package org.apache.cxf.rs.security.cors;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.ReflectionUtil;
import org.apache.cxf.jaxrs.JAXRSServiceImpl;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.ext.ResponseHandler;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.jaxrs.model.OperationResourceInfo;
import org.apache.cxf.jaxrs.model.URITemplate;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.service.Service;
import org.apache.http.HttpStatus;

/* loaded from: input_file:cxf/cxf-bundle-2.7.6.jar:org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.class */
public class CrossOriginResourceSharingFilter implements RequestHandler, ResponseHandler {
    private static final Pattern SPACE_PATTERN = Pattern.compile(" ");
    private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",");
    private static final String LOCAL_PREFLIGHT = "local_preflight";
    private static final String LOCAL_PREFLIGHT_ORIGIN = "local_preflight.origin";
    private static final String LOCAL_PREFLIGHT_METHOD = "local_preflight.method";
    private static final String PREFLIGHT_PASSED = "preflight_passed";
    private static final String PREFLIGHT_FAILED = "preflight_failed";
    private static final String SIMPLE_REQUEST = "simple_request";

    @Context
    private HttpHeaders headers;
    private boolean allowCredentials;
    private Integer maxAge;
    private boolean defaultOptionsMethodsHandlePreflight;
    private List<String> allowOrigins = Collections.emptyList();
    private List<String> allowHeaders = Collections.emptyList();
    private List<String> exposeHeaders = Collections.emptyList();
    private Integer preflightFailStatus = Integer.valueOf(HttpStatus.SC_OK);

    private <T extends Annotation> T getAnnotation(Method method, Class<T> cls) {
        if (method == null) {
            return null;
        }
        return (T) ReflectionUtil.getAnnotationForMethodOrContainingClass(method, cls);
    }

    @Override // org.apache.cxf.jaxrs.ext.RequestHandler
    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        OperationResourceInfo operationResourceInfo = (OperationResourceInfo) message.getExchange().get(OperationResourceInfo.class);
        CrossOriginResourceSharing crossOriginResourceSharing = operationResourceInfo == null ? null : (CrossOriginResourceSharing) getAnnotation(operationResourceInfo.getAnnotatedMethod(), CrossOriginResourceSharing.class);
        return "OPTIONS".equals(message.get(Message.HTTP_REQUEST_METHOD)) ? preflightRequest(message, crossOriginResourceSharing, operationResourceInfo, classResourceInfo) : simpleRequest(message, crossOriginResourceSharing);
    }

    private Response simpleRequest(Message message, CrossOriginResourceSharing crossOriginResourceSharing) {
        List<String> headerValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true);
        if (headerValues == null || headerValues.size() == 0 || !effectiveAllowOrigins(crossOriginResourceSharing, headerValues)) {
            return null;
        }
        commonRequestProcessing(message, crossOriginResourceSharing, effectiveAllowAllOrigins(crossOriginResourceSharing) ? "*" : concatValues(headerValues, true));
        List<String> effectiveExposeHeaders = effectiveExposeHeaders(crossOriginResourceSharing);
        if (effectiveExposeHeaders != null && effectiveExposeHeaders.size() != 0) {
            message.getExchange().put(CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, effectiveExposeHeaders);
        }
        message.getExchange().put(CrossOriginResourceSharingFilter.class.getName(), SIMPLE_REQUEST);
        return null;
    }

    private Response preflightRequest(Message message, CrossOriginResourceSharing crossOriginResourceSharing, OperationResourceInfo operationResourceInfo, ClassResourceInfo classResourceInfo) {
        List<String> headerValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true);
        if (headerValues == null || headerValues.size() != 1) {
            return null;
        }
        String str = headerValues.get(0);
        List<String> headerValues2 = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, false);
        if (headerValues2 == null || headerValues2.size() != 1) {
            return createPreflightResponse(message, false);
        }
        String str2 = headerValues2.get(0);
        Method preflightMethod = getPreflightMethod(message, str2);
        if (preflightMethod == null) {
            return null;
        }
        if ((operationResourceInfo == null ? null : (LocalPreflight) getAnnotation(operationResourceInfo.getAnnotatedMethod(), LocalPreflight.class)) != null || this.defaultOptionsMethodsHandlePreflight) {
            message.put(LOCAL_PREFLIGHT, "true");
            message.put(LOCAL_PREFLIGHT_ORIGIN, str);
            message.put(LOCAL_PREFLIGHT_METHOD, preflightMethod);
            return null;
        }
        CrossOriginResourceSharing crossOriginResourceSharing2 = (CrossOriginResourceSharing) getAnnotation(preflightMethod, CrossOriginResourceSharing.class);
        CrossOriginResourceSharing crossOriginResourceSharing3 = crossOriginResourceSharing2 == null ? crossOriginResourceSharing : crossOriginResourceSharing2;
        if (!effectiveAllowOrigins(crossOriginResourceSharing3, Collections.singletonList(str))) {
            return createPreflightResponse(message, false);
        }
        List<String> headerValues3 = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, false);
        if (!effectiveAllowHeaders(crossOriginResourceSharing3, headerValues3)) {
            return createPreflightResponse(message, false);
        }
        String str3 = effectiveAllowAllOrigins(crossOriginResourceSharing3) ? "*" : str;
        message.getExchange().put(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, Arrays.asList(str2));
        message.getExchange().put(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS, headerValues3);
        if (effectiveMaxAge(crossOriginResourceSharing3) != null) {
            message.getExchange().put(CorsHeaderConstants.HEADER_AC_MAX_AGE, effectiveMaxAge(crossOriginResourceSharing3).toString());
        }
        commonRequestProcessing(message, crossOriginResourceSharing3, str3);
        return createPreflightResponse(message, true);
    }

