package org.finra.herd.app.security;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.util.Date;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.finra.herd.model.dto.ApplicationUser;
import org.finra.herd.model.dto.SecurityUserWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/finra/herd/app/security/HttpHeaderAuthenticationFilter.class */
public class HttpHeaderAuthenticationFilter extends GenericFilterBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(HttpHeaderAuthenticationFilter.class);

    @Autowired
    private SecurityHelper securityHelper;
    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
    private AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationManager authenticationManager;
    private ApplicationUserBuilder applicationUserBuilder;

    public HttpHeaderAuthenticationFilter(AuthenticationManager authenticationManager, ApplicationUserBuilder applicationUserBuilder) {
        this.authenticationManager = null;
        this.authenticationManager = authenticationManager;
        this.applicationUserBuilder = applicationUserBuilder;
    }

    @SuppressFBWarnings(value = {"BC_UNCONFIRMED_CAST"}, justification = "The ServletRequest is cast to an HttpServletRequest which is always the case since all requests use the HTTP protocol.")
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doHttpFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    public void doHttpFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        ApplicationUser applicationUser;
        if (this.securityHelper.isSecurityEnabled(httpServletRequest)) {
            try {
                applicationUser = this.applicationUserBuilder.buildNoRoles(httpServletRequest);
            } catch (Exception e) {
                applicationUser = null;
            }
            if (applicationUser == null) {
                processUserNotLoggedIn(httpServletRequest);
            } else {
                LOGGER.debug("Current user Id: " + applicationUser.getUserId() + ", Session Init Time: " + applicationUser.getSessionInitTime());
                LOGGER.debug("User is logged in.");
                invalidateUser(httpServletRequest, false);
                authenticateUser(httpServletRequest);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void authenticateUser(HttpServletRequest httpServletRequest) {
        try {
            PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(this.applicationUserBuilder.build(httpServletRequest), "N/A");
            preAuthenticatedAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
            successfulAuthentication(this.authenticationManager.authenticate(preAuthenticatedAuthenticationToken));
        } catch (AuthenticationException e) {
            unsuccessfulAuthentication(httpServletRequest, e);
            throw e;
        }
    }

    protected void processUserNotLoggedIn(HttpServletRequest httpServletRequest) {
        LOGGER.debug("No user is currently logged in.");
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || this.authenticationTrustResolver.isAnonymous(authentication)) {
            return;
        }
        LOGGER.debug("A previous user with userIdentity " + getExistingUserId() + " was logged in so invalidating the user.");
        invalidateUser(httpServletRequest, true);
    }

    protected void invalidateUser(HttpServletRequest httpServletRequest, boolean z) {
        HttpSession session;
        if (z && (session = httpServletRequest.getSession(false)) != null) {
            LOGGER.debug("Invalidating the session.");
            session.invalidate();
        }
        LOGGER.debug("Clearing the security context.");
        SecurityContextHolder.clearContext();
    }

    protected String getExistingUserId() {
        String str = null;
        ApplicationUser existingUser = getExistingUser();
        if (existingUser != null) {
            str = existingUser.getUserId();
        }
        return str;
    }

    protected Date getExistingSessionInitTime() {
        Date date = null;
        ApplicationUser existingUser = getExistingUser();
        if (existingUser != null) {
            date = existingUser.getSessionInitTime();
        }
        return date;
    }

    protected ApplicationUser getExistingUser() {
        SecurityUserWrapper securityUserWrapper;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || (securityUserWrapper = (SecurityUserWrapper) authentication.getPrincipal()) == null) {
            return null;
        }
        ApplicationUser applicationUser = securityUserWrapper.getApplicationUser();
        LOGGER.trace("Existing Application User: " + applicationUser);
        return applicationUser;
    }

    protected void successfulAuthentication(Authentication authentication) {
        LOGGER.debug("Authentication success: " + authentication);
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        LOGGER.debug("Authentication failure: ", authenticationException);
        invalidateUser(httpServletRequest, false);
        httpServletRequest.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", authenticationException);
    }
}
