package io.helidon.webserver.cors;

import io.helidon.common.http.Http;
import io.helidon.config.Config;
import io.helidon.webserver.cors.Aggregator;
import io.helidon.webserver.cors.CorsSupportBase;
import io.helidon.webserver.cors.LogHelper;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.function.BiFunction;
import java.util.function.Supplier;
import java.util.logging.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/webserver/cors/CorsSupportHelper.class */
public class CorsSupportHelper<Q, R> {
    static final int SUCCESS_RANGE = 300;
    static final String ORIGIN_DENIED = "CORS origin is denied";
    static final String ORIGIN_NOT_IN_ALLOWED_LIST = "CORS origin is not in allowed list";
    static final String METHOD_NOT_IN_ALLOWED_LIST = "CORS method is not in allowed list";
    static final String HEADERS_NOT_IN_ALLOWED_LIST = "CORS headers not in allowed list";
    static final Logger LOGGER = Logger.getLogger(CorsSupportHelper.class.getName());
    private static final Supplier<Optional<CrossOriginConfig>> EMPTY_SECONDARY_SUPPLIER = Optional::empty;
    private final String name;
    private final Aggregator aggregator;
    private final Supplier<Optional<CrossOriginConfig>> secondaryCrossOriginLookup;

    /* loaded from: input_file:io/helidon/webserver/cors/CorsSupportHelper$Builder.class */
    public static class Builder<Q, R> implements io.helidon.common.Builder<CorsSupportHelper<Q, R>> {
        private Supplier<Optional<CrossOriginConfig>> secondaryCrossOriginLookup = CorsSupportHelper.EMPTY_SECONDARY_SUPPLIER;
        private final Aggregator.Builder aggregatorBuilder = Aggregator.builder();
        private String name;
        private boolean requestDefaultBehaviorIfNone;

        public Builder<Q, R> secondaryLookupSupplier(Supplier<Optional<CrossOriginConfig>> supplier) {
            this.secondaryCrossOriginLookup = supplier;
            return this;
        }

        public Builder<Q, R> config(Config config) {
            this.aggregatorBuilder.config(config);
            return this;
        }

        public Builder<Q, R> mappedConfig(Config config) {
            this.aggregatorBuilder.mappedConfig(config);
            return this;
        }

        public Builder<Q, R> name(String str) {
            Objects.requireNonNull(str, "CORS support name is optional but cannot be null");
            this.name = str;
            return this;
        }

        public Builder<Q, R> requestDefaultBehaviorIfNone() {
            this.requestDefaultBehaviorIfNone = true;
            return this;
        }

        private boolean shouldRequestDefaultBehavior() {
            return this.requestDefaultBehaviorIfNone && (this.secondaryCrossOriginLookup == null || this.secondaryCrossOriginLookup == CorsSupportHelper.EMPTY_SECONDARY_SUPPLIER);
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public CorsSupportHelper<Q, R> m8build() {
            if (shouldRequestDefaultBehavior()) {
                this.aggregatorBuilder.requestDefaultBehaviorIfNone();
            }
            CorsSupportHelper<Q, R> corsSupportHelper = new CorsSupportHelper<>(this);
            CorsSupportHelper.LOGGER.config(() -> {
                return String.format("CorsSupportHelper configured as: %s", corsSupportHelper.toString());
            });
            return corsSupportHelper;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Aggregator.Builder aggregatorBuilder() {
            return this.aggregatorBuilder;
        }
    }

    /* loaded from: input_file:io/helidon/webserver/cors/CorsSupportHelper$RequestType.class */
    public enum RequestType {
        NORMAL,
        CORS,
        PREFLIGHT
    }

    public static String normalize(String str) {
        int length = str.length();
        if (length == 0) {
            return str;
        }
        int i = str.charAt(0) == '/' ? 1 : 0;
        int i2 = str.charAt(length - 1) == '/' ? length - 1 : length;
        return i2 <= i ? "" : str.substring(i, i2);
    }

    public static Set<String> parseHeader(String str) {
        if (str == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            if (trim.length() > 0) {
                hashSet.add(trim);
            }
        }
        return hashSet;
    }

    public static Set<String> parseHeader(List<String> list) {
        return list == null ? Collections.emptySet() : parseHeader(list.stream().reduce("", (str, str2) -> {
            return str + "," + str2;
        }));
    }

    public static <Q, R> CorsSupportHelper<Q, R> create() {
        return builder().m8build();
    }

