package org.owasp.esapi.filters;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.StringUtilities;

/* loaded from: input_file:WEB-INF/lib/opensaml-2.6.4.wso2v3.jar:esapi-2.0.1.jar:org/owasp/esapi/filters/SecurityWrapper.class */
public class SecurityWrapper implements Filter {
    private final Logger logger = ESAPI.getLogger("SecurityWrapper");
    private String allowableResourcesRoot = "WEB-INF";

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            try {
                SecurityWrapperRequest securityWrapperRequest = new SecurityWrapperRequest((HttpServletRequest) servletRequest);
                SecurityWrapperResponse securityWrapperResponse = new SecurityWrapperResponse((HttpServletResponse) servletResponse);
                securityWrapperRequest.setAllowableContentRoot(this.allowableResourcesRoot);
                ESAPI.httpUtilities().setCurrentHTTP(securityWrapperRequest, securityWrapperResponse);
                filterChain.doFilter(ESAPI.currentRequest(), ESAPI.currentResponse());
                ESAPI.httpUtilities().clearCurrent();
            } catch (Exception e) {
                this.logger.error(Logger.SECURITY_FAILURE, "Error in SecurityWrapper: " + e.getMessage(), e);
                servletRequest.setAttribute("message", e.getMessage());
                ESAPI.httpUtilities().clearCurrent();
            }
        } catch (Throwable th) {
            ESAPI.httpUtilities().clearCurrent();
            throw th;
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.allowableResourcesRoot = StringUtilities.replaceNull(filterConfig.getInitParameter("allowableResourcesRoot"), this.allowableResourcesRoot);
    }
}
