package org.komodo.rest.cors.rest2;

import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.jboss.resteasy.annotations.interception.ServerInterceptor;
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PostProcessInterceptor;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
import org.komodo.rest.cors.ForbiddenException;
import org.komodo.rest.cors.KCorsHandler;

@Provider
@ServerInterceptor
/* loaded from: input_file:WEB-INF/classes/org/komodo/rest/cors/rest2/KCorsInterceptor.class */
public class KCorsInterceptor implements PreProcessInterceptor, PostProcessInterceptor, KCorsHandler {
    private String allowedMethods;
    private String allowedHeaders;
    private String exposedHeaders;
    private static final ThreadLocal<String> REQUEST_ORIGIN = new ThreadLocal<>();
    private boolean allowCredentials = true;
    private int corsMaxAge = -1;
    private Set<String> allowedOrigins = new HashSet();

    @Override // org.komodo.rest.cors.KCorsHandler
    public Set<String> getAllowedOrigins() {
        return this.allowedOrigins;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public boolean isAllowCredentials() {
        return this.allowCredentials;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public void setAllowCredentials(boolean z) {
        this.allowCredentials = z;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public String getAllowedMethods() {
        return this.allowedMethods;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public void setAllowedMethods(String str) {
        this.allowedMethods = str;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public String getAllowedHeaders() {
        return this.allowedHeaders;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public void setAllowedHeaders(String str) {
        this.allowedHeaders = str;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public int getCorsMaxAge() {
        return this.corsMaxAge;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public void setCorsMaxAge(int i) {
        this.corsMaxAge = i;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public String getExposedHeaders() {
        return this.exposedHeaders;
    }

    @Override // org.komodo.rest.cors.KCorsHandler
    public void setExposedHeaders(String str) {
        this.exposedHeaders = str;
    }

    public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
        String first = httpRequest.getHttpHeaders().getRequestHeaders().getFirst("Origin");
        REQUEST_ORIGIN.set(first);
        if (first == null) {
            return null;
        }
        if (isOption(resourceMethod.getMethod())) {
            return preflight(first, httpRequest);
        }
        checkOrigin(httpRequest, first);
        return null;
    }

    private boolean isOption(Method method) {
        if (method == null) {
            return false;
        }
        return method.getName().equalsIgnoreCase("OPTIONS");
    }

    public void postProcess(ServerResponse serverResponse) {
        MultivaluedMap metadata = serverResponse.getMetadata();
        String str = REQUEST_ORIGIN.get();
        if (str == null || isOption(serverResponse.getResourceMethod())) {
            return;
        }
        metadata.putSingle("Access-Control-Allow-Origin", str);
        if (this.allowCredentials) {
            metadata.putSingle("Access-Control-Allow-Credentials", "true");
        }
        if (this.exposedHeaders != null) {
            metadata.putSingle("Access-Control-Expose-Headers", this.exposedHeaders);
        }
    }

    protected ServerResponse preflight(String str, HttpRequest httpRequest) {
        checkOrigin(httpRequest, str);
        Response.ResponseBuilder ok = Response.ok();
        ok.header("Access-Control-Allow-Origin", str);
        if (this.allowCredentials) {
            ok.header("Access-Control-Allow-Credentials", "true");
        }
        MultivaluedMap<String, String> requestHeaders = httpRequest.getHttpHeaders().getRequestHeaders();
        String first = requestHeaders.getFirst("Access-Control-Request-Method");
        if (first != null) {
            if (this.allowedMethods != null) {
                first = this.allowedMethods;
            }
            ok.header("Access-Control-Allow-Methods", first);
        }
        String first2 = requestHeaders.getFirst("Access-Control-Request-Headers");
        if (first2 != null) {
            if (this.allowedHeaders != null) {
                first2 = this.allowedHeaders;
            }
            ok.header("Access-Control-Allow-Headers", first2);
        }
        if (this.corsMaxAge > -1) {
            ok.header("Access-Control-Max-Age", Integer.valueOf(this.corsMaxAge));
        }
        return ServerResponse.copyIfNotServerResponse(ok.build());
    }

    protected void checkOrigin(HttpRequest httpRequest, String str) {
        if (this.allowedOrigins.contains("*") || str == null || this.allowedOrigins.contains(str)) {
            return;
        }
        httpRequest.setAttribute("cors.failure", true);
        throw new ForbiddenException("Origin not allowed: " + str);
    }
}
