package org.apache.synapse.api.cors;

import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.RESTConstants;

/* loaded from: input_file:WEB-INF/lib/synapse-core-4.0.0-wso2v42.jar:org/apache/synapse/api/cors/CORSHelper.class */
public class CORSHelper {
    private static final Log log = LogFactory.getLog(CORSHelper.class);

    public static String getAllowedOrigins(String str, Set<String> set) {
        if (set.contains("*")) {
            return "*";
        }
        if (set.contains(str)) {
            return str;
        }
        return null;
    }

    public static void handleCORSHeaders(CORSConfiguration cORSConfiguration, MessageContext messageContext, String str, boolean z) {
        Map map;
        if (!cORSConfiguration.isEnabled() || (map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS)) == null) {
            return;
        }
        String allowedOrigins = getAllowedOrigins((String) map.get("Origin"), cORSConfiguration.getAllowedOrigins());
        if (z) {
            map.put("Access-Control-Allow-Methods", str);
            map.put("Access-Control-Allow-Origin", allowedOrigins);
            map.put("Access-Control-Allow-Headers", cORSConfiguration.getAllowedHeaders());
        }
        messageContext.setProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_METHODS, str);
        messageContext.setProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_ORIGIN, allowedOrigins);
        messageContext.setProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_HEADERS, cORSConfiguration.getAllowedHeaders());
        messageContext.setProperty(RESTConstants.INTERNAL_CORS_HEADER_ORIGIN, map.get("Origin"));
        if (isOptionsRequest(messageContext) && allowedOrigins == null) {
            ((Axis2MessageContext) messageContext).getAxis2MessageContext().setProperty("HTTP_SC", 403);
        }
    }

    public static void handleCORSHeadersForResponse(CORSConfiguration cORSConfiguration, MessageContext messageContext) {
        Map map;
        if (!cORSConfiguration.isEnabled() || (map = (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS)) == null) {
            return;
        }
        if (messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_METHODS) != null) {
            map.put("Access-Control-Allow-Methods", (String) messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_METHODS));
        }
        if (messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_ORIGIN) != null) {
            map.put("Access-Control-Allow-Origin", (String) messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_ORIGIN));
        }
        if (messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_HEADERS) != null) {
            map.put("Access-Control-Allow-Headers", (String) messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ACCESS_CTL_ALLOW_HEADERS));
        }
        if (messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ORIGIN) != null) {
            map.put("Origin", (String) messageContext.getProperty(RESTConstants.INTERNAL_CORS_HEADER_ORIGIN));
        }
    }

    private static boolean isOptionsRequest(MessageContext messageContext) {
        return "OPTIONS".equals((String) messageContext.getProperty(RESTConstants.REST_METHOD));
    }
}
