package org.jcors.web;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jcors.config.JCorsConfig;
import org.jcors.model.CorsHeaders;
import org.jcors.util.Constraint;

/* loaded from: input_file:org/jcors/web/PreflightRequestHandler.class */
public class PreflightRequestHandler implements RequestHandler {
    @Override // org.jcors.web.RequestHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, JCorsConfig jCorsConfig) throws IOException, ServletException {
        String checkOriginHeader = checkOriginHeader(httpServletRequest, jCorsConfig);
        String checkRequestMethod = checkRequestMethod(httpServletRequest, jCorsConfig);
        List<String> checkRequestHeaders = checkRequestHeaders(httpServletRequest, jCorsConfig);
        if (jCorsConfig.isCredentialsSupported()) {
            httpServletResponse.setHeader(CorsHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, "true");
        }
        if (jCorsConfig.isPreflightResultCacheEnabled()) {
            httpServletResponse.setHeader(CorsHeaders.ACCESS_CONTROL_MAX_AGE_HEADER, String.valueOf(jCorsConfig.getPreflightResultCacheMaxAge()));
        }
        Iterator<String> it = jCorsConfig.getAllowedMethods(checkRequestMethod).iterator();
        while (it.hasNext()) {
            httpServletResponse.addHeader(CorsHeaders.ACCESS_CONTROL_ALLOW_METHODS_HEADER, it.next());
        }
        Iterator<String> it2 = jCorsConfig.getAllowedHeaders(checkRequestHeaders).iterator();
        while (it2.hasNext()) {
            httpServletResponse.addHeader(CorsHeaders.ACCESS_CONTROL_ALLOW_HEADERS_HEADER, it2.next());
        }
        httpServletResponse.setHeader(CorsHeaders.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, checkOriginHeader);
    }

    private String checkOriginHeader(HttpServletRequest httpServletRequest, JCorsConfig jCorsConfig) {
        String header = httpServletRequest.getHeader(CorsHeaders.ORIGIN_HEADER);
        Constraint.ensureNotEmpty(header, "Cross-Origin requests must specify an Origin Header");
        for (String str : header.split(" ")) {
            Constraint.ensureTrue(jCorsConfig.isOriginAllowed(str), String.format("The specified origin is not allowed: '%s'", str));
        }
        return header;
    }

    private String checkRequestMethod(HttpServletRequest httpServletRequest, JCorsConfig jCorsConfig) {
        String header = httpServletRequest.getHeader(CorsHeaders.ACCESS_CONTROL_REQUEST_METHOD_HEADER);
        Constraint.ensureNotEmpty(header, "Request Method Header must be supplied");
        Constraint.ensureTrue(jCorsConfig.isMethodAllowed(header), String.format("The specified method is not allowed: '%s'", header));
        return header;
    }

    private List<String> checkRequestHeaders(HttpServletRequest httpServletRequest, JCorsConfig jCorsConfig) {
        Enumeration headers = httpServletRequest.getHeaders(CorsHeaders.ACCESS_CONTROL_REQUEST_HEADERS_HEADER);
        ArrayList arrayList = new ArrayList();
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            Constraint.ensureTrue(jCorsConfig.isHeaderAllowed(str), String.format("The specified header is not allowed: '%s'", str));
            arrayList.add(str);
        }
        return arrayList;
    }
}
