package de.muenchen.oss.digiwf.shared.configuration;

import de.muenchen.oss.digiwf.legacy.user.domain.model.User;
import de.muenchen.oss.digiwf.legacy.user.domain.service.UserService;
import de.muenchen.oss.digiwf.shared.security.UserAuthenticationProvider;
import de.muenchen.oss.digiwf.task.HttpHeaders;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.camunda.bpm.engine.IdentityService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;

@Profile({"!no-security"})
@Configuration
/* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/shared/configuration/CamundaAuthenticationFilterConfiguration.class */
public class CamundaAuthenticationFilterConfiguration {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CamundaAuthenticationFilterConfiguration.class);
    private final IdentityService identityService;
    private final UserAuthenticationProvider userProvider;
    private final UserService userService;

    /* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/shared/configuration/CamundaAuthenticationFilterConfiguration$CamundaUserAuthenticationFilter.class */
    class CamundaUserAuthenticationFilter implements Filter {
        @Override // javax.servlet.Filter
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            Optional<String> extractUserNameFromHeader = extractUserNameFromHeader(servletRequest);
            UserAuthenticationProvider userAuthenticationProvider = CamundaAuthenticationFilterConfiguration.this.userProvider;
            Objects.requireNonNull(userAuthenticationProvider);
            String orElseGet = extractUserNameFromHeader.orElseGet(userAuthenticationProvider::getLoggedInUser);
            try {
                Optional<User> userByUserName = CamundaAuthenticationFilterConfiguration.this.userService.getUserByUserName(orElseGet);
                if (userByUserName.isPresent()) {
                    List<String> groups = CamundaAuthenticationFilterConfiguration.this.userService.getGroups(userByUserName.get().getLhmObjectId());
                    CamundaAuthenticationFilterConfiguration.this.identityService.setAuthentication(userByUserName.get().getLhmObjectId(), groups);
                    CamundaAuthenticationFilterConfiguration.log.debug("Accessing {} [ {} ]", orElseGet, groups);
                } else {
                    CamundaAuthenticationFilterConfiguration.this.identityService.setAuthentication(orElseGet, null);
                    CamundaAuthenticationFilterConfiguration.log.debug("Accessing {}", orElseGet);
                }
                filterChain.doFilter(servletRequest, servletResponse);
                CamundaAuthenticationFilterConfiguration.this.identityService.clearAuthentication();
            } catch (Throwable th) {
                CamundaAuthenticationFilterConfiguration.this.identityService.clearAuthentication();
                throw th;
            }
        }

        @Override // javax.servlet.Filter
        public void destroy() {
        }

        private Optional<String> extractUserNameFromHeader(ServletRequest servletRequest) {
            return Optional.ofNullable(((HttpServletRequest) servletRequest).getHeader(HttpHeaders.HEADER_AUTHORIZED_USERNAME));
        }

        public CamundaUserAuthenticationFilter() {
        }
    }

    @Bean
    public FilterRegistrationBean<?> statelessUserAuthenticationFilter() {
        FilterRegistrationBean<?> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new CamundaUserAuthenticationFilter());
        filterRegistrationBean.setOrder(102);
        filterRegistrationBean.addUrlPatterns("/rest/*", "/engine-rest/*");
        return filterRegistrationBean;
    }

    public CamundaAuthenticationFilterConfiguration(IdentityService identityService, UserAuthenticationProvider userAuthenticationProvider, UserService userService) {
        this.identityService = identityService;
        this.userProvider = userAuthenticationProvider;
        this.userService = userService;
    }
}
