package org.apache.knox.gateway.filter;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.Callable;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.knox.gateway.audit.api.AuditService;
import org.apache.knox.gateway.audit.api.AuditServiceFactory;
import org.apache.knox.gateway.audit.api.Auditor;
import org.apache.knox.gateway.security.GroupPrincipal;
import org.apache.knox.gateway.security.PrimaryPrincipal;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;

/* loaded from: input_file:org/apache/knox/gateway/filter/ShiroSubjectIdentityAdapter.class */
public class ShiroSubjectIdentityAdapter implements Filter {
    private static final String SUBJECT_USER_GROUPS = "subject.userGroups";
    private static AuditService auditService = AuditServiceFactory.getAuditService();
    private static Auditor auditor = auditService.getAuditor("audit", "knox", "knox");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/knox/gateway/filter/ShiroSubjectIdentityAdapter$CallableChain.class */
    public static class CallableChain implements Callable<Void> {
        private FilterChain chain;
        ServletRequest request;
        ServletResponse response;

        CallableChain(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
            this.chain = null;
            this.request = null;
            this.response = null;
            this.request = servletRequest;
            this.response = servletResponse;
            this.chain = filterChain;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v60, types: [java.util.Set] */
        @Override // java.util.concurrent.Callable
        public Void call() throws Exception {
            HashSet hashSet;
            PrivilegedExceptionAction<Void> privilegedExceptionAction = new PrivilegedExceptionAction<Void>() { // from class: org.apache.knox.gateway.filter.ShiroSubjectIdentityAdapter.CallableChain.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    CallableChain.this.chain.doFilter(CallableChain.this.request, CallableChain.this.response);
                    return null;
                }
            };
            Subject subject = SecurityUtils.getSubject();
            if (subject == null || subject.getPrincipal() == null) {
                throw new IllegalStateException("Unable to determine authenticated user from Shiro, please check that your Knox Shiro configuration is correct");
            }
            String obj = subject.getPrincipal().toString();
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            hashSet3.add(new PrimaryPrincipal(obj));
            ShiroSubjectIdentityAdapter.auditService.getContext().setUsername(obj);
            String str = (String) this.request.getAttribute("sourceRequestContextUrl");
            ShiroSubjectIdentityAdapter.auditor.audit("authentication", str, "uri", "success");
            if (SecurityUtils.getSubject().getSession().getAttribute(ShiroSubjectIdentityAdapter.SUBJECT_USER_GROUPS) != null) {
                hashSet = (Set) SecurityUtils.getSubject().getSession().getAttribute(ShiroSubjectIdentityAdapter.SUBJECT_USER_GROUPS);
            } else if (subject.getPrincipal() instanceof String) {
                hashSet = new HashSet(subject.getPrincipals().asSet());
                hashSet.remove(obj);
            } else {
                HashSet hashSet4 = new HashSet(subject.getPrincipals().asSet());
                hashSet = new HashSet();
                Iterator it = hashSet4.iterator();
                while (it.hasNext()) {
                    hashSet.add(((Principal) it.next()).toString());
                }
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                hashSet3.add(new GroupPrincipal((String) it2.next()));
            }
            ShiroSubjectIdentityAdapter.auditor.audit("authentication", str, "uri", "success", "Groups: " + hashSet);
            javax.security.auth.Subject.doAs(new javax.security.auth.Subject(true, hashSet3, hashSet2, hashSet2), privilegedExceptionAction);
            return null;
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecurityUtils.getSubject().hasRole("authenticatedUser");
        SecurityUtils.getSubject().execute(new CallableChain(servletRequest, servletResponse, filterChain));
    }
}