    private CorsSupportHelper(Builder<Q, R> builder) {
        this.name = ((Builder) builder).name;
        this.aggregator = ((Builder) builder).aggregatorBuilder.m1build();
        this.secondaryCrossOriginLookup = ((Builder) builder).secondaryCrossOriginLookup;
    }

    public static <Q, R> Builder<Q, R> builder() {
        return new Builder<>();
    }

    public boolean isActive() {
        return this.aggregator.isActive() || this.secondaryCrossOriginLookup != EMPTY_SECONDARY_SUPPLIER;
    }

    public Optional<R> processRequest(CorsSupportBase.RequestAdapter<Q> requestAdapter, CorsSupportBase.ResponseAdapter<R> responseAdapter) {
        if (!isActive()) {
            decisionLog(() -> {
                return String.format("CORS ignoring request %s; processing is inactive", requestAdapter);
            });
            requestAdapter.next();
            return Optional.empty();
        }
        RequestType requestType = requestType(requestAdapter);
        if (requestType == RequestType.NORMAL) {
            decisionLog("passing normal request through unchanged");
            return Optional.empty();
        }
        switch (requestType) {
            case PREFLIGHT:
                return Optional.of(processCorsPreFlightRequest(requestAdapter, responseAdapter));
            case CORS:
                return processCorsRequest(requestAdapter, responseAdapter);
            default:
                throw new IllegalArgumentException("Unexpected value for enum RequestType");
        }
    }

    public String toString() {
        Object[] objArr = new Object[4];
        objArr[0] = this.name;
        objArr[1] = Boolean.valueOf(isActive());
        objArr[2] = this.aggregator;
        objArr[3] = this.secondaryCrossOriginLookup == EMPTY_SECONDARY_SUPPLIER ? "(not set)" : "(set)";
        return String.format("CorsSupportHelper{name='%s', isActive=%s, crossOriginConfigs=%s, secondaryCrossOriginLookup=%s}", objArr);
    }

    public void prepareResponse(CorsSupportBase.RequestAdapter<Q> requestAdapter, CorsSupportBase.ResponseAdapter<R> responseAdapter) {
        if (!isActive()) {
            decisionLog(() -> {
                return String.format("CORS ignoring request %s; CORS processing is inactive", requestAdapter);
            });
        } else if (responseAdapter.status() >= SUCCESS_RANGE) {
            decisionLog(() -> {
                return String.format("CORS ignoring response of status code %d", Integer.valueOf(responseAdapter.status()));
            });
        } else if (requestType(requestAdapter, true) == RequestType.CORS) {
            addCorsHeadersToResponse(this.aggregator.lookupCrossOrigin(requestAdapter.path(), requestAdapter.method(), this.secondaryCrossOriginLookup).orElseThrow(() -> {
                return new IllegalArgumentException("Could not locate expected CORS information while preparing response to request " + requestAdapter);
            }), requestAdapter, responseAdapter);
        }
    }

    RequestType requestType(CorsSupportBase.RequestAdapter<Q> requestAdapter, boolean z) {
        return isRequestTypeNormal(requestAdapter, z) ? RequestType.NORMAL : inferCORSRequestType(requestAdapter, z);
    }

    RequestType requestType(CorsSupportBase.RequestAdapter<Q> requestAdapter) {
        return requestType(requestAdapter, false);
    }

    Aggregator aggregator() {
        return this.aggregator;
    }

    private boolean isRequestTypeNormal(CorsSupportBase.RequestAdapter<Q> requestAdapter, boolean z) {
        Optional<String> firstHeader = requestAdapter.firstHeader("Origin");
        Optional<String> firstHeader2 = requestAdapter.firstHeader("Host");
        boolean z2 = firstHeader.isEmpty() || (firstHeader2.isPresent() && firstHeader.get().contains("://" + firstHeader2.get()));
        LogHelper.logIsRequestTypeNormal(z2, z, requestAdapter, firstHeader, firstHeader2);
        return z2;
    }

    private RequestType inferCORSRequestType(CorsSupportBase.RequestAdapter<Q> requestAdapter, boolean z) {
        String method = requestAdapter.method();
        boolean equalsIgnoreCase = method.equalsIgnoreCase(Http.Method.OPTIONS.name());
        boolean headerContainsKey = requestAdapter.headerContainsKey(CrossOriginConfig.ACCESS_CONTROL_REQUEST_METHOD);
        RequestType requestType = (equalsIgnoreCase && headerContainsKey) ? RequestType.PREFLIGHT : RequestType.CORS;
        LogHelper.logInferRequestType(requestType, z, requestAdapter, method, headerContainsKey);
        return requestType;
    }

