package com.hexagonkt.http.server.callbacks;

import com.hexagonkt.core.text.Glob;
import com.hexagonkt.http.handlers.HttpContext;
import com.hexagonkt.http.model.ContentType;
import com.hexagonkt.http.model.Header;
import com.hexagonkt.http.model.Headers;
import com.hexagonkt.http.model.HttpMethod;
import com.hexagonkt.http.model.HttpStatus;
import com.hexagonkt.http.model.HttpStatusType;
import com.hexagonkt.http.model.HttpStatusesKt;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Regex;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;

/* compiled from: CorsCallback.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��:\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\t\n��\n\u0002\u0018\u0002\n\u0002\b\n\u0018�� \u001a2\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00020\u0001:\u0001\u001aB_\b\u0016\u0012\b\b\u0002\u0010\u0003\u001a\u00020\u0004\u0012\u000e\b\u0002\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006\u0012\u000e\b\u0002\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00040\u0006\u0012\u000e\b\u0002\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u00040\u0006\u0012\b\b\u0002\u0010\n\u001a\u00020\u000b\u0012\b\b\u0002\u0010\f\u001a\u00020\r\u0012\b\b\u0002\u0010\u000e\u001a\u00020\u000f¢\u0006\u0002\u0010\u0010B[\u0012\u0006\u0010\u0003\u001a\u00020\u0011\u0012\u000e\b\u0002\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006\u0012\u000e\b\u0002\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00040\u0006\u0012\u000e\b\u0002\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u00040\u0006\u0012\b\b\u0002\u0010\n\u001a\u00020\u000b\u0012\b\b\u0002\u0010\f\u001a\u00020\r\u0012\b\b\u0002\u0010\u000e\u001a\u00020\u000f¢\u0006\u0002\u0010\u0012J\u0010\u0010\u0013\u001a\u00020\u00042\u0006\u0010\u0014\u001a\u00020\u0004H\u0002J\u0010\u0010\u0015\u001a\u00020\u000b2\u0006\u0010\u0014\u001a\u00020\u0004H\u0002J\u0011\u0010\u0016\u001a\u00020\u00022\u0006\u0010\u0017\u001a\u00020\u0002H\u0096\u0002J\f\u0010\u0018\u001a\u00020\u0002*\u00020\u0002H\u0002J\f\u0010\u0019\u001a\u00020\u0002*\u00020\u0002H\u0002R\u0014\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00040\u0006X\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0003\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u00040\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001b"}, d2 = {"Lcom/hexagonkt/http/server/callbacks/CorsCallback;", "Lkotlin/Function1;", "Lcom/hexagonkt/http/handlers/HttpContext;", "allowedOrigin", "", "allowedMethods", "", "Lcom/hexagonkt/http/model/HttpMethod;", "allowedHeaders", "exposedHeaders", "supportCredentials", "", "preFlightStatus", "Lcom/hexagonkt/http/model/HttpStatus;", "preFlightMaxAge", "", "(Ljava/lang/String;Ljava/util/Set;Ljava/util/Set;Ljava/util/Set;ZLcom/hexagonkt/http/model/HttpStatus;J)V", "Lkotlin/text/Regex;", "(Lkotlin/text/Regex;Ljava/util/Set;Ljava/util/Set;Ljava/util/Set;ZLcom/hexagonkt/http/model/HttpStatus;J)V", "accessControlAllowOrigin", "origin", "allowOrigin", "invoke", "context", "preFlightRequest", "simpleRequest", "Companion", "http_server"})
@SourceDebugExtension({"SMAP\nCorsCallback.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CorsCallback.kt\ncom/hexagonkt/http/server/callbacks/CorsCallback\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,152:1\n766#2:153\n857#2,2:154\n1549#2:156\n1620#2,3:157\n1726#2,3:160\n1#3:163\n*S KotlinDebug\n*F\n+ 1 CorsCallback.kt\ncom/hexagonkt/http/server/callbacks/CorsCallback\n*L\n98#1:153\n98#1:154,2\n123#1:156\n123#1:157,3\n124#1:160,3\n*E\n"})
/* loaded from: input_file:com/hexagonkt/http/server/callbacks/CorsCallback.class */
public final class CorsCallback implements Function1<HttpContext, HttpContext> {

