package org.apache.knox.gateway.preauth.filter;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.knox.gateway.security.PrimaryPrincipal;

/* loaded from: input_file:org/apache/knox/gateway/preauth/filter/PreAuthFederationFilter.class */
public class PreAuthFederationFilter implements Filter {
    private static final String CUSTOM_HEADER_PARAM = "preauth.customHeader";
    private FilterConfig filterConfig;
    private List<PreAuthValidator> validators = null;
    private String headerName = "SM_USER";

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(CUSTOM_HEADER_PARAM);
        if (initParameter != null) {
            this.headerName = initParameter;
        }
        this.filterConfig = filterConfig;
        this.validators = PreAuthService.getValidators(filterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getHeader(this.headerName) == null) {
            ((HttpServletResponse) servletResponse).sendError(400, "Missing Required Header for PreAuth SSO Federation");
        } else if (PreAuthService.validate(httpServletRequest, this.filterConfig, this.validators)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            ((HttpServletResponse) servletResponse).sendError(400, "Missing Required Header for SSO Validation");
        }
    }

    public void destroy() {
    }

    protected void continueChainAsPrincipal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, String str) throws IOException, ServletException {
        Principal principal = null;
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject != null) {
            principal = (PrimaryPrincipal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0];
            if (principal == null || !principal.getName().equals(str)) {
            }
        }
        Subject subject2 = new Subject();
        subject2.getPrincipals().add(principal);
        doAs(servletRequest, servletResponse, filterChain, subject2);
    }

    private void doAs(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain, Subject subject) throws IOException, ServletException {
        try {
            Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { // from class: org.apache.knox.gateway.preauth.filter.PreAuthFederationFilter.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    PreAuthFederationFilter.this.doFilterInternal(servletRequest, servletResponse, filterChain);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            ServletException cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            if (!(cause instanceof ServletException)) {
                throw new ServletException(cause);
            }
            throw cause;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(servletRequest, servletResponse);
    }
}
