package org.codelibs.fess.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.Constants;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.util.ComponentUtil;

/* loaded from: input_file:org/codelibs/fess/filter/CorsFilter.class */
public class CorsFilter implements Filter {
    private static final Logger logger = LogManager.getLogger(CorsFilter.class);
    protected static final String OPTIONS = "OPTIONS";
    protected static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    protected static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
    protected static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    protected static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    protected static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    protected static final String WILDCARD = "*";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Origin");
        if (StringUtil.isBlank(header)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("HTTP Request: {}", httpServletRequest.getMethod());
        }
        FessConfig fessConfig = ComponentUtil.getFessConfig();
        String allowOrigin = getAllowOrigin(fessConfig, header);
        if (StringUtil.isNotBlank(allowOrigin)) {
            if (logger.isDebugEnabled()) {
                logger.debug("allowOrigin: {}", allowOrigin);
            }
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, allowOrigin);
            httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_METHODS, fessConfig.getApiCorsAllowMethods());
            httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, fessConfig.getApiCorsAllowHeaders());
            httpServletResponse.addHeader(ACCESS_CONTROL_MAX_AGE, fessConfig.getApiCorsMaxAge());
            httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, fessConfig.getApiCorsAllowCredentials());
            if (OPTIONS.equals(httpServletRequest.getMethod())) {
                httpServletResponse.setStatus(202);
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected String getAllowOrigin(FessConfig fessConfig, String str) {
        String apiCorsAllowOrigin = fessConfig.getApiCorsAllowOrigin();
        return StringUtil.isBlank(apiCorsAllowOrigin) ? Constants.DEFAULT_IGNORE_FAILURE_TYPE : WILDCARD.equals(apiCorsAllowOrigin) ? apiCorsAllowOrigin : fessConfig.getApiCorsAllowOriginList().stream().filter(str2 -> {
            return str2.equals(str);
        }).findFirst().orElse(Constants.DEFAULT_IGNORE_FAILURE_TYPE);
    }
}
