package com.thetransactioncompany.cors;

import com.google.common.net.HttpHeaders;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/cors-filter-1.8.jar:com/thetransactioncompany/cors/CORSRequestHandler.class */
public class CORSRequestHandler {
    private final CORSConfiguration config;
    private final String supportedMethods;
    private final String supportedHeaders;
    private final String exposedHeaders;

    public CORSRequestHandler(CORSConfiguration cORSConfiguration) {
        this.config = cORSConfiguration;
        this.supportedMethods = serialize(cORSConfiguration.supportedMethods, ", ");
        if (cORSConfiguration.supportAnyHeader) {
            this.supportedHeaders = null;
        } else {
            this.supportedHeaders = serialize(cORSConfiguration.supportedHeaders, ", ");
        }
        this.exposedHeaders = serialize(cORSConfiguration.exposedHeaders, ", ");
    }

    private static String serialize(Set set, String str) {
        Iterator it = set.iterator();
        String str2 = "";
        while (it.hasNext()) {
            str2 = str2 + it.next().toString();
            if (it.hasNext()) {
                str2 = str2 + str;
            }
        }
        return str2;
    }

    private static String[] parseMultipleHeaderValues(String str) {
        if (str == null) {
            return new String[0];
        }
        String trim = str.trim();
        return trim.isEmpty() ? new String[0] : trim.split("\\s*,\\s*|\\s+");
    }

    public void tagRequest(HttpServletRequest httpServletRequest) {
        switch (CORSRequestType.detect(httpServletRequest)) {
            case ACTUAL:
                httpServletRequest.setAttribute("cors.isCorsRequest", true);
                httpServletRequest.setAttribute("cors.origin", httpServletRequest.getHeader(HttpHeaders.ORIGIN));
                httpServletRequest.setAttribute("cors.requestType", "actual");
                return;
            case PREFLIGHT:
                httpServletRequest.setAttribute("cors.isCorsRequest", true);
                httpServletRequest.setAttribute("cors.origin", httpServletRequest.getHeader(HttpHeaders.ORIGIN));
                httpServletRequest.setAttribute("cors.requestType", "preflight");
                httpServletRequest.setAttribute("cors.requestHeaders", httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS));
                return;
            case OTHER:
                httpServletRequest.setAttribute("cors.isCorsRequest", false);
                return;
            default:
                return;
        }
    }

    public void handleActualRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidCORSRequestException, CORSOriginDeniedException, UnsupportedHTTPMethodException {
        if (CORSRequestType.detect(httpServletRequest) != CORSRequestType.ACTUAL) {
            throw new InvalidCORSRequestException("Invalid simple/actual CORS request");
        }
        Origin origin = new Origin(httpServletRequest.getHeader(HttpHeaders.ORIGIN));
        if (!this.config.isAllowedOrigin(origin)) {
            throw new CORSOriginDeniedException("CORS origin denied", origin);
        }
        try {
            HTTPMethod valueOf = HTTPMethod.valueOf(httpServletRequest.getMethod());
            if (!this.config.isSupportedMethod(valueOf)) {
                throw new UnsupportedHTTPMethodException("Unsupported HTTP method", valueOf);
            }
            httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin.toString());
            if (this.config.supportsCredentials) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            }
            if (!this.exposedHeaders.isEmpty()) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders);
            }
            httpServletRequest.setAttribute("cors.origin", origin.toString());
            httpServletRequest.setAttribute("cors.requestType", "actual");
        } catch (Exception e) {
            throw new UnsupportedHTTPMethodException("Unsupported HTTP method: " + httpServletRequest.getMethod());
        }
    }

    public void handlePreflightRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidCORSRequestException, CORSOriginDeniedException, UnsupportedHTTPMethodException, UnsupportedHTTPHeaderException {
        if (CORSRequestType.detect(httpServletRequest) != CORSRequestType.PREFLIGHT) {
            throw new InvalidCORSRequestException("Invalid preflight CORS request");
        }
        Origin origin = new Origin(httpServletRequest.getHeader(HttpHeaders.ORIGIN));
        if (!this.config.isAllowedOrigin(origin)) {
            throw new CORSOriginDeniedException("CORS origin denied", origin);
        }
        String header = httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD);
        if (header == null) {
            throw new InvalidCORSRequestException("Invalid preflight CORS request: Missing Access-Control-Request-Method header");
        }
        try {
            HTTPMethod valueOf = HTTPMethod.valueOf(header.toUpperCase());
            String header2 = httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
            String[] parseMultipleHeaderValues = parseMultipleHeaderValues(header2);
            HeaderFieldName[] headerFieldNameArr = new HeaderFieldName[parseMultipleHeaderValues.length];
            for (int i = 0; i < headerFieldNameArr.length; i++) {
                try {
                    headerFieldNameArr[i] = new HeaderFieldName(parseMultipleHeaderValues[i]);
                } catch (IllegalArgumentException e) {
                    throw new InvalidCORSRequestException("Invalid preflight CORS request: Bad request header value");
                }
            }
            if (!this.config.isSupportedMethod(valueOf)) {
                throw new UnsupportedHTTPMethodException("Unsupported HTTP method", valueOf);
            }
            if (!this.config.supportAnyHeader) {
                for (HeaderFieldName headerFieldName : headerFieldNameArr) {
                    if (!this.config.supportedHeaders.contains(headerFieldName)) {
                        throw new UnsupportedHTTPHeaderException("Unsupported HTTP request header", headerFieldName);
                    }
                }
            }
            if (this.config.supportsCredentials) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin.toString());
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            } else if (this.config.allowAnyOrigin) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
            } else {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin.toString());
            }
            if (this.config.maxAge > 0) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, Integer.toString(this.config.maxAge));
            }
            httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, this.supportedMethods);
            if (this.config.supportAnyHeader && header2 != null) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, header2);
            } else {
                if (this.supportedHeaders == null || this.supportedHeaders.isEmpty()) {
                    return;
                }
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, this.supportedHeaders);
            }
        } catch (Exception e2) {
            throw new UnsupportedHTTPMethodException("Unsupported HTTP method: " + header);
        }
    }
}
