package play.filters.cors;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Locale;
import play.api.LoggerLike;
import play.api.http.HeaderNames$;
import play.api.http.HttpErrorHandler;
import play.api.http.HttpVerbs$;
import play.api.libs.iteratee.Execution$Implicits$;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.api.mvc.Results$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple3;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.immutable.Set;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.Builder;
import scala.collection.mutable.StringBuilder;
import scala.collection.package$;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: AbstractCORSPolicy.scala */
@ScalaSignature(bytes = "\u0006\u0001E4\u0001\"\u0001\u0002\u0011\u0002\u0007\u0005!\u0001\u0003\u0002\u0013\u0003\n\u001cHO]1di\u000e{%k\u0015)pY&\u001c\u0017P\u0003\u0002\u0004\t\u0005!1m\u001c:t\u0015\t)a!A\u0004gS2$XM]:\u000b\u0003\u001d\tA\u0001\u001d7bsN\u0011\u0001!\u0003\t\u0003\u00155i\u0011a\u0003\u0006\u0002\u0019\u0005)1oY1mC&\u0011ab\u0003\u0002\u0007\u0003:L(+\u001a4\t\u000bA\u0001A\u0011\u0001\n\u0002\r\u0011Jg.\u001b;%\u0007\u0001!\u0012a\u0005\t\u0003\u0015QI!!F\u0006\u0003\tUs\u0017\u000e\u001e\u0005\b/\u0001\u0011\rQ\"\u0005\u0019\u0003\u0019awnZ4feV\t\u0011\u0004\u0005\u0002\u001b;5\t1D\u0003\u0002\u001d\r\u0005\u0019\u0011\r]5\n\u0005yY\"A\u0003'pO\u001e,'\u000fT5lK\")\u0001\u0005\u0001D\tC\u0005Q1m\u001c:t\u0007>tg-[4\u0016\u0003\t\u0002\"a\t\u0013\u000e\u0003\tI!!\n\u0002\u0003\u0015\r{%kU\"p]\u001aLw\rC\u0003(\u0001\u0019E\u0001&\u0001\u0007feJ|'\u000fS1oI2,'/F\u0001*!\tQS&D\u0001,\u0015\ta3$\u0001\u0003iiR\u0004\u0018B\u0001\u0018,\u0005AAE\u000f\u001e9FeJ|'\u000fS1oI2,'\u000fC\u00041\u0001\t\u0007I\u0011B\u0019\u0002)M+\b\u000f]8si\u0016$\u0007\n\u001e;q\u001b\u0016$\bn\u001c3t+\u0005\u0011\u0004cA\u001a7s9\u0011!\u0002N\u0005\u0003k-\ta\u0001\u0015:fI\u00164\u0017BA\u001c9\u0005\r\u0019V\r\u001e\u0006\u0003k-\u0001\"a\r\u001e\n\u0005mB$AB*ue&tw\r\u0003\u0004>\u0001\u0001\u0006IAM\u0001\u0016'V\u0004\bo\u001c:uK\u0012DE\u000f\u001e9NKRDw\u000eZ:!\u0011\u0015y\u0004\u0001\"\u0005A\u000351\u0017\u000e\u001c;feJ+\u0017/^3tiR\u0019\u0011)T+\u0011\u0007\t+u)D\u0001D\u0015\t!5\"\u0001\u0006d_:\u001cWO\u001d:f]RL!AR\"\u0003\r\u0019+H/\u001e:f!\tA5*D\u0001J\u0015\tQ5$A\u0002nm\u000eL!\u0001T%\u0003\rI+7/\u001e7u\u0011\u0015qe\b1\u0001P\u0003\u0011qW\r\u001f;\u0011\t)\u0001&+Q\u0005\u0003#.\u0011\u0011BR;oGRLwN\\\u0019\u0011\u0005!\u001b\u0016B\u0001+J\u00055\u0011V-];fgRDU-\u00193fe\")aK\u0010a\u0001%\u00069!/Z9vKN$\b\"\u0002-\u0001\t\u0013I\u0016!\u00055b]\u0012dWmQ(S'J+\u0017/^3tiR\u0019\u0011IW.\t\u000b9;\u0006\u0019A(\t\u000bY;\u0006\u0019\u0001*\t\u000bu\u0003A\u0011\u00020\u00025!\fg\u000e\u001a7f!J,g\t\\5hQR\u001cuJU*SKF,Xm\u001d;\u0015\u0005\u0005{\u0006\"\u0002,]\u0001\u0004\u0011\u0006\"B1\u0001\t\u0013\u0011\u0017\u0001\u00075b]\u0012dW-\u00138wC2LGmQ(S'J+\u0017/^3tiR\u0011\u0011i\u0019\u0005\u0006-\u0002\u0004\rA\u0015\u0005\u0006K\u0002!IAZ\u0001\u000eSN4\u0016\r\\5e\u001fJLw-\u001b8\u0015\u0005\u001dT\u0007C\u0001\u0006i\u0013\tI7BA\u0004C_>dW-\u00198\t\u000b-$\u0007\u0019A\u001d\u0002\r=\u0014\u0018nZ5o\u0011\u0015i\u0007\u0001\"\u0003o\u00031I7oU1nK>\u0013\u0018nZ5o)\r9w\u000e\u001d\u0005\u0006W2\u0004\r!\u000f\u0005\u0006-2\u0004\rA\u0015")
/* loaded from: input_file:play/filters/cors/AbstractCORSPolicy.class */
public interface AbstractCORSPolicy {

