package org.apache.isis.security.spring.webmodule;

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.inject.Inject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import lombok.NonNull;
import org.apache.isis.applib.services.iactnlayer.InteractionContext;
import org.apache.isis.applib.services.iactnlayer.InteractionService;
import org.apache.isis.applib.services.user.UserCurrentSessionTimeZoneHolder;
import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.commons.functional.Try;
import org.apache.isis.security.spring.authconverters.AuthenticationConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/apache/isis/security/spring/webmodule/SpringSecurityFilter.class */
public class SpringSecurityFilter implements Filter {

    @Autowired
    private InteractionService interactionService;

    @Inject
    List<AuthenticationConverter> converters;

    @Inject
    private UserCurrentSessionTimeZoneHolder userCurrentSessionTimeZoneHolder;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        UserMemento userMemento = (UserMemento) springAuthentication().flatMap(this::userMementoFromSpringAuthentication).orElse(null);
        if (userMemento == null) {
            setUnauthorized(servletResponse);
            return;
        }
        Try runAndCatch = this.interactionService.runAndCatch(InteractionContext.ofUserWithSystemDefaults(userMemento).withTimeZoneIfAny(this.userCurrentSessionTimeZoneHolder.getUserTimeZone()), () -> {
            filterChain.doFilter(servletRequest, servletResponse);
        });
        runAndCatch.ifFailure(th -> {
            th.printStackTrace();
            setUnauthorized(servletResponse);
        });
        runAndCatch.ifFailureFail();
    }

    private void setUnauthorized(ServletResponse servletResponse) {
        ((HttpServletResponse) servletResponse).setStatus(401);
    }

    private Optional<Authentication> springAuthentication() {
        return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication());
    }

    private Optional<UserMemento> userMementoFromSpringAuthentication(@NonNull Authentication authentication) {
        UserMemento convert;
        if (authentication == null) {
            throw new NullPointerException("springAuthentication is marked non-null but is null");
        }
        if (!authentication.isAuthenticated()) {
            return Optional.empty();
        }
        Iterator<AuthenticationConverter> it = this.converters.iterator();
        while (it.hasNext()) {
            try {
                convert = it.next().convert(authentication);
            } catch (Throwable th) {
            }
            if (convert != null) {
                return Optional.of(convert.withRoleAdded("org.apache.isis.security.AUTHORIZED_USER_ROLE").withAuthenticationSource(UserMemento.AuthenticationSource.EXTERNAL));
            }
            continue;
        }
        return Optional.empty();
    }
}
