package eu.freme.common.security;

import com.google.common.base.Optional;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:eu/freme/common/security/ManagementEndpointAuthenticationFilter.class */
public class ManagementEndpointAuthenticationFilter extends GenericFilterBean {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ManagementEndpointAuthenticationFilter.class);
    private AuthenticationManager authenticationManager;
    private Set<String> managementEndpoints = new HashSet();

    public ManagementEndpointAuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest asHttp = asHttp(servletRequest);
        HttpServletResponse asHttp2 = asHttp(servletResponse);
        Optional<String> fromNullable = Optional.fromNullable(asHttp.getHeader("X-Auth-Username"));
        Optional<String> fromNullable2 = Optional.fromNullable(asHttp.getHeader("X-Auth-Password"));
        try {
            if (postToManagementEndpoints(new UrlPathHelper().getPathWithinApplication(asHttp))) {
                logger.debug("Trying to authenticate user {} for management endpoint by X-Auth-Username method", fromNullable);
                processManagementEndpointUsernamePasswordAuthentication(fromNullable, fromNullable2);
            }
            logger.debug("ManagementEndpointAuthenticationFilter is passing request down the filter chain");
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            SecurityContextHolder.clearContext();
            asHttp2.sendError(401, e.getMessage());
        }
    }

    private HttpServletRequest asHttp(ServletRequest servletRequest) {
        return (HttpServletRequest) servletRequest;
    }

    private HttpServletResponse asHttp(ServletResponse servletResponse) {
        return (HttpServletResponse) servletResponse;
    }

    private boolean postToManagementEndpoints(String str) {
        return this.managementEndpoints.contains(str);
    }

    private void processManagementEndpointUsernamePasswordAuthentication(Optional<String> optional, Optional<String> optional2) throws IOException {
        SecurityContextHolder.getContext().setAuthentication(tryToAuthenticateWithUsernameAndPassword(optional, optional2));
    }

    private Authentication tryToAuthenticateWithUsernameAndPassword(Optional<String> optional, Optional<String> optional2) {
        return tryToAuthenticate(new UsernamePasswordAuthenticationToken(optional, optional2));
    }

    private Authentication tryToAuthenticate(Authentication authentication) {
        Authentication authenticate = this.authenticationManager.authenticate(authentication);
        if (authenticate == null || !authenticate.isAuthenticated()) {
            throw new InternalAuthenticationServiceException("Unable to authenticate Backend Admin for provided credentials");
        }
        logger.debug("Backend Admin successfully authenticated");
        return authenticate;
    }
}
