package org.gcube.accounting.security.authn.filter;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.gcube.accounting.security.SecurityManager;
import org.gcube.accounting.security.authn.SecurityTokenThreadLocal;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/accounting-common-2.0.0-SNAPSHOT.jar:org/gcube/accounting/security/authn/filter/FederationFilter.class */
public class FederationFilter implements Filter {
    private static Logger logger = Logger.getLogger(FederationFilter.class);
    private static final String DEFAULT_SECURITY_TOKEN_ATTR = "org.apache.fediz.SECURITY_TOKEN";
    private static final String SECURITY_TOKEN_ATTR_CONFIG = "security.token.attribute";
    private String securityTokenAttr = DEFAULT_SECURITY_TOKEN_ATTR;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(SECURITY_TOKEN_ATTR_CONFIG);
        if (initParameter != null) {
            this.securityTokenAttr = initParameter;
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (!SecurityManager.isAuthnEnabled()) {
            logger.debug("Authentication is not enabled. Skipping.");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!"sts".equals(SecurityManager.getAuthnType())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        httpServletRequest.getSession(false);
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        logger.debug("STS Authentication");
        HttpServletRequest httpServletRequest2 = (HttpServletRequest) servletRequest;
        Element element = (Element) httpServletRequest2.getSession().getAttribute(this.securityTokenAttr);
        if (element == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            SecurityTokenThreadLocal.setToken(element);
            Principal userPrincipal = httpServletRequest2.getUserPrincipal();
            logger.debug("Principal user = " + userPrincipal.getName());
            httpServletRequest2.setAttribute("userId", userPrincipal.getName());
            httpServletRequest2.getSession().setAttribute("userId", userPrincipal.getName());
            filterChain.doFilter(servletRequest, servletResponse);
            SecurityTokenThreadLocal.setToken(null);
        } catch (Throwable th) {
            SecurityTokenThreadLocal.setToken(null);
            throw th;
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
