package org.jahia.modules.graphql.provider.dxm.cors;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.methods.HttpOptions;
import org.elasticsearch.http.CorsHandler;
import org.jahia.modules.graphql.provider.dxm.config.DXGraphQLConfig;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Filter.class}, property = {"pattern=/graphql"}, immediate = true)
/* loaded from: input_file:graphql-dxm-provider-2.9.0.jar:org/jahia/modules/graphql/provider/dxm/cors/CorsFilter.class */
public class CorsFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(CorsFilter.class);
    private static final List<String> ALLOWED_HEADERS = Arrays.asList("authorization", "content-type");
    private DXGraphQLConfig config;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    @Reference
    public void setConfig(DXGraphQLConfig dXGraphQLConfig) {
        this.config = dXGraphQLConfig;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletResponse instanceof HttpServletResponse) && (servletRequest instanceof HttpServletRequest)) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String header = httpServletRequest.getHeader(CorsHandler.ORIGIN);
            if (StringUtils.isNotBlank(header) && checkOrigin(header)) {
                httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
                if (httpServletRequest.getMethod().equalsIgnoreCase(HttpOptions.METHOD_NAME)) {
                    Stream map = Arrays.stream(StringUtils.split(httpServletRequest.getHeader("Access-Control-Request-Headers"), ", ")).map((v0) -> {
                        return v0.toLowerCase();
                    });
                    List<String> list = ALLOWED_HEADERS;
                    list.getClass();
                    List list2 = (List) map.filter((v1) -> {
                        return r1.contains(v1);
                    }).collect(Collectors.toList());
                    httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
                    httpServletResponse.addHeader("Access-Control-Allow-Headers", StringUtils.join(list2, ","));
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public boolean checkOrigin(String str) {
        return this.config.getCorsOrigins().contains(str);
    }
}
