package org.apache.cxf.rs.security.cors;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.mchange.v2.c3p0.subst.C3P0Substitutions;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeSet;
import java.util.regex.Pattern;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.ReflectionUtil;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.jaxrs.model.OperationResourceInfo;
import org.apache.cxf.jaxrs.model.URITemplate;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;

@Priority(999)
@PreMatching
/* loaded from: input_file:org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.class */
public class CrossOriginResourceSharingFilter implements ContainerRequestFilter, ContainerResponseFilter {
    private static final Pattern SPACE_PATTERN = Pattern.compile(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
    private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",");
    private static final String LOCAL_PREFLIGHT = "local_preflight";
    private static final String LOCAL_PREFLIGHT_ORIGIN = "local_preflight.origin";
    private static final String LOCAL_PREFLIGHT_METHOD = "local_preflight.method";
    private static final String PREFLIGHT_PASSED = "preflight_passed";
    private static final String PREFLIGHT_FAILED = "preflight_failed";
    private static final String SIMPLE_REQUEST = "simple_request";

    @Context
    private HttpHeaders headers;
    private boolean allowCredentials;
    private Integer maxAge;
    private boolean defaultOptionsMethodsHandlePreflight;
    private boolean blockCorsIfUnauthorized;
    private List<String> allowOrigins = Collections.emptyList();
    private List<String> allowHeaders = Collections.emptyList();
    private List<String> exposeHeaders = Collections.emptyList();
    private Integer preflightFailStatus = 200;
    private boolean findResourceMethod = true;

    /* loaded from: input_file:org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter$CorsInInterceptor.class */
    private class CorsInInterceptor extends AbstractPhaseInterceptor<Message> {
        public CorsInInterceptor() {
            super(Phase.PRE_INVOKE);
        }

        @Override // org.apache.cxf.interceptor.Interceptor
        public void handleMessage(Message message) {
            CrossOriginResourceSharingFilter.this.simpleRequest(message, ((OperationResourceInfo) message.getExchange().get(OperationResourceInfo.class)).getAnnotatedMethod());
        }
    }

    private <T extends Annotation> T getAnnotation(Method method, Class<T> cls) {
        if (method == null) {
            return null;
        }
        return (T) ReflectionUtil.getAnnotationForMethodOrContainingClass(method, cls);
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        String str = (String) currentMessage.get(Message.HTTP_REQUEST_METHOD);
        if ("OPTIONS".equals(str)) {
            Response preflightRequest = preflightRequest(currentMessage);
            if (preflightRequest != null) {
                containerRequestContext.abortWith(preflightRequest);
                return;
            }
            return;
        }
        if (this.findResourceMethod) {
            simpleRequest(currentMessage, this.findResourceMethod ? getResourceMethod(currentMessage, str) : null);
        } else {
            currentMessage.getInterceptorChain().add(new CorsInInterceptor());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Response simpleRequest(Message message, Method method) {
        CrossOriginResourceSharing crossOriginResourceSharing = (CrossOriginResourceSharing) getAnnotation(method, CrossOriginResourceSharing.class);
        List<String> headerValues = getHeaderValues("Origin", true);
        if (headerValues == null || headerValues.size() == 0 || !effectiveAllowOrigins(crossOriginResourceSharing, headerValues)) {
            return null;
        }
        setAllowOriginAndCredentials(message, crossOriginResourceSharing, headerValues);
        List<String> effectiveExposeHeaders = effectiveExposeHeaders(crossOriginResourceSharing);
        if (effectiveExposeHeaders != null && effectiveExposeHeaders.size() != 0) {
            message.getExchange().put("Access-Control-Expose-Headers", effectiveExposeHeaders);
        }
        message.getExchange().put(CrossOriginResourceSharingFilter.class.getName(), SIMPLE_REQUEST);
        return null;
    }