    @NotNull
    private static final Companion Companion = new Companion(null);

    @NotNull
    private final Regex allowedOrigin;

    @NotNull
    private final Set<HttpMethod> allowedMethods;

    @NotNull
    private final Set<String> allowedHeaders;

    @NotNull
    private final Set<String> exposedHeaders;
    private final boolean supportCredentials;

    @NotNull
    private final HttpStatus preFlightStatus;
    private final long preFlightMaxAge;

    @Deprecated
    @NotNull
    public static final String ALLOW_ORIGIN = "access-control-allow-origin";

    @Deprecated
    @NotNull
    public static final String ALLOW_CREDENTIALS = "access-control-allow-credentials";

    @Deprecated
    @NotNull
    public static final String REQUEST_METHOD = "access-control-request-method";

    @Deprecated
    @NotNull
    public static final String EXPOSE_HEADERS = "access-control-expose-headers";

    @Deprecated
    @NotNull
    public static final String REQUEST_HEADERS = "access-control-request-headers";

    @Deprecated
    @NotNull
    public static final String ALLOW_HEADERS = "access-control-allow-headers";

    @Deprecated
    @NotNull
    public static final String MAX_AGE = "access-control-max-age";

    /* compiled from: CorsCallback.kt */
    @Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0007\b\u0082\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��¨\u0006\u000b"}, d2 = {"Lcom/hexagonkt/http/server/callbacks/CorsCallback$Companion;", "", "()V", "ALLOW_CREDENTIALS", "", "ALLOW_HEADERS", "ALLOW_ORIGIN", "EXPOSE_HEADERS", "MAX_AGE", "REQUEST_HEADERS", "REQUEST_METHOD", "http_server"})
    /* loaded from: input_file:com/hexagonkt/http/server/callbacks/CorsCallback$Companion.class */
    private static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public CorsCallback(@NotNull Regex regex, @NotNull Set<? extends HttpMethod> set, @NotNull Set<String> set2, @NotNull Set<String> set3, boolean z, @NotNull HttpStatus httpStatus, long j) {
        Intrinsics.checkNotNullParameter(regex, "allowedOrigin");
        Intrinsics.checkNotNullParameter(set, "allowedMethods");
        Intrinsics.checkNotNullParameter(set2, "allowedHeaders");
        Intrinsics.checkNotNullParameter(set3, "exposedHeaders");
        Intrinsics.checkNotNullParameter(httpStatus, "preFlightStatus");
        this.allowedOrigin = regex;
        this.allowedMethods = set;
        this.allowedHeaders = set2;
        this.exposedHeaders = set3;
        this.supportCredentials = z;
        this.preFlightStatus = httpStatus;
        this.preFlightMaxAge = j;
        HttpStatusType type = this.preFlightStatus.getType();
        if (!(type == HttpStatusType.SUCCESS)) {
            throw new IllegalArgumentException(("Preflight Status must be a success status: " + type).toString());
        }
    }

    public /* synthetic */ CorsCallback(Regex regex, Set set, Set set2, Set set3, boolean z, HttpStatus httpStatus, long j, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(regex, (Set<? extends HttpMethod>) ((i & 2) != 0 ? HttpMethod.Companion.getALL() : set), (Set<String>) ((i & 4) != 0 ? SetsKt.emptySet() : set2), (Set<String>) ((i & 8) != 0 ? SetsKt.emptySet() : set3), (i & 16) != 0 ? true : z, (i & 32) != 0 ? HttpStatusesKt.getNO_CONTENT_204() : httpStatus, (i & 64) != 0 ? 0L : j);
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    public CorsCallback(@NotNull String str, @NotNull Set<? extends HttpMethod> set, @NotNull Set<String> set2, @NotNull Set<String> set3, boolean z, @NotNull HttpStatus httpStatus, long j) {
        this(new Glob(str).getRegex(), set, set2, set3, z, httpStatus, j);
        Intrinsics.checkNotNullParameter(str, "allowedOrigin");
        Intrinsics.checkNotNullParameter(set, "allowedMethods");
        Intrinsics.checkNotNullParameter(set2, "allowedHeaders");
        Intrinsics.checkNotNullParameter(set3, "exposedHeaders");
        Intrinsics.checkNotNullParameter(httpStatus, "preFlightStatus");
    }

