package org.gatein.sso.agent.filter;

import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.exoplatform.container.web.AbstractFilter;
import org.exoplatform.services.security.jaas.UserPrincipal;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.client.SecurityClient;
import org.jboss.security.client.SecurityClientFactory;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;

/* loaded from: input_file:org/gatein/sso/agent/filter/PicketlinkSTSIntegrationFilter.class */
public class PicketlinkSTSIntegrationFilter extends AbstractFilter {
    private static Logger log = LoggerFactory.getLogger(PicketlinkSTSIntegrationFilter.class);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getRemoteUser() != null) {
            try {
                SamlCredential samlCredential = getSamlCredential();
                if (log.isTraceEnabled()) {
                    log.trace("Found SamlCredential inside Subject: " + samlCredential);
                }
                if (samlCredential != null) {
                    SecurityClient securityClient = SecurityClientFactory.getSecurityClient();
                    securityClient.setSimple(new UserPrincipal(httpServletRequest.getRemoteUser()), samlCredential);
                    securityClient.login();
                    if (log.isTraceEnabled()) {
                        log.trace("SecurityClient successfully updated with SAMLCredential");
                    }
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    private SamlCredential getSamlCredential() {
        Subject currentSubject = getCurrentSubject();
        if (log.isTraceEnabled()) {
            log.trace("Found subject " + currentSubject);
        }
        if (currentSubject == null) {
            return null;
        }
        for (Object obj : currentSubject.getPublicCredentials()) {
            if (obj instanceof SamlCredential) {
                return (SamlCredential) obj;
            }
        }
        return null;
    }

    protected Subject getCurrentSubject() {
        return ((SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() { // from class: org.gatein.sso.agent.filter.PicketlinkSTSIntegrationFilter.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public SecurityContext run() {
                return SecurityContextAssociation.getSecurityContext();
            }
        })).getSubjectInfo().getAuthenticatedSubject();
    }
}
