package com.google.api.server.spi.handlers;

import com.google.api.server.spi.Constant;
import com.google.api.server.spi.Headers;
import com.google.api.server.spi.config.ApiMethod;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableSortedSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/google/api/server/spi/handlers/CorsHandler.class */
public class CorsHandler {
    private static final Set<String> ALLOWED_METHODS = ImmutableSortedSet.of("HEAD", ApiMethod.HttpMethod.DELETE, ApiMethod.HttpMethod.GET, "PATCH", ApiMethod.HttpMethod.POST, ApiMethod.HttpMethod.PUT, new String[0]);
    public static final String ALLOWED_METHODS_STRING = Joiner.on(',').join(ALLOWED_METHODS);
    private static final String NULL_ORIGIN = "null";

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isValidMethod(httpServletRequest)) {
            allowOrigin(httpServletRequest, httpServletResponse);
            allowMethods(httpServletResponse);
            allowHeaders(httpServletRequest, httpServletResponse);
            setMaxAge(httpServletResponse);
            setAccessControlAllowCredentials(httpServletResponse);
        }
    }

    public static void allowOrigin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(Headers.ORIGIN);
        httpServletResponse.setHeader(Headers.ACCESS_CONTROL_ALLOW_ORIGIN, NULL_ORIGIN.equals(header) ? Constant.SKIP_CLIENT_ID_CHECK : header);
    }

    public static void setAccessControlAllowCredentials(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(Headers.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    }

    private void setMaxAge(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(Headers.ACCESS_CONTROL_MAX_AGE, "3600");
    }

    private void allowHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(Headers.ACCESS_CONTROL_ALLOW_HEADERS, httpServletRequest.getHeader(Headers.ACCESS_CONTROL_REQUEST_HEADERS));
    }

    private void allowMethods(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(Headers.ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS_STRING);
    }

    private boolean isValidMethod(HttpServletRequest httpServletRequest) {
        return ALLOWED_METHODS.contains(httpServletRequest.getHeader(Headers.ACCESS_CONTROL_REQUEST_METHOD));
    }
}
