package org.apache.nifi.registry.web.security.authentication;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.nifi.registry.security.authentication.AuthenticationRequest;
import org.apache.nifi.registry.security.authentication.IdentityProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/registry/web/security/authentication/IdentityFilter.class */
public class IdentityFilter extends GenericFilterBean {
    private static final Logger logger = LoggerFactory.getLogger(IdentityFilter.class);
    private final IdentityProvider identityProvider;

    public IdentityFilter(IdentityProvider identityProvider) {
        this.identityProvider = identityProvider;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!servletRequest.isSecure()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.identityProvider == null) {
            logger.warn("Identity Filter configured with NULL identity provider. Credentials will not be extracted.");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (credentialsAlreadyPresent()) {
            logger.debug("Credentials already extracted for {}, skipping credentials extraction filter for {}", SecurityContextHolder.getContext().getAuthentication().getPrincipal(), this.identityProvider.getClass().getSimpleName());
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        logger.debug("Attempting to extract user credentials using {}", this.identityProvider.getClass().getSimpleName());
        try {
            AuthenticationRequest extractCredentials = this.identityProvider.extractCredentials((HttpServletRequest) servletRequest);
            if (extractCredentials != null) {
                AuthenticationRequestToken authenticationRequestToken = new AuthenticationRequestToken(extractCredentials, this.identityProvider.getClass(), servletRequest.getRemoteAddr());
                logger.debug("Adding credentials claim to SecurityContext to be authenticated. Credentials extracted by {}: {}", this.identityProvider.getClass().getSimpleName(), extractCredentials);
                SecurityContextHolder.getContext().setAuthentication(authenticationRequestToken);
            }
        } catch (Exception e) {
            logger.debug("Exception occurred while extracting credentials:", e);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean credentialsAlreadyPresent() {
        return SecurityContextHolder.getContext().getAuthentication() != null;
    }
}
