package org.jasig.cas.client.jboss.authentication;

import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.jaas.AssertionPrincipal;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jboss.web.tomcat.security.login.WebAuthentication;

/* loaded from: input_file:org/jasig/cas/client/jboss/authentication/WebAuthenticationFilter.class */
public final class WebAuthenticationFilter extends AbstractCasFilter {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, getArtifactParameterName());
        if (session != null && session.getAttribute("_const_cas_assertion_") == null && safeGetParameter != null) {
            try {
                String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
                this.log.debug("Attempting CAS ticket validation with service=" + constructServiceUrl + " and ticket=" + safeGetParameter);
                if (!new WebAuthentication().login(constructServiceUrl, safeGetParameter)) {
                    this.log.debug("JBoss Web authentication failed.");
                    throw new GeneralSecurityException("JBoss Web authentication failed.");
                }
                if (!(httpServletRequest.getUserPrincipal() instanceof AssertionPrincipal)) {
                    this.log.debug("Aborting -- principal is not of type AssertionPrincipal");
                    throw new GeneralSecurityException("JBoss Web authentication did not produce CAS AssertionPrincipal.");
                }
                AssertionPrincipal userPrincipal = httpServletRequest.getUserPrincipal();
                this.log.debug("Installing CAS assertion into session.");
                session.setAttribute("_const_cas_assertion_", userPrincipal.getAssertion());
            } catch (GeneralSecurityException e) {
                httpServletResponse.sendError(403, e.getMessage());
            }
        } else if (session != null && httpServletRequest.getUserPrincipal() == null) {
            this.log.info("User principal not found.  Removing CAS assertion from session to force reauthentication.");
            session.removeAttribute("_const_cas_assertion_");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
