package com.asiainfo.bp.config;

import com.asiainfo.bp.utils.ApplicationConfig;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/asiainfo/bp/config/CORSFilter.class */
public class CORSFilter implements Filter {
    private static transient Log log = LogFactory.getLog(CORSFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Origin");
        if (header == null) {
            header = httpServletRequest.getHeader("Referer");
        }
        String val = ApplicationConfig.getVal("cors_allowed_origin");
        if (!StringUtils.isNotEmpty(val)) {
            setHeader(header, httpServletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            new HashSet(Arrays.asList(val.split(",")));
            httpServletRequest.getParameter("action");
            setHeader(header, httpServletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private void setHeader(String str, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", str);
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "*");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with,content-type");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
    }

    public void destroy() {
    }
}