    Optional<R> processCorsRequest(CorsSupportBase.RequestAdapter<Q> requestAdapter, CorsSupportBase.ResponseAdapter<R> responseAdapter) {
        Optional<CrossOriginConfig> lookupCrossOrigin = this.aggregator.lookupCrossOrigin(requestAdapter.path(), requestAdapter.method(), this.secondaryCrossOriginLookup);
        if (lookupCrossOrigin.isEmpty()) {
            return Optional.of(forbid(requestAdapter, responseAdapter, ORIGIN_DENIED, () -> {
                return "no matching CORS configuration for path " + requestAdapter.path();
            }));
        }
        List asList = Arrays.asList(lookupCrossOrigin.get().allowOrigins());
        Optional<String> firstHeader = requestAdapter.firstHeader("Origin");
        return (asList.contains("*") || contains(firstHeader, asList, (BiFunction<String, String, Boolean>) (v0, v1) -> {
            return v0.equals(v1);
        })) ? Optional.empty() : Optional.of(forbid(requestAdapter, responseAdapter, ORIGIN_NOT_IN_ALLOWED_LIST, () -> {
            return String.format("actual: %s, allowed: %s", firstHeader.orElse("(MISSING)"), asList);
        }));
    }

    void addCorsHeadersToResponse(CrossOriginConfig crossOriginConfig, CorsSupportBase.RequestAdapter<Q> requestAdapter, CorsSupportBase.ResponseAdapter<R> responseAdapter) {
        String orElseThrow = requestAdapter.firstHeader("Origin").orElseThrow(noRequiredHeaderExcFactory("Origin"));
        if (crossOriginConfig.allowCredentials()) {
            LogHelper.Headers add = new LogHelper.Headers().add(CrossOriginConfig.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true").add(CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN, orElseThrow).add("Vary", "Origin");
            Objects.requireNonNull(responseAdapter);
            add.setAndLog(responseAdapter::header, "allow-credentials was set in CORS config");
        } else {
            LogHelper.Headers add2 = new LogHelper.Headers().add(CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN, Arrays.asList(crossOriginConfig.allowOrigins()).contains("*") ? "*" : orElseThrow).add("Vary", "Origin");
            Objects.requireNonNull(responseAdapter);
            add2.setAndLog(responseAdapter::header, "allow-credentials was not set in CORS config");
        }
        LogHelper.Headers headers = new LogHelper.Headers();
        formatHeader(crossOriginConfig.exposeHeaders()).ifPresent(str -> {
            headers.add(CrossOriginConfig.ACCESS_CONTROL_EXPOSE_HEADERS, str);
        });
        Objects.requireNonNull(responseAdapter);
        headers.setAndLog(responseAdapter::header, "expose-headers was set in CORS config");
    }

