package org.picketlink.http.internal.cors;

import com.mchange.v2.c3p0.subst.C3P0Substitutions;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketlink.config.http.CORSConfiguration;
import org.picketlink.log.BaseLog;

/* loaded from: input_file:WEB-INF/lib/picketlink-2.7.1.Final.jar:org/picketlink/http/internal/cors/CORS.class */
public class CORS {
    public static final String ORIGIN = "Origin";
    public static final String HOST = "Host";
    public static final long DEFAULT_MAX_AGE = TimeUnit.HOURS.toSeconds(1);
    public static final String DEFAULT_ALLOW_METHODS = "GET, POST, HEAD, OPTIONS";
    public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
    public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD = "*";

    public static void handleActualRequest(CORSConfiguration cORSConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        BaseLog.HTTP_LOGGER.debugf("Processing CORS Actual Request to path [%s].", httpServletRequest.getRequestURI());
        String header = httpServletRequest.getHeader("Origin");
        if (header == null) {
            BaseLog.HTTP_LOGGER.debug("CORS origin header is null");
            throw new RuntimeException("CORS origin header is null");
        }
        Set<String> allowedOrigins = cORSConfiguration.getAllowedOrigins();
        if (allowedOrigins == null || !(allowedOrigins.contains(header) || allowedOrigins.contains("*") || cORSConfiguration.isAllowAnyOrigin())) {
            BaseLog.HTTP_LOGGER.debug("CORS origin denied " + header);
            throw new RuntimeException("CORS origin denied " + header);
        }
        if (!cORSConfiguration.isAllowAnyMethod()) {
            String upperCase = httpServletRequest.getMethod().toUpperCase();
            if (!cORSConfiguration.getAllowedMethods().contains(upperCase)) {
                BaseLog.HTTP_LOGGER.debug("Unsupported HTTP method " + upperCase);
                throw new RuntimeException("Unsupported HTTP method " + upperCase);
            }
        }
        if (cORSConfiguration.isAllowCredentials()) {
            httpServletResponse.addHeader("Access-Control-Allow-Credentials", C3P0Substitutions.DEBUG);
            httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
        } else if (cORSConfiguration.isAllowAnyOrigin()) {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
        } else {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
        }
        Set<String> exposedHeaders = cORSConfiguration.getExposedHeaders();
        if (exposedHeaders == null || exposedHeaders.isEmpty()) {
            return;
        }
        httpServletResponse.addHeader("Access-Control-Expose-Headers", CorsUtil.join(exposedHeaders));
    }

    public static void handlePreflightRequest(CORSConfiguration cORSConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Set<String> allowedOrigins;
        BaseLog.HTTP_LOGGER.debugf("Processing CORS Preflight Request to path [%s].", httpServletRequest.getRequestURI());
        String header = httpServletRequest.getHeader("Origin");
        if (header == null) {
            BaseLog.HTTP_LOGGER.debug("CORS origin header is null");
            throw new RuntimeException("CORS origin header is null");
        }
        boolean isAllowAnyOrigin = cORSConfiguration.isAllowAnyOrigin();
        if (!isAllowAnyOrigin && ((allowedOrigins = cORSConfiguration.getAllowedOrigins()) == null || (!allowedOrigins.contains(header) && !allowedOrigins.contains("*") && !isAllowAnyOrigin))) {
            BaseLog.HTTP_LOGGER.debug("CORS origin denied " + header);
            throw new RuntimeException("CORS origin denied " + header);
        }
        Set<String> allowedMethods = cORSConfiguration.getAllowedMethods();
        if (!cORSConfiguration.isAllowAnyMethod()) {
            String header2 = httpServletRequest.getHeader("Access-Control-Request-Method");
            String upperCase = header2.toUpperCase();
            if (!allowedMethods.contains(upperCase)) {
                BaseLog.HTTP_LOGGER.debug("Unsupported HTTP access control request method " + upperCase);
                throw new RuntimeException("Unsupported HTTP access control request method " + upperCase);
            }
            if (header2 == null) {
                BaseLog.HTTP_LOGGER.debug("Invalid preflight CORS request: Missing Access-Control-Request-Method header");
                throw new RuntimeException("Invalid preflight CORS request: Missing Access-Control-Request-Method header");
            }
        }
        String header3 = httpServletRequest.getHeader("Access-Control-Request-Headers");
        String[] parseMultipleHeaderValues = CorsUtil.parseMultipleHeaderValues(header3);
        String[] strArr = new String[parseMultipleHeaderValues.length];
        for (int i = 0; i < strArr.length; i++) {
            try {
                strArr[i] = CorsUtil.formatCanonical(parseMultipleHeaderValues[i]);
            } catch (IllegalArgumentException e) {
                BaseLog.HTTP_LOGGER.debug("Invalid preflight CORS request: Bad request header value " + parseMultipleHeaderValues[i]);
                throw new RuntimeException("Invalid preflight CORS request: Bad request header value " + parseMultipleHeaderValues[i]);
            }
        }
        Set<String> allowedHeaders = cORSConfiguration.getAllowedHeaders();
        if (!cORSConfiguration.isAllowAnyHeader()) {
            for (String str : strArr) {
                if (!allowedHeaders.contains(str)) {
                    BaseLog.HTTP_LOGGER.debug("Unsupported HTTP access control request header " + str);
                    throw new RuntimeException("Unsupported HTTP access control request header " + str);
                }
            }
        }
        if (cORSConfiguration.isAllowCredentials()) {
            httpServletResponse.addHeader("Access-Control-Allow-Credentials", C3P0Substitutions.DEBUG);
            httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
        } else if (isAllowAnyOrigin) {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
        } else {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
        }
        long maxAge = cORSConfiguration.getMaxAge();
        if (Long.valueOf(maxAge) == null || maxAge <= 0) {
            httpServletResponse.addHeader("Access-Control-Max-Age", String.valueOf(DEFAULT_MAX_AGE));
        } else {
            httpServletResponse.addHeader("Access-Control-Max-Age", String.valueOf(maxAge));
        }
        if (allowedMethods == null || allowedMethods.isEmpty()) {
            httpServletResponse.addHeader("Access-Control-Allow-Methods", DEFAULT_ALLOW_METHODS);
        } else {
            httpServletResponse.addHeader("Access-Control-Allow-Methods", CorsUtil.join(allowedMethods));
        }
        if (cORSConfiguration.isAllowAnyHeader() && header3 != null) {
            httpServletResponse.addHeader("Access-Control-Allow-Headers", header3);
        } else {
            if (allowedHeaders == null || allowedHeaders.isEmpty()) {
                return;
            }
            httpServletResponse.addHeader("Access-Control-Allow-Headers", CorsUtil.join(allowedHeaders));
        }
    }
}