    /* compiled from: AbstractCORSPolicy.scala */
    /* renamed from: play.filters.cors.AbstractCORSPolicy$class, reason: invalid class name */
    /* loaded from: input_file:play/filters/cors/AbstractCORSPolicy$class.class */
    public abstract class Cclass {
        public static Future filterRequest(AbstractCORSPolicy abstractCORSPolicy, Function1 function1, RequestHeader requestHeader) {
            Future handleInvalidCORSRequest;
            Tuple2 tuple2 = new Tuple2(requestHeader.headers().get(HeaderNames$.MODULE$.ORIGIN()), requestHeader.method());
            if (tuple2 != null) {
                if (None$.MODULE$.equals((Option) tuple2._1())) {
                    handleInvalidCORSRequest = (Future) function1.apply(requestHeader);
                    return handleInvalidCORSRequest;
                }
            }
            if (tuple2 != null) {
                Some some = (Option) tuple2._1();
                if (some instanceof Some) {
                    String str = (String) some.x();
                    if (str.isEmpty() || !isValidOrigin(abstractCORSPolicy, str)) {
                        handleInvalidCORSRequest = handleInvalidCORSRequest(abstractCORSPolicy, requestHeader);
                        return handleInvalidCORSRequest;
                    }
                }
            }
            if (tuple2 != null) {
                Some some2 = (Option) tuple2._1();
                if ((some2 instanceof Some) && isSameOrigin(abstractCORSPolicy, (String) some2.x(), requestHeader)) {
                    handleInvalidCORSRequest = (Future) function1.apply(requestHeader);
                    return handleInvalidCORSRequest;
                }
            }
            if (tuple2 != null) {
                String str2 = (String) tuple2._2();
                String OPTIONS = HttpVerbs$.MODULE$.OPTIONS();
                if (OPTIONS != null ? OPTIONS.equals(str2) : str2 == null) {
                    Some some3 = requestHeader.headers().get(HeaderNames$.MODULE$.ACCESS_CONTROL_REQUEST_METHOD());
                    handleInvalidCORSRequest = None$.MODULE$.equals(some3) ? handleCORSRequest(abstractCORSPolicy, function1, requestHeader) : ((some3 instanceof Some) && "".equals((String) some3.x())) ? handleInvalidCORSRequest(abstractCORSPolicy, requestHeader) : handlePreFlightCORSRequest(abstractCORSPolicy, requestHeader);
                    return handleInvalidCORSRequest;
                }
            }
            if (tuple2 != null) {
                if (abstractCORSPolicy.play$filters$cors$AbstractCORSPolicy$$SupportedHttpMethods().contains((String) tuple2._2())) {
                    handleInvalidCORSRequest = handleCORSRequest(abstractCORSPolicy, function1, requestHeader);
                    return handleInvalidCORSRequest;
                }
            }
            handleInvalidCORSRequest = handleInvalidCORSRequest(abstractCORSPolicy, requestHeader);
            return handleInvalidCORSRequest;
        }

