package com.adobe.acs.commons.analysis.jcrchecksum.impl.servlets;

import acscommons.com.google.common.net.HttpHeaders;
import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;

/* loaded from: input_file:com/adobe/acs/commons/analysis/jcrchecksum/impl/servlets/BaseChecksumServlet.class */
public class BaseChecksumServlet extends SlingAllMethodsServlet {
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private static final String ORIGIN = "Origin";

    protected final boolean isAnonymous(SlingHttpServletRequest slingHttpServletRequest) {
        return "anonymous".equals(slingHttpServletRequest.getResourceResolver().getUserID());
    }

    protected final void doOptions(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws IOException, ServletException {
        handleCORS(slingHttpServletRequest, slingHttpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleCORS(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) {
        String header = slingHttpServletRequest.getHeader("Origin");
        if (header == null || header.length() <= 0) {
            return;
        }
        slingHttpServletResponse.setHeader("Access-Control-Allow-Origin", header);
        slingHttpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        slingHttpServletResponse.setHeader("Access-Control-Allow-Headers", HttpHeaders.AUTHORIZATION);
        slingHttpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST");
    }
}
