package restx.security;

import com.google.common.base.Joiner;
import com.google.common.base.Optional;
import com.google.common.collect.ImmutableMap;
import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import org.simpleframework.http.Method;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import restx.RestxContext;
import restx.RestxFilter;
import restx.RestxHandler;
import restx.RestxHandlerMatch;
import restx.RestxRequest;
import restx.RestxRequestMatch;
import restx.RestxResponse;
import restx.StdRestxRequestMatch;
import restx.factory.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/restx-core-0.33.2.jar:restx/security/CORSFilter.class */
public class CORSFilter extends CORSHandler implements RestxFilter, RestxHandler {
    private static final Logger logger = LoggerFactory.getLogger(CORSFilter.class);
    private static final Collection<String> SIMPLE_METHODS = Arrays.asList(Method.GET, Method.HEAD, Method.POST);
    private final Iterable<CORSAuthorizer> authorizers;

    public CORSFilter(Iterable<CORSAuthorizer> iterable) {
        this.authorizers = iterable;
    }

    @Override // restx.RestxHandlerMatcher
    public Optional<RestxHandlerMatch> match(RestxRequest restxRequest) {
        Optional<String> header = restxRequest.getHeader(HttpHeaders.ORIGIN);
        if (!header.isPresent() || !isSimpleCORSRequest(restxRequest)) {
            return Optional.absent();
        }
        CORS check = CORS.check(this.authorizers, restxRequest, header.get(), restxRequest.getHttpMethod(), restxRequest.getRestxPath());
        if (check.isAccepted()) {
            return Optional.of(new RestxHandlerMatch(new StdRestxRequestMatch(Marker.ANY_MARKER, restxRequest.getRestxPath(), ImmutableMap.of(), ImmutableMap.of("cors", check)), this));
        }
        logger.info("Unauthorized CORS request; Origin={}; Method={}", header.get(), restxRequest.getHttpMethod());
        return unauthorized(restxRequest);
    }

    protected boolean isSimpleCORSRequest(RestxRequest restxRequest) {
        if (!SIMPLE_METHODS.contains(restxRequest.getHttpMethod())) {
            return false;
        }
        Optional<String> header = restxRequest.getHeader(HttpHeaders.ORIGIN);
        if (!header.isPresent()) {
            return false;
        }
        if (Method.POST.equals(restxRequest.getHttpMethod()) && !Arrays.asList("application/x-www-form-urlencoded", "multipart/form-data", "text/plain").contains(restxRequest.getContentType())) {
            return false;
        }
        Optional<String> header2 = restxRequest.getHeader("Host");
        if (!header2.isPresent() || !header.get().endsWith(header2.get())) {
            return true;
        }
        logger.debug("Same Origin request not considered as CORS Request: {}", restxRequest);
        return false;
    }

    @Override // restx.RestxHandler
    public void handle(RestxRequestMatch restxRequestMatch, RestxRequest restxRequest, RestxResponse restxResponse, RestxContext restxContext) throws IOException {
        AcceptedCORS acceptedCORS = (AcceptedCORS) restxRequestMatch.getOtherParams().get("cors");
        restxResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, acceptedCORS.getOrigin());
        if (!acceptedCORS.getHeaders().isEmpty()) {
            restxResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, Joiner.on(", ").join(acceptedCORS.getHeaders()));
        }
        if (!acceptedCORS.getMethods().isEmpty()) {
            restxResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, Joiner.on(", ").join(acceptedCORS.getMethods()));
        }
        if (acceptedCORS.getAllowCredentials().or((Optional<Boolean>) false).booleanValue()) {
            restxResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        }
        restxContext.nextHandlerMatch().handle(restxRequest, restxResponse, restxContext);
    }

    public String toString() {
        return "CORSFilter";
    }
}
