package org.owasp.esapi.filters;

import java.io.IOException;
import java.util.Iterator;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;

/* loaded from: classes.dex */
public class SafeHTTPFilter implements Filter {
    private boolean isExcludedURL(HttpServletRequest httpServletRequest) {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (ESAPI.securityConfiguration().getSafeHTTPFilterIgnoreURLexact().contains(stringBuffer)) {
            return true;
        }
        Iterator it = ESAPI.securityConfiguration().getSafeHTTPFilterIgnoreURLroot().iterator();
        while (it.hasNext()) {
            if (stringBuffer.startsWith(((String) it.next()).toLowerCase())) {
                return true;
            }
        }
        for (String str : ESAPI.securityConfiguration().getSafeHTTPFilterIgnoreURLregEx()) {
            Pattern pattern = null;
            if (0 == 0) {
                try {
                    pattern = Pattern.compile(str);
                } catch (PatternSyntaxException e) {
                    throw new RuntimeException(new StringBuffer("SafeHTTPFilter misconfiguration, invalid regular expression. Bad RegEx=").append(str).toString());
                }
            }
            if (pattern == null) {
                throw new RuntimeException(new StringBuffer("SafeHTTPFilter misconfiguration, RegEx compiles to null. Bad RegEx=").append(str).toString());
            }
            if (pattern.matcher(stringBuffer).matches()) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ESAPI.httpUtilities().setCurrentHTTP(httpServletRequest, httpServletResponse);
        if (isExcludedURL(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            filterChain.doFilter(new SafeRequest(httpServletRequest), new SafeResponse(httpServletResponse));
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
