package org.eclipse.scout.rt.server.commons.servletfilter.helper;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.scout.commons.StringUtility;
import org.eclipse.scout.commons.security.SimplePrincipal;
import org.eclipse.scout.rt.server.commons.servletfilter.FilterConfigInjection;
import org.eclipse.scout.rt.server.commons.servletfilter.security.SecureHttpServletRequestWrapper;

/* loaded from: input_file:org/eclipse/scout/rt/server/commons/servletfilter/helper/HttpAuthJaasFilter.class */
public class HttpAuthJaasFilter implements Filter {
    private FilterConfigInjection m_injection;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.m_injection = new FilterConfigInjection(filterConfig, getClass());
    }

    public void destroy() {
        this.m_injection = null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isSubjectSet()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!this.m_injection.getConfig(servletRequest).isActive()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null || subject.isReadOnly()) {
            subject = new Subject();
        }
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal != null && !StringUtility.hasText(userPrincipal.getName())) {
            userPrincipal = null;
            String remoteUser = httpServletRequest.getRemoteUser();
            if (StringUtility.hasText(remoteUser)) {
                userPrincipal = new SimplePrincipal(remoteUser);
            }
        }
        if (userPrincipal == null) {
            httpServletResponse.sendError(403);
            return;
        }
        subject.getPrincipals().add(userPrincipal);
        subject.setReadOnly();
        continueChainWithPrincipal(subject, httpServletRequest, httpServletResponse, filterChain);
    }

    private boolean isSubjectSet() {
        Subject subject = Subject.getSubject(AccessController.getContext());
        return (subject == null || subject.getPrincipals().size() == 0 || !StringUtility.hasText(subject.getPrincipals().iterator().next().getName())) ? false : true;
    }

    private void continueChainWithPrincipal(Subject subject, final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse, final FilterChain filterChain) throws IOException, ServletException {
        try {
            Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { // from class: org.eclipse.scout.rt.server.commons.servletfilter.helper.HttpAuthJaasFilter.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    filterChain.doFilter(new SecureHttpServletRequestWrapper(httpServletRequest, Subject.getSubject(AccessController.getContext()).getPrincipals().iterator().next()), httpServletResponse);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            ServletException cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            if (!(cause instanceof ServletException)) {
                throw new ServletException(cause);
            }
            throw cause;
        }
    }
}
