package si.irm.mmweb.main;

import com.google.common.net.HttpHeaders;
import com.vaadin.cdi.server.VaadinCDIServlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import si.irm.mm.ejb.SettingsEJB;

/* loaded from: input_file:MarinaMasterWeb.war:WEB-INF/classes/si/irm/mmweb/main/MMServlet.class */
public class MMServlet extends VaadinCDIServlet {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.vaadin.server.VaadinServlet, javax.servlet.http.HttpServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String header;
        if (Boolean.TRUE.equals(SettingsEJB.enableCORS) && SettingsEJB.allowedCORSOrigins != null && !"".equals(SettingsEJB.allowedCORSOrigins.trim()) && (header = httpServletRequest.getHeader(HttpHeaders.ORIGIN)) != null && !"".equals(header.trim()) && isOriginAllowed(header)) {
            if ("options".equalsIgnoreCase(httpServletRequest.getMethod())) {
                httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
                httpServletResponse.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD));
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS));
                httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
                httpServletResponse.setContentType("text/plain");
                httpServletResponse.setCharacterEncoding("utf-8");
                httpServletResponse.getWriter().flush();
                return;
            }
            if ("post".equalsIgnoreCase(httpServletRequest.getMethod())) {
                httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
                httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
                super.service(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (SettingsEJB.mmAppIdHeaderName != null && !"".equals(SettingsEJB.mmAppIdHeaderName.trim()) && SettingsEJB.mmAppIdHeaderValue != null && !"".equals(SettingsEJB.mmAppIdHeaderValue.trim())) {
            httpServletResponse.addHeader(SettingsEJB.mmAppIdHeaderName, SettingsEJB.mmAppIdHeaderValue);
        }
        super.service(httpServletRequest, httpServletResponse);
    }

    private boolean isOriginAllowed(String str) {
        if (SettingsEJB.allowedCORSOrigins == null || "".equals(SettingsEJB.allowedCORSOrigins.trim())) {
            return false;
        }
        if (SettingsEJB.allowedCORSOrigins.equals("*;")) {
            return true;
        }
        return SettingsEJB.allowedCORSOrigins.toLowerCase().contains(String.valueOf(str.toLowerCase()) + ";");
    }
}