        private static Future handleCORSRequest(AbstractCORSPolicy abstractCORSPolicy, Function1 function1, RequestHeader requestHeader) {
            Future onServerError;
            Option option = requestHeader.headers().get(HeaderNames$.MODULE$.ORIGIN());
            Predef$.MODULE$.assume(option.isDefined(), new AbstractCORSPolicy$$anonfun$3(abstractCORSPolicy));
            String str = (String) option.get();
            if (!BoxesRunTime.unboxToBoolean(abstractCORSPolicy.corsConfig().allowedOrigins().apply(str))) {
                return handleInvalidCORSRequest(abstractCORSPolicy, requestHeader);
            }
            Builder newBuilder = Seq$.MODULE$.newBuilder();
            if (abstractCORSPolicy.corsConfig().supportsCredentials()) {
                newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_CREDENTIALS()), "true"));
                newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_ORIGIN()), str));
                newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.VARY()), HeaderNames$.MODULE$.ORIGIN()));
            } else if (abstractCORSPolicy.corsConfig().anyOriginAllowed()) {
                newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_ORIGIN()), "*"));
            } else {
                newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_ORIGIN()), str));
                newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.VARY()), HeaderNames$.MODULE$.ORIGIN()));
            }
            if (abstractCORSPolicy.corsConfig().exposedHeaders().nonEmpty()) {
                newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_EXPOSE_HEADERS()), abstractCORSPolicy.corsConfig().exposedHeaders().mkString(",")));
            } else {
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            }
            RequestHeader copy = requestHeader.copy(requestHeader.copy$default$1(), requestHeader.tags().$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(CORSFilter$.MODULE$.RequestTag()), str)), requestHeader.copy$default$3(), requestHeader.copy$default$4(), requestHeader.copy$default$5(), requestHeader.copy$default$6(), requestHeader.copy$default$7(), requestHeader.copy$default$8(), new AbstractCORSPolicy$$anonfun$4(abstractCORSPolicy, requestHeader), new AbstractCORSPolicy$$anonfun$1(abstractCORSPolicy, requestHeader), requestHeader.copy$default$11());
            try {
                onServerError = ((Future) function1.apply(copy)).recoverWith(new AbstractCORSPolicy$$anonfun$2(abstractCORSPolicy, copy), Execution$Implicits$.MODULE$.trampoline());
            } catch (Throwable th) {
                onServerError = abstractCORSPolicy.errorHandler().onServerError(copy, th);
            }
            return onServerError.map(new AbstractCORSPolicy$$anonfun$handleCORSRequest$1(abstractCORSPolicy, newBuilder), Execution$Implicits$.MODULE$.trampoline());
        }

