package pt.webdetails.cpf.utils;

import java.util.Collection;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:pt/webdetails/cpf/utils/AbstractCorsUtil.class */
public abstract class AbstractCorsUtil {
    private static final String TRUE = "true";
    private static final String ORIGIN = "ORIGIN";
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";

    protected abstract boolean isCorsAllowed();

    protected abstract Collection<String> getDomainWhitelist();

    public void setCorsHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isCorsAllowed()) {
            String header = httpServletRequest.getHeader(ORIGIN);
            if (isDomainAllowed(header)) {
                httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN, header);
                httpServletResponse.setHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, TRUE);
            }
        }
    }

    private boolean isDomainAllowed(String str) {
        Collection<String> domainWhitelist;
        if (StringUtils.isBlank(str) || (domainWhitelist = getDomainWhitelist()) == null || domainWhitelist.isEmpty()) {
            return false;
        }
        Iterator<String> it = domainWhitelist.iterator();
        while (it.hasNext()) {
            if (StringUtils.equalsIgnoreCase(it.next(), str)) {
                return true;
            }
        }
        return false;
    }
}