    R processCorsPreFlightRequest(CorsSupportBase.RequestAdapter<Q> requestAdapter, CorsSupportBase.ResponseAdapter<R> responseAdapter) {
        Optional<String> firstHeader = requestAdapter.firstHeader("Origin");
        if (firstHeader.isEmpty()) {
            return forbid(requestAdapter, responseAdapter, noRequiredHeader("Origin"));
        }
        String str = requestAdapter.firstHeader(CrossOriginConfig.ACCESS_CONTROL_REQUEST_METHOD).get();
        Optional<CrossOriginConfig> lookupCrossOrigin = this.aggregator.lookupCrossOrigin(requestAdapter.path(), str, this.secondaryCrossOriginLookup);
        if (lookupCrossOrigin.isEmpty()) {
            return forbid(requestAdapter, responseAdapter, ORIGIN_DENIED, () -> {
                return String.format("no matching CORS configuration for path %s and requested method %s", requestAdapter.path(), str);
            });
        }
        CrossOriginConfig crossOriginConfig = lookupCrossOrigin.get();
        List asList = Arrays.asList(crossOriginConfig.allowOrigins());
        if (!asList.contains("*") && !contains(firstHeader, asList, (BiFunction<String, String, Boolean>) (v0, v1) -> {
            return v0.equals(v1);
        })) {
            return forbid(requestAdapter, responseAdapter, ORIGIN_NOT_IN_ALLOWED_LIST, () -> {
                return "actual origin: " + ((String) firstHeader.get()) + ", allowedOrigins: " + asList;
            });
        }
        List asList2 = Arrays.asList(crossOriginConfig.allowMethods());
        if (!asList2.contains("*") && !contains(str, asList2, (BiFunction<String, String, Boolean>) (v0, v1) -> {
            return v0.equalsIgnoreCase(v1);
        })) {
            return forbid(requestAdapter, responseAdapter, METHOD_NOT_IN_ALLOWED_LIST, () -> {
                return String.format("header %s requested method %s but allowedMethods is %s", CrossOriginConfig.ACCESS_CONTROL_REQUEST_METHOD, str, asList2);
            });
        }
        Set<String> parseHeader = parseHeader(requestAdapter.allHeaders(CrossOriginConfig.ACCESS_CONTROL_REQUEST_HEADERS));
        List asList3 = Arrays.asList(crossOriginConfig.allowHeaders());
        if (!asList3.contains("*") && !contains(parseHeader, asList3)) {
            return forbid(requestAdapter, responseAdapter, HEADERS_NOT_IN_ALLOWED_LIST, () -> {
                return String.format("requested headers %s incompatible with allowed headers %s", parseHeader, asList3);
            });
        }
        LogHelper.Headers add = new LogHelper.Headers().add(CrossOriginConfig.ACCESS_CONTROL_ALLOW_ORIGIN, firstHeader.get());
        if (crossOriginConfig.allowCredentials()) {
            add.add(CrossOriginConfig.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true", "allowCredentials config was set");
        }
        add.add(CrossOriginConfig.ACCESS_CONTROL_ALLOW_METHODS, str);
        formatHeader(parseHeader.toArray()).ifPresent(str2 -> {
            add.add(CrossOriginConfig.ACCESS_CONTROL_ALLOW_HEADERS, str2);
        });
        long maxAgeSeconds = crossOriginConfig.maxAgeSeconds();
        if (maxAgeSeconds > 0) {
            add.add(CrossOriginConfig.ACCESS_CONTROL_MAX_AGE, Long.valueOf(maxAgeSeconds), "maxAgeSeconds > 0");
        }
        Objects.requireNonNull(responseAdapter);
        add.setAndLog(responseAdapter::header, "headers set on preflight request");
        return responseAdapter.ok();
    }

    static <T> Optional<String> formatHeader(T[] tArr) {
        if (tArr == null || tArr.length == 0) {
            return Optional.empty();
        }
        int i = 0;
        StringBuilder sb = new StringBuilder();
        while (true) {
            int i2 = i;
            i++;
            sb.append(tArr[i2].toString());
            if (i == tArr.length) {
                return Optional.of(sb.toString());
            }
            sb.append(", ");
        }
    }

    static boolean contains(Optional<String> optional, Collection<String> collection, BiFunction<String, String, Boolean> biFunction) {
        return optional.isPresent() && contains(optional.get(), collection, biFunction);
    }

    static boolean contains(String str, Collection<String> collection, BiFunction<String, String, Boolean> biFunction) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (biFunction.apply(str, it.next()).booleanValue()) {
                return true;
            }
        }
        return false;
    }

    static boolean contains(Collection<String> collection, Collection<String> collection2) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (!contains(it.next(), collection2, (BiFunction<String, String, Boolean>) (v0, v1) -> {
                return v0.equalsIgnoreCase(v1);
            })) {
                return false;
            }
        }
        return true;
    }

    private static Supplier<IllegalArgumentException> noRequiredHeaderExcFactory(String str) {
        return () -> {
            return new IllegalArgumentException(noRequiredHeader(str));
        };
    }

    private static String noRequiredHeader(String str) {
        return "CORS request does not have required header " + str;
    }

    private R forbid(CorsSupportBase.RequestAdapter<Q> requestAdapter, CorsSupportBase.ResponseAdapter<R> responseAdapter, String str) {
        return forbid(requestAdapter, responseAdapter, str, null);
    }

    private R forbid(CorsSupportBase.RequestAdapter<Q> requestAdapter, CorsSupportBase.ResponseAdapter<R> responseAdapter, String str, Supplier<String> supplier) {
        decisionLog(() -> {
            Object[] objArr = new Object[2];
            objArr[0] = requestAdapter;
            objArr[1] = str + (supplier == null ? "" : "; " + ((String) supplier.get()));
            return String.format("CORS denying request %s: %s", objArr);
        });
        return responseAdapter.forbidden(str);
    }

    private void decisionLog(Supplier<String> supplier) {
        if (LOGGER.isLoggable(LogHelper.DECISION_LEVEL)) {
            decisionLog(supplier.get());
        }
    }

    private void decisionLog(String str) {
        LOGGER.log(LogHelper.DECISION_LEVEL, () -> {
            return String.format("CORS:%s %s", this.name, str);
        });
    }
}
