package org.apache.druid.security.pac4j;

import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.server.security.AuthenticationResult;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.engine.CallbackLogic;
import org.pac4j.core.engine.DefaultCallbackLogic;
import org.pac4j.core.engine.DefaultSecurityLogic;
import org.pac4j.core.engine.SecurityLogic;
import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.core.profile.UserProfile;

/* loaded from: input_file:org/apache/druid/security/pac4j/Pac4jFilter.class */
public class Pac4jFilter implements Filter {
    private static final Logger LOGGER = new Logger(Pac4jFilter.class);
    private final Config pac4jConfig;
    private final SecurityLogic<Object, JEEContext> securityLogic = new DefaultSecurityLogic();
    private final CallbackLogic<Object, JEEContext> callbackLogic = new DefaultCallbackLogic();
    private final SessionStore<JEEContext> sessionStore;
    private final String name;
    private final String authorizerName;

    public Pac4jFilter(String str, String str2, Config config, String str3) {
        this.pac4jConfig = config;
        this.name = str;
        this.authorizerName = str2;
        this.sessionStore = new Pac4jSessionStore(str3);
    }

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest.getAttribute("Druid-Authentication-Result") != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        JEEContext jEEContext = new JEEContext(httpServletRequest, (HttpServletResponse) servletResponse, this.sessionStore);
        if (Pac4jCallbackResource.SELF_URL.equals(httpServletRequest.getRequestURI())) {
            this.callbackLogic.perform(jEEContext, this.pac4jConfig, JEEHttpActionAdapter.INSTANCE, "/", true, false, false, (String) null);
            return;
        }
        Object perform = this.securityLogic.perform(jEEContext, this.pac4jConfig, (jEEContext2, collection, objArr) -> {
            if (!collection.isEmpty()) {
                return ((UserProfile) collection.iterator().next()).getId();
            }
            LOGGER.warn("No profiles found after OIDC auth.", new Object[0]);
            return null;
        }, JEEHttpActionAdapter.INSTANCE, (String) null, "none", (String) null, (Boolean) null, new Object[0]);
        if (perform != null) {
            servletRequest.setAttribute("Druid-Authentication-Result", new AuthenticationResult(perform.toString(), this.authorizerName, this.name, (Map) null));
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }
}
