package jetbrains.youtrack.webapp.filters;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jetbrains.charisma.persistent.BeansKt;
import jetbrains.exodus.database.TransientStoreSession;
import jetbrains.youtrack.core.legacy.LegacySupportKt;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import mu.KLogging;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: CORSRequestFilter.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��8\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u001c\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0003\u0018�� \u00132\u00020\u0001:\u0001\u0013B\u0005¢\u0006\u0002\u0010\u0002J \u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\u0012\u0010\u0010\u001a\u00020\u00112\b\u0010\u0012\u001a\u0004\u0018\u00010\u0005H\u0002R\u001c\u0010\u0003\u001a\n\u0012\u0004\u0012\u00020\u0005\u0018\u00010\u00048BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u0014"}, d2 = {"Ljetbrains/youtrack/webapp/filters/CORSRequestFilter;", "Ljetbrains/youtrack/webapp/filters/FilterAdapter;", "()V", "allowedOrigins", "", "", "getAllowedOrigins", "()Ljava/lang/Iterable;", "doFilter", "", "request", "Ljavax/servlet/http/HttpServletRequest;", "response", "Ljavax/servlet/http/HttpServletResponse;", "chain", "Ljavax/servlet/FilterChain;", "isAllowedOrigin", "", "requestOrigin", "Companion", "youtrack-webapp"})
/* loaded from: input_file:jetbrains/youtrack/webapp/filters/CORSRequestFilter.class */
public final class CORSRequestFilter extends FilterAdapter {

    @NotNull
    public static final String ACCESS_CONTROL_HEADER = "Access-Control-Allow-Origin";

    @NotNull
    public static final String ORIGIN_HEADER = "Origin";
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials";
    private static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER = "Access-Control-Allow-Headers";
    private static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER = "Access-Control-Request-Headers";

    @NotNull
    public static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER = "Access-Control-Request-Method";
    private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    public static final Companion Companion = new Companion(null);

    /* compiled from: CORSRequestFilter.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\b\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��¨\u0006\f"}, d2 = {"Ljetbrains/youtrack/webapp/filters/CORSRequestFilter$Companion;", "Lmu/KLogging;", "()V", "ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER", "", "ACCESS_CONTROL_ALLOW_HEADERS_HEADER", "ACCESS_CONTROL_ALLOW_METHODS", "ACCESS_CONTROL_EXPOSE_HEADERS", "ACCESS_CONTROL_HEADER", "ACCESS_CONTROL_REQUEST_HEADERS_HEADER", "ACCESS_CONTROL_REQUEST_METHOD_HEADER", "ORIGIN_HEADER", "youtrack-webapp"})
    /* loaded from: input_file:jetbrains/youtrack/webapp/filters/CORSRequestFilter$Companion.class */
    public static final class Companion extends KLogging {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private final Iterable<String> getAllowedOrigins() {
        return (Iterable) LegacySupportKt.transactional(new Function1<TransientStoreSession, Set<? extends String>>() { // from class: jetbrains.youtrack.webapp.filters.CORSRequestFilter$allowedOrigins$1
            @Nullable
            public final Set<String> invoke(@NotNull TransientStoreSession transientStoreSession) {
                Intrinsics.checkParameterIsNotNull(transientStoreSession, "it");
                return BeansKt.getRestSettings().getAllAllowedOrigins();
            }
        });
    }

    @Override // jetbrains.youtrack.webapp.filters.FilterAdapter
    public void doFilter(@NotNull final HttpServletRequest httpServletRequest, @NotNull final HttpServletResponse httpServletResponse, @NotNull FilterChain filterChain) {
        Intrinsics.checkParameterIsNotNull(httpServletRequest, "request");
        Intrinsics.checkParameterIsNotNull(httpServletResponse, "response");
        Intrinsics.checkParameterIsNotNull(filterChain, "chain");
        boolean equals = StringsKt.equals("OPTIONS", httpServletRequest.getMethod(), true);
        final CORSRequestFilter$doFilter$1 cORSRequestFilter$doFilter$1 = new CORSRequestFilter$doFilter$1(equals, httpServletRequest);
        FilterAdapterKt.baseAppContext(httpServletRequest, httpServletResponse, new Function0<Unit>() { // from class: jetbrains.youtrack.webapp.filters.CORSRequestFilter$doFilter$2
            public /* bridge */ /* synthetic */ Object invoke() {
                m15invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m15invoke() {
                boolean isAllowedOrigin;
                String header = httpServletRequest.getHeader(CORSRequestFilter.ORIGIN_HEADER);
                isAllowedOrigin = CORSRequestFilter.this.isAllowedOrigin(header);
                if (cORSRequestFilter$doFilter$1.m14invoke() || isAllowedOrigin) {
                    HttpServletResponse httpServletResponse2 = httpServletResponse;
                    String str = header;
                    if (str == null) {
                        str = "*";
                    }
                    httpServletResponse2.addHeader(CORSRequestFilter.ACCESS_CONTROL_HEADER, str);
                    if (isAllowedOrigin) {
                        httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
                    }
                    String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
                    if (header2 != null) {
                        if (header2.length() > 0) {
                            httpServletResponse.addHeader("Access-Control-Allow-Headers", header2);
                        }
                    }
                }
                httpServletResponse.addHeader("Access-Control-Expose-Headers", "Location");
                String header3 = httpServletRequest.getHeader(CORSRequestFilter.ACCESS_CONTROL_REQUEST_METHOD_HEADER);
                if (header3 != null) {
                    if (header3.length() > 0) {
                        httpServletResponse.addHeader("Access-Control-Allow-Methods", header3);
                    }
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        });
        if (equals) {
            httpServletResponse.setStatus(200);
        } else {
            filterChain.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean isAllowedOrigin(String str) {
        String str2;
        if (str == null) {
            return false;
        }
        try {
            str2 = new URL(str).getAuthority();
        } catch (MalformedURLException e) {
            str2 = Unit.INSTANCE;
        }
        String str3 = str2;
        Iterable<String> allowedOrigins = getAllowedOrigins();
        if (allowedOrigins != null) {
            return CollectionsKt.contains(allowedOrigins, str3);
        }
        return true;
    }
}
