package pro.taskana.common.rest;

import java.io.IOException;
import java.security.AccessController;
import java.util.Optional;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.filter.GenericFilterBean;
import pro.taskana.common.api.exceptions.SystemException;
import pro.taskana.common.api.security.GroupPrincipal;
import pro.taskana.common.api.security.UserPrincipal;
import pro.taskana.common.internal.logging.LoggingAspect;

/* loaded from: input_file:pro/taskana/common/rest/SpringSecurityToJaasFilter.class */
public class SpringSecurityToJaasFilter extends GenericFilterBean {
    private static final Logger LOGGER;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_3;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_4;

    static {
        ajc$preClinit();
        LOGGER = LoggerFactory.getLogger(SpringSecurityToJaasFilter.class);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, new Object[]{servletRequest, servletResponse, filterChain});
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        Optional<Authentication> currentAuthentication = getCurrentAuthentication();
        if (currentAuthentication.isPresent()) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Authentication found in Spring security context: {}", currentAuthentication);
            }
            obtainSubject().ifPresent(subject -> {
                initializeUserPrincipalFromAuthentication((Authentication) currentAuthentication.get(), subject);
                initializeGroupPrincipalsFromAuthentication((Authentication) currentAuthentication.get(), subject);
            });
        } else if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("No authentication found in Spring security context. Continuing unauthenticatic.");
        }
        filterChain.doFilter(servletRequest, servletResponse);
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, (Object) null);
    }

    protected Optional<Subject> obtainSubject() {
        Optional<Subject> empty;
        Optional<Subject> optional;
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        Optional<Authentication> currentAuthentication = getCurrentAuthentication();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Attempting to obtainSubject using authentication : " + currentAuthentication);
        }
        if (currentAuthentication.isEmpty() || !currentAuthentication.get().isAuthenticated()) {
            empty = Optional.empty();
            optional = empty;
        } else {
            empty = Optional.of(Subject.getSubject(AccessController.getContext()));
            optional = empty;
        }
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, empty);
        return optional;
    }

    Optional<Authentication> getCurrentAuthentication() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        Optional<Authentication> ofNullable = Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication());
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, ofNullable);
        return ofNullable;
    }

    private void initializeUserPrincipalFromAuthentication(Authentication authentication, Subject subject) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, authentication, subject);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        if (!subject.getPrincipals().isEmpty()) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Principal of the subject is already set to {}.", subject.getPrincipals());
            }
            throw new SystemException("Finding an existing principal is unexpected. Please investigate.");
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Setting the principal of the subject with {}.", authentication.getPrincipal());
        }
        subject.getPrincipals().add(new UserPrincipal(((UserDetails) authentication.getPrincipal()).getUsername()));
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, (Object) null);
    }

    private void initializeGroupPrincipalsFromAuthentication(Authentication authentication, Subject subject) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, authentication, subject);
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding roles {} to subject.", authentication.getAuthorities());
        }
        authentication.getAuthorities().forEach(grantedAuthority -> {
            subject.getPrincipals().add(new GroupPrincipal(grantedAuthority.getAuthority()));
        });
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("{}", subject.getPublicCredentials(GroupPrincipal.class));
        }
        LoggingAspect.aspectOf().afterMethodExecuted(makeJP, (Object) null);
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("SpringSecurityToJaasFilter.java", SpringSecurityToJaasFilter.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "doFilter", "pro.taskana.common.rest.SpringSecurityToJaasFilter", "javax.servlet.ServletRequest:javax.servlet.ServletResponse:javax.servlet.FilterChain", "request:response:chain", "java.io.IOException:javax.servlet.ServletException", "void"), 27);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("4", "obtainSubject", "pro.taskana.common.rest.SpringSecurityToJaasFilter", "", "", "", "java.util.Optional"), 61);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("0", "getCurrentAuthentication", "pro.taskana.common.rest.SpringSecurityToJaasFilter", "", "", "", "java.util.Optional"), 73);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "initializeUserPrincipalFromAuthentication", "pro.taskana.common.rest.SpringSecurityToJaasFilter", "org.springframework.security.core.Authentication:javax.security.auth.Subject", "authentication:subject", "", "void"), 77);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "initializeGroupPrincipalsFromAuthentication", "pro.taskana.common.rest.SpringSecurityToJaasFilter", "org.springframework.security.core.Authentication:javax.security.auth.Subject", "authentication:subject", "", "void"), 95);
    }
}
