package com.atlassian.applinks.internal.rest.interceptor;

import com.atlassian.plugins.rest.common.interceptor.MethodInvocation;
import com.atlassian.plugins.rest.common.interceptor.ResourceInterceptor;
import com.atlassian.plugins.rest.common.security.jersey.CorsResourceFilter;
import com.sun.jersey.api.core.HttpRequestContext;
import com.sun.jersey.api.core.HttpResponseContext;
import com.sun.jersey.spi.container.ContainerRequest;
import java.lang.reflect.InvocationTargetException;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-plugin-9.0.15.jar:com/atlassian/applinks/internal/rest/interceptor/CorsInterceptor.class */
public class CorsInterceptor implements ResourceInterceptor {
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private static final String ORIGIN = "Origin";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String TRUE = String.valueOf(true);
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Override // com.atlassian.plugins.rest.common.interceptor.ResourceInterceptor
    public void intercept(MethodInvocation methodInvocation) throws IllegalAccessException, InvocationTargetException {
        methodInvocation.invoke();
        methodInvocation.getHttpContext().getResponse().setResponse(addCorsHeaders(methodInvocation.getHttpContext().getRequest(), methodInvocation.getHttpContext().getResponse()));
    }

    private Response addCorsHeaders(HttpRequestContext httpRequestContext, HttpResponseContext httpResponseContext) {
        Response.ResponseBuilder fromResponse = Response.fromResponse(httpResponseContext.getResponse());
        String headerValue = httpRequestContext.getHeaderValue("Origin");
        fromResponse.header("Access-Control-Allow-Origin", headerValue);
        this.logger.debug("CORS Header [{}] set to [{}]", "Access-Control-Allow-Credentials", headerValue);
        fromResponse.header("Access-Control-Allow-Credentials", TRUE);
        this.logger.debug("CORS Header [{}] set to [{}]", "Access-Control-Allow-Credentials", TRUE);
        if (isCorsPreflightRequest(httpRequestContext)) {
            fromResponse.header("Access-Control-Allow-Headers", "Content-Type");
            this.logger.debug("CORS Preflight Header [{}] set to [{}]", "Access-Control-Allow-Headers", "Content-Type");
            fromResponse.header("Access-Control-Allow-Methods", httpRequestContext.getMethod());
            this.logger.debug("CORS Preflight Header [{}] set to [{}]", "Access-Control-Allow-Methods", httpRequestContext.getMethod());
        }
        return fromResponse.build();
    }

    private boolean isCorsPreflightRequest(HttpRequestContext httpRequestContext) {
        if (!(httpRequestContext instanceof ContainerRequest)) {
            return false;
        }
        return TRUE.equals(((ContainerRequest) httpRequestContext).getProperties().get(CorsResourceFilter.CORS_PREFLIGHT_REQUESTED));
    }
}