    private Response preflightRequest(Message message) {
        Method resourceMethod;
        List<String> headerValues = getHeaderValues("Origin", true);
        if (headerValues == null || headerValues.size() != 1) {
            return null;
        }
        String str = headerValues.get(0);
        List<String> headerValues2 = getHeaderValues("Access-Control-Request-Method", false);
        if (headerValues2 == null || headerValues2.size() != 1) {
            return createPreflightResponse(message, false);
        }
        String str2 = headerValues2.get(0);
        Method method = null;
        if (this.findResourceMethod) {
            method = getResourceMethod(message, str2);
            if (method == null) {
                return null;
            }
        }
        LocalPreflight localPreflight = null;
        if (!this.defaultOptionsMethodsHandlePreflight && (resourceMethod = getResourceMethod(message, "OPTIONS")) != null) {
            localPreflight = (LocalPreflight) getAnnotation(resourceMethod, LocalPreflight.class);
        }
        if (localPreflight != null || this.defaultOptionsMethodsHandlePreflight) {
            message.put(LOCAL_PREFLIGHT, C3P0Substitutions.DEBUG);
            message.put(LOCAL_PREFLIGHT_ORIGIN, str);
            message.put(LOCAL_PREFLIGHT_METHOD, method);
            return null;
        }
        CrossOriginResourceSharing crossOriginResourceSharing = (CrossOriginResourceSharing) getAnnotation(method, CrossOriginResourceSharing.class);
        if (!effectiveAllowOrigins(crossOriginResourceSharing, Collections.singletonList(str))) {
            return createPreflightResponse(message, false);
        }
        List<String> headerValues3 = getHeaderValues("Access-Control-Request-Headers", false);
        if (!effectiveAllowHeaders(crossOriginResourceSharing, headerValues3)) {
            return createPreflightResponse(message, false);
        }
        message.getExchange().put("Access-Control-Allow-Methods", Arrays.asList(str2));
        message.getExchange().put("Access-Control-Allow-Headers", headerValues3);
        if (effectiveMaxAge(crossOriginResourceSharing) != null) {
            message.getExchange().put("Access-Control-Max-Age", effectiveMaxAge(crossOriginResourceSharing).toString());
        }
        setAllowOriginAndCredentials(message, crossOriginResourceSharing, headerValues);
        return createPreflightResponse(message, true);
    }

    private Response createPreflightResponse(Message message, boolean z) {
        message.getExchange().put(CrossOriginResourceSharingFilter.class.getName(), z ? PREFLIGHT_PASSED : PREFLIGHT_FAILED);
        return Response.status(z ? 200 : this.preflightFailStatus.intValue()).build();
    }

    private Method getResourceMethod(Message message, String str) {
        OperationResourceInfo findPreflightMethod;
        String pathToMatch = HttpUtils.getPathToMatch(message, true);
        Map<ClassResourceInfo, MultivaluedMap<String, String>> selectResourceClass = JAXRSUtils.selectResourceClass(JAXRSUtils.getRootResources(message), pathToMatch, message);
        if (selectResourceClass == null || (findPreflightMethod = findPreflightMethod(selectResourceClass, pathToMatch, str, new MetadataMap(), message)) == null) {
            return null;
        }
        return findPreflightMethod.getAnnotatedMethod();
    }

    private OperationResourceInfo findPreflightMethod(Map<ClassResourceInfo, MultivaluedMap<String, String>> map, String str, String str2, MultivaluedMap<String, String> multivaluedMap, Message message) {
        OperationResourceInfo findTargetMethod = JAXRSUtils.findTargetMethod(map, message, str2, multivaluedMap, MediaType.WILDCARD, Collections.singletonList(MediaType.WILDCARD_TYPE), false);
        if (findTargetMethod == null) {
            return null;
        }
        if (!findTargetMethod.isSubResourceLocator()) {
            return findTargetMethod;
        }
        Class<?> returnType = findTargetMethod.getMethodToInvoke().getReturnType();
        ClassResourceInfo subResource = findTargetMethod.getClassResourceInfo().getSubResource(returnType, returnType);
        if (subResource == null) {
            return null;
        }
        MetadataMap metadataMap = new MetadataMap();
        metadataMap.putAll(multivaluedMap);
        return findPreflightMethod(Collections.singletonMap(subResource, metadataMap), multivaluedMap.getFirst(URITemplate.FINAL_MATCH_GROUP), str2, metadataMap, message);
    }

    private void setAllowOriginAndCredentials(Message message, CrossOriginResourceSharing crossOriginResourceSharing, List<String> list) {
        boolean effectiveAllowCredentials = effectiveAllowCredentials(crossOriginResourceSharing);
        message.getExchange().put("Access-Control-Allow-Credentials", Boolean.valueOf(effectiveAllowCredentials));
        message.getExchange().put("Origin", (effectiveAllowCredentials || !effectiveAllowAllOrigins(crossOriginResourceSharing)) ? concatValues(list, true) : "*");
    }

    @Override // javax.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        String str = (String) currentMessage.getExchange().get(CrossOriginResourceSharingFilter.class.getName());
        if (str == null || str == PREFLIGHT_FAILED) {
            return;
        }
        if (containerResponseContext.getStatus() == Response.Status.UNAUTHORIZED.getStatusCode() && this.blockCorsIfUnauthorized) {
            return;
        }
        containerResponseContext.getHeaders().putSingle("Access-Control-Allow-Origin", currentMessage.getExchange().get("Origin"));
        containerResponseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", currentMessage.getExchange().get("Access-Control-Allow-Credentials"));
        if (SIMPLE_REQUEST.equals(str)) {
            List<String> headersFromInput = getHeadersFromInput(currentMessage, "Access-Control-Expose-Headers");
            if (headersFromInput != null) {
                addHeaders(containerResponseContext, "Access-Control-Expose-Headers", headersFromInput, false);
                return;
            }
            return;
        }
        String str2 = (String) currentMessage.getExchange().get("Access-Control-Max-Age");
        if (str2 != null) {
            containerResponseContext.getHeaders().putSingle("Access-Control-Max-Age", str2);
        }
        addHeaders(containerResponseContext, "Access-Control-Allow-Methods", getHeadersFromInput(currentMessage, "Access-Control-Allow-Methods"), false);
        List<String> headersFromInput2 = getHeadersFromInput(currentMessage, "Access-Control-Allow-Headers");
        if (headersFromInput2 != null) {
            addHeaders(containerResponseContext, "Access-Control-Allow-Headers", headersFromInput2, false);
        }
    }

