package org.frankframework.console.filters;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Supplier;
import org.frankframework.util.StringUtil;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsUtils;

/* loaded from: input_file:org/frankframework/console/filters/CorsFilter.class */
public class CorsFilter implements Filter {

    @Value("${cors.origin:*}")
    private String allowedCorsOrigins;

    @Value("${cors.exposeHeaders:Allow, ETag, Content-Disposition}")
    private String exposedCorsHeaders;

    @Value("${cors.allowMethods:GET, POST, PUT, DELETE, OPTIONS, HEAD}")
    private String allowedCorsMethods;

    @Value("${cors.enforced:false}")
    private boolean enforceCORS;
    private static final String SEC_LOG_MESSAGE = "host [{}] tried to access uri [{}] with origin header [{}]. The request was {} due to CORS restrictions, allowed origins [{}]";
    private final Logger secLog = LogManager.getLogger("SEC");
    private final Logger log = LogManager.getLogger(this);
    private final CorsConfiguration config = new CorsConfiguration();

    public void init(FilterConfig filterConfig) throws ServletException {
        for (String str : StringUtil.split(this.allowedCorsOrigins)) {
            if ("*".equals(str) || !str.contains("*")) {
                this.config.addAllowedOrigin(str);
            } else {
                this.config.addAllowedOriginPattern(str);
            }
        }
        Stream stream = StringUtil.split(this.allowedCorsMethods).stream();
        CorsConfiguration corsConfiguration = this.config;
        Objects.requireNonNull(corsConfiguration);
        stream.forEach(corsConfiguration::addAllowedMethod);
        Stream stream2 = StringUtil.split(this.exposedCorsHeaders).stream();
        CorsConfiguration corsConfiguration2 = this.config;
        Objects.requireNonNull(corsConfiguration2);
        stream2.forEach(corsConfiguration2::addExposedHeader);
        this.config.applyPermitDefaultValues();
        this.exposedCorsHeaders = String.join(",", this.config.getExposedHeaders());
        this.allowedCorsMethods = String.join(",", this.config.getAllowedMethods());
        Logger logger = this.log;
        CorsConfiguration corsConfiguration3 = this.config;
        Objects.requireNonNull(corsConfiguration3);
        CorsConfiguration corsConfiguration4 = this.config;
        Objects.requireNonNull(corsConfiguration4);
        logger.debug("whitelisted CORS origins: {} and patterns: {}", new Supplier[]{corsConfiguration3::getAllowedOrigins, corsConfiguration4::getAllowedOriginPatterns});
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (CorsUtils.isCorsRequest(httpServletRequest)) {
            String header = httpServletRequest.getHeader("Origin");
            String checkOrigin = this.config.checkOrigin(header);
            if (this.enforceCORS) {
                if (checkOrigin == null) {
                    Logger logger = this.secLog;
                    Objects.requireNonNull(httpServletRequest);
                    Objects.requireNonNull(httpServletRequest);
                    logger.info(SEC_LOG_MESSAGE, new Supplier[]{httpServletRequest::getRemoteHost, httpServletRequest::getPathInfo, () -> {
                        return header;
                    }, () -> {
                        return "BLOCKED";
                    }, () -> {
                        return this.allowedCorsOrigins;
                    }});
                    this.log.warn("blocked request with origin [{}]", header);
                    httpServletResponse.setStatus(400);
                    return;
                }
                setResponseHeaders(httpServletRequest, httpServletResponse, checkOrigin);
            } else if (checkOrigin == null) {
                Logger logger2 = this.secLog;
                Objects.requireNonNull(httpServletRequest);
                Objects.requireNonNull(httpServletRequest);
                logger2.info(SEC_LOG_MESSAGE, new Supplier[]{httpServletRequest::getRemoteHost, httpServletRequest::getPathInfo, () -> {
                    return header;
                }, () -> {
                    return "FLAGGED";
                }, () -> {
                    return this.allowedCorsOrigins;
                }});
                this.log.warn("flagged request with origin [{}]", header);
            }
        }
        if (!CorsUtils.isPreFlightRequest(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setHeader("Allow", this.allowedCorsMethods);
            httpServletResponse.setStatus(200);
        }
    }

    private void setResponseHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", str);
        String header = httpServletRequest.getHeader("Access-Control-Request-Headers");
        if (header != null) {
            httpServletResponse.setHeader("Access-Control-Allow-Headers", header);
        }
        httpServletResponse.setHeader("Access-Control-Expose-Headers", this.exposedCorsHeaders);
        httpServletResponse.setHeader("Access-Control-Allow-Methods", this.allowedCorsMethods);
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
    }

    public void destroy() {
    }
}
