package com.atlassian.plugins.cors;

import com.atlassian.fugue.Effect;
import com.atlassian.fugue.Option;
import com.atlassian.plugins.whitelist.InboundWhitelist;
import com.google.common.base.Predicate;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;

@Deprecated
/* loaded from: input_file:com/atlassian/plugins/cors/CorsFilter.class */
public class CorsFilter implements Filter {
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private static final String HTTP_METHOD_OPTIONS = "OPTIONS";
    private static final String ORIGIN = "Origin";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String TRUE = String.valueOf(true);
    private final InboundWhitelist inboundWhitelist;

    public CorsFilter(InboundWhitelist inboundWhitelist) {
        this.inboundWhitelist = inboundWhitelist;
    }

    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        retrieveOrigin(httpServletRequest).filter(isAllowed()).foreach(addCorsResponseHeaders((HttpServletResponse) servletResponse, httpServletRequest));
        if (HTTP_METHOD_OPTIONS.equals(httpServletRequest.getMethod())) {
            return;
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private Option<URI> retrieveOrigin(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(ORIGIN);
        if (StringUtils.isBlank(header)) {
            return Option.none();
        }
        try {
            return Option.some(new URI(header));
        } catch (URISyntaxException e) {
            return Option.none();
        }
    }

    private Predicate<URI> isAllowed() {
        return new Predicate<URI>() { // from class: com.atlassian.plugins.cors.CorsFilter.1
            public boolean apply(URI uri) {
                return CorsFilter.this.inboundWhitelist.isAllowed(uri);
            }
        };
    }

    private Effect<URI> addCorsResponseHeaders(final HttpServletResponse httpServletResponse, final HttpServletRequest httpServletRequest) {
        return new Effect<URI>() { // from class: com.atlassian.plugins.cors.CorsFilter.2
            public void apply(URI uri) {
                httpServletResponse.addHeader(CorsFilter.ACCESS_CONTROL_ALLOW_ORIGIN, uri.toString());
                httpServletResponse.addHeader(CorsFilter.ACCESS_CONTROL_ALLOW_CREDENTIALS, CorsFilter.TRUE);
                httpServletResponse.addHeader(CorsFilter.ACCESS_CONTROL_ALLOW_HEADERS, CorsFilter.CONTENT_TYPE);
                if (CorsFilter.HTTP_METHOD_OPTIONS.equals(httpServletRequest.getMethod())) {
                    httpServletResponse.addHeader(CorsFilter.ACCESS_CONTROL_ALLOW_METHODS, httpServletRequest.getMethod());
                }
            }
        };
    }
}