    private Response createPreflightResponse(Message message, boolean z) {
        message.getExchange().put(CrossOriginResourceSharingFilter.class.getName(), z ? PREFLIGHT_PASSED : PREFLIGHT_FAILED);
        return Response.status(z ? HttpStatus.SC_OK : this.preflightFailStatus.intValue()).build();
    }

    private Method getPreflightMethod(Message message, String str) {
        OperationResourceInfo findPreflightMethod;
        String pathToMatch = HttpUtils.getPathToMatch(message, true);
        List<ClassResourceInfo> classResourceInfos = ((JAXRSServiceImpl) ((Service) message.getExchange().get(Service.class))).getClassResourceInfos();
        MetadataMap metadataMap = new MetadataMap();
        ClassResourceInfo selectResourceClass = JAXRSUtils.selectResourceClass(classResourceInfos, pathToMatch, metadataMap, message);
        if (selectResourceClass == null || (findPreflightMethod = findPreflightMethod(selectResourceClass, pathToMatch, str, metadataMap, message)) == null) {
            return null;
        }
        return findPreflightMethod.getAnnotatedMethod();
    }

    private OperationResourceInfo findPreflightMethod(ClassResourceInfo classResourceInfo, String str, String str2, MultivaluedMap<String, String> multivaluedMap, Message message) {
        OperationResourceInfo findTargetMethod = JAXRSUtils.findTargetMethod(classResourceInfo, message, str2, multivaluedMap, MediaType.WILDCARD, Collections.singletonList(MediaType.WILDCARD_TYPE), true);
        if (findTargetMethod == null) {
            return null;
        }
        if (!findTargetMethod.isSubResourceLocator()) {
            return findTargetMethod;
        }
        Class<?> returnType = findTargetMethod.getMethodToInvoke().getReturnType();
        ClassResourceInfo subResource = classResourceInfo.getSubResource(returnType, returnType);
        if (subResource == null) {
            return null;
        }
        MetadataMap metadataMap = new MetadataMap();
        metadataMap.putAll(multivaluedMap);
        return findPreflightMethod(subResource, multivaluedMap.getFirst(URITemplate.FINAL_MATCH_GROUP), str2, metadataMap, message);
    }

    private void commonRequestProcessing(Message message, CrossOriginResourceSharing crossOriginResourceSharing, String str) {
        message.getExchange().put(CorsHeaderConstants.HEADER_ORIGIN, str);
        message.getExchange().put(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, Boolean.valueOf(effectiveAllowCredentials(crossOriginResourceSharing)));
    }

    @Override // org.apache.cxf.jaxrs.ext.ResponseHandler
    public Response handleResponse(Message message, OperationResourceInfo operationResourceInfo, Response response) {
        String str = (String) message.getExchange().get(CrossOriginResourceSharingFilter.class.getName());
        if (str == null || str == PREFLIGHT_FAILED) {
            return response;
        }
        Response.ResponseBuilder fromResponse = Response.fromResponse(response);
        fromResponse.header(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN, message.getExchange().get(CorsHeaderConstants.HEADER_ORIGIN));
        fromResponse.header(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, message.getExchange().get(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS));
        if (SIMPLE_REQUEST.equals(str)) {
            List<String> headersFromInput = getHeadersFromInput(message, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS);
            if (headersFromInput != null) {
                addHeaders(fromResponse, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, headersFromInput, false);
            }
            return fromResponse.build();
        }
        String str2 = (String) message.getExchange().get(CorsHeaderConstants.HEADER_AC_MAX_AGE);
        if (str2 != null) {
            fromResponse.header(CorsHeaderConstants.HEADER_AC_MAX_AGE, str2);
        }
        addHeaders(fromResponse, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, getHeadersFromInput(message, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS), false);
        List<String> headersFromInput2 = getHeadersFromInput(message, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS);
        if (headersFromInput2 != null) {
            addHeaders(fromResponse, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS, headersFromInput2, false);
        }
        return fromResponse.build();
    }

