package pro.taskana.rest.security;

import java.io.IOException;
import java.security.AccessController;
import java.util.Optional;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.filter.GenericFilterBean;
import pro.taskana.common.api.exceptions.SystemException;
import pro.taskana.common.api.security.GroupPrincipal;
import pro.taskana.common.api.security.UserPrincipal;

/* loaded from: input_file:pro/taskana/rest/security/SpringSecurityToJaasFilter.class */
public class SpringSecurityToJaasFilter extends GenericFilterBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(SpringSecurityToJaasFilter.class);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Optional<Authentication> currentAuthentication = getCurrentAuthentication();
        if (currentAuthentication.isPresent()) {
            LOGGER.debug("Authentication found in Spring security context: {}", currentAuthentication);
            obtainSubject().ifPresent(subject -> {
                initializeUserPrincipalFromAuthentication((Authentication) currentAuthentication.get(), subject);
                initializeGroupPrincipalsFromAuthentication((Authentication) currentAuthentication.get(), subject);
            });
        } else {
            LOGGER.debug("No authentication found in Spring security context. Continuing unauthenticatic.");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected Optional<Subject> obtainSubject() {
        Optional<Authentication> currentAuthentication = getCurrentAuthentication();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Attempting to obtainSubject using authentication : " + currentAuthentication);
        }
        if (currentAuthentication.isPresent() && currentAuthentication.get().isAuthenticated()) {
            return Optional.of(Subject.getSubject(AccessController.getContext()));
        }
        return Optional.empty();
    }

    Optional<Authentication> getCurrentAuthentication() {
        return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication());
    }

    private void initializeUserPrincipalFromAuthentication(Authentication authentication, Subject subject) {
        if (!subject.getPrincipals().isEmpty()) {
            LOGGER.debug("Principal of the subject is already set to {}.", subject.getPrincipals());
            throw new SystemException("Finding an existing principal is unexpected. Please investigate.");
        }
        LOGGER.debug("Setting the principal of the subject with {}.", authentication.getPrincipal());
        subject.getPrincipals().add(new UserPrincipal(((UserDetails) authentication.getPrincipal()).getUsername()));
    }

    private void initializeGroupPrincipalsFromAuthentication(Authentication authentication, Subject subject) {
        LOGGER.debug("Adding roles {} to subject.", authentication.getAuthorities());
        authentication.getAuthorities().forEach(grantedAuthority -> {
            subject.getPrincipals().add(new GroupPrincipal(grantedAuthority.getAuthority()));
        });
        LOGGER.debug("{}", subject.getPublicCredentials(GroupPrincipal.class));
    }
}