    public /* synthetic */ CorsCallback(String str, Set set, Set set2, Set set3, boolean z, HttpStatus httpStatus, long j, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? "*" : str, (Set<? extends HttpMethod>) ((i & 2) != 0 ? HttpMethod.Companion.getALL() : set), (Set<String>) ((i & 4) != 0 ? SetsKt.emptySet() : set2), (Set<String>) ((i & 8) != 0 ? SetsKt.emptySet() : set3), (i & 16) != 0 ? true : z, (i & 32) != 0 ? HttpStatusesKt.getNO_CONTENT_204() : httpStatus, (i & 64) != 0 ? 0L : j);
    }

    @NotNull
    public HttpContext invoke(@NotNull HttpContext httpContext) {
        Intrinsics.checkNotNullParameter(httpContext, "context");
        HttpContext simpleRequest = simpleRequest(httpContext);
        HttpContext preFlightRequest = httpContext.getRequest().getMethod() == HttpMethod.OPTIONS ? preFlightRequest(simpleRequest) : simpleRequest;
        return !Intrinsics.areEqual(preFlightRequest.getResponse().getStatus(), HttpStatusesKt.getFORBIDDEN_403()) ? preFlightRequest.next() : preFlightRequest;
    }

    private final boolean allowOrigin(String str) {
        return this.allowedOrigin.matches(str);
    }

    private final String accessControlAllowOrigin(String str) {
        return (!Intrinsics.areEqual(this.allowedOrigin.getPattern(), ".*") || this.supportCredentials) ? str : "*";
    }

    private final HttpContext simpleRequest(HttpContext httpContext) {
        String origin = httpContext.getRequest().origin();
        if (origin == null) {
            return httpContext;
        }
        if (!allowOrigin(origin)) {
            return HttpContext.forbidden$default(httpContext, "Not allowed origin: " + origin, (Headers) null, (ContentType) null, (List) null, (Map) null, 30, (Object) null);
        }
        String accessControlAllowOrigin = accessControlAllowOrigin(origin);
        Headers plus = httpContext.getResponse().getHeaders().plus(new Header(ALLOW_ORIGIN, new Object[]{accessControlAllowOrigin}));
        if (!Intrinsics.areEqual(accessControlAllowOrigin, "*")) {
            plus = plus.plus(new Header("vary", new Object[]{"Origin"}));
        }
        if (this.supportCredentials) {
            plus = plus.plus(new Header(ALLOW_CREDENTIALS, new Object[]{true}));
        }
        Header header = (Header) httpContext.getRequest().getHeaders().get(REQUEST_METHOD);
        if (httpContext.getRequest().getMethod() == HttpMethod.OPTIONS && header != null) {
            return HttpContext.badRequest$default(httpContext, (Object) null, (Headers) null, (ContentType) null, (List) null, (Map) null, 31, (Object) null);
        }
        if (!this.allowedMethods.contains(httpContext.getRequest().getMethod())) {
            return HttpContext.forbidden$default(httpContext, "Not allowed method: " + httpContext.getRequest().getMethod(), (Headers) null, (ContentType) null, (List) null, (Map) null, 30, (Object) null);
        }
        if (!this.exposedHeaders.isEmpty()) {
            Set set = CollectionsKt.toSet(httpContext.getRequest().getHeaders().getHttpFields().keySet());
            ArrayList arrayList = new ArrayList();
            for (Object obj : set) {
                if (this.exposedHeaders.contains((String) obj)) {
                    arrayList.add(obj);
                }
            }
            plus = plus.plus(new Header(EXPOSE_HEADERS, new Object[]{CollectionsKt.joinToString$default(arrayList, ",", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null)}));
        }
        return HttpContext.send$default(httpContext, this.preFlightStatus, (Object) null, plus, (ContentType) null, (List) null, (Map) null, 58, (Object) null);
    }

