package com.alipay.security.open.defaultcors;

import com.alipay.security.open.common.log.SecurityLoggerFactory;
import com.alipay.security.open.common.processor.CrlfProcessUtil;
import com.alipay.security.open.common.string.StringUtil;
import java.io.IOException;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;

/* loaded from: input_file:com/alipay/security/open/defaultcors/DefaultCorsFilter.class */
public class DefaultCorsFilter implements Filter {
    private String charset;
    private final Logger logger = SecurityLoggerFactory.getLogger((Class<?>) DefaultCorsFilter.class);
    private String errorMsg = "{\"stat\":\"fail\",\"msg\":\"InvaildOrigin\"}";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        DefaultCorsHead doCheck = DefaultCorsCheckUtil.doCheck((HttpServletRequest) servletRequest);
        if (doCheck == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!doCheck.isVailedOrigin()) {
            httpServletResponse.setCharacterEncoding(this.charset);
            httpServletResponse.setContentType("application/json");
            httpServletResponse.getWriter().write(this.errorMsg);
            return;
        }
        if (StringUtil.isNotBlank(doCheck.getOrigin())) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", CrlfProcessUtil.doProcess(doCheck.getOrigin()));
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", CrlfProcessUtil.doProcess(doCheck.getCredentials()));
            if (StringUtil.isNotBlank(doCheck.getMethods())) {
                httpServletResponse.setHeader("Access-Control-Allow-Methods", CrlfProcessUtil.doProcess(doCheck.getMethods()));
            }
            if (StringUtil.isNotBlank(doCheck.getHeads())) {
                httpServletResponse.setHeader("Access-Control-Allow-Headers", CrlfProcessUtil.doProcess(doCheck.getHeads()));
                httpServletResponse.setHeader("Access-Control-Expose-Headers", CrlfProcessUtil.doProcess(doCheck.getHeads()));
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    public void setWhiteList(List<String> list) {
        DefaultCorsCheckUtil.setAllowHostUrl(list);
    }

    public void setWhiteHostList(List<String> list) {
        DefaultCorsCheckUtil.setWhiteHostList(list);
    }

    public void setCustomMethods(String str) {
        DefaultCorsCheckUtil.setCustomMethods(str);
    }

    public void setCustomHeads(String str) {
        DefaultCorsCheckUtil.setCustomHeads(str);
    }

    public void setCustomCredentials(String str) {
        DefaultCorsCheckUtil.setCustomCredentials(str);
    }

    public void setCharset(String str) {
        this.charset = str;
    }

    public void setErrorMsg(String str) {
        this.errorMsg = str;
    }
}
