package com.thetransactioncompany.cors;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/cors-filter-2.6.jar:com/thetransactioncompany/cors/CORSRequestHandler.class */
public class CORSRequestHandler {
    private final CORSConfiguration config;
    private final String supportedMethods;
    private final String supportedHeaders;
    private final String exposedHeaders;

    public CORSRequestHandler(CORSConfiguration cORSConfiguration) {
        this.config = cORSConfiguration;
        this.supportedMethods = HeaderUtils.serialize(cORSConfiguration.supportedMethods, ", ");
        if (cORSConfiguration.supportAnyHeader) {
            this.supportedHeaders = null;
        } else {
            this.supportedHeaders = HeaderUtils.serialize(cORSConfiguration.supportedHeaders, ", ");
        }
        this.exposedHeaders = HeaderUtils.serialize(cORSConfiguration.exposedHeaders, ", ");
    }

    public void handleActualRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws CORSException {
        if (CORSRequestType.detect(httpServletRequest) != CORSRequestType.ACTUAL) {
            throw CORSException.INVALID_ACTUAL_REQUEST;
        }
        Origin origin = new Origin(httpServletRequest.getHeader("Origin"));
        if (!this.config.isAllowedOrigin(origin)) {
            throw CORSException.ORIGIN_DENIED;
        }
        if (!this.config.isSupportedMethod(httpServletRequest.getMethod().toUpperCase())) {
            throw CORSException.UNSUPPORTED_METHOD;
        }
        if (this.config.supportsCredentials) {
            httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.addHeader("Access-Control-Allow-Origin", origin.toString());
            httpServletResponse.addHeader("Vary", "Origin");
        } else if (this.config.allowAnyOrigin) {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
        } else {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", origin.toString());
            httpServletResponse.addHeader("Vary", "Origin");
        }
        if (this.exposedHeaders.isEmpty()) {
            return;
        }
        httpServletResponse.addHeader("Access-Control-Expose-Headers", this.exposedHeaders);
    }

    public void handlePreflightRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws CORSException {
        if (CORSRequestType.detect(httpServletRequest) != CORSRequestType.PREFLIGHT) {
            throw CORSException.INVALID_PREFLIGHT_REQUEST;
        }
        Origin origin = new Origin(httpServletRequest.getHeader("Origin"));
        if (!this.config.isAllowedOrigin(origin)) {
            throw CORSException.ORIGIN_DENIED;
        }
        String header = httpServletRequest.getHeader("Access-Control-Request-Method");
        if (header == null) {
            throw CORSException.MISSING_ACCESS_CONTROL_REQUEST_METHOD_HEADER;
        }
        String upperCase = header.toUpperCase();
        String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
        String[] parseMultipleHeaderValues = HeaderUtils.parseMultipleHeaderValues(header2);
        String[] strArr = new String[parseMultipleHeaderValues.length];
        for (int i = 0; i < strArr.length; i++) {
            try {
                strArr[i] = HeaderName.formatCanonical(parseMultipleHeaderValues[i]);
            } catch (IllegalArgumentException e) {
                throw CORSException.INVALID_HEADER_VALUE;
            }
        }
        if (!this.config.isSupportedMethod(upperCase)) {
            throw CORSException.UNSUPPORTED_METHOD;
        }
        if (!this.config.supportAnyHeader) {
            for (String str : strArr) {
                if (!this.config.supportedHeaders.contains(str)) {
                    throw CORSException.UNSUPPORTED_REQUEST_HEADER;
                }
            }
        }
        if (this.config.supportsCredentials) {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", origin.toString());
            httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.addHeader("Vary", "Origin");
        } else if (this.config.allowAnyOrigin) {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
        } else {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", origin.toString());
            httpServletResponse.addHeader("Vary", "Origin");
        }
        if (this.config.maxAge > 0) {
            httpServletResponse.addHeader("Access-Control-Max-Age", Integer.toString(this.config.maxAge));
        }
        httpServletResponse.addHeader("Access-Control-Allow-Methods", this.supportedMethods);
        if (this.config.supportAnyHeader && header2 != null) {
            httpServletResponse.addHeader("Access-Control-Allow-Headers", header2);
        } else {
            if (this.supportedHeaders == null || this.supportedHeaders.isEmpty()) {
                return;
            }
            httpServletResponse.addHeader("Access-Control-Allow-Headers", this.supportedHeaders);
        }
    }
}
