package org.apache.dubbo.rpc.protocol.tri.rest.cors;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.dubbo.common.extension.Activate;
import org.apache.dubbo.common.utils.ArrayUtils;
import org.apache.dubbo.common.utils.StringUtils;
import org.apache.dubbo.remoting.http12.HttpMethods;
import org.apache.dubbo.remoting.http12.HttpRequest;
import org.apache.dubbo.remoting.http12.HttpResponse;
import org.apache.dubbo.remoting.http12.HttpResult;
import org.apache.dubbo.remoting.http12.HttpStatus;
import org.apache.dubbo.remoting.http12.exception.HttpResultPayloadException;
import org.apache.dubbo.rpc.Invoker;
import org.apache.dubbo.rpc.RpcException;
import org.apache.dubbo.rpc.RpcInvocation;
import org.apache.dubbo.rpc.protocol.tri.TripleConstant;
import org.apache.dubbo.rpc.protocol.tri.rest.RestConstants;
import org.apache.dubbo.rpc.protocol.tri.rest.filter.RestHeaderFilterAdapter;
import org.apache.dubbo.rpc.protocol.tri.rest.mapping.RequestMapping;
import org.apache.dubbo.rpc.protocol.tri.rest.mapping.meta.CorsMeta;

@Activate(group = {"provider"}, order = 1000)
/* loaded from: input_file:org/apache/dubbo/rpc/protocol/tri/rest/cors/CorsHeaderFilter.class */
public class CorsHeaderFilter extends RestHeaderFilterAdapter {
    public static final String VARY = "Vary";
    public static final String ORIGIN = "Origin";
    public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
    public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
    public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    public static final String SEP = ", ";

    @Override // org.apache.dubbo.rpc.protocol.tri.rest.filter.RestHeaderFilterAdapter
    protected void invoke(Invoker<?> invoker, RpcInvocation rpcInvocation, HttpRequest httpRequest, HttpResponse httpResponse) throws RpcException {
        CorsMeta cors = ((RequestMapping) httpRequest.attribute(RestConstants.MAPPING_ATTRIBUTE)).getCors();
        String header = httpRequest.header("Origin");
        if (cors == null) {
            if (isPreFlightRequest(httpRequest, header)) {
                throw new HttpResultPayloadException(HttpResult.builder().status(HttpStatus.FORBIDDEN).body("Invalid CORS request").build());
            }
        } else if (!process(cors, httpRequest, httpResponse)) {
            throw new HttpResultPayloadException(HttpResult.builder().status(HttpStatus.FORBIDDEN).body("Invalid CORS request").headers(httpResponse.headers()).build());
        }
    }

    private boolean process(CorsMeta corsMeta, HttpRequest httpRequest, HttpResponse httpResponse) {
        setVaryHeader(httpResponse);
        String header = httpRequest.header("Origin");
        if (isNotCorsRequest(httpRequest, header) || httpResponse.header("Access-Control-Allow-Origin") != null) {
            return true;
        }
        String checkOrigin = checkOrigin(corsMeta, header);
        if (checkOrigin == null) {
            return false;
        }
        boolean isPreFlightRequest = isPreFlightRequest(httpRequest, header);
        List<String> checkMethods = checkMethods(corsMeta, isPreFlightRequest ? httpRequest.header("Access-Control-Request-Method") : httpRequest.method());
        if (checkMethods == null) {
            return false;
        }
        List<String> list = null;
        if (isPreFlightRequest) {
            list = checkHeaders(corsMeta, httpRequest.headerValues("Access-Control-Request-Headers"));
            if (list == null) {
                return false;
            }
        }
        httpResponse.setHeader("Access-Control-Allow-Origin", checkOrigin);
        if (ArrayUtils.isNotEmpty(corsMeta.getExposedHeaders())) {
            httpResponse.setHeader("Access-Control-Expose-Headers", StringUtils.join(corsMeta.getExposedHeaders(), SEP));
        }
        if (Boolean.TRUE.equals(corsMeta.getAllowCredentials())) {
            httpResponse.setHeader("Access-Control-Allow-Credentials", Boolean.TRUE.toString());
        }
        if (!isPreFlightRequest) {
            return true;
        }
        httpResponse.setHeader("Access-Control-Allow-Methods", StringUtils.join(checkMethods, SEP));
        if (!list.isEmpty()) {
            httpResponse.setHeader("Access-Control-Allow-Headers", StringUtils.join(list, SEP));
        }
        if (corsMeta.getMaxAge() != null) {
            httpResponse.setHeader("Access-Control-Max-Age", corsMeta.getMaxAge().toString());
        }
        throw new HttpResultPayloadException(HttpResult.builder().status(HttpStatus.NO_CONTENT).headers(httpResponse.headers()).build());
    }

