package org.owasp.esapi.filters;

import java.io.IOException;
import java.util.Arrays;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.AuthenticationException;

/* loaded from: input_file:org/owasp/esapi/filters/ESAPIFilter.class */
public class ESAPIFilter implements Filter {
    private final Logger logger = ESAPI.getLogger("ESAPIFilter");
    private static final String[] obfuscate = {"password"};

    public void init(FilterConfig filterConfig) {
        if (ESAPI.securityConfiguration().getResourceDirectory() == null) {
            ESAPI.securityConfiguration().setResourceDirectory(filterConfig.getInitParameter("resourceDirectory"));
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ESAPI.httpUtilities().setCurrentHTTP(httpServletRequest, httpServletResponse);
        try {
            try {
                try {
                    ESAPI.authenticator().login(httpServletRequest, httpServletResponse);
                    ESAPI.httpUtilities().logHTTPRequest(httpServletRequest, this.logger, Arrays.asList(obfuscate));
                    if (!ESAPI.accessController().isAuthorizedForURL(httpServletRequest.getRequestURI().toString())) {
                        httpServletRequest.setAttribute("message", "Unauthorized");
                        httpServletRequest.getRequestDispatcher("WEB-INF/index.jsp").forward(httpServletRequest, httpServletResponse);
                        ESAPI.authenticator().clearCurrent();
                        ESAPI.httpUtilities().setCurrentHTTP(null, null);
                        return;
                    }
                    if (!ESAPI.validator().isValidHTTPRequest()) {
                        httpServletRequest.setAttribute("message", "Validation error");
                        httpServletRequest.getRequestDispatcher("WEB-INF/index.jsp").forward(httpServletRequest, httpServletResponse);
                        ESAPI.authenticator().clearCurrent();
                        ESAPI.httpUtilities().setCurrentHTTP(null, null);
                        return;
                    }
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    ESAPI.httpUtilities().setSafeContentType(httpServletResponse);
                    ESAPI.httpUtilities().setNoCacheHeaders(httpServletResponse);
                    ESAPI.authenticator().clearCurrent();
                    ESAPI.httpUtilities().setCurrentHTTP(null, null);
                } catch (AuthenticationException e) {
                    ESAPI.authenticator().logout();
                    httpServletRequest.setAttribute("message", "Authentication failed");
                    httpServletRequest.getRequestDispatcher("WEB-INF/login.jsp").forward(httpServletRequest, httpServletResponse);
                    ESAPI.authenticator().clearCurrent();
                    ESAPI.httpUtilities().setCurrentHTTP(null, null);
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                this.logger.error(Logger.SECURITY, false, "Error in ESAPI security filter: " + e2.getMessage(), e2);
                httpServletRequest.setAttribute("message", e2.getMessage());
                ESAPI.authenticator().clearCurrent();
                ESAPI.httpUtilities().setCurrentHTTP(null, null);
            }
        } catch (Throwable th) {
            ESAPI.authenticator().clearCurrent();
            ESAPI.httpUtilities().setCurrentHTTP(null, null);
            throw th;
        }
    }

    public void destroy() {
    }
}
