package org.apache.hadoop.security.http;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:hadoop-tools-dist-2.7.5.1/share/hadoop/tools/lib/hadoop-common-2.7.5.1.jar:org/apache/hadoop/security/http/CrossOriginFilter.class */
public class CrossOriginFilter implements Filter {
    private static final Log LOG = LogFactory.getLog(CrossOriginFilter.class);
    static final String ORIGIN = "Origin";
    static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
    static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
    static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
    public static final String ALLOWED_ORIGINS = "allowed-origins";
    public static final String ALLOWED_ORIGINS_DEFAULT = "*";
    public static final String ALLOWED_METHODS = "allowed-methods";
    public static final String ALLOWED_METHODS_DEFAULT = "GET,POST,HEAD";
    public static final String ALLOWED_HEADERS = "allowed-headers";
    public static final String ALLOWED_HEADERS_DEFAULT = "X-Requested-With,Content-Type,Accept,Origin";
    public static final String MAX_AGE = "max-age";
    public static final String MAX_AGE_DEFAULT = "1800";
    private List<String> allowedMethods = new ArrayList();
    private List<String> allowedHeaders = new ArrayList();
    private List<String> allowedOrigins = new ArrayList();
    private boolean allowAllOrigins = true;
    private String maxAge;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        initializeAllowedMethods(filterConfig);
        initializeAllowedHeaders(filterConfig);
        initializeAllowedOrigins(filterConfig);
        initializeMaxAge(filterConfig);
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doCrossFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        this.allowedMethods.clear();
        this.allowedHeaders.clear();
        this.allowedOrigins.clear();
    }

    private void doCrossFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String encodeHeader = encodeHeader(httpServletRequest.getHeader("Origin"));
        if (!isCrossOrigin(encodeHeader)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Header origin is null. Returning");
                return;
            }
            return;
        }
        if (!areOriginsAllowed(encodeHeader)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Header origins '" + encodeHeader + "' not allowed. Returning");
                return;
            }
            return;
        }
        String header = httpServletRequest.getHeader("Access-Control-Request-Method");
        if (!isMethodAllowed(header)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Access control method '" + header + "' not allowed. Returning");
                return;
            }
            return;
        }
        String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
        if (!areHeadersAllowed(header2)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Access control headers '" + header2 + "' not allowed. Returning");
                return;
            }
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Completed cross origin filter checks. Populating HttpServletResponse");
        }
        httpServletResponse.setHeader("Access-Control-Allow-Origin", encodeHeader);
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", Boolean.TRUE.toString());
        httpServletResponse.setHeader("Access-Control-Allow-Methods", getAllowedMethodsHeader());
        httpServletResponse.setHeader("Access-Control-Allow-Headers", getAllowedHeadersHeader());
        httpServletResponse.setHeader("Access-Control-Max-Age", this.maxAge);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public String getAllowedHeadersHeader() {
        return StringUtils.join((Collection) this.allowedHeaders, ',');
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public String getAllowedMethodsHeader() {
        return StringUtils.join((Collection) this.allowedMethods, ',');
    }

    private void initializeAllowedMethods(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(ALLOWED_METHODS);
        if (initParameter == null) {
            initParameter = ALLOWED_METHODS_DEFAULT;
        }
        this.allowedMethods.addAll(Arrays.asList(initParameter.trim().split("\\s*,\\s*")));
        LOG.info("Allowed Methods: " + getAllowedMethodsHeader());
    }

    private void initializeAllowedHeaders(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(ALLOWED_HEADERS);
        if (initParameter == null) {
            initParameter = ALLOWED_HEADERS_DEFAULT;
        }
        this.allowedHeaders.addAll(Arrays.asList(initParameter.trim().split("\\s*,\\s*")));
        LOG.info("Allowed Headers: " + getAllowedHeadersHeader());
    }

    private void initializeAllowedOrigins(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(ALLOWED_ORIGINS);
        if (initParameter == null) {
            initParameter = "*";
        }
        this.allowedOrigins.addAll(Arrays.asList(initParameter.trim().split("\\s*,\\s*")));
        this.allowAllOrigins = this.allowedOrigins.contains("*");
        LOG.info("Allowed Origins: " + StringUtils.join((Collection) this.allowedOrigins, ','));
        LOG.info("Allow All Origins: " + this.allowAllOrigins);
    }

    private void initializeMaxAge(FilterConfig filterConfig) {
        this.maxAge = filterConfig.getInitParameter("max-age");
        if (this.maxAge == null) {
            this.maxAge = MAX_AGE_DEFAULT;
        }
        LOG.info("Max Age: " + this.maxAge);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String encodeHeader(String str) {
        if (str == null) {
            return null;
        }
        return str.split("\n|\r")[0].trim();
    }

    static boolean isCrossOrigin(String str) {
        return str != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public boolean areOriginsAllowed(String str) {
        if (this.allowAllOrigins) {
            return true;
        }
        for (String str2 : str.trim().split("\\s+")) {
            for (String str3 : this.allowedOrigins) {
                if (str3.contains("*")) {
                    if (Pattern.compile(str3.replace(".", "\\.").replace("*", ".*")).matcher(str2).matches()) {
                        return true;
                    }
                } else if (str3.equals(str2)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean areHeadersAllowed(String str) {
        if (str == null) {
            return true;
        }
        return this.allowedHeaders.containsAll(Arrays.asList(str.trim().split("\\s*,\\s*")));
    }

    private boolean isMethodAllowed(String str) {
        if (str == null) {
            return true;
        }
        return this.allowedMethods.contains(str);
    }
}
