package org.owasp.esapi.filters;

import java.io.IOException;
import java.util.Arrays;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.xalan.templates.Constants;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.AuthenticationException;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/filters/ESAPIFilter.class
 */
/* loaded from: input_file:WEB-INF/lib/opensaml-2.6.4.wso2v3.jar:esapi-2.0.1.jar:org/owasp/esapi/filters/ESAPIFilter.class */
public class ESAPIFilter implements Filter {
    private final Logger logger = ESAPI.getLogger("ESAPIFilter");
    private static final String[] obfuscate = {OAuth.OAUTH_PASSWORD};

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter("resourceDirectory");
        if (initParameter != null) {
            ESAPI.securityConfiguration().setResourceDirectory(initParameter);
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ESAPI.httpUtilities().setCurrentHTTP(httpServletRequest, httpServletResponse);
        try {
            try {
                ESAPI.authenticator().login(httpServletRequest, httpServletResponse);
                ESAPI.httpUtilities().logHTTPRequest(httpServletRequest, this.logger, Arrays.asList(obfuscate));
                if (!ESAPI.accessController().isAuthorizedForURL(httpServletRequest.getRequestURI())) {
                    httpServletRequest.setAttribute(Constants.ELEMNAME_MESSAGE_STRING, "Unauthorized");
                    httpServletRequest.getRequestDispatcher("WEB-INF/index.jsp").forward(httpServletRequest, httpServletResponse);
                } else {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    ESAPI.httpUtilities().setContentType(httpServletResponse);
                    ESAPI.httpUtilities().setNoCacheHeaders(httpServletResponse);
                }
            } catch (Exception e) {
                this.logger.error(Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e);
                httpServletRequest.setAttribute(Constants.ELEMNAME_MESSAGE_STRING, e.getMessage());
            } finally {
                ESAPI.clearCurrent();
            }
        } catch (AuthenticationException e2) {
            ESAPI.authenticator().logout();
            httpServletRequest.setAttribute(Constants.ELEMNAME_MESSAGE_STRING, "Authentication failed");
            httpServletRequest.getRequestDispatcher("WEB-INF/login.jsp").forward(httpServletRequest, httpServletResponse);
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
