package org.elasticsearch.http.netty.cors;

import java.util.HashSet;
import java.util.Iterator;
import org.elasticsearch.common.Strings;
import org.elasticsearch.rest.support.RestUtils;
import org.jboss.netty.channel.ChannelFutureListener;
import org.jboss.netty.channel.ChannelHandlerContext;
import org.jboss.netty.channel.MessageEvent;
import org.jboss.netty.channel.SimpleChannelUpstreamHandler;
import org.jboss.netty.handler.codec.http.DefaultHttpResponse;
import org.jboss.netty.handler.codec.http.HttpHeaders;
import org.jboss.netty.handler.codec.http.HttpMethod;
import org.jboss.netty.handler.codec.http.HttpRequest;
import org.jboss.netty.handler.codec.http.HttpResponse;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;

/* loaded from: input_file:lib/elasticsearch-2.3.2.jar:org/elasticsearch/http/netty/cors/CorsHandler.class */
public class CorsHandler extends SimpleChannelUpstreamHandler {
    public static final String ANY_ORIGIN = "*";
    private final CorsConfig config;
    private HttpRequest request;

    public CorsHandler(CorsConfig corsConfig) {
        if (corsConfig == null) {
            throw new IllegalArgumentException("Config cannot be null");
        }
        this.config = corsConfig;
    }

    @Override // org.jboss.netty.channel.SimpleChannelUpstreamHandler
    public void messageReceived(ChannelHandlerContext channelHandlerContext, MessageEvent messageEvent) throws Exception {
        if (this.config.isCorsSupportEnabled() && (messageEvent.getMessage() instanceof HttpRequest)) {
            this.request = (HttpRequest) messageEvent.getMessage();
            if (RestUtils.isBrowser(this.request.headers().get("User-Agent"))) {
                if (isPreflightRequest(this.request)) {
                    handlePreflight(channelHandlerContext, this.request);
                    return;
                } else if (this.config.isShortCircuit() && !validateOrigin()) {
                    forbidden(channelHandlerContext, this.request);
                    return;
                }
            }
        }
        super.messageReceived(channelHandlerContext, messageEvent);
    }

    public static void setCorsResponseHeaders(HttpRequest httpRequest, HttpResponse httpResponse, CorsConfig corsConfig) {
        if (corsConfig.isCorsSupportEnabled()) {
            String str = httpRequest.headers().get("Origin");
            if (!Strings.isNullOrEmpty(str)) {
                String str2 = corsConfig.isAnyOriginSupported() ? "*" : corsConfig.isOriginAllowed(str) ? str : null;
                if (str2 != null) {
                    httpResponse.headers().add("Access-Control-Allow-Origin", str2);
                }
            }
            if (corsConfig.isCredentialsAllowed()) {
                httpResponse.headers().add("Access-Control-Allow-Credentials", "true");
            }
        }
    }

    private void handlePreflight(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        DefaultHttpResponse defaultHttpResponse = new DefaultHttpResponse(httpRequest.getProtocolVersion(), HttpResponseStatus.OK);
        if (!setOrigin(defaultHttpResponse)) {
            forbidden(channelHandlerContext, httpRequest);
            return;
        }
        setAllowMethods(defaultHttpResponse);
        setAllowHeaders(defaultHttpResponse);
        setAllowCredentials(defaultHttpResponse);
        setMaxAge(defaultHttpResponse);
        setPreflightHeaders(defaultHttpResponse);
        channelHandlerContext.getChannel().write(defaultHttpResponse).addListener(ChannelFutureListener.CLOSE);
    }

    private static void forbidden(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        channelHandlerContext.getChannel().write(new DefaultHttpResponse(httpRequest.getProtocolVersion(), HttpResponseStatus.FORBIDDEN)).addListener(ChannelFutureListener.CLOSE);
    }

    private void setPreflightHeaders(HttpResponse httpResponse) {
        httpResponse.headers().add(this.config.preflightResponseHeaders());
    }

    private boolean setOrigin(HttpResponse httpResponse) {
        String str = this.request.headers().get("Origin");
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        if ("null".equals(str) && this.config.isNullOriginAllowed()) {
            setAnyOrigin(httpResponse);
            return true;
        }
        if (!this.config.isAnyOriginSupported()) {
            if (!this.config.isOriginAllowed(str)) {
                return false;
            }
            setOrigin(httpResponse, str);
            setVaryHeader(httpResponse);
            return true;
        }
        if (!this.config.isCredentialsAllowed()) {
            setAnyOrigin(httpResponse);
            return true;
        }
        echoRequestOrigin(httpResponse);
        setVaryHeader(httpResponse);
        return true;
    }

    private boolean validateOrigin() {
        if (this.config.isAnyOriginSupported()) {
            return true;
        }
        String str = this.request.headers().get("Origin");
        if (Strings.isNullOrEmpty(str)) {
            return true;
        }
        if ("null".equals(str) && this.config.isNullOriginAllowed()) {
            return true;
        }
        return this.config.isOriginAllowed(str);
    }

    private void echoRequestOrigin(HttpResponse httpResponse) {
        setOrigin(httpResponse, this.request.headers().get("Origin"));
    }

    private static void setVaryHeader(HttpResponse httpResponse) {
        httpResponse.headers().set("Vary", "Origin");
    }

    private static void setAnyOrigin(HttpResponse httpResponse) {
        setOrigin(httpResponse, "*");
    }

    private static void setOrigin(HttpResponse httpResponse, String str) {
        httpResponse.headers().set("Access-Control-Allow-Origin", str);
    }

    private void setAllowCredentials(HttpResponse httpResponse) {
        if (!this.config.isCredentialsAllowed() || httpResponse.headers().get("Access-Control-Allow-Origin").equals("*")) {
            return;
        }
        httpResponse.headers().set("Access-Control-Allow-Credentials", "true");
    }

    private static boolean isPreflightRequest(HttpRequest httpRequest) {
        HttpHeaders headers = httpRequest.headers();
        return httpRequest.getMethod().equals(HttpMethod.OPTIONS) && headers.contains("Origin") && headers.contains("Access-Control-Request-Method");
    }

    private void setAllowMethods(HttpResponse httpResponse) {
        HashSet hashSet = new HashSet();
        Iterator<HttpMethod> it = this.config.allowedRequestMethods().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName().trim());
        }
        httpResponse.headers().set("Access-Control-Allow-Methods", (Iterable<?>) hashSet);
    }

    private void setAllowHeaders(HttpResponse httpResponse) {
        httpResponse.headers().set("Access-Control-Allow-Headers", (Iterable<?>) this.config.allowedRequestHeaders());
    }

    private void setMaxAge(HttpResponse httpResponse) {
        httpResponse.headers().set("Access-Control-Max-Age", Long.valueOf(this.config.maxAge()));
    }
}
