package org.gcube.accounting.security.authn.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.gcube.accounting.security.SecurityManager;
import org.gcube.accounting.security.authz.Action;

/* loaded from: input_file:WEB-INF/lib/accounting-common-2.1.0-3.8.0.jar:org/gcube/accounting/security/authn/filter/DelegateFilter.class */
public class DelegateFilter implements Filter {
    private static Logger logger = Logger.getLogger(DelegateFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (!SecurityManager.isAuthnEnabled()) {
            logger.debug("Authentication is not enabled. Skipping.");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("delegatorId");
        if (header == null || header.trim().equals("")) {
            logger.debug("No delegator id provided. Skipping.");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String str = (String) httpServletRequest.getAttribute("userId");
        if (SecurityManager.isAuthzEnabled() && SecurityManager.getAuthorizationManager().isAllowed(str, Action.ACT_AS_DELEGATE)) {
            logger.info(String.format("Replacing userId with delegatorId: %s -> %s", str, header));
            httpServletRequest.setAttribute("userId", header);
        } else {
            logger.debug(str + " can't act as delegate. Skipping.");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }
}
