package pl.edu.icm.synat.container.security.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
import pl.edu.icm.synat.api.services.security.ServiceUserAuthenticationToken;
import pl.edu.icm.synat.api.services.security.ServiceUserAuthenticationTokenHolder;
import pl.edu.icm.synat.api.services.security.exception.ServiceSecurityException;

/* loaded from: input_file:WEB-INF/lib/synat-platform-container-1.8.1.jar:pl/edu/icm/synat/container/security/web/TicketAuthenticationFilter.class */
public class TicketAuthenticationFilter extends GenericFilterBean {
    private AuthenticationManager authenticationManager;
    private Converter<CasAuthenticationToken, ServiceUserAuthenticationToken> serviceUserTokenConverter;
    private final Logger logger = LoggerFactory.getLogger(TicketAuthenticationFilter.class);

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationManager, "authenticationManager must be specified");
        Assert.notNull(this.serviceUserTokenConverter, "serviceUserTokenConverter must be specified");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authenticate;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            authenticate = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER, httpServletRequest.getHeader("ticket")));
        } catch (AuthenticationException e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("SecurityContextHolder not populated with service user token, AuthenticationManager rejected ticket", (Throwable) e);
            }
            onUnsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
        }
        if (!(authenticate instanceof CasAuthenticationToken)) {
            throw new ServiceSecurityException("Autentication is not instance of CasAuthenticationToken", new Object[0]);
        }
        ServiceUserAuthenticationToken convert = this.serviceUserTokenConverter.convert((CasAuthenticationToken) authenticate);
        ServiceUserAuthenticationTokenHolder.setThreadToken(convert);
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        onSuccessfulAuthentication(httpServletRequest, httpServletResponse, convert);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("SecurityContextHolder populated with service user token: '" + SecurityContextHolder.getContext().getAuthentication() + "'");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        ServiceUserAuthenticationTokenHolder.clearThreadToken();
    }

    protected void onSuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServiceUserAuthenticationToken serviceUserAuthenticationToken) {
    }

    protected void onUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setServiceUserTokenConverter(Converter<CasAuthenticationToken, ServiceUserAuthenticationToken> converter) {
        this.serviceUserTokenConverter = converter;
    }
}
