package org.apache.brooklyn.rest.filter;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.reflect.TypeToken;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nullable;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.ext.Provider;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.config.ConfigKey;
import org.apache.brooklyn.core.BrooklynFeatureEnablement;
import org.apache.brooklyn.core.config.ConfigKeys;
import org.apache.brooklyn.core.config.ConfigPredicates;
import org.apache.brooklyn.core.config.ConfigUtils;
import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.util.text.Strings;
import org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
/* loaded from: input_file:org/apache/brooklyn/rest/filter/CorsImplSupplierFilter.class */
public class CorsImplSupplierFilter extends CrossOriginResourceSharingFilter {
    public static final ConfigKey<List<String>> ALLOW_ORIGINS = ConfigKeys.newConfigKey(new TypeToken<List<String>>() { // from class: org.apache.brooklyn.rest.filter.CorsImplSupplierFilter.1
    }, "allowOrigins", "List of allowed origins. Access-Control-Allow-Origin header will be returned to client if Origin header in request is matching exactly a value among the list allowed origins. If AllowedOrigins is empty or not specified then all origins are allowed. No wildcard allowed origins are supported.", Collections.emptyList());
    public static final ConfigKey<List<String>> ALLOW_HEADERS = ConfigKeys.newConfigKey(new TypeToken<List<String>>() { // from class: org.apache.brooklyn.rest.filter.CorsImplSupplierFilter.2
    }, "allowHeaders", "List of allowed headers for preflight checks.", Collections.emptyList());
    public static final ConfigKey<Boolean> ALLOW_CREDENTIALS = ConfigKeys.newBooleanConfigKey("allowCredentials", "The value for the Access-Control-Allow-Credentials header. If false, no header is added. If true, the\n     * header is added with the value 'true'. False by default.", false);
    public static final ConfigKey<List<String>> EXPOSE_HEADERS = ConfigKeys.newConfigKey(new TypeToken<List<String>>() { // from class: org.apache.brooklyn.rest.filter.CorsImplSupplierFilter.3
    }, "exposeHeaders", "A list of non-simple headers to be exposed via Access-Control-Expose-Headers.", Collections.emptyList());
    public static final ConfigKey<Integer> MAX_AGE = ConfigKeys.newIntegerConfigKey("maxAge", "The value for Access-Control-Max-Age.", (Integer) null);
    public static final ConfigKey<Integer> PREFLIGHT_FAIL_STATUS = ConfigKeys.newIntegerConfigKey("preflightFailStatus", "Preflight error response status, default is 200.", 200);
    public static final ConfigKey<Boolean> BLOCK_CORS_IF_UNAUTHORIZED = ConfigKeys.newBooleanConfigKey("blockCorsIfUnauthorized", "Do not apply CORS if response is going to be with UNAUTHORIZED status.", false);
    private static final Logger LOGGER = LoggerFactory.getLogger(CorsImplSupplierFilter.class);
    private boolean enableCors = false;

    public CorsImplSupplierFilter() {
    }

    @VisibleForTesting
    public CorsImplSupplierFilter(@Nullable ManagementContext managementContext) {
        Preconditions.checkNotNull(managementContext, "ManagementContext should be suppplied to CORS filter.");
        setEnableCors(BrooklynFeatureEnablement.isEnabled("brooklyn.experimental.feature.corsCxfFeature"));
        BrooklynProperties filterForPrefixAndStrip = ConfigUtils.filterForPrefixAndStrip(managementContext.getConfig().submap(ConfigPredicates.nameStartsWith("brooklyn.experimental.feature.corsCxfFeature.")).asMapWithStringKeys(), "brooklyn.experimental.feature.corsCxfFeature.");
        setAllowOrigins((List) filterForPrefixAndStrip.getConfig(ALLOW_ORIGINS));
        setAllowHeaders((List) filterForPrefixAndStrip.getConfig(ALLOW_HEADERS));
        setAllowCredentials(((Boolean) filterForPrefixAndStrip.getConfig(ALLOW_CREDENTIALS)).booleanValue());
        setExposeHeaders((List) filterForPrefixAndStrip.getConfig(EXPOSE_HEADERS));
        setMaxAge((Integer) filterForPrefixAndStrip.getConfig(MAX_AGE));
        setPreflightErrorStatus((Integer) filterForPrefixAndStrip.getConfig(PREFLIGHT_FAIL_STATUS));
        setBlockCorsIfUnauthorized(((Boolean) filterForPrefixAndStrip.getConfig(BLOCK_CORS_IF_UNAUTHORIZED)).booleanValue());
    }

    public void setEnableCors(boolean z) {
        this.enableCors = Boolean.TRUE.equals(Boolean.valueOf(z));
        setFindResourceMethod(false);
        if (this.enableCors) {
            LOGGER.info("CORS brooklyn feature enabled.");
        } else {
            LOGGER.trace("CORS brooklyn feature disabled.");
        }
    }

    public void setMaxAge(Integer num) {
        Integer num2 = -1;
        if (num2.equals(num)) {
            super.setMaxAge((Integer) null);
        } else {
            super.setMaxAge(num);
        }
    }

    public boolean isEnableCors() {
        return this.enableCors;
    }

    public void setAllowOrigins(String str) {
        setAllowOrigins(Strings.parseCsv(str));
    }

    public void setAllowHeaders(String str) {
        setAllowHeaders(Strings.parseCsv(str));
    }

    public void setExposeHeaders(String str) {
        setExposeHeaders(Strings.parseCsv(str));
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        if (this.enableCors) {
            super.filter(containerRequestContext);
        }
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        if (this.enableCors) {
            super.filter(containerRequestContext, containerResponseContext);
        }
    }
}
