package org.eclipse.smarthome.io.rest.internal.filter;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import org.apache.commons.lang.StringUtils;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Component(immediate = true, property = {"service.pid=org.eclipse.smarthome.cors"}, configurationPid = "org.eclipse.smarthome.cors", configurationPolicy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/eclipse/smarthome/io/rest/internal/filter/CorsFilter.class */
public class CorsFilter implements ContainerResponseFilter {
    static final String CONTENT_TYPE_HEADER = "Content-Type";
    static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
    static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER = "Access-Control-Allow-Methods";
    static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    static final String ORIGIN_HEADER = "Origin";
    static final String VARY_HEADER = "Vary";
    static final String VARY_HEADER_WILDCARD = "*";
    private final transient Logger logger = LoggerFactory.getLogger(CorsFilter.class);
    private boolean isEnabled = false;
    static final String HTTP_GET_METHOD = "GET";
    static final String HTTP_POST_METHOD = "POST";
    static final String HTTP_PUT_METHOD = "PUT";
    static final String HTTP_DELETE_METHOD = "DELETE";
    static final String HTTP_HEAD_METHOD = "HEAD";
    static final String HTTP_OPTIONS_METHOD = "OPTIONS";
    static final List<String> ACCEPTED_HTTP_METHODS_LIST = Arrays.asList(HTTP_GET_METHOD, HTTP_POST_METHOD, HTTP_PUT_METHOD, HTTP_DELETE_METHOD, HTTP_HEAD_METHOD, HTTP_OPTIONS_METHOD);
    static final String HEADERS_SEPARATOR = ",";
    static final String ACCEPTED_HTTP_METHODS = (String) ACCEPTED_HTTP_METHODS_LIST.stream().collect(Collectors.joining(HEADERS_SEPARATOR));

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        if (!this.isEnabled || processPreflight(containerRequestContext, containerResponseContext)) {
            return;
        }
        processRequest(containerRequestContext, containerResponseContext);
    }

    private void processRequest(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        if (!ACCEPTED_HTTP_METHODS_LIST.contains(containerRequestContext.getMethod()) || HTTP_OPTIONS_METHOD.equals(containerRequestContext.getMethod())) {
            return;
        }
        String value = getValue(containerRequestContext.getHeaders(), ORIGIN_HEADER);
        if (StringUtils.isNotBlank(value)) {
            containerResponseContext.getHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, value);
        }
    }

    private boolean processPreflight(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        boolean z = false;
        if (HTTP_OPTIONS_METHOD.equals(containerRequestContext.getMethod())) {
            String value = getValue(containerRequestContext.getHeaders(), ORIGIN_HEADER);
            z = StringUtils.isNotBlank(value) && StringUtils.isNotBlank(getValue(containerRequestContext.getHeaders(), ACCESS_CONTROL_REQUEST_METHOD));
            if (z) {
                containerResponseContext.getHeaders().add(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, value);
                containerResponseContext.getHeaders().add(ACCESS_CONTROL_ALLOW_METHODS_HEADER, ACCEPTED_HTTP_METHODS);
                containerResponseContext.getHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, CONTENT_TYPE_HEADER);
                appendVaryHeader(containerResponseContext);
            }
        }
        return z;
    }

    private String getValue(MultivaluedMap<String, String> multivaluedMap, String str) {
        List list = (List) multivaluedMap.get(str);
        if (list == null || list.isEmpty()) {
            return null;
        }
        return ((String) list.get(0)).toString();
    }

    private void appendVaryHeader(ContainerResponseContext containerResponseContext) {
        String value = getValue(containerResponseContext.getStringHeaders(), VARY_HEADER);
        if (StringUtils.isBlank(value)) {
            containerResponseContext.getHeaders().add(VARY_HEADER, ORIGIN_HEADER);
        } else {
            if (VARY_HEADER_WILDCARD.equals(value)) {
                return;
            }
            containerResponseContext.getHeaders().putSingle(VARY_HEADER, String.valueOf(value) + HEADERS_SEPARATOR + ORIGIN_HEADER);
        }
    }

    @Activate
    protected void activate(Map<String, Object> map) {
        if (map != null) {
            this.isEnabled = "true".equalsIgnoreCase((String) map.get("enable"));
        }
        if (this.isEnabled) {
            this.logger.info("enabled CORS for REST API.");
        }
    }
}
