package org.jboss.resteasy.plugins.interceptors;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Response;
import org.apache.xpath.compiler.Keywords;
import org.jboss.resteasy.resteasy_jaxrs.i18n.Messages;

@PreMatching
/* loaded from: input_file:WEB-INF/lib/resteasy-jaxrs-3.0.13.Final.jar:org/jboss/resteasy/plugins/interceptors/CorsFilter.class */
public class CorsFilter implements ContainerRequestFilter, ContainerResponseFilter {
    protected String allowedMethods;
    protected String allowedHeaders;
    protected String exposedHeaders;
    protected boolean allowCredentials = true;
    protected int corsMaxAge = -1;
    protected Set<String> allowedOrigins = new HashSet();

    public Set<String> getAllowedOrigins() {
        return this.allowedOrigins;
    }

    public boolean isAllowCredentials() {
        return this.allowCredentials;
    }

    public void setAllowCredentials(boolean z) {
        this.allowCredentials = z;
    }

    public String getAllowedMethods() {
        return this.allowedMethods;
    }

    public void setAllowedMethods(String str) {
        this.allowedMethods = str;
    }

    public String getAllowedHeaders() {
        return this.allowedHeaders;
    }

    public void setAllowedHeaders(String str) {
        this.allowedHeaders = str;
    }

    public int getCorsMaxAge() {
        return this.corsMaxAge;
    }

    public void setCorsMaxAge(int i) {
        this.corsMaxAge = i;
    }

    public String getExposedHeaders() {
        return this.exposedHeaders;
    }

    public void setExposedHeaders(String str) {
        this.exposedHeaders = str;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString("Origin");
        if (headerString == null) {
            return;
        }
        if (containerRequestContext.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS)) {
            preflight(headerString, containerRequestContext);
        } else {
            checkOrigin(containerRequestContext, headerString);
        }
    }

    @Override // javax.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString("Origin");
        if (headerString == null || containerRequestContext.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS) || containerRequestContext.getProperty("cors.failure") != null) {
            return;
        }
        containerResponseContext.getHeaders().putSingle("Access-Control-Allow-Origin", headerString);
        if (this.allowCredentials) {
            containerResponseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", Keywords.FUNC_TRUE_STRING);
        }
        if (this.exposedHeaders != null) {
            containerResponseContext.getHeaders().putSingle("Access-Control-Expose-Headers", this.exposedHeaders);
        }
    }

    protected void preflight(String str, ContainerRequestContext containerRequestContext) throws IOException {
        checkOrigin(containerRequestContext, str);
        Response.ResponseBuilder ok = Response.ok();
        ok.header("Access-Control-Allow-Origin", str);
        if (this.allowCredentials) {
            ok.header("Access-Control-Allow-Credentials", Keywords.FUNC_TRUE_STRING);
        }
        String headerString = containerRequestContext.getHeaderString("Access-Control-Request-Method");
        if (headerString != null) {
            if (this.allowedMethods != null) {
                headerString = this.allowedMethods;
            }
            ok.header("Access-Control-Allow-Methods", headerString);
        }
        String headerString2 = containerRequestContext.getHeaderString("Access-Control-Request-Headers");
        if (headerString2 != null) {
            if (this.allowedHeaders != null) {
                headerString2 = this.allowedHeaders;
            }
            ok.header("Access-Control-Allow-Headers", headerString2);
        }
        if (this.corsMaxAge > -1) {
            ok.header("Access-Control-Max-Age", Integer.valueOf(this.corsMaxAge));
        }
        containerRequestContext.abortWith(ok.build());
    }

    protected void checkOrigin(ContainerRequestContext containerRequestContext, String str) {
        if (this.allowedOrigins.contains("*") || this.allowedOrigins.contains(str)) {
            return;
        }
        containerRequestContext.setProperty("cors.failure", true);
        throw new ForbiddenException(Messages.MESSAGES.originNotAllowed(str));
    }
}