    private boolean effectiveAllowAllOrigins(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? crossOriginResourceSharing.allowAllOrigins() : this.allowOrigins.isEmpty();
    }

    private boolean effectiveAllowCredentials(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? crossOriginResourceSharing.allowCredentials() : this.allowCredentials;
    }

    private boolean effectiveAllowOrigins(CrossOriginResourceSharing crossOriginResourceSharing, List<String> list) {
        if (effectiveAllowAllOrigins(crossOriginResourceSharing)) {
            return true;
        }
        List<String> emptyList = Collections.emptyList();
        if (crossOriginResourceSharing != null) {
            emptyList = Arrays.asList(crossOriginResourceSharing.allowOrigins());
        }
        if (emptyList.isEmpty()) {
            emptyList = this.allowOrigins;
        }
        return emptyList.containsAll(list);
    }

    private boolean effectiveAllowAnyHeaders(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? crossOriginResourceSharing.allowHeaders().length == 0 : this.allowHeaders.isEmpty();
    }

    private boolean effectiveAllowHeaders(CrossOriginResourceSharing crossOriginResourceSharing, List<String> list) {
        if (effectiveAllowAnyHeaders(crossOriginResourceSharing)) {
            return true;
        }
        List<String> asList = crossOriginResourceSharing != null ? Arrays.asList(crossOriginResourceSharing.allowHeaders()) : this.allowHeaders;
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        treeSet.addAll(asList);
        return treeSet.containsAll(list);
    }

    private List<String> effectiveExposeHeaders(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? Arrays.asList(crossOriginResourceSharing.exposeHeaders()) : this.exposeHeaders;
    }

    private Integer effectiveMaxAge(CrossOriginResourceSharing crossOriginResourceSharing) {
        if (crossOriginResourceSharing == null) {
            return this.maxAge;
        }
        int maxAge = crossOriginResourceSharing.maxAge();
        if (maxAge < 0) {
            return null;
        }
        return Integer.valueOf(maxAge);
    }

    private List<String> getHeadersFromInput(Message message, String str) {
        Object obj = message.getExchange().get(str);
        if (obj instanceof List) {
            return (List) obj;
        }
        return null;
    }

    private List<String> getHeaderValues(String str, boolean z) {
        List<String> requestHeader = this.headers.getRequestHeader(str);
        Pattern pattern = z ? SPACE_PATTERN : FIELD_COMMA_PATTERN;
        ArrayList arrayList = new ArrayList();
        if (requestHeader != null) {
            Iterator<String> it = requestHeader.iterator();
            while (it.hasNext()) {
                for (String str2 : pattern.split(it.next())) {
                    arrayList.add(str2.trim());
                }
            }
        }
        return arrayList;
    }

    private void addHeaders(ContainerResponseContext containerResponseContext, String str, List<String> list, boolean z) {
        containerResponseContext.getHeaders().putSingle(str, concatValues(list, z));
    }

    private String concatValues(List<String> list, boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < list.size(); i++) {
            stringBuffer.append(list.get(i));
            if (i != list.size() - 1) {
                if (z) {
                    stringBuffer.append(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                } else {
                    stringBuffer.append(", ");
                }
            }
        }
        return stringBuffer.toString();
    }

    public void setAllowOrigins(List<String> list) {
        this.allowOrigins = list;
    }

    public List<String> getAllowOrigins() {
        return this.allowOrigins;
    }

    public List<String> getAllowHeaders() {
        return this.allowHeaders;
    }

    public void setAllowHeaders(List<String> list) {
        this.allowHeaders = list;
    }

    public List<String> getExposeHeaders() {
        return this.exposeHeaders;
    }

    public Integer getMaxAge() {
        return this.maxAge;
    }

    public boolean isAllowCredentials() {
        return this.allowCredentials;
    }

    public void setAllowCredentials(boolean z) {
        this.allowCredentials = z;
    }

    public void setExposeHeaders(List<String> list) {
        this.exposeHeaders = list;
    }

    public void setMaxAge(Integer num) {
        this.maxAge = num;
    }

    public void setPreflightErrorStatus(Integer num) {
        this.preflightFailStatus = num;
    }

    public void setDefaultOptionsMethodsHandlePreflight(boolean z) {
        this.defaultOptionsMethodsHandlePreflight = z;
    }

    public void setFindResourceMethod(boolean z) {
        this.findResourceMethod = z;
    }

    public void setBlockCorsIfUnauthorized(boolean z) {
        this.blockCorsIfUnauthorized = z;
    }
}