        private static Future handlePreFlightCORSRequest(AbstractCORSPolicy abstractCORSPolicy, RequestHeader requestHeader) {
            Future handleInvalidCORSRequest;
            Future future;
            List list;
            Option option = requestHeader.headers().get(HeaderNames$.MODULE$.ORIGIN());
            Predef$.MODULE$.assume(option.isDefined(), new AbstractCORSPolicy$$anonfun$5(abstractCORSPolicy));
            String str = (String) option.get();
            if (!BoxesRunTime.unboxToBoolean(abstractCORSPolicy.corsConfig().allowedOrigins().apply(str))) {
                return handleInvalidCORSRequest(abstractCORSPolicy, requestHeader);
            }
            Some some = requestHeader.headers().get(HeaderNames$.MODULE$.ACCESS_CONTROL_REQUEST_METHOD());
            if (None$.MODULE$.equals(some)) {
                future = handleInvalidCORSRequest(abstractCORSPolicy, requestHeader);
            } else {
                if (!(some instanceof Some)) {
                    throw new MatchError(some);
                }
                String trim = ((String) some.x()).trim();
                Function1<String, Object> isHttpMethodAllowed = abstractCORSPolicy.corsConfig().isHttpMethodAllowed();
                if (abstractCORSPolicy.play$filters$cors$AbstractCORSPolicy$$SupportedHttpMethods().contains(trim) && BoxesRunTime.unboxToBoolean(isHttpMethodAllowed.apply(trim))) {
                    Some some2 = requestHeader.headers().get(HeaderNames$.MODULE$.ACCESS_CONTROL_REQUEST_HEADERS());
                    if (None$.MODULE$.equals(some2)) {
                        list = List$.MODULE$.empty();
                    } else {
                        if (!(some2 instanceof Some)) {
                            throw new MatchError(some2);
                        }
                        list = (List) Predef$.MODULE$.refArrayOps(new StringOps(Predef$.MODULE$.augmentString(((String) some2.x()).trim())).split(',')).map(new AbstractCORSPolicy$$anonfun$6(abstractCORSPolicy), package$.MODULE$.breakOut(List$.MODULE$.canBuildFrom()));
                    }
                    List list2 = list;
                    if (list2.forall(new AbstractCORSPolicy$$anonfun$handlePreFlightCORSRequest$1(abstractCORSPolicy, abstractCORSPolicy.corsConfig().isHttpHeaderAllowed()))) {
                        Builder newBuilder = Seq$.MODULE$.newBuilder();
                        if (abstractCORSPolicy.corsConfig().supportsCredentials()) {
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_CREDENTIALS()), "true"));
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_ORIGIN()), str));
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.VARY()), HeaderNames$.MODULE$.ORIGIN()));
                        } else if (abstractCORSPolicy.corsConfig().anyOriginAllowed()) {
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_ORIGIN()), "*"));
                        } else {
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_ORIGIN()), str));
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.VARY()), HeaderNames$.MODULE$.ORIGIN()));
                        }
                        if (abstractCORSPolicy.corsConfig().preflightMaxAge().toSeconds() > 0) {
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_MAX_AGE()), BoxesRunTime.boxToLong(abstractCORSPolicy.corsConfig().preflightMaxAge().toSeconds()).toString()));
                        } else {
                            BoxedUnit boxedUnit = BoxedUnit.UNIT;
                        }
                        newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_METHODS()), trim));
                        if (list2.isEmpty()) {
                            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                        } else {
                            newBuilder.$plus$eq(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HeaderNames$.MODULE$.ACCESS_CONTROL_ALLOW_HEADERS()), list2.mkString(",")));
                        }
                        handleInvalidCORSRequest = Future$.MODULE$.successful(Results$.MODULE$.Ok().withHeaders((Seq) newBuilder.result()));
                    } else {
                        handleInvalidCORSRequest = handleInvalidCORSRequest(abstractCORSPolicy, requestHeader);
                    }
                } else {
                    handleInvalidCORSRequest = handleInvalidCORSRequest(abstractCORSPolicy, requestHeader);
                }
                future = handleInvalidCORSRequest;
            }
            return future;
        }

        private static Future handleInvalidCORSRequest(AbstractCORSPolicy abstractCORSPolicy, RequestHeader requestHeader) {
            abstractCORSPolicy.mo7logger().trace(new AbstractCORSPolicy$$anonfun$handleInvalidCORSRequest$1(abstractCORSPolicy, requestHeader));
            return Future$.MODULE$.successful(Results$.MODULE$.Forbidden());
        }

        private static boolean isValidOrigin(AbstractCORSPolicy abstractCORSPolicy, String str) {
            if (str.contains("%")) {
                return false;
            }
            try {
                return new URI(str).getScheme() != null;
            } catch (URISyntaxException unused) {
                return false;
            }
        }

        private static boolean isSameOrigin(AbstractCORSPolicy abstractCORSPolicy, String str, RequestHeader requestHeader) {
            URI uri = new URI(str.toLowerCase(Locale.ENGLISH));
            URI uri2 = new URI(new StringBuilder().append(requestHeader.secure() ? "https://" : "http://").append(requestHeader.host().toLowerCase(Locale.ENGLISH)).toString());
            Tuple3 tuple3 = new Tuple3(uri.getScheme(), uri.getHost(), BoxesRunTime.boxToInteger(uri.getPort()));
            Tuple3 tuple32 = new Tuple3(uri2.getScheme(), uri2.getHost(), BoxesRunTime.boxToInteger(uri2.getPort()));
            return tuple3 != null ? tuple3.equals(tuple32) : tuple32 == null;
        }
    }

    void play$filters$cors$AbstractCORSPolicy$_setter_$play$filters$cors$AbstractCORSPolicy$$SupportedHttpMethods_$eq(Set set);

    /* renamed from: logger */
    LoggerLike mo7logger();

    CORSConfig corsConfig();

    HttpErrorHandler errorHandler();

    Set<String> play$filters$cors$AbstractCORSPolicy$$SupportedHttpMethods();

    Future<Result> filterRequest(Function1<RequestHeader, Future<Result>> function1, RequestHeader requestHeader);
}
