package io.quarkus.vertx.http.runtime.cors;

import io.quarkus.security.StringPermission;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.http.HttpServerResponse;
import io.vertx.ext.web.RoutingContext;
import java.net.URI;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.RestResponse;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/cors/CORSFilter.class */
public class CORSFilter implements Handler<RoutingContext> {
    private static final Logger LOG = Logger.getLogger((Class<?>) CORSFilter.class);
    private static final Pattern COMMA_SEPARATED_SPLIT_REGEX = Pattern.compile("\\s*,\\s*");
    final CORSConfig corsConfig;
    private final boolean wildcardOrigin;
    private final boolean wildcardMethod;
    private final List<Pattern> allowedOriginsRegex;
    private final Set<HttpMethod> configuredHttpMethods;
    private final String exposedHeaders;
    private final String allowedHeaders;
    private final String allowedMethods;

    public CORSFilter(CORSConfig cORSConfig) {
        this.corsConfig = cORSConfig;
        this.wildcardOrigin = isOriginConfiguredWithWildcard(this.corsConfig.origins);
        this.wildcardMethod = isConfiguredWithWildcard(cORSConfig.methods);
        this.allowedOriginsRegex = this.wildcardOrigin ? List.of() : parseAllowedOriginsRegex(this.corsConfig.origins);
        this.configuredHttpMethods = createConfiguredHttpMethods(this.corsConfig.methods);
        this.exposedHeaders = createHeaderString(this.corsConfig.exposedHeaders);
        this.allowedHeaders = createHeaderString(this.corsConfig.headers);
        this.allowedMethods = createHeaderString(this.corsConfig.methods);
    }

    private String createHeaderString(Optional<List<String>> optional) {
        if (optional.isEmpty() || optional.get().isEmpty()) {
            return null;
        }
        if (optional.get().size() == 1 && optional.get().get(0).equals("*")) {
            return null;
        }
        return String.join(StringPermission.ACTIONS_SEPARATOR, optional.get());
    }

    private Set<HttpMethod> createConfiguredHttpMethods(Optional<List<String>> optional) {
        if (optional.isEmpty()) {
            return Set.of();
        }
        List<String> list = optional.get();
        LinkedHashSet linkedHashSet = new LinkedHashSet(list.size());
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            linkedHashSet.add(HttpMethod.valueOf(it.next()));
        }
        return linkedHashSet;
    }

    public static boolean isConfiguredWithWildcard(Optional<List<String>> optional) {
        if (optional == null || !optional.isPresent()) {
            return true;
        }
        List<String> list = optional.get();
        return list.isEmpty() || (list.size() == 1 && "*".equals(list.get(0)));
    }

    private static boolean isOriginConfiguredWithWildcard(Optional<List<String>> optional) {
        return !optional.isEmpty() && optional.get().size() == 1 && "*".equals(optional.get().get(0));
    }

    public static List<Pattern> parseAllowedOriginsRegex(Optional<List<String>> optional) {
        if (optional == null || !optional.isPresent()) {
            return List.of();
        }
        ArrayList arrayList = new ArrayList();
        for (String str : optional.get()) {
            if (str != null && str.startsWith("/") && str.endsWith("/")) {
                arrayList.add(Pattern.compile(str.substring(1, str.length() - 1)));
            }
        }
        return arrayList;
    }

    public static boolean isOriginAllowedByRegex(List<Pattern> list, String str) {
        if (list == null) {
            return false;
        }
        Iterator<Pattern> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    @Override // io.vertx.core.Handler
    public void handle(RoutingContext routingContext) {
        Objects.requireNonNull(this.corsConfig, "CORS config is not set");
        HttpServerRequest request = routingContext.request();
        HttpServerResponse response = routingContext.response();
        String header = request.getHeader(HttpHeaders.ORIGIN);
        if (header == null) {
            routingContext.next();
            return;
        }
        boolean z = this.wildcardOrigin;
        if (!z) {
            if (this.corsConfig.origins.isPresent()) {
                z = this.corsConfig.origins.get().contains(header) || isOriginAllowedByRegex(this.allowedOriginsRegex, header) || isSameOrigin(request, header);
            } else {
                z = isSameOrigin(request, header);
            }
        }
        if (z) {
            response.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, String.valueOf(this.corsConfig.accessControlAllowCredentials.orElse(Boolean.valueOf(this.corsConfig.origins.isPresent() && this.corsConfig.origins.get().contains(header))).booleanValue()));
            response.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, header);
        } else {
            LOG.debugf("Invalid origin %s", header);
            response.setStatusCode(RestResponse.StatusCode.FORBIDDEN);
            response.setStatusMessage("CORS Rejected - Invalid origin");
        }
        if (request.method().equals(HttpMethod.OPTIONS)) {
            String header2 = request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD);
            String header3 = request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
            if (header3 != null || header2 != null) {
                handlePreflightRequest(routingContext, header3, header2, header, z);
                response.end();
                return;
            }
        }
        if (this.allowedHeaders != null) {
            response.headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, this.allowedHeaders);
        }
        if (this.allowedMethods != null) {
            response.headers().add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, this.allowedMethods);
        }
        if (this.exposedHeaders != null) {
            response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders);
        }
        if (isMethodAllowed(request.method())) {
            if (z) {
                routingContext.next();
                return;
            } else {
                response.end();
                return;
            }
        }
        LOG.debugf("Method %s is not allowed", request.method());
        response.setStatusCode(RestResponse.StatusCode.FORBIDDEN);
        response.setStatusMessage("CORS Rejected - Invalid method");
        response.end();
    }

