package org.mitre.openid.connect.filter;

import com.google.common.base.Strings;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.persistence.config.PersistenceUnitProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Component("promptFilter")
/* loaded from: input_file:WEB-INF/classes/org/mitre/openid/connect/filter/PromptFilter.class */
public class PromptFilter extends GenericFilterBean {
    private Logger logger = LoggerFactory.getLogger(PromptFilter.class);
    public static final String PROMPTED = "PROMPT_FILTER_PROMPTED";
    public static final String PROMPT_REQUESTED = "PROMPT_FILTER_REQUESTED";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (Strings.isNullOrEmpty(httpServletRequest.getParameter("prompt"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (httpServletRequest.getParameter("prompt").equals(PersistenceUnitProperties.NONE)) {
            this.logger.info("Client requested no prompt");
            if (SecurityContextHolder.getContext().getAuthentication() != null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else {
                this.logger.info("User not logged in, no prompt requested, returning 403 from filter");
                httpServletResponse.sendError(403, "Access Denied");
                return;
            }
        }
        if (!httpServletRequest.getParameter("prompt").equals("login")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute(PROMPTED) != null) {
            session.removeAttribute(PROMPTED);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE);
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            SecurityContextHolder.getContext().setAuthentication(null);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }
}
