package de.gwdg.cdstar.rest.servlet;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.synchronoss.cloud.nio.multipart.MultipartUtils;

/* loaded from: input_file:de/gwdg/cdstar/rest/servlet/CORSFilter.class */
public class CORSFilter implements Filter {
    public static final String ALLOW_CREDENTIALS_PARAM = "allowCredentials";
    public static final String EXPOSED_HEADERS_PARAM = "exposedHeaders";
    public static final String PREFLIGHT_MAX_AGE_PARAM = "preflightMaxAge";
    public static final String ALLOWED_HEADERS_PARAM = "allowedHeaders";
    public static final String ALLOWED_METHODS_PARAM = "allowedMethods";
    public static final String ALLOWED_ORIGINS_PARAM = "allowedOrigins";
    private static final String ORIGIN_HEADER = "Origin";
    private static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER = "Access-Control-Request-Method";
    private static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER = "Access-Control-Request-Headers";
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    private static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER = "Access-Control-Allow-Methods";
    private static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER = "Access-Control-Allow-Headers";
    private static final String ACCESS_CONTROL_MAX_AGE_HEADER = "Access-Control-Max-Age";
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials";
    private static final String ACCESS_CONTROL_EXPOSE_HEADERS_HEADER = "Access-Control-Expose-Headers";
    private boolean allOriginsAllowed;
    private String allowedMethodsHeader;
    private boolean allMethodsAllowed;
    private String allowedHeadersHeader;
    private boolean allHeadersAllowed;
    private String preflightMaxAge;
    private String exposedHeadersHeader;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CORSFilter.class);
    private static final Set<String> SAVE_HEADERS = new HashSet(Arrays.asList("accept", "accept-language", "content-language", "content-fype"));
    private static final Set<String> AUTO_EXPOSED = new HashSet(Arrays.asList("cache-control", "content-language", "content-length", "content-type", "expires", "last-modified", "pragma"));
    private Set<String> allowedOrigins = new HashSet(0);
    private Set<Pattern> allowedOriginPatterns = new HashSet(0);
    private Set<String> allowedMethods = new HashSet(8);
    private Set<String> allowedHeaders = new HashSet(0);
    private boolean allowCredentials = false;

    private String getRequiredInitParam(FilterConfig filterConfig, String str) {
        return (String) Objects.requireNonNull(filterConfig.getInitParameter(str), "Init parameter " + str + "required");
    }

    @Override // jakarta.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        for (String str : hlistSplit(getRequiredInitParam(filterConfig, ALLOWED_ORIGINS_PARAM))) {
            if (str.equals("*")) {
                this.allOriginsAllowed = true;
            } else if (str.startsWith("^") && str.endsWith("$")) {
                this.allowedOriginPatterns.add(Pattern.compile(str));
            } else {
                this.allowedOrigins.add(str);
            }
        }
        for (String str2 : hlistSplit(getRequiredInitParam(filterConfig, ALLOWED_METHODS_PARAM))) {
            if (str2.equals("*")) {
                this.allMethodsAllowed = true;
            } else {
                this.allowedMethods.add(str2.toUpperCase());
            }
        }
        this.allowedMethodsHeader = this.allMethodsAllowed ? "*" : String.join(", ", this.allowedMethods);
        for (String str3 : hlistSplit(getRequiredInitParam(filterConfig, ALLOWED_HEADERS_PARAM))) {
            if (str3.equals("*")) {
                this.allHeadersAllowed = true;
            } else {
                this.allowedHeaders.add(str3);
            }
        }
        this.allowedHeadersHeader = this.allHeadersAllowed ? "*" : String.join(", ", this.allowedHeaders);
        this.allowedHeaders.addAll(SAVE_HEADERS);
        this.allowCredentials = "true".equalsIgnoreCase(filterConfig.getInitParameter(ALLOW_CREDENTIALS_PARAM));
        this.exposedHeadersHeader = filterConfig.getInitParameter(EXPOSED_HEADERS_PARAM);
        if (this.exposedHeadersHeader != null) {
            this.exposedHeadersHeader = String.join(", ", new HashSet(hlistSplit(this.exposedHeadersHeader)));
        }
        this.preflightMaxAge = filterConfig.getInitParameter(PREFLIGHT_MAX_AGE_PARAM);
        if (this.preflightMaxAge == null) {
            this.preflightMaxAge = "1800";
        }
    }

