package org.apache.nifi.minifi.c2.security.authentication;

import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.nifi.minifi.c2.util.HttpRequestUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/minifi/c2/security/authentication/X509AuthenticationFilter.class */
public class X509AuthenticationFilter extends GenericFilterBean {
    private static final Logger logger = LoggerFactory.getLogger(X509AuthenticationFilter.class);
    private AuthenticationManager authenticationManager;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        authenticateIfPossible(servletRequest);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void authenticateIfPossible(ServletRequest servletRequest) {
        if (servletRequest.isSecure()) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) servletRequest.getAttribute("javax.servlet.request.X509Certificate");
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Unable to get certificates in request from " + HttpRequestUtil.getClientString(servletRequest));
                }
            } else {
                Authentication authenticate = this.authenticationManager.authenticate(new X509AuthenticationToken(x509CertificateArr));
                if (authenticate.isAuthenticated()) {
                    SecurityContextHolder.getContext().setAuthentication(authenticate);
                }
            }
        }
    }

    @Autowired
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }
}
