package io.gravitee.gateway.jupiter.handlers.api.processor.cors;

import io.gravitee.common.http.HttpMethod;
import io.gravitee.definition.model.Api;
import io.gravitee.definition.model.Cors;
import io.gravitee.gateway.handlers.api.processor.cors.CorsPreflightInvoker;
import io.gravitee.gateway.jupiter.api.context.Request;
import io.gravitee.gateway.jupiter.api.context.RequestExecutionContext;
import io.gravitee.gateway.jupiter.api.context.Response;
import io.gravitee.gateway.jupiter.handlers.api.security.SecurityChain;
import io.reactivex.Completable;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:io/gravitee/gateway/jupiter/handlers/api/processor/cors/CorsPreflightRequestProcessor.class */
public class CorsPreflightRequestProcessor extends AbstractCorsRequestProcessor {
    public static final String ID = "processor-cors-preflight-request";

    /* loaded from: input_file:io/gravitee/gateway/jupiter/handlers/api/processor/cors/CorsPreflightRequestProcessor$Holder.class */
    private static class Holder {
        private static final CorsPreflightRequestProcessor INSTANCE = new CorsPreflightRequestProcessor();

        private Holder() {
        }
    }

    private CorsPreflightRequestProcessor() {
    }

    public static CorsPreflightRequestProcessor instance() {
        return Holder.INSTANCE;
    }

    public String getId() {
        return ID;
    }

    public Completable execute(RequestExecutionContext requestExecutionContext) {
        return Completable.defer(() -> {
            if (!isPreflightRequest(requestExecutionContext.request())) {
                return Completable.complete();
            }
            Cors cors = ((Api) requestExecutionContext.getComponent(Api.class)).getProxy().getCors();
            handlePreflightRequest(cors, requestExecutionContext.request(), requestExecutionContext.response());
            if (!cors.isRunPolicies()) {
                return requestExecutionContext.interrupt();
            }
            requestExecutionContext.setAttribute(SecurityChain.SKIP_SECURITY_CHAIN, true);
            requestExecutionContext.setAttribute("gravitee.attribute.request.invoker", new CorsPreflightInvoker());
            return Completable.complete();
        });
    }

    private boolean isPreflightRequest(Request request) {
        return (request.method() != HttpMethod.OPTIONS || request.headers().get("Origin") == null || request.headers().get("Access-Control-Request-Method") == null) ? false : true;
    }

    private void handlePreflightRequest(Cors cors, Request request, Response response) {
        request.metrics().setApplication("1");
        String str = request.headers().get("Origin");
        if (!isOriginAllowed(cors, str)) {
            response.status(Cors.DEFAULT_ERROR_STATUS_CODE);
            request.metrics().setMessage(String.format("Origin '%s' is not allowed", str));
            return;
        }
        String str2 = request.headers().get("Access-Control-Request-Method");
        if (!isRequestMethodsValid(cors, str2)) {
            response.status(Cors.DEFAULT_ERROR_STATUS_CODE);
            request.metrics().setMessage(String.format("Request method '%s' is not allowed", str2));
            return;
        }
        String str3 = request.headers().get("Access-Control-Request-Headers");
        if (!isRequestHeadersValid(cors, str3)) {
            response.status(Cors.DEFAULT_ERROR_STATUS_CODE);
            request.metrics().setMessage(String.format("Request headers '%s' are not valid", str3));
            return;
        }
        if (cors.isAccessControlAllowCredentials()) {
            response.headers().set("Access-Control-Allow-Credentials", Boolean.TRUE.toString());
        }
        response.headers().set("Access-Control-Allow-Origin", str);
        if (cors.getAccessControlMaxAge() > -1) {
            response.headers().set("Access-Control-Max-Age", Integer.toString(cors.getAccessControlMaxAge()));
        }
        if (cors.getAccessControlAllowMethods() == null || cors.getAccessControlAllowMethods().isEmpty()) {
            response.status(Cors.DEFAULT_ERROR_STATUS_CODE);
            request.metrics().setMessage("CORS configuration invalid,  Access-Control-Allow-Methods cannot be null or empty.");
        } else {
            response.headers().set("Access-Control-Allow-Methods", (CharSequence) cors.getAccessControlAllowMethods().stream().map((v0) -> {
                return v0.toUpperCase();
            }).collect(Collectors.joining(", ")));
            if (cors.getAccessControlAllowHeaders() != null) {
                response.headers().set("Access-Control-Allow-Headers", String.join(", ", cors.getAccessControlAllowHeaders()));
            }
            response.status(200);
        }
    }

    private boolean isRequestMethodsValid(Cors cors, String str) {
        return isRequestValid(str, cors.getAccessControlAllowMethods());
    }

    private boolean isRequestHeadersValid(Cors cors, String str) {
        return isRequestValid(str, cors.getAccessControlAllowHeaders());
    }

    private boolean isRequestValid(String str, Set<String> set) {
        List<String> splitAndTrim = splitAndTrim(str);
        return splitAndTrim == null || (splitAndTrim.size() == 1 && splitAndTrim.get(0).isEmpty()) || set == null || set.isEmpty() || set.containsAll(splitAndTrim);
    }

    private List<String> splitAndTrim(String str) {
        if (str == null) {
            return null;
        }
        return (List) Arrays.stream(str.split(",")).map((v0) -> {
            return v0.trim();
        }).collect(Collectors.toList());
    }
}
