package org.eclipse.jetty.servlets;

import com.google.common.net.HttpHeaders;
import com.google.firebase.perf.FirebasePerformance;
import com.smaato.sdk.core.dns.DnsName;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: classes11.dex */
public class CrossOriginFilter implements Filter {
    public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER = "Access-Control-Allow-Headers";
    public static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER = "Access-Control-Allow-Methods";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    public static final String ACCESS_CONTROL_EXPOSE_HEADERS_HEADER = "Access-Control-Expose-Headers";
    public static final String ACCESS_CONTROL_MAX_AGE_HEADER = "Access-Control-Max-Age";
    public static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER = "Access-Control-Request-Headers";
    public static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER = "Access-Control-Request-Method";
    public static final String ALLOWED_HEADERS_PARAM = "allowedHeaders";
    public static final String ALLOWED_METHODS_PARAM = "allowedMethods";
    public static final String ALLOWED_ORIGINS_PARAM = "allowedOrigins";
    public static final String ALLOW_CREDENTIALS_PARAM = "allowCredentials";
    public static final String CHAIN_PREFLIGHT_PARAM = "chainPreflight";
    public static final String EXPOSED_HEADERS_PARAM = "exposedHeaders";
    public static final String OLD_CHAIN_PREFLIGHT_PARAM = "forwardPreflight";
    public static final String PREFLIGHT_MAX_AGE_PARAM = "preflightMaxAge";

    /* renamed from: j, reason: collision with root package name */
    private static final Logger f114503j = Log.getLogger((Class<?>) CrossOriginFilter.class);

    /* renamed from: k, reason: collision with root package name */
    private static final List<String> f114504k = Arrays.asList("GET", "POST", FirebasePerformance.HttpMethod.HEAD);

    /* renamed from: l, reason: collision with root package name */
    private static final List<String> f114505l = Arrays.asList("GET", "POST", FirebasePerformance.HttpMethod.HEAD);
    private static final List<String> m = Arrays.asList(HttpHeaders.X_REQUESTED_WITH, "Content-Type", HttpHeaders.ACCEPT, HttpHeaders.ORIGIN);

    /* renamed from: a, reason: collision with root package name */
    private boolean f114506a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f114507b;

    /* renamed from: c, reason: collision with root package name */
    private List<String> f114508c = new ArrayList();

    /* renamed from: d, reason: collision with root package name */
    private List<String> f114509d = new ArrayList();

    /* renamed from: e, reason: collision with root package name */
    private List<String> f114510e = new ArrayList();

    /* renamed from: f, reason: collision with root package name */
    private List<String> f114511f = new ArrayList();

    /* renamed from: g, reason: collision with root package name */
    private int f114512g;

    /* renamed from: h, reason: collision with root package name */
    private boolean f114513h;

    /* renamed from: i, reason: collision with root package name */
    private boolean f114514i;

    private boolean a(List<String> list) {
        boolean z3;
        boolean z6;
        if (this.f114507b) {
            f114503j.debug("Any header is allowed", new Object[0]);
            return true;
        }
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                z3 = true;
                break;
            }
            String next = it.next();
            Iterator<String> it2 = this.f114510e.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    z6 = false;
                    break;
                }
                if (next.equalsIgnoreCase(it2.next().trim())) {
                    z6 = true;
                    break;
                }
            }
            if (!z6) {
                z3 = false;
                break;
            }
        }
        Logger logger = f114503j;
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Headers [{}] are");
        sb2.append(z3 ? "" : " not");
        sb2.append(" among allowed headers {}");
        logger.debug(sb2.toString(), list, this.f114510e);
        return z3;
    }

    private String b(List<String> list) {
        StringBuilder sb2 = new StringBuilder();
        for (int i10 = 0; i10 < list.size(); i10++) {
            if (i10 > 0) {
                sb2.append(",");
            }
            sb2.append(list.get(i10));
        }
        return sb2.toString();
    }

    private Matcher c(String str, String str2) {
        return Pattern.compile(m(str2)).matcher(str);
    }

