package org.eclipse.sw360.rest.common;

import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;

@Configuration
@Order(Integer.MIN_VALUE)
/* loaded from: input_file:org/eclipse/sw360/rest/common/Sw360CORSFilter.class */
public abstract class Sw360CORSFilter implements Filter {

    @Value("${sw360.cors.allowed-origin:}")
    private String allowedOrigin;

    @Value("${sw360.cors.max-age:3600}")
    private String accessControlMaxAge;

    @Value("${sw360.cors.allow-credentials:true}")
    private String accessControlAllowCredentials;
    private static final String ALLOWED_HTTP_METHODS = allowedHttpMethods();
    private static final String ALLOWED_HTTP_HEADERS = allowedHttpHeaders();

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.allowedOrigin == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        setCORSHeader(httpServletResponse);
        if (((HttpServletRequest) servletRequest).getMethod().equalsIgnoreCase(HttpMethod.OPTIONS.name())) {
            httpServletResponse.setStatus(200);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }

    private void setCORSHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", this.allowedOrigin);
        httpServletResponse.setHeader("Access-Control-Allow-Methods", ALLOWED_HTTP_METHODS);
        httpServletResponse.setHeader("Access-Control-Max-Age", this.accessControlMaxAge);
        httpServletResponse.setHeader("Access-Control-Allow-Headers", ALLOWED_HTTP_HEADERS);
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", this.accessControlAllowCredentials);
    }

    private static String allowedHttpMethods() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(HttpMethod.GET.name());
        arrayList.add(HttpMethod.POST.name());
        arrayList.add(HttpMethod.DELETE.name());
        arrayList.add(HttpMethod.PATCH.name());
        return String.join(",", arrayList);
    }

    private static String allowedHttpHeaders() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Content-Type");
        arrayList.add("Authorization");
        return String.join(",", arrayList);
    }
}