    @Override // jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        handle((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader(ORIGIN_HEADER);
        if (header == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!originAllowed(header)) {
            handleError(httpServletRequest, httpServletResponse, 403, "CORS failed. Origin not allowed.");
        } else if (isPreflightRequest(httpServletRequest)) {
            handlePreflightResponse(httpServletRequest, httpServletResponse, header);
        } else {
            handleSimpleRequest(httpServletRequest, httpServletResponse, header);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private boolean originAllowed(String str) {
        if (this.allOriginsAllowed) {
            return true;
        }
        String lowerCase = str.toLowerCase();
        if (this.allowedOrigins.contains(lowerCase)) {
            return true;
        }
        Iterator<Pattern> it = this.allowedOriginPatterns.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(lowerCase).matches()) {
                return true;
            }
        }
        return false;
    }

    private boolean isPreflightRequest(HttpServletRequest httpServletRequest) {
        return "OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod()) && httpServletRequest.getHeader(ACCESS_CONTROL_REQUEST_METHOD_HEADER) != null;
    }

    private void handlePreflightResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String upperCase = httpServletRequest.getHeader(ACCESS_CONTROL_REQUEST_METHOD_HEADER).toUpperCase();
        if (!this.allMethodsAllowed && !this.allowedMethods.contains(upperCase)) {
            log.debug("Preflight failed. Method not allowed: {} {}", upperCase, this.allowedMethods);
            handleError(httpServletRequest, httpServletResponse, 403, "CORS failed. Requested method not allowed.");
            return;
        }
        String header = httpServletRequest.getHeader(ACCESS_CONTROL_REQUEST_HEADERS_HEADER);
        if (!this.allHeadersAllowed && header != null) {
            Iterator<String> it = hlistSplit(header).iterator();
            while (it.hasNext()) {
                if (!this.allowedHeaders.contains(it.next())) {
                    log.debug("Preflight failed. Header not allowed: {}", header);
                    handleError(httpServletRequest, httpServletResponse, 403, "CORS failed: Requested header not allowed.");
                    return;
                }
            }
        }
        httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, str);
        httpServletResponse.addHeader("Vary", ORIGIN_HEADER);
        httpServletResponse.setHeader(ACCESS_CONTROL_MAX_AGE_HEADER, this.preflightMaxAge);
        httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_METHODS_HEADER, this.allowedMethodsHeader);
        httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_HEADERS_HEADER, this.allowedHeadersHeader);
        if (this.allowCredentials) {
            httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, "true");
        }
    }

    private void handleSimpleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, str);
        httpServletResponse.addHeader("Vary", ORIGIN_HEADER);
        if (this.allowCredentials) {
            httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, "true");
        }
        if (this.exposedHeadersHeader != null) {
            httpServletResponse.setHeader(ACCESS_CONTROL_EXPOSE_HEADERS_HEADER, this.exposedHeadersHeader);
        }
    }

    private void handleError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i, String str) {
        httpServletResponse.setStatus(i);
        httpServletResponse.setContentType(MultipartUtils.TEXT_PLAIN);
        try {
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            try {
                outputStream.write("CORS failed. Requested method not allowed.\n".getBytes(StandardCharsets.US_ASCII));
                if (outputStream != null) {
                    outputStream.close();
                }
            } finally {
            }
        } catch (IOException e) {
        }
    }

    private List<String> hlistSplit(String str) {
        if (str == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(8);
        StringBuilder sb = new StringBuilder(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt != ',' && !Character.isWhitespace(charAt)) {
                sb.append(Character.toLowerCase(charAt));
            } else if (sb.length() > 0) {
                arrayList.add(sb.toString());
                sb.setLength(0);
            }
        }
        if (sb.length() > 0) {
            arrayList.add(sb.toString());
        }
        return arrayList;
    }

    @Override // jakarta.servlet.Filter
    public void destroy() {
    }
}
