package eu.dnetlib.simplesso;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:eu/dnetlib/simplesso/SimpleSSOAuthenticationFilter.class */
public class SimpleSSOAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    private static final Log log = LogFactory.getLog(SimpleSSOAuthenticationFilter.class);
    private boolean enabled;
    private SimpleSSOAuthenticationRoleBuilder rolesBuilder;
    private List<String> anonymousRoles;

    public int getOrder() {
        return 0;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        return attemptAuthentication(httpServletRequest);
    }

    public void doFilterHttp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (requiresAuthentication(httpServletRequest, httpServletResponse)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Request is to process authentication");
            }
            try {
                successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, attemptAuthentication(httpServletRequest));
                if (this.enabled) {
                    return;
                }
            } catch (AuthenticationException e) {
                unsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest) throws AuthenticationException {
        Authentication authenticate = getAuthenticationManager().authenticate(this.enabled ? ssoAuth(httpServletRequest) : anonymousAuth());
        if (!this.enabled) {
            log.debug("Setting HACK auth " + authenticate);
            SecurityContextHolder.getContext().setAuthentication(authenticate);
        }
        return authenticate;
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.enabled) {
            String parameter = httpServletRequest.getParameter("auth");
            return (parameter == null || parameter.equals("")) ? false : true;
        }
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            return true;
        }
        log.debug("already have some auth token " + SecurityContextHolder.getContext().getAuthentication());
        return false;
    }

    protected SimpleSSOAuthenticationToken ssoAuth(HttpServletRequest httpServletRequest) {
        return new SimpleSSOAuthenticationToken(httpServletRequest.getParameter("auth"));
    }

    protected Authentication anonymousAuth() {
        return new AnonymousAuthenticationToken("disabled", "anonymous", Lists.newArrayList(this.rolesBuilder.buildAuthorities(this.anonymousRoles)));
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        if (this.enabled) {
            super.successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, authentication);
        } else {
            log.debug("SETTING AUTHENTICATION " + authentication);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public SimpleSSOAuthenticationRoleBuilder getRolesBuilder() {
        return this.rolesBuilder;
    }

    public void setRolesBuilder(SimpleSSOAuthenticationRoleBuilder simpleSSOAuthenticationRoleBuilder) {
        this.rolesBuilder = simpleSSOAuthenticationRoleBuilder;
    }

    public List<String> getAnonymousRoles() {
        return this.anonymousRoles;
    }

    public void setAnonymousRoles(List<String> list) {
        this.anonymousRoles = list;
    }

    protected SimpleSSOAuthenticationFilter(RequestMatcher requestMatcher) {
        super(requestMatcher);
        this.enabled = false;
    }

    public SimpleSSOAuthenticationFilter() {
        super("/auth");
        this.enabled = false;
    }
}
