
        } else {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowOrigin, "*");
        }
        if (this.supportsCredentials) {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlAllowCredentials, "true");
        }
        if (this.exposedHeaders.size() > 0) {
            hTTPResponse.addHeader(HTTPStrings.Headers.AccessControlExposeHeaders, String.join(",", this.exposedHeaders));
        }
        workflowChain.continueWorkflow();
    }

    private boolean isOriginAllowed(String str) {
        if (this.anyOriginAllowed) {
            return true;
        }
        return this.allowedOrigins.contains(str);
    }

    private boolean isSameOrigin(String str, HTTPRequest hTTPRequest) {
        if ("null".equals(str) || str.startsWith("file://")) {
            return false;
        }
        try {
            URI baseURI = HTTPTools.getBaseURI(hTTPRequest);
            URI create = URI.create(str);
            if (baseURI.getScheme().equalsIgnoreCase(create.getScheme()) & (baseURI.getPort() == create.getPort())) {
                if (baseURI.getHost().equalsIgnoreCase(create.getHost())) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean isValidOrigin(String str) {
        if (str.contains("%")) {
            return false;
        }
        if ("null".equals(str) || str.startsWith("file://")) {
            return true;
        }
        try {
            return new URI(str).getScheme() != null;
        } catch (URISyntaxException e) {
            return false;
        }
    }

    private void logRequest(HTTPRequest hTTPRequest, InvalidCORSReason invalidCORSReason, Object obj) {
        String str;
        if (this.debugger == null) {
            return;
        }
        switch (AnonymousClass1.$SwitchMap$org$primeframework$mvc$cors$CORSFilter$InvalidCORSReason[invalidCORSReason.ordinal()]) {
            case 1:
                str = "Invalid request. Not expecting a preflight request from URI [" + obj + "].";
                break;
            case 2:
                str = "Invalid Simple CORS request. HTTP method not allowed. [" + obj + "]";
                break;
            case CookieTools.HIGHEST_BIT_MASK /* 3 */:
                str = "Invalid Simple CORS request. Origin not allowed. [" + obj + "]";
                break;
            case 4:
                str = "Invalid CORS pre-flight request. HTTP header not allowed. [" + obj + "]";
                break;
            case 5:
                str = "Invalid CORS pre-flight request. HTTP method not allowed. [" + obj + "]";
                break;
            case 6:
                str = "Invalid CORS pre-flight request. HTTP method not recognized. [" + obj + "]";
                break;
            case 7:
                str = "Invalid CORS pre-flight request. Origin not allowed. [" + obj + "]";
                break;
            case 8:
                str = "Invalid request. Unhandled CORS request type [" + obj + "].";
                break;
            default:
                throw new IncompatibleClassChangeError();
        }
        this.debugger.disableTimestamp().log(str).log("").logValueDefaultIfNull("Base URI: ", HTTPTools.getBaseURI(hTTPRequest)).logValueDefaultIfNull("HTTP Method: ", hTTPRequest.getMethod()).logValueDefaultIfNull("URI: ", hTTPRequest.getPath()).log("").logValueDefaultIfNull("Content-Type header: ", hTTPRequest.getHeader(HTTPStrings.Headers.ContentType)).logValueDefaultIfNull("Host header: ", hTTPRequest.getHeader("Host")).logValueDefaultIfNull("Origin header: ", hTTPRequest.getHeader(HTTPStrings.Headers.Origin)).logValueDefaultIfNull("Referer header: ", hTTPRequest.getHeader("Referer")).log("").logValueDefaultIfNull("Remote host: ", hTTPRequest.getRemoteHost()).logValueDefaultIfNull("IP address: ", hTTPRequest.getRemoteAddress()).log("").logValueDefaultIfNull("Header names: ", String.join(",", hTTPRequest.getHeadersMap().keySet()));
        if (hTTPRequest.getHeader(HTTPStrings.Headers.ContentType) == null && invalidCORSReason == InvalidCORSReason.UnhandledCORSRequestType) {
            this.debugger.log("").log("You are missing the Content-Type header during a POST request. This is an invalid CORS request and is the likely root cause of this failure.");
        }
        this.debugger.log("").log("Return HTTP Status code 403.");
        if (logger.isDebugEnabled()) {
            logger.debug(this.debugger.toString());
        }
        if (this.debug) {
            this.debugger.done();
        }
    }
}
