package org.gecko.rest.jersey.runtime.common;

import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.container.PreMatching;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ServiceScope;
import org.osgi.service.jakartars.whiteboard.propertytypes.JakartarsExtension;
import org.osgi.service.jakartars.whiteboard.propertytypes.JakartarsName;
import org.osgi.service.jakartars.whiteboard.propertytypes.JakartarsWhiteboardTarget;

@PreMatching
@Component(name = "WebsecurityFilter", scope = ServiceScope.PROTOTYPE, enabled = false)
@JakartarsExtension
@JakartarsWhiteboardTarget("(websecurity=false)")
@JakartarsName("WebsecurityFilter")
/* loaded from: input_file:org/gecko/rest/jersey/runtime/common/WebsecurityFilter.class */
public class WebsecurityFilter implements ContainerRequestFilter, ContainerResponseFilter {
    private static final String HEADER_ORIGIN = "Origin";
    private static final String HEADER_ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String HEADER_ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
    private static final String HEADER_ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private static final String HEADER_ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
    private static final String HEADER_ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private Set<String> allowedOrigins = new HashSet(Collections.singleton("*"));

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString(HEADER_ORIGIN);
        if (headerString == null) {
            return;
        }
        if (containerRequestContext.getMethod().equalsIgnoreCase("OPTIONS")) {
            preFlight(headerString, containerRequestContext);
        } else {
            checkOrigin(containerRequestContext, headerString);
        }
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString(HEADER_ORIGIN);
        if (headerString == null || containerRequestContext.getMethod().equalsIgnoreCase("OPTIONS") || containerRequestContext.getProperty("cors.failure") != null) {
            return;
        }
        containerResponseContext.getHeaders().putSingle(HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, headerString);
        containerResponseContext.getHeaders().putSingle(HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    }

    private void preFlight(String str, ContainerRequestContext containerRequestContext) throws IOException {
        checkOrigin(containerRequestContext, str);
        Response.ResponseBuilder ok = Response.ok();
        ok.header(HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, str);
        ok.header(HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        String headerString = containerRequestContext.getHeaderString(HEADER_ACCESS_CONTROL_REQUEST_METHOD);
        if (headerString != null) {
            ok.header(HEADER_ACCESS_CONTROL_ALLOW_METHODS, headerString);
        }
        String headerString2 = containerRequestContext.getHeaderString(HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
        if (headerString2 != null) {
            ok.header(HEADER_ACCESS_CONTROL_ALLOW_HEADERS, headerString2);
        }
        containerRequestContext.abortWith(ok.build());
    }

    private void checkOrigin(ContainerRequestContext containerRequestContext, String str) {
        if (this.allowedOrigins.contains("*") || this.allowedOrigins.contains(str)) {
            return;
        }
        containerRequestContext.setProperty("cors.failure", true);
        throw new ForbiddenException("Origin not allowed: " + str);
    }
}