    private List<String> d(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Access-Control-Request-Headers");
        f114503j.debug("{} is {}", "Access-Control-Request-Headers", header);
        if (header == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (String str : StringUtil.csvSplit(header)) {
            String trim = str.trim();
            if (trim.length() > 0) {
                arrayList.add(trim);
            }
        }
        return arrayList;
    }

    private void e(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader(HttpHeaders.ORIGIN);
        if (header != null && h(httpServletRequest)) {
            if (!l(header)) {
                f114503j.debug("Cross-origin request to " + httpServletRequest.getRequestURI() + " with origin " + header + " does not match allowed origins " + this.f114508c, new Object[0]);
            } else if (k(httpServletRequest)) {
                f114503j.debug("Cross-origin request to {} is a simple cross-origin request", httpServletRequest.getRequestURI());
                g(httpServletRequest, httpServletResponse, header);
            } else if (j(httpServletRequest)) {
                Logger logger = f114503j;
                logger.debug("Cross-origin request to {} is a preflight cross-origin request", httpServletRequest.getRequestURI());
                f(httpServletRequest, httpServletResponse, header);
                if (!this.f114514i) {
                    return;
                } else {
                    logger.debug("Preflight cross-origin request to {} forwarded to application", httpServletRequest.getRequestURI());
                }
            } else {
                f114503j.debug("Cross-origin request to {} is a non-simple cross-origin request", httpServletRequest.getRequestURI());
                g(httpServletRequest, httpServletResponse, header);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void f(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (i(httpServletRequest)) {
            List<String> d10 = d(httpServletRequest);
            if (a(d10)) {
                httpServletResponse.setHeader("Access-Control-Allow-Origin", str);
                if (!this.f114506a) {
                    httpServletResponse.addHeader(HttpHeaders.VARY, HttpHeaders.ORIGIN);
                }
                if (this.f114513h) {
                    httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
                }
                int i10 = this.f114512g;
                if (i10 > 0) {
                    httpServletResponse.setHeader("Access-Control-Max-Age", String.valueOf(i10));
                }
                httpServletResponse.setHeader("Access-Control-Allow-Methods", b(this.f114509d));
                if (this.f114507b) {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", b(d10));
                } else {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", b(this.f114510e));
                }
            }
        }
    }

    private void g(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", str);
        if (!this.f114506a) {
            httpServletResponse.addHeader(HttpHeaders.VARY, HttpHeaders.ORIGIN);
        }
        if (this.f114513h) {
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        }
        if (this.f114511f.isEmpty()) {
            return;
        }
        httpServletResponse.setHeader("Access-Control-Expose-Headers", b(this.f114511f));
    }

    private boolean i(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Access-Control-Request-Method");
        Logger logger = f114503j;
        logger.debug("{} is {}", "Access-Control-Request-Method", header);
        boolean contains = header != null ? this.f114509d.contains(header) : false;
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Method {} is");
        sb2.append(contains ? "" : " not");
        sb2.append(" among allowed methods {}");
        logger.debug(sb2.toString(), header, this.f114509d);
        return contains;
    }

    private boolean j(HttpServletRequest httpServletRequest) {
        return "OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod()) && httpServletRequest.getHeader("Access-Control-Request-Method") != null;
    }

    private boolean k(HttpServletRequest httpServletRequest) {
        return f114504k.contains(httpServletRequest.getMethod()) && httpServletRequest.getHeader("Access-Control-Request-Method") == null;
    }