    private static void setVaryHeader(HttpResponse httpResponse) {
        String join;
        List headerValues = httpResponse.headerValues("Vary");
        if (headerValues == null) {
            join = "Origin, Access-Control-Request-Method, Access-Control-Request-Headers";
        } else {
            LinkedHashSet linkedHashSet = new LinkedHashSet(headerValues);
            linkedHashSet.add("Origin");
            linkedHashSet.add("Access-Control-Request-Method");
            linkedHashSet.add("Access-Control-Request-Headers");
            join = StringUtils.join(linkedHashSet, SEP);
        }
        httpResponse.setHeader("Vary", join);
    }

    private static String checkOrigin(CorsMeta corsMeta, String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        String formatOrigin = CorsUtils.formatOrigin(str);
        String[] allowedOrigins = corsMeta.getAllowedOrigins();
        if (ArrayUtils.isNotEmpty(allowedOrigins)) {
            if (ArrayUtils.contains(allowedOrigins, "*")) {
                if (Boolean.TRUE.equals(corsMeta.getAllowCredentials())) {
                    throw new IllegalArgumentException("When allowCredentials is true, allowedOrigins cannot contain the special value \"*\"");
                }
                return "*";
            }
            for (String str2 : allowedOrigins) {
                if (formatOrigin.equalsIgnoreCase(str2)) {
                    return formatOrigin;
                }
            }
        }
        if (!ArrayUtils.isNotEmpty(corsMeta.getAllowedOriginsPatterns())) {
            return null;
        }
        for (Pattern pattern : corsMeta.getAllowedOriginsPatterns()) {
            if (pattern.matcher(formatOrigin).matches()) {
                return formatOrigin;
            }
        }
        return null;
    }

    private static List<String> checkMethods(CorsMeta corsMeta, String str) {
        if (str == null) {
            return null;
        }
        String[] allowedMethods = corsMeta.getAllowedMethods();
        if (ArrayUtils.contains(allowedMethods, "*")) {
            return Collections.singletonList(str);
        }
        for (String str2 : allowedMethods) {
            if (str.equalsIgnoreCase(str2)) {
                return Arrays.asList(allowedMethods);
            }
        }
        return null;
    }

    private static List<String> checkHeaders(CorsMeta corsMeta, Collection<String> collection) {
        if (collection == null || collection.isEmpty()) {
            return Collections.emptyList();
        }
        String[] allowedHeaders = corsMeta.getAllowedHeaders();
        if (ArrayUtils.isEmpty(allowedHeaders)) {
            return null;
        }
        boolean contains = ArrayUtils.contains(allowedHeaders, "*");
        ArrayList arrayList = new ArrayList(collection.size());
        for (String str : collection) {
            if (contains) {
                arrayList.add(str);
            } else {
                int length = allowedHeaders.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (str.equalsIgnoreCase(allowedHeaders[i])) {
                        arrayList.add(str);
                        break;
                    }
                    i++;
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return arrayList;
    }

    private static boolean isNotCorsRequest(HttpRequest httpRequest, String str) {
        if (str == null) {
            return true;
        }
        try {
            URI uri = new URI(str);
            if (httpRequest.scheme().equals(uri.getScheme()) && httpRequest.serverName().equals(uri.getHost())) {
                if (getPort(httpRequest.scheme(), httpRequest.serverPort()) == getPort(uri.getScheme(), uri.getPort())) {
                    return true;
                }
            }
            return false;
        } catch (URISyntaxException e) {
            return false;
        }
    }

    private static boolean isPreFlightRequest(HttpRequest httpRequest, String str) {
        return httpRequest.method().equals(HttpMethods.OPTIONS.name()) && str != null && httpRequest.hasHeader("Access-Control-Request-Method");
    }

    private static int getPort(String str, int i) {
        if (i == -1) {
            if (TripleConstant.TRIPLE_HANDLER_TYPE_HTTP.equals(str)) {
                return 80;
            }
            if ("https".equals(str)) {
                return 443;
            }
        }
        return i;
    }
}
