package org.elasticsearch.http;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.rest.RestUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:elasticsearch-connector-3.0.0.jar:org/elasticsearch/http/CorsHandler.class
 */
/* loaded from: input_file:elasticsearch-connector-3.0.0.jar:elasticsearch-7.13.2.jar:org/elasticsearch/http/CorsHandler.class */
public class CorsHandler {
    public static final String ANY_ORIGIN = "*";
    public static final String ORIGIN = "origin";
    public static final String DATE = "date";
    public static final String VARY = "vary";
    public static final String HOST = "host";
    public static final String ACCESS_CONTROL_REQUEST_METHOD = "access-control-request-method";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS = "access-control-allow-headers";
    public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "access-control-allow-credentials";
    public static final String ACCESS_CONTROL_ALLOW_METHODS = "access-control-allow-methods";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "access-control-allow-origin";
    public static final String ACCESS_CONTROL_MAX_AGE = "access-control-max-age";
    private static final Pattern SCHEME_PATTERN = Pattern.compile("^https?://");
    private static final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("EEE, dd MMM yyyy HH:mm:ss O", Locale.ENGLISH);
    private final Config config;

    /* JADX WARN: Classes with same name are omitted:
      input_file:elasticsearch-connector-3.0.0.jar:org/elasticsearch/http/CorsHandler$Config.class
     */
    /* loaded from: input_file:elasticsearch-connector-3.0.0.jar:elasticsearch-7.13.2.jar:org/elasticsearch/http/CorsHandler$Config.class */
    public static class Config {
        private final boolean enabled;
        private final Optional<Set<String>> origins;
        private final Optional<Pattern> pattern;
        private final boolean anyOrigin;
        private final boolean credentialsAllowed;
        private final Set<RestRequest.Method> allowedRequestMethods;
        private final Set<String> allowedRequestHeaders;
        private final long maxAge;

        /* JADX INFO: Access modifiers changed from: private */
        /* JADX WARN: Classes with same name are omitted:
          input_file:elasticsearch-connector-3.0.0.jar:org/elasticsearch/http/CorsHandler$Config$Builder.class
         */
        /* loaded from: input_file:elasticsearch-connector-3.0.0.jar:elasticsearch-7.13.2.jar:org/elasticsearch/http/CorsHandler$Config$Builder.class */
        public static class Builder {
            private boolean enabled;
            private Optional<Set<String>> origins;
            private Optional<Pattern> pattern;
            private final boolean anyOrigin;
            private boolean allowCredentials;
            long maxAge;
            private final Set<RestRequest.Method> requestMethods;
            private final Set<String> requestHeaders;

            private Builder() {
                this.enabled = true;
                this.allowCredentials = false;
                this.requestMethods = new HashSet();
                this.requestHeaders = new HashSet();
                this.anyOrigin = true;
                this.origins = Optional.empty();
                this.pattern = Optional.empty();
            }

            private Builder(String... strArr) {
                this.enabled = true;
                this.allowCredentials = false;
                this.requestMethods = new HashSet();
                this.requestHeaders = new HashSet();
                this.origins = Optional.of(new LinkedHashSet(Arrays.asList(strArr)));
                this.pattern = Optional.empty();
                this.anyOrigin = false;
            }

            private Builder(Pattern pattern) {
                this.enabled = true;
                this.allowCredentials = false;
                this.requestMethods = new HashSet();
                this.requestHeaders = new HashSet();
                this.pattern = Optional.of(pattern);
                this.origins = Optional.empty();
                this.anyOrigin = false;
            }

            static Builder forOrigins(String... strArr) {
                return new Builder(strArr);
            }

            static Builder forAnyOrigin() {
                return new Builder();
            }

            static Builder forPattern(Pattern pattern) {
                return new Builder(pattern);
            }

            Builder allowCredentials() {
                this.allowCredentials = true;
                return this;
            }

            public Builder allowedRequestMethods(RestRequest.Method[] methodArr) {
                this.requestMethods.addAll(Arrays.asList(methodArr));
                return this;
            }

            public Builder maxAge(int i) {
                this.maxAge = i;
                return this;
            }

            public Builder allowedRequestHeaders(String[] strArr) {
                this.requestHeaders.addAll(Arrays.asList(strArr));
                return this;
            }

            public Config build() {
                return new Config(this);
            }
        }

