package org.gatein.web.security.impersonation;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.exoplatform.container.web.AbstractFilter;
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.jaas.UserPrincipal;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;

/* loaded from: input_file:org/gatein/web/security/impersonation/ImpersonationFilter.class */
public class ImpersonationFilter extends AbstractFilter {
    private static final Logger log = LoggerFactory.getLogger(ImpersonationFilter.class);

    /* loaded from: input_file:org/gatein/web/security/impersonation/ImpersonationFilter$ImpersonatedHttpServletRequestWrapper.class */
    public static class ImpersonatedHttpServletRequestWrapper extends HttpServletRequestWrapper {
        private final ImpersonatedIdentity identity;

        public ImpersonatedHttpServletRequestWrapper(HttpServletRequest httpServletRequest, ImpersonatedIdentity impersonatedIdentity) {
            super(httpServletRequest);
            this.identity = impersonatedIdentity;
        }

        public String getRemoteUser() {
            return this.identity.getUserId();
        }

        public boolean isUserInRole(String str) {
            return this.identity.getRoles().contains(str);
        }

        public Principal getUserPrincipal() {
            return new UserPrincipal(this.identity.getUserId());
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Identity identity = ConversationState.getCurrent().getIdentity();
        if (identity instanceof ImpersonatedIdentity) {
            ImpersonatedIdentity impersonatedIdentity = (ImpersonatedIdentity) identity;
            String remoteUser = httpServletRequest.getRemoteUser();
            String userId = impersonatedIdentity.getUserId();
            String userId2 = impersonatedIdentity.getParentConversationState().getIdentity().getUserId();
            if (!remoteUser.equals(userId)) {
                if (log.isTraceEnabled()) {
                    log.trace("Impersonating current HttpServletRequest. User: " + remoteUser + ", parentImpersonatedUser: " + userId2 + ", impersonatedUser: " + userId);
                }
                httpServletRequest = new ImpersonatedHttpServletRequestWrapper(httpServletRequest, impersonatedIdentity);
            } else if (log.isTraceEnabled()) {
                log.trace("Reentrance detected. Impersonation will be skipped. User: " + remoteUser + ", parentImpersonatedUser: " + userId2 + ", impersonatedUser: " + userId);
            }
        }
        filterChain.doFilter(httpServletRequest, servletResponse);
    }

    public void destroy() {
    }
}