    private boolean effectiveAllowAllOrigins(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? crossOriginResourceSharing.allowAllOrigins() : this.allowOrigins.isEmpty();
    }

    private boolean effectiveAllowCredentials(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? crossOriginResourceSharing.allowCredentials() : this.allowCredentials;
    }

    private boolean effectiveAllowOrigins(CrossOriginResourceSharing crossOriginResourceSharing, List<String> list) {
        if (effectiveAllowAllOrigins(crossOriginResourceSharing)) {
            return true;
        }
        List<String> emptyList = Collections.emptyList();
        if (crossOriginResourceSharing != null) {
            emptyList = Arrays.asList(crossOriginResourceSharing.allowOrigins());
        }
        if (emptyList.isEmpty()) {
            emptyList = this.allowOrigins;
        }
        return emptyList.containsAll(list);
    }

    private boolean effectiveAllowAnyHeaders(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? crossOriginResourceSharing.allowHeaders().length == 0 : this.allowHeaders.isEmpty();
    }

    private boolean effectiveAllowHeaders(CrossOriginResourceSharing crossOriginResourceSharing, List<String> list) {
        if (effectiveAllowAnyHeaders(crossOriginResourceSharing)) {
            return true;
        }
        return (crossOriginResourceSharing != null ? Arrays.asList(crossOriginResourceSharing.allowHeaders()) : this.allowHeaders).containsAll(list);
    }

    private List<String> effectiveExposeHeaders(CrossOriginResourceSharing crossOriginResourceSharing) {
        return crossOriginResourceSharing != null ? Arrays.asList(crossOriginResourceSharing.exposeHeaders()) : this.exposeHeaders;
    }

    private Integer effectiveMaxAge(CrossOriginResourceSharing crossOriginResourceSharing) {
        if (crossOriginResourceSharing == null) {
            return this.maxAge;
        }
        int maxAge = crossOriginResourceSharing.maxAge();
        if (maxAge < 0) {
            return null;
        }
        return Integer.valueOf(maxAge);
    }

    private List<String> getHeadersFromInput(Message message, String str) {
        Object obj = message.getExchange().get(str);
        if (obj instanceof List) {
            return (List) obj;
        }
        return null;
    }

    private List<String> getHeaderValues(String str, boolean z) {
        List<String> requestHeader = this.headers.getRequestHeader(str);
        Pattern pattern = z ? SPACE_PATTERN : FIELD_COMMA_PATTERN;
        ArrayList arrayList = new ArrayList();
        if (requestHeader != null) {
            Iterator<String> it = requestHeader.iterator();
            while (it.hasNext()) {
                for (String str2 : pattern.split(it.next())) {
                    arrayList.add(str2.trim());
                }
            }
        }
        return arrayList;
    }

    private void addHeaders(Response.ResponseBuilder responseBuilder, String str, List<String> list, boolean z) {
        responseBuilder.header(str, concatValues(list, z));
    }

    private String concatValues(List<String> list, boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < list.size(); i++) {
            stringBuffer.append(list.get(i));
            if (i != list.size() - 1) {
                if (z) {
                    stringBuffer.append(" ");
                } else {
                    stringBuffer.append(", ");
                }
            }
        }
        return stringBuffer.toString();
    }

    public void setAllowOrigins(List<String> list) {
        this.allowOrigins = list;
    }

    public List<String> getAllowOrigins() {
        return this.allowOrigins;
    }

    public List<String> getAllowHeaders() {
        return this.allowHeaders;
    }

    public void setAllowHeaders(List<String> list) {
        this.allowHeaders = list;
    }

    public List<String> getExposeHeaders() {
        return this.exposeHeaders;
    }

    public Integer getMaxAge() {
        return this.maxAge;
    }

    public boolean isAllowCredentials() {
        return this.allowCredentials;
    }

    public void setAllowCredentials(boolean z) {
        this.allowCredentials = z;
    }

    public void setExposeHeaders(List<String> list) {
        this.exposeHeaders = list;
    }

    public void setMaxAge(Integer num) {
        this.maxAge = num;
    }

    public void setPreflightErrorStatus(Integer num) {
        this.preflightFailStatus = num;
    }

    public boolean isDefaultOptionsMethodsHandlePreflight() {
        return this.defaultOptionsMethodsHandlePreflight;
    }

    public void setDefaultOptionsMethodsHandlePreflight(boolean z) {
        this.defaultOptionsMethodsHandlePreflight = z;
    }
}
