package org.jenkinsci.plugins.corsfilter;

import com.google.inject.Injector;
import hudson.Extension;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import hudson.model.Describable;
import hudson.model.Descriptor;
import hudson.util.PluginServletFilter;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.StaplerRequest;

@Extension
/* loaded from: input_file:org/jenkinsci/plugins/corsfilter/AccessControlsFilter.class */
public class AccessControlsFilter implements Filter, Describable<AccessControlsFilter> {

    @Extension
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();
    private static final Logger LOGGER = Logger.getLogger(AccessControlsFilter.class.getCanonicalName());
    private static final String PREFLIGHT_REQUEST = "OPTIONS";
    private List<String> allowedOriginsList = null;

    /* loaded from: input_file:org/jenkinsci/plugins/corsfilter/AccessControlsFilter$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<AccessControlsFilter> {
        private boolean enabled;
        private String allowedOrigins;
        private String allowedMethods;

        public DescriptorImpl() {
            load();
        }

        public String getDisplayName() {
            return "CORS Filter";
        }

        public boolean configure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            this.enabled = jSONObject.getBoolean("enabled");
            this.allowedOrigins = jSONObject.getString("allowedOrigins");
            this.allowedMethods = jSONObject.getString("allowedMethods");
            save();
            return super.configure(staplerRequest, jSONObject);
        }

        public boolean isEnabled() {
            return this.enabled;
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        public String getAllowedOrigins() {
            return this.allowedOrigins;
        }

        public void setAllowedOrigins(String str) {
            this.allowedOrigins = str;
        }

        public String getAllowedMethods() {
            return this.allowedMethods;
        }

        public void setAllowedMethods(String str) {
            this.allowedMethods = str;
        }
    }

    @Initializer(after = InitMilestone.JOB_LOADED)
    public static void init() throws ServletException {
        Injector injector = Jenkins.getInstance().getInjector();
        if (injector == null) {
            return;
        }
        PluginServletFilter.addFilter((Filter) injector.getInstance(AccessControlsFilter.class));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletResponse instanceof HttpServletResponse) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if ((servletRequest instanceof HttpServletRequest) && m1getDescriptor().isEnabled()) {
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                processAccessControls(httpServletRequest, httpServletResponse);
                if (httpServletRequest.getMethod().equals(PREFLIGHT_REQUEST)) {
                    httpServletResponse.setStatus(200);
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void processAccessControls(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("Origin");
        if (header == null || !isAllowed(header.trim())) {
            return;
        }
        httpServletResponse.addHeader("Access-Control-Allow-Methods", m1getDescriptor().getAllowedMethods());
        httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
    }

    private boolean isAllowed(String str) {
        if (this.allowedOriginsList == null) {
            String allowedOrigins = m1getDescriptor().getAllowedOrigins();
            if (allowedOrigins == null || allowedOrigins.trim().isEmpty()) {
                this.allowedOriginsList = Collections.EMPTY_LIST;
            } else {
                this.allowedOriginsList = Arrays.asList(allowedOrigins.split(","));
            }
        }
        if (this.allowedOriginsList.contains("*")) {
            return true;
        }
        for (int i = 0; i < this.allowedOriginsList.size(); i++) {
            if (this.allowedOriginsList.get(i).equals(str)) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m1getDescriptor() {
        return DESCRIPTOR;
    }
}
