package com.networknt.aws.lambda.handler.middleware.cors;

import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent;
import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent;
import com.networknt.aws.lambda.LightLambdaExchange;
import com.networknt.aws.lambda.handler.MiddlewareHandler;
import com.networknt.config.Config;
import com.networknt.cors.CorsConfig;
import com.networknt.cors.CorsUtil;
import com.networknt.status.Status;
import com.networknt.utility.MapUtil;
import com.networknt.utility.ModuleRegistry;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.http.client.methods.HttpOptions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.internal.useragent.UserAgentConstant;

/* loaded from: input_file:com/networknt/aws/lambda/handler/middleware/cors/RequestCorsMiddleware.class */
public class RequestCorsMiddleware implements MiddlewareHandler {
    static CorsConfig CONFIG;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RequestCorsMiddleware.class);
    private static final String SUC10200 = "SUC10200";
    private static final String CORS_PREFLIGHT_REQUEST_FAILED = "ERR10092";
    private List<String> allowedOrigins;
    private List<String> allowedMethods;
    private static final String ONE_HOUR_IN_SECONDS = "3600";

    public RequestCorsMiddleware() {
        CONFIG = CorsConfig.load();
        this.allowedOrigins = CONFIG.getAllowedOrigins();
        this.allowedMethods = CONFIG.getAllowedMethods();
        LOG.info("RequestCorsMiddleware is constructed");
    }

    public RequestCorsMiddleware(CorsConfig corsConfig) {
        CONFIG = corsConfig;
        this.allowedOrigins = CONFIG.getAllowedOrigins();
        this.allowedMethods = CONFIG.getAllowedMethods();
        LOG.info("RequestCorsMiddleware is constructed");
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public Status execute(LightLambdaExchange lightLambdaExchange) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("RequestCorsMiddleware.executeMiddleware starts.");
        }
        if (!CONFIG.isEnabled()) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("RequestCorsMiddleware is not enabled.");
            }
            return disabledMiddlewareStatus();
        }
        APIGatewayProxyRequestEvent request = lightLambdaExchange.getRequest();
        if (request != null) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Request event is not null.");
            }
            if (isCorsRequest(request.getHeaders())) {
                if (CONFIG.getPathPrefixAllowed() != null) {
                    String path = request.getPath();
                    Iterator<Map.Entry<String, Object>> it = CONFIG.getPathPrefixAllowed().entrySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Map.Entry<String, Object> next = it.next();
                        if (path.startsWith(next.getKey())) {
                            Map map = (Map) next.getValue();
                            this.allowedOrigins = (List) map.get(CorsConfig.ALLOWED_ORIGINS);
                            this.allowedMethods = (List) map.get(CorsConfig.ALLOWED_METHODS);
                            break;
                        }
                    }
                }
                if (isPreflightedRequest(request.getHttpMethod())) {
                    return handlePreflightRequest(lightLambdaExchange, this.allowedOrigins, this.allowedMethods);
                }
                if (matchOrigin(request, this.allowedOrigins) == null) {
                    return new Status(CORS_PREFLIGHT_REQUEST_FAILED, new Object[0]);
                }
            }
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("RequestCorsMiddleware.executeMiddleware ends.");
        }
        return successMiddlewareStatus();
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public boolean isEnabled() {
        return CONFIG.isEnabled();
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public void register() {
        ModuleRegistry.registerModule(CorsConfig.CONFIG_NAME, RequestCorsMiddleware.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(CorsConfig.CONFIG_NAME), null);
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public void reload() {
    }

    @Override // com.networknt.aws.lambda.handler.LambdaHandler
    public boolean isAsynchronous() {
        return false;
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public boolean isContinueOnFailure() {
        return false;
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public boolean isAudited() {
        return false;
    }

    @Override // com.networknt.aws.lambda.handler.MiddlewareHandler
    public void getCachedConfigurations() {
    }

    private Status handlePreflightRequest(LightLambdaExchange lightLambdaExchange, List<String> list, List<String> list2) {
        APIGatewayProxyResponseEvent aPIGatewayProxyResponseEvent = new APIGatewayProxyResponseEvent();
        Map<String, String> headers = lightLambdaExchange.getRequest().getHeaders();
        HashMap hashMap = new HashMap();
        if (MapUtil.getValueIgnoreCase(headers, "Origin").isPresent()) {
            if (matchOrigin(lightLambdaExchange.getRequest(), list) == null) {
                aPIGatewayProxyResponseEvent.setHeaders(hashMap);
                aPIGatewayProxyResponseEvent.setStatusCode(403);
                lightLambdaExchange.setInitialResponse(aPIGatewayProxyResponseEvent);
                return new Status(CORS_PREFLIGHT_REQUEST_FAILED, new Object[0]);
            }
            hashMap.put("Access-Control-Allow-Origin", (String) MapUtil.getValueIgnoreCase(headers, "Origin").get());
            hashMap.put("Vary", "Origin");
        }
        hashMap.put("Access-Control-Allow-Methods", convertToString(list2));
        Optional valueIgnoreCase = MapUtil.getValueIgnoreCase(headers, "Access-Control-Request-Headers");
        if (valueIgnoreCase.isPresent()) {
            hashMap.put("Access-Control-Allow-Headers", (String) valueIgnoreCase.get());
        } else {
            hashMap.put("Access-Control-Allow-Headers", "Content-Type, WWW-Authenticate, Authorization");
        }
        hashMap.put("Access-Control-Allow-Credentials", "true");
        hashMap.put("Access-Control-Max-Age", ONE_HOUR_IN_SECONDS);
        aPIGatewayProxyResponseEvent.setHeaders(hashMap);
        aPIGatewayProxyResponseEvent.setStatusCode(200);
        lightLambdaExchange.setInitialResponse(aPIGatewayProxyResponseEvent);
        return new Status(SUC10200, new Object[0]);
    }

    static String matchOrigin(APIGatewayProxyRequestEvent aPIGatewayProxyRequestEvent, Collection<String> collection) {
        String str = (String) MapUtil.getValueIgnoreCase(aPIGatewayProxyRequestEvent.getHeaders(), "Origin").orElse(null);
        if (LOG.isTraceEnabled()) {
            LOG.trace("origin from the request header = {} allowedOrigins = {}", str, collection);
        }
        if (str != null && collection != null && !collection.isEmpty()) {
            for (String str2 : collection) {
                if (str2.equalsIgnoreCase(CorsUtil.sanitizeDefaultPort(str))) {
                    return str2;
                }
            }
        }
        LOG.debug("Request rejected due to HOST/ORIGIN mis-match.");
        return null;
    }

    static boolean isCorsRequest(Map<String, String> map) {
        return MapUtil.getValueIgnoreCase(map, "Origin").isPresent();
    }

    static boolean isPreflightedRequest(String str) {
        return HttpOptions.METHOD_NAME.equalsIgnoreCase(str);
    }

    static String convertToString(List<String> list) {
        return String.join(UserAgentConstant.COMMA, list);
    }
}
