package nl.nn.adapterframework.webcontrol.api;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl.nn.adapterframework.http.HttpUtils;
import nl.nn.adapterframework.util.AppConstants;
import nl.nn.adapterframework.util.LogUtil;
import org.apache.log4j.Logger;
import org.hsqldb.DatabaseURL;
import org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher;
import org.jboss.resteasy.plugins.server.servlet.ResteasyContextParameters;

/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.2.jar:nl/nn/adapterframework/webcontrol/api/ServletDispatcher.class */
public class ServletDispatcher extends HttpServletDispatcher {
    private static final long serialVersionUID = 1;
    private Logger secLog = LogUtil.getLogger("SEC");
    private Logger log = LogUtil.getLogger(this);
    private AppConstants appConstants = AppConstants.getInstance();
    private final boolean IAF_API_ENABLED = this.appConstants.getBoolean("iaf-api.enabled", true);
    private final String CORS_ALLOW_ORIGIN = this.appConstants.getString("iaf-api.cors.allowOrigin", "");
    private final String CORS_EXPOSE_HEADERS = this.appConstants.getString("iaf-api.cors.exposeHeaders", "Allow, ETag, Content-Disposition");
    private final String CORS_ALLOW_METHODS = this.appConstants.getString("iaf-api.cors.allowMethods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
    private List<String> allowedCorsDomains = new ArrayList();
    private String mappingPrefix = "";

    @Override // org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
    public void init(ServletConfig servletConfig) throws ServletException {
        if (this.IAF_API_ENABLED) {
            this.log.debug("initialize IAFAPI servlet");
            super.init(servletConfig);
            if (this.log.isDebugEnabled()) {
                StringTokenizer stringTokenizer = new StringTokenizer(getInitParameter(ResteasyContextParameters.RESTEASY_RESOURCES), ",");
                while (stringTokenizer.hasMoreTokens()) {
                    this.log.debug("loading resource[" + stringTokenizer.nextToken().trim() + "]");
                }
            }
            this.mappingPrefix = getInitParameter(ResteasyContextParameters.RESTEASY_SERVLET_MAPPING_PREFIX);
            if (this.CORS_ALLOW_ORIGIN.isEmpty()) {
                return;
            }
            StringTokenizer stringTokenizer2 = new StringTokenizer(this.CORS_ALLOW_ORIGIN, ",");
            while (stringTokenizer2.hasMoreTokens()) {
                String nextToken = stringTokenizer2.nextToken();
                if (nextToken.startsWith(DatabaseURL.S_HTTP)) {
                    this.log.warn("cross side resource domain [" + nextToken + "] is insecure, it is strongly encouraged to use a secure protocol (HTTPS)");
                }
                if (nextToken.startsWith(DatabaseURL.S_HTTP) || nextToken.startsWith(DatabaseURL.S_HTTPS)) {
                    this.allowedCorsDomains.add(nextToken);
                    this.log.debug("whitelisted CORS domain [" + nextToken + "]");
                } else {
                    this.log.error("skipping invalid domain [" + nextToken + "], domains must start with http(s)://");
                }
            }
        }
    }

    @Override // org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (this.IAF_API_ENABLED) {
            String method = httpServletRequest.getMethod();
            if (!method.equalsIgnoreCase("GET") && !method.equalsIgnoreCase("OPTIONS")) {
                this.secLog.info(HttpUtils.getExtendedCommandIssuedBy(httpServletRequest));
            }
            String header = httpServletRequest.getHeader("Origin");
            if (header == null) {
                if (method.equals("OPTIONS")) {
                    httpServletResponse.setHeader("Allow", this.CORS_ALLOW_METHODS);
                    httpServletResponse.setStatus(200);
                    return;
                }
            } else if (this.allowedCorsDomains.contains(header)) {
                httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
                String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
                if (header2 != null) {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", header2);
                }
                httpServletResponse.setHeader("Access-Control-Expose-Headers", this.CORS_EXPOSE_HEADERS);
                httpServletResponse.setHeader("Access-Control-Allow-Methods", this.CORS_ALLOW_METHODS);
                httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
            } else {
                this.secLog.info("host[" + httpServletRequest.getRemoteHost() + "] tried to access uri[" + this.mappingPrefix + httpServletRequest.getPathInfo() + "] with origin[" + header + "] but was blocked due to CORS restrictions");
            }
            if (method.equals("OPTIONS")) {
                return;
            }
            super.service(httpServletRequest, httpServletResponse);
        }
    }
}
