package com.alipay.security.open.defaultcors;

import com.alipay.security.open.common.log.LoggerUtil;
import com.alipay.security.open.common.log.SecurityLoggerFactory;
import com.alipay.security.open.common.string.StringUtil;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;

/* loaded from: input_file:com/alipay/security/open/defaultcors/DefaultCorsCheckUtil.class */
public class DefaultCorsCheckUtil {
    private static Pattern whiteOriginPattern;
    private static final Logger logger = SecurityLoggerFactory.getLogger((Class<?>) DefaultCorsCheckUtil.class);
    private static List<Pattern> allowHostUrl = new ArrayList();
    private static List<String> whiteHostList = new ArrayList();
    private static String customMethods = "OPTIONS,HEAD,GET,POST,PUT,DELETE,TRACE";
    private static String customHeads = StringUtil.EMPTY_STRING;
    private static String customCredentials = "false";

    public static DefaultCorsHead doCheck(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Origin");
        String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
        String requestURI = httpServletRequest.getRequestURI();
        if (StringUtil.isBlank(header)) {
            return null;
        }
        return corsCheck(header, requestURI, header2);
    }

    public static DefaultCorsHead doCheck(Map<String, String> map, String str) {
        String str2 = map.get("Origin");
        String str3 = map.get("Access-Control-Request-Headers");
        if (StringUtil.isBlank(str2)) {
            return null;
        }
        return corsCheck(str2, str, str3);
    }

    public static DefaultCorsHead corsCheck(String str, String str2, String str3) {
        DefaultCorsHead defaultCorsHead = new DefaultCorsHead();
        defaultCorsHead.setCredentials(customCredentials);
        if (StringUtil.isNotBlank(customMethods)) {
            defaultCorsHead.setMethods(customMethods);
        }
        String allowHeaders = getAllowHeaders(str3);
        if (StringUtil.isNotBlank(allowHeaders)) {
            defaultCorsHead.setHeads(allowHeaders);
        }
        String formatOrigin = formatOrigin(str, str2);
        if (StringUtil.isBlank(formatOrigin)) {
            defaultCorsHead.setIsVailedOrigin(false);
            return defaultCorsHead;
        }
        if (whiteOriginPattern != null && whiteOriginPattern.matcher(str).find()) {
            defaultCorsHead.setOrigin(formatOrigin);
            return defaultCorsHead;
        }
        Iterator<Pattern> it = allowHostUrl.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).find()) {
                defaultCorsHead.setOrigin(formatOrigin);
                return defaultCorsHead;
            }
        }
        LoggerUtil.formatError(logger, "DefaultCorsCheckUtil", "corsCheck", "InvaildOrigin", "pass=false##origin=" + str + "##uri=" + str2, "当前origin不匹配系统允许的跨域白名单，阻断当前请求！");
        defaultCorsHead.setIsVailedOrigin(false);
        return defaultCorsHead;
    }

    private static String formatOrigin(String str, String str2) {
        try {
            URI uri = new URI(str);
            String scheme = uri.getScheme();
            String host = uri.getHost();
            String str3 = scheme + "://" + host;
            if (StringUtil.isBlank(scheme) || StringUtil.isBlank(host)) {
                LoggerUtil.formatError(logger, "DefaultCorsCheckUtil", "formatOrigin", "InvaildOrigin", "pass=false##origin=" + str + "##uri=" + str2, "当前origin不是一个正常的uri，阻断当前请求！");
                return null;
            }
            if (StringUtil.equals(scheme, "http") || StringUtil.equals(scheme, "https")) {
                return str3;
            }
            LoggerUtil.formatError(logger, "DefaultCorsCheckUtil", "formatOrigin", "InvaildOrigin", "pass=false##origin=" + str + "##uri=" + str2, "当前origin不是一个正常的uri，阻断当前请求！");
            return null;
        } catch (URISyntaxException e) {
            LoggerUtil.formatError(logger, "DefaultCorsCheckUtil", "formatOrigin", "InvaildOrigin", "pass=false##origin=" + str + "##uri=" + str2, "当前origin不是一个正常的uri，阻断当前请求！");
            return null;
        }
    }

    private static String getAllowHeaders(String str) {
        return (StringUtil.equals(customHeads, "*") && StringUtil.isNotBlank(str)) ? str : customHeads;
    }

    public static void setAllowHostUrl(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(Pattern.compile(StringUtil.trim(it.next())));
        }
        allowHostUrl = arrayList;
    }

    public static void setWhiteHostList(List<String> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("^http(s)?://([a-z0-9_\\-]+\\.)*(");
        for (String str : list) {
            whiteHostList.add(StringUtil.trim(str).replaceAll("\\.", "\\\\."));
            sb.append(str);
            sb.append("|");
        }
        sb.deleteCharAt(sb.length() - 1);
        sb.append(")(:\\d+)?(/.*)?$");
        whiteOriginPattern = Pattern.compile(sb.toString());
    }

    public static void setCustomMethods(String str) {
        customMethods = str;
    }

    public static void setCustomHeads(String str) {
        customHeads = str;
    }

    public static void setCustomCredentials(String str) {
        customCredentials = str;
    }

    static {
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(taobao|alibaba|alibaba-inc|alipay-inc|aliloan|koubei|alimama)\\.(com|net|cn|com\\.cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(1688|alibado|alisoft)\\.(com|cn|com\\.cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(alipay|zmxy|zhimaxy|mayibank)\\.(net|com\\.cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(mybank)\\.(cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(mayibank|zhimaxy)\\.(cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(alipay|aliexpress|atpanel|taobaocdn|taojianghu|taojapan|hitao|taohua|tao123|tmall|etao|alitrip|zhifubao|zhifu|alipaydev|alipayobjects|alipay-cloud)\\.(com)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(alibank)\\.(net)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(aliimg)\\.(com|net)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(taobao|koubei)\\.(org)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(yahoo)\\.(cn|com\\.cn)(:\\d+)?(/.*)?$"));
    }
}
