package org.fcrepo.auth.common;

import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/fcrepo-auth-common-6.0.0-beta-1.jar:org/fcrepo/auth/common/ServletContainerAuthFilter.class */
public class ServletContainerAuthFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ServletContainerAuthFilter.class);
    public static final String FEDORA_ADMIN_ROLE = "fedoraAdmin";
    public static final String FEDORA_USER_ROLE = "fedoraUser";
    private static final String[] ROLE_NAMES = {FEDORA_ADMIN_ROLE, FEDORA_USER_ROLE};

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        Subject subject = SecurityUtils.getSubject();
        if (userPrincipal != null) {
            log.debug("There is a servlet user: {}", userPrincipal.getName());
            HashSet hashSet = new HashSet();
            for (String str : ROLE_NAMES) {
                log.debug("Testing role {}", str);
                if (httpServletRequest.isUserInRole(str)) {
                    log.debug("Servlet user {} has servlet role: {}", userPrincipal.getName(), str);
                    hashSet.add(str);
                }
            }
            ContainerAuthToken containerAuthToken = new ContainerAuthToken(userPrincipal.getName(), hashSet);
            log.debug("Credentials for servletUser = {}", containerAuthToken.getCredentials());
            subject.login(containerAuthToken);
        } else {
            log.debug("Anonymous request");
            subject.logout();
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }
}