        public Config(Builder builder) {
            this.enabled = builder.enabled;
            this.origins = builder.origins.map((v1) -> {
                return new HashSet(v1);
            });
            this.pattern = builder.pattern;
            this.anyOrigin = builder.anyOrigin;
            this.credentialsAllowed = builder.allowCredentials;
            this.allowedRequestMethods = Collections.unmodifiableSet(builder.requestMethods);
            this.allowedRequestHeaders = Collections.unmodifiableSet(builder.requestHeaders);
            this.maxAge = builder.maxAge;
        }

        public boolean isCorsSupportEnabled() {
            return this.enabled;
        }

        public boolean isAnyOriginSupported() {
            return this.anyOrigin;
        }

        public boolean isOriginAllowed(String str) {
            if (this.origins.isPresent()) {
                return this.origins.get().contains(str);
            }
            if (this.pattern.isPresent()) {
                return this.pattern.get().matcher(str).matches();
            }
            return false;
        }

        public boolean isCredentialsAllowed() {
            return this.credentialsAllowed;
        }

        public Set<RestRequest.Method> allowedRequestMethods() {
            return this.allowedRequestMethods;
        }

        public Set<String> allowedRequestHeaders() {
            return this.allowedRequestHeaders;
        }

        public long maxAge() {
            return this.maxAge;
        }

        public Optional<Set<String>> origins() {
            return this.origins;
        }

        public String toString() {
            return "Config{enabled=" + this.enabled + ", origins=" + this.origins + ", pattern=" + this.pattern + ", anyOrigin=" + this.anyOrigin + ", credentialsAllowed=" + this.credentialsAllowed + ", allowedRequestMethods=" + this.allowedRequestMethods + ", allowedRequestHeaders=" + this.allowedRequestHeaders + ", maxAge=" + this.maxAge + '}';
        }
    }

    public CorsHandler(Config config) {
        this.config = config;
    }

    public HttpResponse handleInbound(HttpRequest httpRequest) {
        if (!this.config.isCorsSupportEnabled()) {
            return null;
        }
        if (isPreflightRequest(httpRequest)) {
            return handlePreflight(httpRequest);
        }
        if (validateOrigin(httpRequest)) {
            return null;
        }
        return forbidden(httpRequest);
    }

    public void setCorsResponseHeaders(HttpRequest httpRequest, HttpResponse httpResponse) {
        if (this.config.isCorsSupportEnabled() && setOrigin(httpRequest, httpResponse)) {
            setAllowCredentials(httpResponse);
        }
    }

    private HttpResponse handlePreflight(HttpRequest httpRequest) {
        HttpResponse createResponse = httpRequest.createResponse(RestStatus.OK, BytesArray.EMPTY);
        if (!setOrigin(httpRequest, createResponse)) {
            return forbidden(httpRequest);
        }
        setAllowMethods(createResponse);
        setAllowHeaders(createResponse);
        setAllowCredentials(createResponse);
        setMaxAge(createResponse);
        setPreflightHeaders(createResponse);
        return createResponse;
    }

    private static HttpResponse forbidden(HttpRequest httpRequest) {
        HttpResponse createResponse = httpRequest.createResponse(RestStatus.FORBIDDEN, BytesArray.EMPTY);
        createResponse.addHeader("content-length", "0");
        return createResponse;
    }

    private static boolean isSameOrigin(String str, String str2) {
        return !Strings.isNullOrEmpty(str2) && str2.equals(SCHEME_PATTERN.matcher(str).replaceFirst(""));
    }

    private void setPreflightHeaders(HttpResponse httpResponse) {
        httpResponse.addHeader("date", dateTimeFormatter.format(ZonedDateTime.now(ZoneOffset.UTC)));
        httpResponse.addHeader("content-length", "0");
    }

    private boolean setOrigin(HttpRequest httpRequest, HttpResponse httpResponse) {
        String origin = getOrigin(httpRequest);
        if (Strings.isNullOrEmpty(origin)) {
            return false;
        }
        if (this.config.isAnyOriginSupported()) {
            if (!this.config.isCredentialsAllowed()) {
                setAllowOrigin(httpResponse, "*");
                return true;
            }
            setAllowOrigin(httpResponse, origin);
            setVaryHeader(httpResponse);
            return true;
        }
        if (!this.config.isOriginAllowed(origin) && !isSameOrigin(origin, getHost(httpRequest))) {
            return false;
        }
        setAllowOrigin(httpResponse, origin);
        setVaryHeader(httpResponse);
        return true;
    }

