package io.muserver.rest;

import io.muserver.HeaderNames;
import io.muserver.Headers;
import io.muserver.Method;
import io.muserver.MuRequest;
import io.muserver.MuResponse;
import io.muserver.Mutils;
import io.muserver.rest.RequestMatcher;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

/* loaded from: input_file:io/muserver/rest/CORSConfig.class */
public class CORSConfig {
    public final boolean allowCredentials;
    public final Collection<String> allowedOrigins;
    public final List<Pattern> allowedOriginRegex;
    public final Collection<String> exposedHeaders;
    public final long maxAge;
    private final String exposedHeadersCSV;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CORSConfig(boolean z, Collection<String> collection, List<Pattern> list, Collection<String> collection2, long j) {
        Mutils.notNull("allowedOriginRegex", list);
        this.allowCredentials = z;
        this.allowedOrigins = Collections.unmodifiableCollection(collection);
        this.allowedOriginRegex = list;
        this.exposedHeaders = Collections.unmodifiableCollection(collection2);
        this.maxAge = j;
        this.exposedHeadersCSV = (String) collection2.stream().sorted().collect(Collectors.joining(", "));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean writeHeaders(MuRequest muRequest, MuResponse muResponse, Set<RequestMatcher.MatchedMethod> set) {
        muResponse.headers().add(HeaderNames.VARY, HeaderNames.ORIGIN);
        String str = muRequest.headers().get(HeaderNames.ORIGIN);
        if (Mutils.nullOrEmpty(str)) {
            return false;
        }
        Headers headers = muResponse.headers();
        if (!allowCors(str)) {
            headers.set(HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, "null");
            return false;
        }
        headers.set(HeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, str);
        headers.set(HeaderNames.ACCESS_CONTROL_ALLOW_METHODS, getAllowedMethods(set));
        if (muRequest.method() == Method.OPTIONS) {
            headers.set(HeaderNames.ACCESS_CONTROL_MAX_AGE, Long.valueOf(this.maxAge));
            headers.set(HeaderNames.ACCESS_CONTROL_ALLOW_HEADERS, this.exposedHeadersCSV);
        } else {
            headers.set(HeaderNames.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeadersCSV);
        }
        if (!this.allowCredentials) {
            return true;
        }
        headers.set(HeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getAllowedMethods(Set<RequestMatcher.MatchedMethod> set) {
        Set set2 = (Set) set.stream().map(matchedMethod -> {
            return matchedMethod.resourceMethod.httpMethod;
        }).collect(Collectors.toSet());
        if (set2.contains(Method.GET)) {
            set2.add(Method.HEAD);
        }
        set2.add(Method.OPTIONS);
        return (String) set2.stream().map((v0) -> {
            return v0.name();
        }).sorted().collect(Collectors.joining(", "));
    }

    boolean allowCors(String str) {
        if (this.allowedOrigins == null || this.allowedOrigins.contains(str)) {
            return true;
        }
        Iterator<Pattern> it = this.allowedOriginRegex.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }
}
