package com.adobe.granite.cors.impl;

import com.adobe.granite.toggle.api.ToggleRouter;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.http.whiteboard.Preprocessor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Preprocessor.class, Filter.class}, property = {"path=/", "osgi.http.whiteboard.filter.regex=/.*", "osgi.http.whiteboard.context.select=(osgi.http.whiteboard.context.name=*)", "service.ranking:Integer=0", "service.description:String=Cross-Origin Resource Sharing Handler", "sling.filter.pattern=/.*", "sling.filter.scope=FORWARD"})
/* loaded from: input_file:com/adobe/granite/cors/impl/CORSFilter.class */
public class CORSFilter implements Preprocessor, Filter {
    public static final String FT_GRANITE_44260 = "FT_GRANITE-44260";
    private static final int MAX_HEADERS = 1000;

    @Reference
    private ToggleRouter toggleRouter;
    private Logger log = LoggerFactory.getLogger(getClass());
    private Set<CORSPolicy> policies = Collections.newSetFromMap(new ConcurrentHashMap());

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        CORSRequest detect = CORSRequest.detect(httpServletRequest);
        if (detect == null) {
            logRequest(httpServletRequest, "Ignoring request, no Origin header or it points to this host");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        CORSPolicy matchingPolicy = getMatchingPolicy(detect);
        if (matchingPolicy == null) {
            logDenial(httpServletRequest, "No matching policy found for preflight request", new Object[0]);
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setStatus(204);
            httpServletResponse.flushBuffer();
            return;
        }
        if (detect.isPreflight()) {
            logRequest(httpServletRequest, "Detected CORS preflight request");
            httpServletResponse.setStatus(204);
            handlePreflightRequest(detect, httpServletRequest, httpServletResponse, matchingPolicy);
        } else {
            logRequest(httpServletRequest, "Detected CORS request");
            handleCORSRequest(detect, httpServletResponse, matchingPolicy);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    private void handlePreflightRequest(CORSRequest cORSRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, CORSPolicy cORSPolicy) {
        if (httpServletRequest.getHeader(CORSConstants.HEADER_ACCESS_CONTROL_REQUEST_METHOD) == null) {
            logDenial(httpServletRequest, "Missing Access-Control-Request-Method header in preflight request", new Object[0]);
            return;
        }
        if (cORSPolicy.supportsCredentials()) {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, cORSRequest.getOrigin());
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        } else {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, cORSPolicy.allowsAnyOrigin() ? CORSConstants.VALUE_ANY : cORSRequest.getOrigin());
        }
        httpServletResponse.addHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_METHODS, cORSPolicy.getSupportedMethodList());
        String header = httpServletRequest.getHeader(CORSConstants.HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
        if (!cORSPolicy.supportsAnyHeader() || header == null) {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_HEADERS, cORSPolicy.getSupportedHeaderList());
        } else {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_HEADERS, header);
        }
        if (cORSPolicy.getMaxAge() > 0) {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_MAX_AGE, Integer.toString(cORSPolicy.getMaxAge()));
        }
    }

    private void handleCORSRequest(CORSRequest cORSRequest, HttpServletResponse httpServletResponse, CORSPolicy cORSPolicy) {
        if (cORSPolicy.supportsCredentials()) {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, cORSRequest.getOrigin());
        } else {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, cORSPolicy.allowsAnyOrigin() ? CORSConstants.VALUE_ANY : cORSRequest.getOrigin());
        }
        if (cORSPolicy.hasExposedHeaders()) {
            httpServletResponse.setHeader(CORSConstants.HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, cORSPolicy.getExposedHeaderList());
        }
        if (this.toggleRouter.isEnabled(FT_GRANITE_44260)) {
            httpServletResponse.setHeader(CORSConstants.HEADER_VARY, CORSConstants.HEADER_ORIGIN);
        }
    }

    String[] parseHeaderValues(String str) {
        if (str == null) {
            return new String[0];
        }
        String trim = str.trim();
        return trim.isEmpty() ? new String[0] : trim.split("\\s*,\\s*|\\s+", MAX_HEADERS);
    }

    private CORSPolicy getMatchingPolicy(CORSRequest cORSRequest) {
        for (CORSPolicy cORSPolicy : this.policies) {
            if (cORSPolicy.allowsOrigin(cORSRequest.getOrigin()) && cORSPolicy.allowsPath(cORSRequest.getPath())) {
                return cORSPolicy;
            }
        }
        return null;
    }

    private void logRequest(HttpServletRequest httpServletRequest, String str) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("{}: {} {}", new Object[]{str, httpServletRequest.getMethod(), httpServletRequest.getRequestURI()});
        }
    }

    private void logDenial(HttpServletRequest httpServletRequest, String str, Object... objArr) {
        if (this.log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append(str).append(". [");
            sb.append(CORSConstants.HEADER_ORIGIN).append(" = ");
            sb.append(httpServletRequest.getHeader(CORSConstants.HEADER_ORIGIN));
            sb.append(", Method = ");
            sb.append(httpServletRequest.getMethod());
            String header = httpServletRequest.getHeader(CORSConstants.HEADER_ACCESS_CONTROL_REQUEST_METHOD);
            if (header != null) {
                sb.append(", ").append(CORSConstants.HEADER_ACCESS_CONTROL_REQUEST_METHOD).append(" = ");
                sb.append(header);
            }
            String header2 = httpServletRequest.getHeader(CORSConstants.HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
            if (header2 != null) {
                sb.append(", ").append(CORSConstants.HEADER_ACCESS_CONTROL_REQUEST_HEADERS).append(" = ");
                sb.append(header2);
            }
            sb.append("]");
            this.log.debug(sb.toString(), objArr);
        }
    }

    @Reference(name = "policies", service = CORSPolicy.class, cardinality = ReferenceCardinality.AT_LEAST_ONE, policy = ReferencePolicy.DYNAMIC, unbind = "unbindCORSPolicy")
    protected void bindCORSPolicy(CORSPolicy cORSPolicy) {
        this.policies.add(cORSPolicy);
    }

    protected void unbindCORSPolicy(CORSPolicy cORSPolicy) {
        this.policies.remove(cORSPolicy);
    }
}
