package org.pentaho.platform.web;

import com.google.common.annotations.VisibleForTesting;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.pentaho.platform.api.engine.ISystemConfig;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.util.StringUtil;

/* loaded from: input_file:org/pentaho/platform/web/WebUtil.class */
public class WebUtil {
    static final String ORIGIN_HEADER = "origin";
    static final String CORS_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    static final String CORS_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials";

    private WebUtil() {
    }

    public static void setCorsResponseHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setCorsResponseHeaders(httpServletRequest, httpServletResponse, null);
    }

    public static void setCorsResponseHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, List<String>> map) {
        if (isCorsRequestsAllowed()) {
            String header = httpServletRequest.getHeader(ORIGIN_HEADER);
            if (isCorsRequestOriginAllowed(header)) {
                httpServletResponse.setHeader(CORS_ALLOW_ORIGIN_HEADER, header);
                httpServletResponse.setHeader(CORS_ALLOW_CREDENTIALS_HEADER, "true");
                if (map != null) {
                    map.forEach((str, list) -> {
                        httpServletResponse.setHeader(str, String.join(",", list));
                    });
                }
            }
        }
    }

    public static boolean isCorsRequestsAllowed() {
        return "true".equals(getCorsRequestsAllowedSystemProperty());
    }

    @VisibleForTesting
    static List<String> getCorsRequestsAllowedOrigins() {
        String corsAllowedOriginsSystemProperty = getCorsAllowedOriginsSystemProperty();
        if (!StringUtil.isEmpty(corsAllowedOriginsSystemProperty)) {
            return Arrays.asList(corsAllowedOriginsSystemProperty.split("\\s*,\\s*"));
        }
        return null;
    }

    @VisibleForTesting
    static boolean isCorsRequestOriginAllowed(String str) {
        List<String> corsRequestsAllowedOrigins = getCorsRequestsAllowedOrigins();
        return corsRequestsAllowedOrigins != null && corsRequestsAllowedOrigins.contains(str);
    }

    static String getCorsRequestsAllowedSystemProperty() {
        ISystemConfig iSystemConfig = (ISystemConfig) PentahoSystem.get(ISystemConfig.class);
        return iSystemConfig == null ? "false" : iSystemConfig.getProperty("system.cors-requests-allowed", "false");
    }

    static String getCorsAllowedOriginsSystemProperty() {
        ISystemConfig iSystemConfig = (ISystemConfig) PentahoSystem.get(ISystemConfig.class);
        if (iSystemConfig == null) {
            return null;
        }
        return iSystemConfig.getProperty("system.cors-requests-allowed-domains");
    }
}
