package nl.vpro.media.odi.security;

import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Aspect
/* loaded from: input_file:nl/vpro/media/odi/security/OdiOriginCheck.class */
public class OdiOriginCheck {
    private static final Logger log = LoggerFactory.getLogger(OdiOriginCheck.class);
    private List<String> origins;

    /* loaded from: input_file:nl/vpro/media/odi/security/OdiOriginCheck$UnknownOriginException.class */
    public static class UnknownOriginException extends RuntimeException {
        private UnknownOriginException(String str) {
            super("No access for: " + str);
        }
    }

    @Before("target(nl.vpro.media.odi.OdiService) && execution(* *(..)) && args(*, *, request, response, ..)")
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("origin");
        if (this.origins == null || this.origins.contains(header)) {
            return;
        }
        log.warn("Location access forbidden for referrer {}", header);
        throw new UnknownOriginException(header);
    }

    public void setOrigins(String str) {
        this.origins = Arrays.asList(str.split(","));
    }
}
