package org.restlet.engine.application;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Logger;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.Method;
import org.restlet.data.Status;
import org.restlet.engine.util.SetUtils;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-493.zip:modules/system/layers/fuse/org/restlet/main/org.restlet-2.3.6.jar:org/restlet/engine/application/CorsResponseHelper.class */
public class CorsResponseHelper {
    private static Logger LOGGER = Context.getCurrentLogger();
    public boolean allowAllRequestedHeaders = true;
    public boolean allowedCredentials = false;
    public Set<String> allowedHeaders = null;
    public Set<String> allowedOrigins = SetUtils.newHashSet("*");
    public Set<String> exposedHeaders = null;

    public void addCorsResponseHeaders(Request request, Response response) {
        String firstValue = request.getHeaders().getFirstValue("Origin", true);
        if (firstValue == null) {
            return;
        }
        HashSet hashSet = new HashSet(response.getAllowedMethods());
        response.getAllowedMethods().clear();
        if (!this.allowedOrigins.contains("*") && !this.allowedOrigins.contains(firstValue)) {
            LOGGER.fine("Origin " + firstValue + " not allowed for CORS request");
            return;
        }
        if (Method.OPTIONS.equals(request.getMethod())) {
            if (!Status.SUCCESS_OK.equals(response.getStatus()) && !Status.SUCCESS_NO_CONTENT.equals(response.getStatus()) && !Status.CLIENT_ERROR_METHOD_NOT_ALLOWED.equals(response.getStatus())) {
                LOGGER.fine("The CORS preflight request failed in server resource.");
                return;
            }
            response.setStatus(Status.SUCCESS_OK);
            Method accessControlRequestMethod = request.getAccessControlRequestMethod();
            if (accessControlRequestMethod == null) {
                LOGGER.fine("A CORS preflight request should specified header 'Access-Control-Request-Method'");
                return;
            }
            if (!hashSet.contains(accessControlRequestMethod)) {
                LOGGER.fine("The CORS preflight request ask for methods not allowed in header 'Access-Control-Request-Method'");
                return;
            }
            Set<String> accessControlRequestHeaders = request.getAccessControlRequestHeaders();
            if (accessControlRequestHeaders == null) {
                accessControlRequestHeaders = SetUtils.newHashSet(new Object[0]);
            }
            if (!this.allowAllRequestedHeaders && (this.allowedHeaders == null || !isAllHeadersAllowed(this.allowedHeaders, accessControlRequestHeaders))) {
                LOGGER.fine("The CORS preflight request ask for headers not allowed in header 'Access-Control-Request-Headers'");
                return;
            } else {
                response.setAccessControlAllowMethods(hashSet);
                response.setAccessControlAllowHeaders(accessControlRequestHeaders);
            }
        } else if (this.exposedHeaders != null && !this.exposedHeaders.isEmpty()) {
            response.setAccessControlExposeHeaders(this.exposedHeaders);
        }
        if (this.allowedCredentials) {
            response.setAccessControlAllowCredentials(true);
        }
        if (this.allowedCredentials || !this.allowedOrigins.contains("*")) {
            response.setAccessControlAllowOrigin(firstValue);
        } else {
            response.setAccessControlAllowOrigin("*");
        }
    }

    public Set<String> getAllowedHeaders() {
        return this.allowedHeaders;
    }

    public Set<String> getAllowedOrigins() {
        return this.allowedOrigins;
    }

    public Set<String> getExposedHeaders() {
        return this.exposedHeaders;
    }

    private boolean isAllHeadersAllowed(Set<String> set, Set<String> set2) {
        for (String str : set2) {
            boolean z = false;
            Iterator<String> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().equalsIgnoreCase(str)) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    public boolean isAllowAllRequestedHeaders() {
        return this.allowAllRequestedHeaders;
    }

    public boolean isAllowedCredentials() {
        return this.allowedCredentials;
    }

    public boolean isCorsRequest(Request request) {
        return request.getHeaders().getFirstValue("Origin", true) != null;
    }

    public void setAllowAllRequestedHeaders(boolean z) {
        this.allowAllRequestedHeaders = z;
    }

    public void setAllowedCredentials(boolean z) {
        this.allowedCredentials = z;
    }

    public void setAllowedHeaders(Set<String> set) {
        this.allowedHeaders = set;
    }

    public void setAllowedOrigins(Set<String> set) {
        this.allowedOrigins = set;
    }

    public void setExposedHeaders(Set<String> set) {
        this.exposedHeaders = set;
    }
}
