package org.openremote.container.security;

import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.openremote.container.web.file.HttpFilter;
import org.openremote.model.util.TextUtil;

/* loaded from: input_file:org/openremote/container/security/CORSFilter.class */
public class CORSFilter extends HttpFilter {
    protected String allowedMethods;
    protected String allowedHeaders;
    protected String exposedHeaders;
    protected boolean allowCredentials = true;
    protected int corsMaxAge = -1;
    protected Set<String> allowedOrigins = new HashSet();

    public boolean isAllowCredentials() {
        return this.allowCredentials;
    }

    public void setAllowCredentials(boolean z) {
        this.allowCredentials = z;
    }

    public String getAllowedMethods() {
        return this.allowedMethods;
    }

    public void setAllowedMethods(String str) {
        this.allowedMethods = str;
    }

    public String getAllowedHeaders() {
        return this.allowedHeaders;
    }

    public void setAllowedHeaders(String str) {
        this.allowedHeaders = str;
    }

    public String getExposedHeaders() {
        return this.exposedHeaders;
    }

    public void setExposedHeaders(String str) {
        this.exposedHeaders = str;
    }

    public int getCorsMaxAge() {
        return this.corsMaxAge;
    }

    public void setCorsMaxAge(int i) {
        this.corsMaxAge = i;
    }

    public Set<String> getAllowedOrigins() {
        return this.allowedOrigins;
    }

    public void setAllowedOrigins(Set<String> set) {
        this.allowedOrigins = set;
    }

    @Override // org.openremote.container.web.file.HttpFilter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // org.openremote.container.web.file.HttpFilter
    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, FilterChain filterChain) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("Origin");
        boolean equals = httpServletRequest.getMethod().equals("OPTIONS");
        if (header == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!originOk(header)) {
            httpServletResponse.sendError(403, "Origin not allowed");
            return;
        }
        if (!equals) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
            if (this.allowCredentials) {
                httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
            }
            if (this.exposedHeaders != null) {
                httpServletResponse.setHeader("Access-Control-Expose-Headers", this.exposedHeaders);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletResponse.setStatus(200);
        httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
        if (this.allowCredentials) {
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        }
        String header2 = httpServletRequest.getHeader("Access-Control-Request-Method");
        if (!TextUtil.isNullOrEmpty(header2)) {
            if (this.allowedMethods != null) {
                header2 = this.allowedMethods;
            }
            httpServletResponse.setHeader("Access-Control-Allow-Methods", header2);
        }
        String header3 = httpServletRequest.getHeader("Access-Control-Request-Headers");
        if (!TextUtil.isNullOrEmpty(header3)) {
            if (this.allowedHeaders != null) {
                header3 = this.allowedHeaders;
            }
            httpServletResponse.setHeader("Access-Control-Allow-Headers", header3);
        }
        if (this.corsMaxAge > -1) {
            httpServletResponse.setHeader("Access-Control-Max-Age", Integer.toString(this.corsMaxAge));
        }
    }

    @Override // org.openremote.container.web.file.HttpFilter
    public void destroy() {
    }

    protected boolean originOk(String str) {
        if (!this.allowedOrigins.contains("*") && !this.allowedOrigins.contains(str)) {
            Stream<String> stream = this.allowedOrigins.stream();
            Objects.requireNonNull(str);
            if (!stream.anyMatch(str::startsWith)) {
                return false;
            }
        }
        return true;
    }
}