    private boolean l(String str) {
        if (this.f114506a) {
            return true;
        }
        if (str.trim().length() == 0) {
            return false;
        }
        for (String str2 : str.split(StringUtils.SPACE)) {
            if (str2.trim().length() != 0) {
                for (String str3 : this.f114508c) {
                    if (str3.contains("*")) {
                        if (c(str2, str3).matches()) {
                            return true;
                        }
                    } else if (str3.equals(str2)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private String m(String str) {
        return str.replace(".", DnsName.ESCAPED_DOT).replace("*", ".*");
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        this.f114506a = false;
        this.f114508c.clear();
        this.f114509d.clear();
        this.f114510e.clear();
        this.f114512g = 0;
        this.f114513h = false;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        e((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    protected boolean h(HttpServletRequest httpServletRequest) {
        Enumeration<String> headers = httpServletRequest.getHeaders(HttpHeaders.CONNECTION);
        while (headers.hasMoreElements()) {
            if (HttpHeaders.UPGRADE.equalsIgnoreCase(headers.nextElement())) {
                Enumeration<String> headers2 = httpServletRequest.getHeaders(HttpHeaders.UPGRADE);
                while (headers2.hasMoreElements()) {
                    if ("WebSocket".equalsIgnoreCase(headers2.nextElement())) {
                        return false;
                    }
                }
            }
        }
        return true;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        String str;
        String initParameter;
        String initParameter2 = filterConfig.getInitParameter(ALLOWED_ORIGINS_PARAM);
        if (initParameter2 == null) {
            initParameter2 = "*";
        }
        String[] csvSplit = StringUtil.csvSplit(initParameter2);
        int length = csvSplit.length;
        int i10 = 0;
        while (true) {
            if (i10 >= length) {
                break;
            }
            String trim = csvSplit[i10].trim();
            if (trim.length() > 0) {
                if ("*".equals(trim)) {
                    this.f114506a = true;
                    this.f114508c.clear();
                    break;
                }
                this.f114508c.add(trim);
            }
            i10++;
        }
        String initParameter3 = filterConfig.getInitParameter(ALLOWED_METHODS_PARAM);
        if (initParameter3 == null) {
            this.f114509d.addAll(f114505l);
        } else {
            this.f114509d.addAll(Arrays.asList(StringUtil.csvSplit(initParameter3)));
        }
        String initParameter4 = filterConfig.getInitParameter(ALLOWED_HEADERS_PARAM);
        if (initParameter4 == null) {
            this.f114510e.addAll(m);
        } else if ("*".equals(initParameter4)) {
            this.f114507b = true;
        } else {
            this.f114510e.addAll(Arrays.asList(StringUtil.csvSplit(initParameter4)));
        }
        String initParameter5 = filterConfig.getInitParameter(PREFLIGHT_MAX_AGE_PARAM);
        if (initParameter5 == null) {
            initParameter5 = "1800";
        }
        try {
            this.f114512g = Integer.parseInt(initParameter5);
        } catch (NumberFormatException unused) {
            f114503j.info("Cross-origin filter, could not parse '{}' parameter as integer: {}", PREFLIGHT_MAX_AGE_PARAM, initParameter5);
        }
        String initParameter6 = filterConfig.getInitParameter(ALLOW_CREDENTIALS_PARAM);
        if (initParameter6 == null) {
            initParameter6 = "true";
        }
        this.f114513h = Boolean.parseBoolean(initParameter6);
        String initParameter7 = filterConfig.getInitParameter(EXPOSED_HEADERS_PARAM);
        if (initParameter7 == null) {
            initParameter7 = "";
        }
        this.f114511f.addAll(Arrays.asList(StringUtil.csvSplit(initParameter7)));
        String initParameter8 = filterConfig.getInitParameter(OLD_CHAIN_PREFLIGHT_PARAM);
        if (initParameter8 != null) {
            str = "true";
            f114503j.warn("DEPRECATED CONFIGURATION: Use chainPreflight instead of forwardPreflight", new Object[0]);
            initParameter = initParameter8;
        } else {
            str = "true";
            initParameter = filterConfig.getInitParameter(CHAIN_PREFLIGHT_PARAM);
        }
        String str2 = initParameter == null ? str : initParameter;
        this.f114514i = Boolean.parseBoolean(str2);
        Logger logger = f114503j;
        if (logger.isDebugEnabled()) {
            logger.debug("Cross-origin filter configuration: allowedOrigins = " + initParameter2 + ", " + ALLOWED_METHODS_PARAM + " = " + initParameter3 + ", " + ALLOWED_HEADERS_PARAM + " = " + initParameter4 + ", " + PREFLIGHT_MAX_AGE_PARAM + " = " + initParameter5 + ", " + ALLOW_CREDENTIALS_PARAM + " = " + initParameter6 + "," + EXPOSED_HEADERS_PARAM + " = " + initParameter7 + "," + CHAIN_PREFLIGHT_PARAM + " = " + str2, new Object[0]);
        }
    }
}
