package no.nav.apiapp.rest;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import no.nav.sbl.util.EnvironmentUtils;
import no.nav.sbl.util.StringUtils;

/* loaded from: input_file:no/nav/apiapp/rest/NavCorsFilter.class */
public class NavCorsFilter implements Filter {
    public static final String ORIGIN = "Origin";
    static final List<String> DEFAULT_ALLOWED_METHODS = Arrays.asList("GET", "HEAD", "POST", "PATCH", "PUT", "DELETE", "OPTIONS");
    static final List<String> DEFAULT_ALLOWED_HEADERS = Arrays.asList("Accept", "Accept-language", "Content-Language", "Content-Type");
    public static final String CORS_ALLOWED_ORIGINS = "cors.allowed.origins";
    private static final CorsHeader CORS_ORIGIN = new OriginCorsHeader("Access-Control-Allow-Origin", CORS_ALLOWED_ORIGINS, Collections.emptyList(), NavCorsFilter::validerAllowOrigin);
    public static final String CORS_ALLOWED_METHODS = "cors.allowed.methods";
    private static final CorsHeader CORS_METHODS = new CorsHeader("Access-Control-Allow-Methods", CORS_ALLOWED_METHODS, DEFAULT_ALLOWED_METHODS, (Function<String, String>) NavCorsFilter::validerAllowMethod);
    public static final String CORS_ALLOWED_CREDENTIALS = "cors.allow.credentials";
    private static final CorsHeader CORS_CREDENTIALS = new CorsHeader("Access-Control-Allow-Credentials", CORS_ALLOWED_CREDENTIALS, "true", (Function<String, String>) NavCorsFilter::validerAllowCredentials);
    public static final String CORS_MAX_AGE = "cors.maxage";
    private static final CorsHeader CORS_MAXAGE = new CorsHeader("Access-Control-Max-Age", CORS_MAX_AGE, "3600", (Function<String, String>) NavCorsFilter::validerMaxAge);
    public static final String CORS_ALLOWED_HEADERS = "cors.allowed.headers";
    private static final CorsHeader CORS_HEADERS = new CorsHeader("Access-Control-Allow-Headers", CORS_ALLOWED_HEADERS, DEFAULT_ALLOWED_HEADERS, (Function<String, String>) NavCorsFilter::validerAllowHeader);
    private static final List<CorsHeader> CORS_HEADER_LIST = Arrays.asList(CORS_ORIGIN, CORS_METHODS, CORS_CREDENTIALS, CORS_MAXAGE, CORS_HEADERS);

    /* loaded from: input_file:no/nav/apiapp/rest/NavCorsFilter$CorsHeader.class */
    public static class CorsHeader {
        final String header;
        final String environmentPropery;
        final List<String> value;
        final String stringValue;
        final List<String> defaultValue;
        final Function<String, String> validator;

        public CorsHeader(String str, String str2, String str3, Function<String, String> function) {
            this(str, str2, (List<String>) Arrays.asList(str3), function);
        }

        public CorsHeader(String str, String str2, List<String> list, Function<String, String> function) {
            this.header = str;
            this.environmentPropery = str2;
            this.defaultValue = list;
            this.validator = function;
            Optional map = EnvironmentUtils.getOptionalProperty(str2, new String[0]).map(str3 -> {
                return str3.split(",");
            }).map((v0) -> {
                return Stream.of(v0);
            });
            list.getClass();
            this.value = (List) ((Stream) map.orElseGet(list::stream)).map((v0) -> {
                return v0.trim();
            }).map(function).collect(Collectors.toList());
            this.stringValue = String.join(", ", this.value);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void apply(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            httpServletResponse.setHeader(this.header, this.stringValue);
        }
    }

    /* loaded from: input_file:no/nav/apiapp/rest/NavCorsFilter$OriginCorsHeader.class */
    public static class OriginCorsHeader extends CorsHeader {
        public OriginCorsHeader(String str, String str2, List<String> list, Function<String, String> function) {
            super(str, str2, list, function);
        }

        @Override // no.nav.apiapp.rest.NavCorsFilter.CorsHeader
        void apply(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            httpServletResponse.setHeader(this.header, httpServletRequest.getHeader(NavCorsFilter.ORIGIN));
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (validOrigin(httpServletRequest.getHeader(ORIGIN), CORS_ORIGIN.value)) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            CORS_HEADER_LIST.forEach(corsHeader -> {
                corsHeader.apply(httpServletRequest, httpServletResponse);
            });
            httpServletResponse.setHeader("Vary", ORIGIN);
            if (httpServletRequest.getMethod().equals("OPTIONS")) {
                httpServletResponse.setStatus(202);
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    static boolean validOrigin(String str, List<String> list) {
        if (StringUtils.notNullOrEmpty(str)) {
            Stream<String> filter = list.stream().filter(StringUtils::notNullOrEmpty);
            str.getClass();
            if (filter.anyMatch(str::endsWith)) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }

    static String validerAllowOrigin(String str) {
        if (str.charAt(0) != '.') {
            throw new IllegalArgumentException("tillatt skal være subdomene, f.eks. '.nav.no' ikke 'nav.no'");
        }
        return str;
    }

    private static String validerAllowMethod(String str) {
        if (DEFAULT_ALLOWED_METHODS.contains(str)) {
            return str;
        }
        throw new IllegalArgumentException("tillatt method skal være del av listen, " + String.join(", ", DEFAULT_ALLOWED_METHODS));
    }

    private static String validerAllowCredentials(String str) {
        if ("true".equals(str) || "false".equals(str)) {
            return str;
        }
        throw new IllegalArgumentException("credentials skal være 'true' eller 'false'");
    }

    private static String validerMaxAge(String str) {
        try {
            Integer.parseInt(str, 10);
            return str;
        } catch (Exception e) {
            throw new IllegalArgumentException("maxAge skal være ett tall", e);
        }
    }

    private static String validerAllowHeader(String str) {
        return str;
    }
}
