package de.muenchen.oss.digiwf.cockpit.security.camunda;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.rest.security.auth.AuthenticationResult;
import org.camunda.bpm.webapp.impl.security.auth.AuthenticationUtil;
import org.camunda.bpm.webapp.impl.security.auth.Authentications;
import org.camunda.bpm.webapp.impl.security.auth.ContainerBasedAuthenticationFilter;

/* loaded from: input_file:de/muenchen/oss/digiwf/cockpit/security/camunda/CamundaApiAdminTokenBasedAuthenticationFilter.class */
public class CamundaApiAdminTokenBasedAuthenticationFilter extends ContainerBasedAuthenticationFilter {
    private static final String DEFAULT_ENGINE = "default";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ProcessEngine addressedEngine = getAddressedEngine(DEFAULT_ENGINE);
        AuthenticationResult extractAuthenticatedUser = this.authenticationProvider.extractAuthenticatedUser(httpServletRequest, addressedEngine);
        if (!extractAuthenticatedUser.isAuthenticated()) {
            httpServletResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            this.authenticationProvider.augmentResponseByAuthenticationChallenge(httpServletResponse, addressedEngine);
            return;
        }
        Authentications authsFromSession = AuthenticationUtil.getAuthsFromSession(httpServletRequest.getSession());
        String authenticatedUser = extractAuthenticatedUser.getAuthenticatedUser();
        if (!existisAuthentication(authsFromSession, DEFAULT_ENGINE, authenticatedUser)) {
            authsFromSession.addOrReplace(createAuthentication(addressedEngine, authenticatedUser, extractAuthenticatedUser.getGroups(), extractAuthenticatedUser.getTenants()));
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }
}
