package org.overlord.commons.auth.jetty8;

import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.overlord.commons.auth.filters.SamlBearerTokenAuthFilter;
import org.overlord.commons.auth.filters.SimplePrincipal;
import org.picketlink.common.constants.LDAPConstants;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/overlord-commons-auth-jetty8-2.0.5-SNAPSHOT.jar:org/overlord/commons/auth/jetty8/Jetty8SamlBearerTokenAuthFilter.class */
public class Jetty8SamlBearerTokenAuthFilter extends SamlBearerTokenAuthFilter {
    public static final ThreadLocal<SimplePrincipal> TL_principal = new ThreadLocal<>();
    private String[] roleClasses;

    @Override // org.overlord.commons.auth.filters.SamlBearerTokenAuthFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this.roleClasses = null;
        String initParameter = filterConfig.getInitParameter("roleClasses");
        if (initParameter == null || initParameter.trim().length() <= 0) {
            this.roleClasses = defaultRoleClasses();
        } else {
            this.roleClasses = initParameter.split(LDAPConstants.COMMA);
        }
    }

    protected String[] defaultRoleClasses() {
        return JettyAuthConstants.ROLE_CLASSES;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.overlord.commons.auth.filters.SamlBearerTokenAuthFilter
    public SimplePrincipal login(SamlBearerTokenAuthFilter.Creds creds, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        SimplePrincipal login = super.login(creds, httpServletRequest, httpServletResponse);
        TL_principal.set(login);
        return login;
    }

    @Override // org.overlord.commons.auth.filters.SamlBearerTokenAuthFilter
    protected SimplePrincipal doBasicLogin(String str, String str2, HttpServletRequest httpServletRequest) throws IOException {
        LoginService loginService;
        UserIdentity login;
        ConstraintSecurityHandler childHandlerByClass = httpServletRequest.getServletContext().getContextHandler().getChildHandlerByClass(ConstraintSecurityHandler.class);
        if (childHandlerByClass == null || (loginService = childHandlerByClass.getLoginService()) == null || (login = loginService.login(str, str2)) == null) {
            return null;
        }
        SimplePrincipal simplePrincipal = new SimplePrincipal(str);
        for (String str3 : this.roleClasses) {
            try {
                Iterator it = login.getSubject().getPrincipals(Thread.currentThread().getContextClassLoader().loadClass(str3)).iterator();
                while (it.hasNext()) {
                    simplePrincipal.addRole(((Principal) it.next()).getName());
                }
            } catch (ClassNotFoundException e) {
            }
        }
        return simplePrincipal;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.overlord.commons.auth.filters.SamlBearerTokenAuthFilter
    public void doFilterChain(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, SimplePrincipal simplePrincipal) throws IOException, ServletException {
        super.doFilterChain(servletRequest, servletResponse, filterChain, simplePrincipal);
        TL_principal.remove();
    }
}
