package org.apache.tuscany.sca.common.http.cors;

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tuscany.sca.common.xml.stax.reader.XMLFragmentStreamReader;

/* loaded from: input_file:WEB-INF/lib/tuscany-common-http-2.0.jar:org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.class */
public class CORSHeaderProcessor {
    public static void processCORS(CORSConfiguration cORSConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (cORSConfiguration != null) {
            if (cORSConfiguration.isAllowCredentials()) {
                httpServletResponse.setHeader("Access-Control-Allow-Credentials", XMLFragmentStreamReader.NIL_VALUE_TRUE);
            }
            if (cORSConfiguration.getMaxAge() > 0) {
                httpServletResponse.setHeader("Access-Control-Max-Age", Integer.toString(cORSConfiguration.getMaxAge()));
            }
            httpServletResponse.setHeader("Access-Control-Allow-Origin", getAllowOrigins(cORSConfiguration, httpServletRequest));
            httpServletResponse.setHeader("Access-Control-Allow-Methods", getAllowMethods(cORSConfiguration));
            httpServletResponse.setHeader("Access-Control-Allow-Headers", getAllowHeaders(cORSConfiguration));
            httpServletResponse.setHeader("Access-Control-Expose-Headers", getExposeHeaders(cORSConfiguration));
            return;
        }
        String header = httpServletRequest.getHeader("Access-Control-Request-Headers");
        if (header == null) {
            header = "Content-Type, Accept, Origin, X-Requested-With";
        }
        String header2 = httpServletRequest.getHeader("Access-Control-Request-Method");
        if (header2 == null) {
            header = "OPTIONS, HEAD, GET, POST, PUT, DELETE";
        }
        String header3 = httpServletRequest.getHeader("Origin");
        if (header3 == null) {
            header3 = "*";
        }
        httpServletResponse.setHeader("Access-Control-Allow-Origin", header3);
        httpServletResponse.setHeader("Access-Control-Allow-Headers", header);
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", XMLFragmentStreamReader.NIL_VALUE_TRUE);
        if ("OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod())) {
            httpServletResponse.setHeader("Access-Control-Allow-Methods", header2);
            httpServletResponse.setHeader("Access-Control-Max-Age", "1728000");
        }
    }

    private static String getAllowOrigins(CORSConfiguration cORSConfiguration, HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Origin");
        if (header == null) {
            header = "*";
        }
        return getListValues(cORSConfiguration.getAllowOrigins(), header);
    }

    private static String getAllowMethods(CORSConfiguration cORSConfiguration) {
        return getListValues(cORSConfiguration.getAllowMethods(), "OPTIONS, HEAD, GET, POST, PUT, DELETE");
    }

    private static String getAllowHeaders(CORSConfiguration cORSConfiguration) {
        return getListValues(cORSConfiguration.getAllowHeaders(), "X-Requested-With, Content-Type, Accept, Origin");
    }

    private static String getExposeHeaders(CORSConfiguration cORSConfiguration) {
        return getListValues(cORSConfiguration.getExposeHeaders(), "X-Requested-With, Content-Type");
    }

    private static String getListValues(List<String> list, String str) {
        StringBuffer stringBuffer = new StringBuffer();
        if (list == null || list.isEmpty()) {
            stringBuffer.append(str);
        } else {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next()).append(",");
            }
            stringBuffer.deleteCharAt(stringBuffer.length());
        }
        return stringBuffer.toString();
    }
}
