package ch.systemsx.cisd.common.servlet;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/dss_client.jar:ch/systemsx/cisd/common/servlet/AbstractCrossOriginFilter.class */
public abstract class AbstractCrossOriginFilter implements Filter {
    protected static final String ORIGIN_HEADER = "Origin";
    protected static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    protected static final String ALLOWED_ORIGINS_KEY = "TODO";
    private static final String ALLOW_ALL_ORIGINS = "*";
    private FilterConfig filterConfig;

    protected abstract List<String> getOwnDomains();

    protected abstract List<String> getConfiguredTrustedDomains();

    protected List<String> getAllTrustedDomains() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(getOwnDomains());
        arrayList.addAll(getConfiguredTrustedDomains());
        return arrayList;
    }

    private boolean isAllowedOrigin(String str) {
        Iterator<String> it = getAllTrustedDomains().iterator();
        while (it.hasNext()) {
            if (isMatching(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private boolean isMatching(String str, String str2) {
        return str.equalsIgnoreCase(str2) || "*".equals(str);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = ((HttpServletRequest) servletRequest).getHeader(ORIGIN_HEADER);
        if (header != null && isAllowedOrigin(header)) {
            ((HttpServletResponse) servletResponse).setHeader(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, header);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    protected ServletContext getServletContext() {
        return this.filterConfig.getServletContext();
    }
}