    private void handlePreflightRequest(RoutingContext routingContext, String str, String str2, String str3, boolean z) {
        if (this.corsConfig.accessControlMaxAge.isPresent()) {
            routingContext.response().putHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, String.valueOf(this.corsConfig.accessControlMaxAge.get().getSeconds()));
        }
        HttpServerResponse response = routingContext.response();
        if (str2 != null) {
            processPreFlightMethods(response, str2);
        }
        if (str != null) {
            processPreFlightRequestedHeaders(response, str);
        }
        if (this.exposedHeaders != null) {
            response.headers().add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeaders);
        }
    }

    static boolean isSameOrigin(HttpServerRequest httpServerRequest, String str) {
        if (!str.startsWith(httpServerRequest.scheme())) {
            return false;
        }
        if (!substringMatch(str, httpServerRequest.scheme().length(), "://", false)) {
            LOG.debugf("Same origin check has failed, the origin is not a substring of the request URI. Request URI: %s, origin: %s", httpServerRequest.absoluteURI(), str);
            return false;
        }
        if (substringMatch(str, httpServerRequest.scheme().length() + 3, httpServerRequest.host(), true)) {
            return true;
        }
        return isSameOriginSlowPath(httpServerRequest, str);
    }

    static boolean isSameOriginSlowPath(HttpServerRequest httpServerRequest, String str) {
        URI create = URI.create(httpServerRequest.absoluteURI());
        URI create2 = URI.create(str);
        if (!create2.getPath().isEmpty()) {
            LOG.debugf("Same origin check has failed as the origin contains a path component. Request URI: %s, origin: %s", httpServerRequest.absoluteURI(), str);
            return false;
        }
        if (!create.getHost().equals(create2.getHost())) {
            LOG.debugf("Same origin check has failed, the host values do not match. Request URI: %s, origin: %s", httpServerRequest.absoluteURI(), str);
            return false;
        }
        if (create.getPort() == create2.getPort()) {
            return true;
        }
        if (create.getPort() != -1 && create2.getPort() != -1) {
            return false;
        }
        if (create.getScheme().equals("http")) {
            if ((create.getPort() == 80 || create.getPort() == -1) && (create2.getPort() == 80 || create2.getPort() == -1)) {
                return true;
            }
        } else if (create.getScheme().equals("https") && ((create.getPort() == 443 || create.getPort() == -1) && (create2.getPort() == 443 || create2.getPort() == -1))) {
            return true;
        }
        LOG.debugf("Same origin check has failed. Request URI: %s, origin: %s", httpServerRequest.absoluteURI(), str);
        return false;
    }

    static boolean substringMatch(String str, int i, String str2, boolean z) {
        int length = str.length();
        int length2 = str2.length();
        int i2 = i;
        if (i + length2 > length) {
            return false;
        }
        for (int i3 = 0; i3 != length2; i3++) {
            if (str.charAt(i2) != str2.charAt(i3)) {
                return false;
            }
            i2++;
        }
        return !z || i2 == length;
    }

    private void processPreFlightRequestedHeaders(HttpServerResponse httpServerResponse, String str) {
        if (isConfiguredWithWildcard(this.corsConfig.headers)) {
            httpServerResponse.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, str);
        } else {
            httpServerResponse.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, this.allowedHeaders);
        }
    }

    private void processPreFlightMethods(HttpServerResponse httpServerResponse, String str) {
        if (this.wildcardMethod) {
            httpServerResponse.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, str);
            return;
        }
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (HttpMethod httpMethod : this.configuredHttpMethods) {
            if (z) {
                z = false;
            } else {
                sb.append(StringPermission.ACTIONS_SEPARATOR);
            }
            sb.append(httpMethod.name());
        }
        httpServerResponse.headers().set(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, sb.toString());
    }

    private boolean isMethodAllowed(HttpMethod httpMethod) {
        if (this.wildcardMethod) {
            return true;
        }
        return this.configuredHttpMethods.contains(httpMethod);
    }
}
