package org.apache.zeppelin.server;

import java.io.IOException;
import java.net.URISyntaxException;
import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.utils.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/zeppelin/server/CorsFilter.class */
public class CorsFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(CorsFilter.class);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str;
        String header = ((HttpServletRequest) servletRequest).getHeader("Origin");
        str = "";
        try {
            str = SecurityUtils.isValidOrigin(header, ZeppelinConfiguration.create()).booleanValue() ? header : "";
        } catch (URISyntaxException e) {
            LOGGER.error("Exception in WebDriverManager while getWebDriver ", e);
        }
        if (((HttpServletRequest) servletRequest).getMethod().equals("OPTIONS")) {
            addCorsHeaders((HttpServletResponse) servletResponse, str);
            return;
        }
        if (servletResponse instanceof HttpServletResponse) {
            addCorsHeaders((HttpServletResponse) servletResponse, str);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void addCorsHeaders(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.addHeader("Access-Control-Allow-Origin", str);
        httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.addHeader("Access-Control-Allow-Headers", "authorization,Content-Type");
        httpServletResponse.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, HEAD, DELETE");
        httpServletResponse.addHeader("Date", DateFormat.getDateTimeInstance(0, 0, new Locale("EN", "en")).format(new Date()));
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
