package org.springframework.web.cors;

import java.io.IOException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.util.CollectionUtils;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:META-INF/repository/kie-eap-distribution-7.1.0.Beta3.zip:modules/system/layers/bpms/org/springframework/web/3.x/spring-web-4.3.3.RELEASE.jar:org/springframework/web/cors/DefaultCorsProcessor.class */
public class DefaultCorsProcessor implements CorsProcessor {
    private static final Charset UTF8_CHARSET = Charset.forName("UTF-8");
    private static final Log logger = LogFactory.getLog(DefaultCorsProcessor.class);

    @Override // org.springframework.web.cors.CorsProcessor
    public boolean processRequest(CorsConfiguration corsConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!CorsUtils.isCorsRequest(httpServletRequest)) {
            return true;
        }
        ServletServerHttpResponse servletServerHttpResponse = new ServletServerHttpResponse(httpServletResponse);
        if (responseHasCors(servletServerHttpResponse)) {
            logger.debug("Skip CORS processing: response already contains \"Access-Control-Allow-Origin\" header");
            return true;
        }
        ServletServerHttpRequest servletServerHttpRequest = new ServletServerHttpRequest(httpServletRequest);
        if (WebUtils.isSameOrigin(servletServerHttpRequest)) {
            logger.debug("Skip CORS processing: request is from same origin");
            return true;
        }
        boolean isPreFlightRequest = CorsUtils.isPreFlightRequest(httpServletRequest);
        if (corsConfiguration != null) {
            return handleInternal(servletServerHttpRequest, servletServerHttpResponse, corsConfiguration, isPreFlightRequest);
        }
        if (!isPreFlightRequest) {
            return true;
        }
        rejectRequest(servletServerHttpResponse);
        return false;
    }

    private boolean responseHasCors(ServerHttpResponse serverHttpResponse) {
        try {
            return serverHttpResponse.getHeaders().getAccessControlAllowOrigin() != null;
        } catch (NullPointerException e) {
            return false;
        }
    }

    protected void rejectRequest(ServerHttpResponse serverHttpResponse) throws IOException {
        serverHttpResponse.setStatusCode(HttpStatus.FORBIDDEN);
        serverHttpResponse.getBody().write("Invalid CORS request".getBytes(UTF8_CHARSET));
    }

    protected boolean handleInternal(ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse, CorsConfiguration corsConfiguration, boolean z) throws IOException {
        String checkOrigin = checkOrigin(corsConfiguration, serverHttpRequest.getHeaders().getOrigin());
        List<HttpMethod> checkMethods = checkMethods(corsConfiguration, getMethodToUse(serverHttpRequest, z));
        List<String> checkHeaders = checkHeaders(corsConfiguration, getHeadersToUse(serverHttpRequest, z));
        if (checkOrigin == null || checkMethods == null || (z && checkHeaders == null)) {
            rejectRequest(serverHttpResponse);
            return false;
        }
        HttpHeaders headers = serverHttpResponse.getHeaders();
        headers.setAccessControlAllowOrigin(checkOrigin);
        headers.add(HttpHeaders.VARY, HttpHeaders.ORIGIN);
        if (z) {
            headers.setAccessControlAllowMethods(checkMethods);
        }
        if (z && !checkHeaders.isEmpty()) {
            headers.setAccessControlAllowHeaders(checkHeaders);
        }
        if (!CollectionUtils.isEmpty(corsConfiguration.getExposedHeaders())) {
            headers.setAccessControlExposeHeaders(corsConfiguration.getExposedHeaders());
        }
        if (Boolean.TRUE.equals(corsConfiguration.getAllowCredentials())) {
            headers.setAccessControlAllowCredentials(true);
        }
        if (z && corsConfiguration.getMaxAge() != null) {
            headers.setAccessControlMaxAge(corsConfiguration.getMaxAge().longValue());
        }
        serverHttpResponse.flush();
        return true;
    }

    protected String checkOrigin(CorsConfiguration corsConfiguration, String str) {
        return corsConfiguration.checkOrigin(str);
    }

    protected List<HttpMethod> checkMethods(CorsConfiguration corsConfiguration, HttpMethod httpMethod) {
        return corsConfiguration.checkHttpMethod(httpMethod);
    }

    private HttpMethod getMethodToUse(ServerHttpRequest serverHttpRequest, boolean z) {
        return z ? serverHttpRequest.getHeaders().getAccessControlRequestMethod() : serverHttpRequest.getMethod();
    }

    protected List<String> checkHeaders(CorsConfiguration corsConfiguration, List<String> list) {
        return corsConfiguration.checkHeaders(list);
    }

    private List<String> getHeadersToUse(ServerHttpRequest serverHttpRequest, boolean z) {
        HttpHeaders headers = serverHttpRequest.getHeaders();
        return z ? headers.getAccessControlRequestHeaders() : new ArrayList(headers.keySet());
    }
}
