package org.pentaho.platform.web;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.dom4j.Element;
import org.dom4j.Node;
import org.pentaho.platform.api.engine.CsrfProtectionDefinition;
import org.pentaho.platform.api.engine.RequestMatcherDefinition;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.plugin.services.messages.Messages;
import org.pentaho.platform.util.StringUtil;
import org.pentaho.platform.web.servlet.JAXRSServlet;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/pentaho/platform/web/WebUtil.class */
public class WebUtil {
    static final String ORIGIN_HEADER = "origin";
    static final String CORS_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    static final String CORS_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials";
    public static final String CORS_EXPOSE_HEADERS_HEADER = "Access-Control-Expose-Headers";

    public static void setCorsResponseHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setCorsResponseHeaders(httpServletRequest, httpServletResponse, null);
    }

    public static void setCorsResponseHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, List<String>> map) {
        if (isCorsRequestsAllowed()) {
            String header = httpServletRequest.getHeader(ORIGIN_HEADER);
            if (isCorsRequestOriginAllowed(header)) {
                httpServletResponse.setHeader(CORS_ALLOW_ORIGIN_HEADER, header);
                httpServletResponse.setHeader(CORS_ALLOW_CREDENTIALS_HEADER, "true");
                if (map != null) {
                    map.forEach((str, list) -> {
                        httpServletResponse.setHeader(str, String.join(",", list));
                    });
                }
            }
        }
    }

    private static boolean isCorsRequestsAllowed() {
        return "true".equals(getCorsRequestsAllowedSystemProperty());
    }

    private static List<String> getCorsRequestsAllowedDomains() {
        String corsAllowedDomainsSystemProperty = getCorsAllowedDomainsSystemProperty();
        if (!StringUtil.isEmpty(corsAllowedDomainsSystemProperty)) {
            return Arrays.asList(corsAllowedDomainsSystemProperty.split("\\s*,\\s*"));
        }
        return null;
    }

    private static boolean isCorsRequestOriginAllowed(String str) {
        List<String> corsRequestsAllowedDomains = getCorsRequestsAllowedDomains();
        return corsRequestsAllowedDomains != null && corsRequestsAllowedDomains.contains(str);
    }

    static String getCorsRequestsAllowedSystemProperty() {
        return PentahoSystem.getSystemSetting("cors-requests-allowed", "false");
    }

    static String getCorsAllowedDomainsSystemProperty() {
        return PentahoSystem.getSystemSetting("cors-requests-allowed-domains", (String) null);
    }

    public static CsrfProtectionDefinition parseXmlCsrfProtectionDefinition(Element element) {
        ArrayList arrayList = new ArrayList();
        Iterator it = element.selectNodes("request-matcher").iterator();
        while (it.hasNext()) {
            arrayList.add(getCsrfRequestMatcher((Node) it.next()));
        }
        if (arrayList.size() == 0) {
            return null;
        }
        CsrfProtectionDefinition csrfProtectionDefinition = new CsrfProtectionDefinition();
        csrfProtectionDefinition.setProtectedRequestMatchers(arrayList);
        return csrfProtectionDefinition;
    }

    private static RequestMatcherDefinition getCsrfRequestMatcher(Element element) {
        String attributeValue = element.attributeValue("type", "regex");
        String attributeValue2 = element.attributeValue("pattern", "");
        String attributeValue3 = element.attributeValue("methods", "GET,POST");
        if (!"regex".equals(attributeValue)) {
            throw new IllegalArgumentException(Messages.getInstance().getString("CsrfProtection.REQUEST_MATCHER_INVALID_TYPE", new Object[]{attributeValue}));
        }
        if (StringUtils.isEmpty(attributeValue2)) {
            throw new IllegalArgumentException(Messages.getInstance().getString("CsrfProtection.REQUEST_MATCHER_NO_PATTERN"));
        }
        ArrayList arrayList = new ArrayList();
        for (String str : attributeValue3.split("\\s*,\\s*")) {
            try {
                RequestMethod.valueOf(str);
                arrayList.add(str);
            } catch (IllegalArgumentException e) {
                throw new IllegalArgumentException(Messages.getInstance().getString("CsrfProtection.REQUEST_MATCHER_INVALID_METHOD", new Object[]{str}));
            }
        }
        if (arrayList.size() == 0) {
            arrayList.add("POST");
            arrayList.add(JAXRSServlet.GET);
        }
        return new RequestMatcherDefinition(attributeValue, attributeValue2, arrayList);
    }

    public static RequestMatcher buildCsrfRequestMatcher(Collection<CsrfProtectionDefinition> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<CsrfProtectionDefinition> it = collection.iterator();
        while (it.hasNext()) {
            collectRequestMatchers(arrayList, it.next());
        }
        if (arrayList.size() > 0) {
            return new OrRequestMatcher(arrayList);
        }
        return null;
    }

    private static void collectRequestMatchers(Collection<RequestMatcher> collection, CsrfProtectionDefinition csrfProtectionDefinition) {
        Collection<RequestMatcherDefinition> protectedRequestMatchers = csrfProtectionDefinition.getProtectedRequestMatchers();
        if (protectedRequestMatchers != null) {
            for (RequestMatcherDefinition requestMatcherDefinition : protectedRequestMatchers) {
                if (requestMatcherDefinition.getMethods() == null) {
                    collection.add(new RegexRequestMatcher(requestMatcherDefinition.getPattern(), (String) null, false));
                } else {
                    Iterator it = requestMatcherDefinition.getMethods().iterator();
                    while (it.hasNext()) {
                        collection.add(new RegexRequestMatcher(requestMatcherDefinition.getPattern(), (String) it.next(), false));
                    }
                }
            }
        }
    }
}
