package org.owasp.esapi.filters;

import java.util.Arrays;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.AuthenticationException;

/* loaded from: classes.dex */
public class ESAPIFilter implements Filter {
    private static final String[] obfuscate = {"password"};
    private final Logger logger = ESAPI.getLogger("ESAPIFilter");
    private String loginPage = "WEB-INF/login.jsp";
    private String publicUnauthorizedLandingPage = "WEB-INF/index.jsp";

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ESAPI.httpUtilities().setCurrentHTTP(httpServletRequest, httpServletResponse);
        try {
            try {
                try {
                    ESAPI.authenticator().login(httpServletRequest, httpServletResponse);
                    ESAPI.httpUtilities().logHTTPRequest(httpServletRequest, this.logger, Arrays.asList(obfuscate));
                } catch (AuthenticationException unused) {
                    ESAPI.authenticator().logout();
                    httpServletRequest.setAttribute("message", "Authentication failed");
                    httpServletRequest.getRequestDispatcher(this.loginPage).forward(httpServletRequest, httpServletResponse);
                    ESAPI.clearCurrent();
                    return;
                }
            } catch (Exception e) {
                this.logger.error(Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e);
                httpServletRequest.setAttribute("message", e.getMessage());
            }
            if (!ESAPI.accessController().isAuthorizedForURL(httpServletRequest.getRequestURI())) {
                httpServletRequest.setAttribute("message", "Unauthorized");
                httpServletRequest.getRequestDispatcher(this.publicUnauthorizedLandingPage).forward(httpServletRequest, httpServletResponse);
                ESAPI.clearCurrent();
            } else {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                ESAPI.httpUtilities().setContentType(httpServletResponse);
                ESAPI.httpUtilities().setNoCacheHeaders(httpServletResponse);
                ESAPI.clearCurrent();
            }
        } catch (Throwable th) {
            ESAPI.clearCurrent();
            throw th;
        }
    }

    public void init(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter("resourceDirectory");
        if (initParameter != null) {
            ESAPI.securityConfiguration().setResourceDirectory(initParameter);
        }
        String initParameter2 = filterConfig.getInitParameter("loginPage");
        if (initParameter2 != null) {
            this.loginPage = initParameter2;
        }
        String initParameter3 = filterConfig.getInitParameter("publicUnauthorizedLandingPage");
        if (initParameter3 != null) {
            this.publicUnauthorizedLandingPage = initParameter3;
        }
    }
}
