package org.astrogrid.samp.web;

import cds.aladin.Constants;
import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.astrogrid.samp.httpd.HttpServer;

/* loaded from: input_file:org/astrogrid/samp/web/CorsHttpServer.class */
public class CorsHttpServer extends HttpServer {
    private final OriginAuthorizer authorizer_;
    private static final String ORIGIN_KEY = "Origin";
    private static final String ALLOW_ORIGIN_KEY = "Access-Control-Allow-Origin";
    private static final String REQUEST_METHOD_KEY = "Access-Control-Request-Method";
    private static final String ALLOW_METHOD_KEY = "Access-Control-Allow-Methods";
    private static final String ALLOW_HEADERS_KEY = "Access-Control-Allow-Headers";
    private static final Pattern ORIGIN_REGEX = Pattern.compile("https?://[a-zA-Z0-9_-]+(\\.[a-zA-Z0-9_-]+)*(:[0-9]+)?");
    private static final Logger logger_;
    public static final String EXTRAHOSTS_PROP = "jsamp.web.extrahosts";
    private static final Set extraAddrSet_;
    static Class class$org$astrogrid$samp$web$CorsHttpServer;

    public CorsHttpServer(ServerSocket serverSocket, OriginAuthorizer originAuthorizer) throws IOException {
        super(serverSocket);
        this.authorizer_ = originAuthorizer;
    }

    @Override // org.astrogrid.samp.httpd.HttpServer
    public HttpServer.Response serve(HttpServer.Request request) {
        if (!isPermittedHost(request.getRemoteAddress())) {
            return createNonLocalErrorResponse(request);
        }
        Map headerMap = request.getHeaderMap();
        String method = request.getMethod();
        String header = getHeader(headerMap, ORIGIN_KEY);
        if (header == null) {
            return super.serve(request);
        }
        String header2 = getHeader(headerMap, REQUEST_METHOD_KEY);
        return (!method.equals("OPTIONS") || header2 == null) ? serveSimpleOriginRequest(request, header) : servePreflightOriginRequest(request, header, header2);
    }

    private HttpServer.Response serveSimpleOriginRequest(HttpServer.Request request, String str) {
        HttpServer.Response serve = super.serve(request);
        if (isAuthorized(str)) {
            Map headerMap = serve.getHeaderMap();
            if (getHeader(headerMap, ALLOW_ORIGIN_KEY) == null) {
                headerMap.put(ALLOW_ORIGIN_KEY, str);
            }
        }
        return serve;
    }

    private HttpServer.Response servePreflightOriginRequest(HttpServer.Request request, String str, String str2) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("Content-Length", "0");
        if (isAuthorized(str)) {
            linkedHashMap.put(ALLOW_ORIGIN_KEY, str);
            linkedHashMap.put(ALLOW_METHOD_KEY, str2);
            linkedHashMap.put(ALLOW_HEADERS_KEY, HttpServer.HDR_CONTENT_TYPE);
        }
        return new HttpServer.Response(this, 200, "OK", linkedHashMap) { // from class: org.astrogrid.samp.web.CorsHttpServer.1
            private final CorsHttpServer this$0;

            {
                this.this$0 = this;
            }

            @Override // org.astrogrid.samp.httpd.HttpServer.Response
            public void writeBody(OutputStream outputStream) {
            }
        };
    }

    private HttpServer.Response createNonLocalErrorResponse(HttpServer.Request request) {
        byte[] bArr;
        int i = 403;
        String str = "Forbidden";
        if ("HEAD".equals(request.getMethod())) {
            return createErrorResponse(403, "Forbidden");
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(HttpServer.HDR_CONTENT_TYPE, Constants.CONTENT_TYPE_TEXTPLAIN);
        try {
            bArr = "Access to server from non-local hosts is not permitted.\r\n".getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            logger_.warning("Unsupported UTF-8??");
            bArr = new byte[0];
        }
        byte[] bArr2 = bArr;
        linkedHashMap.put("Content-Length", Integer.toString(bArr2.length));
        return new HttpServer.Response(this, i, str, linkedHashMap, bArr2) { // from class: org.astrogrid.samp.web.CorsHttpServer.2
            private final byte[] val$mbuf1;
            private final CorsHttpServer this$0;

            {
                this.this$0 = this;
                this.val$mbuf1 = bArr2;
            }

            @Override // org.astrogrid.samp.httpd.HttpServer.Response
            public void writeBody(OutputStream outputStream) throws IOException {
                outputStream.write(this.val$mbuf1);
                outputStream.flush();
            }
        };
    }

    private boolean isAuthorized(String str) {
        boolean z;
        try {
            checkOriginList(str);
            z = true;
        } catch (RuntimeException e) {
            logger_.warning(new StringBuffer().append("Origin header: ").append(e.getMessage()).toString());
            z = false;
        }
        return z && this.authorizer_.authorize(str);
    }

    public boolean isPermittedHost(SocketAddress socketAddress) {
        if (!(socketAddress instanceof InetSocketAddress)) {
            logger_.warning(new StringBuffer().append("Socket address not from internet? ").append(socketAddress).toString());
            return false;
        }
        InetAddress address = ((InetSocketAddress) socketAddress).getAddress();
        if (address == null) {
            return false;
        }
        if (address.isLoopbackAddress() || isExtraHost(address)) {
            return true;
        }
        try {
            return address.equals(InetAddress.getLocalHost());
        } catch (UnknownHostException e) {
            return false;
        }
    }

    private static InetAddress[] getExtraHostAddresses() {
        String str;
        String[] strArr;
        try {
            str = System.getProperty(EXTRAHOSTS_PROP);
        } catch (SecurityException e) {
            str = null;
        }
        if (str != null) {
            String trim = str.trim();
            strArr = trim.length() > 0 ? trim.split(", *") : new String[0];
        } else {
            strArr = new String[0];
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr) {
            try {
                arrayList.add(InetAddress.getByName(str2));
                logger_.warning(new StringBuffer().append("Adding web hub exception for host \"").append(str2).append("\"").toString());
            } catch (UnknownHostException e2) {
                logger_.warning(new StringBuffer().append("Unknown host \"").append(str2).append("\"").append(" - not adding web hub exception").toString());
            }
        }
        return (InetAddress[]) arrayList.toArray(new InetAddress[0]);
    }

    private static boolean isExtraHost(InetAddress inetAddress) {
        return extraAddrSet_.contains(inetAddress);
    }

    private static void checkOriginList(String str) {
        String[] split = str.split(" +");
        if (split.length <= 0) {
            throw new IllegalArgumentException("No origins supplied");
        }
        for (int i = 0; i < split.length; i++) {
            if (!ORIGIN_REGEX.matcher(split[i]).matches()) {
                throw new IllegalArgumentException(new StringBuffer().append("Bad origin syntax: \"").append(split[i]).append("\"").toString());
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$astrogrid$samp$web$CorsHttpServer == null) {
            cls = class$("org.astrogrid.samp.web.CorsHttpServer");
            class$org$astrogrid$samp$web$CorsHttpServer = cls;
        } else {
            cls = class$org$astrogrid$samp$web$CorsHttpServer;
        }
        logger_ = Logger.getLogger(cls.getName());
        extraAddrSet_ = new HashSet(Arrays.asList(getExtraHostAddresses()));
    }
}
