package org.georchestra.geowebcache.security;

import com.google.common.base.Strings;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.georchestra.commons.security.SecurityHeaders;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/classes/org/georchestra/geowebcache/security/PreAuthFilter.class */
public class PreAuthFilter implements Filter {
    private static final Log logger = LogFactory.getLog(PreAuthFilter.class);

    public PreAuthFilter() {
        logger.warn("PreAuthFilter");
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        logger.warn("PreAuthFilter initialized");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (SecurityHeaders.decode(httpServletRequest.getHeader(SecurityHeaders.SEC_USERNAME)) != null) {
                SecurityContext context = SecurityContextHolder.getContext();
                context.setAuthentication(createAuthentication(httpServletRequest));
                logger.warn("Populated SecurityContextHolder with pre-auth token: '" + context.getAuthentication() + "'");
                if (logger.isDebugEnabled()) {
                    logger.debug("Populated SecurityContextHolder with pre-auth token: '" + context.getAuthentication() + "'");
                }
            } else {
                logger.warn("SecurityContextHolder not populated with pre-auth token");
                if (logger.isDebugEnabled()) {
                    logger.debug("SecurityContextHolder not populated with pre-auth token");
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private Authentication createAuthentication(HttpServletRequest httpServletRequest) {
        String decode = SecurityHeaders.decode(httpServletRequest.getHeader(SecurityHeaders.SEC_USERNAME));
        String decode2 = SecurityHeaders.decode(httpServletRequest.getHeader(SecurityHeaders.SEC_ROLES));
        return new PreAuthToken(decode, Strings.isNullOrEmpty(decode2) ? Collections.emptySet() : (Set) Pattern.compile(ScriptUtils.DEFAULT_STATEMENT_SEPARATOR).splitAsStream(decode2).collect(Collectors.toSet()));
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
