package org.frankframework.web.filters;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Supplier;
import org.frankframework.util.StringUtil;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsUtils;

/* loaded from: input_file:org/frankframework/web/filters/CorsFilter.class */
public class CorsFilter implements Filter {

    @Value("${iaf-api.cors.allowOrigin:*}")
    private String allowedCorsOrigins;

    @Value("${iaf-api.cors.exposeHeaders:Allow, ETag, Content-Disposition}")
    private String exposedCorsHeaders;

    @Value("${iaf-api.cors.allowMethods:GET, POST, PUT, DELETE, OPTIONS, HEAD}")
    private String allowedCorsMethods;

    @Value("${iaf-api.cors.enforced:false}")
    private boolean enforceCORS;
    private final Logger secLog = LogManager.getLogger("SEC");
    private final Logger log = LogManager.getLogger(this);
    private final CorsConfiguration config = new CorsConfiguration();

    public void init(FilterConfig filterConfig) throws ServletException {
        for (String str : StringUtil.split(this.allowedCorsOrigins)) {
            if ("*".equals(str) || !str.contains("*")) {
                this.config.addAllowedOrigin(str);
            } else {
                this.config.addAllowedOriginPattern(str);
            }
        }
        Logger logger = this.log;
        CorsConfiguration corsConfiguration = this.config;
        Objects.requireNonNull(corsConfiguration);
        CorsConfiguration corsConfiguration2 = this.config;
        Objects.requireNonNull(corsConfiguration2);
        logger.debug("whitelisted CORS origins: {} and patterns: {}", new Supplier[]{corsConfiguration::getAllowedOrigins, corsConfiguration2::getAllowedOriginPatterns});
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.enforceCORS && CorsUtils.isCorsRequest(httpServletRequest)) {
            String header = httpServletRequest.getHeader("Origin");
            String checkOrigin = this.config.checkOrigin(header);
            if (checkOrigin == null) {
                this.secLog.info("host[{}] tried to access uri[{}] with origin[{}] but was blocked due to CORS restrictions", httpServletRequest.getRemoteHost(), httpServletRequest.getPathInfo(), header);
                this.log.warn("blocked request with origin [{}]", header);
                httpServletResponse.setStatus(400);
                return;
            } else {
                httpServletResponse.setHeader("Access-Control-Allow-Origin", checkOrigin);
                String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
                if (header2 != null) {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", header2);
                }
                httpServletResponse.setHeader("Access-Control-Expose-Headers", this.exposedCorsHeaders);
                httpServletResponse.setHeader("Access-Control-Allow-Methods", this.allowedCorsMethods);
                httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
            }
        }
        if (!CorsUtils.isPreFlightRequest(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setHeader("Allow", this.allowedCorsMethods);
            httpServletResponse.setStatus(200);
        }
    }

    public void destroy() {
    }
}