    private final HttpContext preFlightRequest(HttpContext httpContext) {
        boolean z;
        Header header = (Header) httpContext.getRequest().getHeaders().get(REQUEST_METHOD);
        Object value = header != null ? header.getValue() : null;
        String str = value instanceof String ? (String) value : null;
        if (str == null) {
            return HttpContext.forbidden$default(httpContext, "access-control-request-method required header not found", (Headers) null, (ContentType) null, (List) null, (Map) null, 30, (Object) null);
        }
        HttpMethod valueOf = HttpMethod.valueOf(str);
        if (!this.allowedMethods.contains(valueOf)) {
            return HttpContext.forbidden$default(httpContext, "Not allowed method: " + valueOf, (Headers) null, (ContentType) null, (List) null, (Map) null, 30, (Object) null);
        }
        Header header2 = (Header) httpContext.getRequest().getHeaders().get(REQUEST_HEADERS);
        Object value2 = header2 != null ? header2.getValue() : null;
        String str2 = value2 instanceof String ? (String) value2 : null;
        Headers headers = httpContext.getResponse().getHeaders();
        if (str2 != null) {
            List split$default = StringsKt.split$default(str2, new String[]{","}, false, 0, 6, (Object) null);
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(split$default, 10));
            Iterator it = split$default.iterator();
            while (it.hasNext()) {
                arrayList.add(StringsKt.trim((String) it.next()).toString());
            }
            ArrayList arrayList2 = arrayList;
            if (!(arrayList2 instanceof Collection) || !arrayList2.isEmpty()) {
                Iterator it2 = arrayList2.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        z = true;
                        break;
                    }
                    if (!this.allowedHeaders.contains((String) it2.next())) {
                        z = false;
                        break;
                    }
                }
            } else {
                z = true;
            }
            if (!z) {
                if (!this.allowedHeaders.isEmpty()) {
                    return HttpContext.forbidden$default(httpContext, "Not allowed headers", (Headers) null, (ContentType) null, (List) null, (Map) null, 30, (Object) null);
                }
            }
            Set<String> set = this.allowedHeaders;
            headers = headers.plus(new Header(ALLOW_HEADERS, new Object[]{CollectionsKt.joinToString$default(set.isEmpty() ? CollectionsKt.toSet(httpContext.getRequest().getHeaders().getHttpFields().keySet()) : set, ",", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null)}));
        }
        Headers plus = headers.plus(new Header(REQUEST_METHOD, new Object[]{CollectionsKt.joinToString$default(this.allowedMethods, ",", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null)}));
        if (this.preFlightMaxAge > 0) {
            plus = plus.plus(new Header(MAX_AGE, new Object[]{String.valueOf(this.preFlightMaxAge)}));
        }
        String origin = httpContext.getRequest().origin();
        if (origin == null) {
            origin = "";
        }
        String str3 = origin;
        if (allowOrigin(str3) && StringsKt.isBlank(str3)) {
            return HttpContext.send$default(httpContext, this.preFlightStatus, (Object) null, plus, (ContentType) null, (List) null, (Map) null, 58, (Object) null);
        }
        if (allowOrigin(str3)) {
            return HttpContext.send$default(httpContext, this.preFlightStatus, (Object) null, plus.plus(new Header(ALLOW_ORIGIN, new Object[]{accessControlAllowOrigin(str3)})), (ContentType) null, (List) null, (Map) null, 58, (Object) null);
        }
        if (!allowOrigin(str3)) {
            if (!StringsKt.isBlank(str3)) {
                return HttpContext.forbidden$default(httpContext, "Not allowed origin: " + str3, (Headers) null, (ContentType) null, (List) null, (Map) null, 30, (Object) null);
            }
        }
        return HttpContext.forbidden$default(httpContext, "Forbidden pre-flight request", (Headers) null, (ContentType) null, (List) null, (Map) null, 30, (Object) null);
    }
}
