package io.hawt.quarkus.filters;

import io.hawt.quarkus.auth.HawtioQuarkusAuthenticator;
import io.hawt.system.AuthenticateResult;
import io.hawt.system.Authenticator;
import io.hawt.web.ServletHelpers;
import io.hawt.web.auth.AuthSessionHelpers;
import io.hawt.web.auth.AuthenticationFilter;
import io.quarkus.arc.Arc;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/hawt/quarkus/filters/HawtioQuarkusAuthenticationFilter.class */
public class HawtioQuarkusAuthenticationFilter extends AuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(HawtioQuarkusAuthenticationFilter.class);
    private HawtioQuarkusAuthenticator authenticator;

    /* renamed from: io.hawt.quarkus.filters.HawtioQuarkusAuthenticationFilter$1, reason: invalid class name */
    /* loaded from: input_file:io/hawt/quarkus/filters/HawtioQuarkusAuthenticationFilter$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$hawt$system$AuthenticateResult = new int[AuthenticateResult.values().length];

        static {
            try {
                $SwitchMap$io$hawt$system$AuthenticateResult[AuthenticateResult.AUTHORIZED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$hawt$system$AuthenticateResult[AuthenticateResult.NOT_AUTHORIZED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$hawt$system$AuthenticateResult[AuthenticateResult.NO_CREDENTIALS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.authenticator = (HawtioQuarkusAuthenticator) Arc.container().instance(HawtioQuarkusAuthenticator.class, new Annotation[0]).get();
        super.init(filterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        LOG.trace("Applying {}", getClass().getSimpleName());
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        LOG.debug("Handling request for path: {}", servletPath);
        if (!this.authConfiguration.isEnabled() || this.authConfiguration.isKeycloakEnabled()) {
            LOG.debug("No authentication needed for path: {}", servletPath);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null && AuthSessionHelpers.validate(httpServletRequest, session, (Subject) session.getAttribute("subject"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        LOG.debug("Doing authentication and authorization for path: {}", servletPath);
        AtomicReference atomicReference = new AtomicReference();
        AtomicReference atomicReference2 = new AtomicReference();
        Authenticator.extractAuthHeader(httpServletRequest, (str, str2) -> {
            atomicReference.set(str);
            atomicReference2.set(str2);
        });
        AuthenticateResult authenticate = this.authenticator.authenticate(httpServletRequest, this.authConfiguration, (String) atomicReference.get(), (String) atomicReference2.get());
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        switch (AnonymousClass1.$SwitchMap$io$hawt$system$AuthenticateResult[authenticate.ordinal()]) {
            case 1:
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            case 2:
                ServletHelpers.doForbidden(httpServletResponse);
                return;
            case 3:
                if (this.authConfiguration.isNoCredentials401()) {
                    ServletHelpers.doAuthPrompt(this.authConfiguration.getRealm(), httpServletResponse);
                    return;
                } else {
                    ServletHelpers.doForbidden(httpServletResponse);
                    return;
                }
            default:
                return;
        }
    }
}
