package org.neo4j.server.rest.web;

import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.neo4j.logging.Log;
import org.neo4j.logging.LogProvider;
import org.neo4j.server.web.HttpHeaderUtils;
import org.neo4j.server.web.HttpMethod;

/* loaded from: input_file:org/neo4j/server/rest/web/CorsFilter.class */
public class CorsFilter implements Filter {
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
    public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
    public static final String VARY = "Vary";
    private final Log log;
    private final String accessControlAllowOrigin;
    private final String vary;

    public CorsFilter(LogProvider logProvider, String str) {
        this.log = logProvider.getLog(getClass());
        this.accessControlAllowOrigin = str;
        if ("*".equals(str)) {
            this.vary = null;
        } else {
            this.vary = "Origin";
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN, this.accessControlAllowOrigin);
        if (this.vary != null) {
            httpServletResponse.setHeader(VARY, this.vary);
        }
        Enumeration headers = httpServletRequest.getHeaders(ACCESS_CONTROL_REQUEST_METHOD);
        if (headers != null) {
            while (headers.hasMoreElements()) {
                addAllowedMethodIfValid((String) headers.nextElement(), httpServletResponse);
            }
        }
        Enumeration headers2 = httpServletRequest.getHeaders(ACCESS_CONTROL_REQUEST_HEADERS);
        if (headers2 != null) {
            while (headers2.hasMoreElements()) {
                addAllowedHeaderIfValid((String) headers2.nextElement(), httpServletResponse);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void destroy() {
    }

    private void addAllowedMethodIfValid(String str, HttpServletResponse httpServletResponse) {
        if (HttpMethod.valueOfOrNull(str) != null) {
            httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_METHODS, str);
        } else {
            this.log.warn("Unknown HTTP method specified in Access-Control-Request-Method '" + str + "'. It will be ignored and not attached to the " + ACCESS_CONTROL_ALLOW_METHODS + " response header");
        }
    }

    private void addAllowedHeaderIfValid(String str, HttpServletResponse httpServletResponse) {
        if (HttpHeaderUtils.isValidHttpHeaderName(str)) {
            httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, str);
        } else {
            this.log.warn("Invalid HTTP header specified in Access-Control-Request-Headers '" + str + "'. It will be ignored and not attached to the " + ACCESS_CONTROL_ALLOW_HEADERS + " response header");
        }
    }
}