    private boolean validateOrigin(HttpRequest httpRequest) {
        if (this.config.isAnyOriginSupported()) {
            return true;
        }
        String origin = getOrigin(httpRequest);
        if (Strings.isNullOrEmpty(origin) || isSameOrigin(origin, getHost(httpRequest))) {
            return true;
        }
        return this.config.isOriginAllowed(origin);
    }

    private static String getOrigin(HttpRequest httpRequest) {
        List<String> list = httpRequest.getHeaders().get(ORIGIN);
        if (list == null || list.isEmpty()) {
            return null;
        }
        return list.get(0);
    }

    private static String getHost(HttpRequest httpRequest) {
        List<String> list = httpRequest.getHeaders().get(HOST);
        if (list == null || list.isEmpty()) {
            return null;
        }
        return list.get(0);
    }

    private static boolean isPreflightRequest(HttpRequest httpRequest) {
        Map<String, List<String>> headers = httpRequest.getHeaders();
        return httpRequest.method().equals(RestRequest.Method.OPTIONS) && headers.containsKey(ORIGIN) && headers.containsKey(ACCESS_CONTROL_REQUEST_METHOD);
    }

    private static void setVaryHeader(HttpResponse httpResponse) {
        httpResponse.addHeader(VARY, ORIGIN);
    }

    private static void setAllowOrigin(HttpResponse httpResponse, String str) {
        httpResponse.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, str);
    }

    private void setAllowMethods(HttpResponse httpResponse) {
        Iterator<RestRequest.Method> it = this.config.allowedRequestMethods().iterator();
        while (it.hasNext()) {
            httpResponse.addHeader(ACCESS_CONTROL_ALLOW_METHODS, it.next().name().trim());
        }
    }

    private void setAllowHeaders(HttpResponse httpResponse) {
        Iterator it = this.config.allowedRequestHeaders.iterator();
        while (it.hasNext()) {
            httpResponse.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, (String) it.next());
        }
    }

    private void setAllowCredentials(HttpResponse httpResponse) {
        if (this.config.isCredentialsAllowed()) {
            httpResponse.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        }
    }

    private void setMaxAge(HttpResponse httpResponse) {
        httpResponse.addHeader(ACCESS_CONTROL_MAX_AGE, Long.toString(this.config.maxAge));
    }

    public static CorsHandler disabled() {
        Config.Builder builder = new Config.Builder();
        builder.enabled = false;
        return new CorsHandler(new Config(builder));
    }

    public static Config buildConfig(Settings settings) {
        Config.Builder forOrigins;
        if (!HttpTransportSettings.SETTING_CORS_ENABLED.get(settings).booleanValue()) {
            Config.Builder builder = new Config.Builder();
            builder.enabled = false;
            return new Config(builder);
        }
        String str = HttpTransportSettings.SETTING_CORS_ALLOW_ORIGIN.get(settings);
        if (Strings.isNullOrEmpty(str)) {
            forOrigins = Config.Builder.forOrigins(new String[0]);
        } else if (str.equals("*")) {
            forOrigins = Config.Builder.forAnyOrigin();
        } else {
            try {
                Pattern checkCorsSettingForRegex = RestUtils.checkCorsSettingForRegex(str);
                forOrigins = checkCorsSettingForRegex == null ? Config.Builder.forOrigins(RestUtils.corsSettingAsArray(str)) : Config.Builder.forPattern(checkCorsSettingForRegex);
            } catch (PatternSyntaxException e) {
                throw new SettingsException("Bad regex in [" + HttpTransportSettings.SETTING_CORS_ALLOW_ORIGIN.getKey() + "]: [" + str + "]", e);
            }
        }
        if (HttpTransportSettings.SETTING_CORS_ALLOW_CREDENTIALS.get(settings).booleanValue()) {
            forOrigins.allowCredentials();
        }
        return forOrigins.allowedRequestMethods((RestRequest.Method[]) Arrays.stream(Strings.tokenizeToStringArray(HttpTransportSettings.SETTING_CORS_ALLOW_METHODS.get(settings), ",")).map(str2 -> {
            return str2.toUpperCase(Locale.ENGLISH);
        }).map(RestRequest.Method::valueOf).toArray(i -> {
            return new RestRequest.Method[i];
        })).maxAge(HttpTransportSettings.SETTING_CORS_MAX_AGE.get(settings).intValue()).allowedRequestHeaders(Strings.tokenizeToStringArray(HttpTransportSettings.SETTING_CORS_ALLOW_HEADERS.get(settings), ",")).build();
    }

    public static CorsHandler fromSettings(Settings settings) {
        return new CorsHandler(buildConfig(settings));
    }
}
