package com.atlassian.plugins.cors;

import com.atlassian.plugins.rest.common.security.CorsHeaders;
import com.atlassian.plugins.rest.common.security.descriptor.CorsDefaults;
import com.atlassian.plugins.whitelist.InboundWhitelist;
import com.google.common.collect.ImmutableSet;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Set;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/atlassian/plugins/cors/WhitelistBasedCorsDefaults.class */
public class WhitelistBasedCorsDefaults implements CorsDefaults {
    private final InboundWhitelist inboundWhitelist;

    public WhitelistBasedCorsDefaults(InboundWhitelist inboundWhitelist) {
        this.inboundWhitelist = inboundWhitelist;
    }

    public boolean allowsCredentials(String str) throws IllegalArgumentException {
        return allowsOrigin(str);
    }

    public boolean allowsOrigin(String str) throws IllegalArgumentException {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        try {
            return this.inboundWhitelist.isAllowed(new URI(str));
        } catch (URISyntaxException e) {
            return false;
        }
    }

    public Set<String> getAllowedRequestHeaders(String str) throws IllegalArgumentException {
        return ImmutableSet.of("Content-Type", "X-Atlassian-Token");
    }

    public Set<String> getAllowedResponseHeaders(String str) throws IllegalArgumentException {
        return ImmutableSet.of(CorsHeaders.ORIGIN.value());
    }
}
