package com.sap.cloud.sdk.cloudplatform.security.servlet;

import com.sap.cloud.sdk.cloudplatform.auditlog.AuditLogger;
import com.sap.cloud.sdk.cloudplatform.exception.ShouldNotHappenException;
import com.sap.cloud.sdk.cloudplatform.logging.CloudLoggerFactory;
import com.sap.security.auth.login.LoginContextFactory;
import java.io.IOException;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/security/servlet/AuthContextFilter.class */
public class AuthContextFilter implements Filter {
    private static final Logger logger = CloudLoggerFactory.getLogger(AuthContextFilter.class);
    private static final String INIT_PARAMETER_AUTH_METHOD = "method";
    private String authMethod = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.authMethod = filterConfig.getInitParameter(INIT_PARAMETER_AUTH_METHOD);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletResponse instanceof HttpServletResponse) && (servletRequest instanceof HttpServletRequest)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (httpServletRequest.getRemoteUser() != null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            try {
                if (this.authMethod == null) {
                    throw new ShouldNotHappenException("Authorization filter misconfiguration: missing authentication method. Please specify the initialization parameter \"method\".");
                }
                HttpSession session = httpServletRequest.getSession(false);
                if (session != null) {
                    session.invalidate();
                }
                LoginContextFactory.createLoginContext(this.authMethod).login();
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (LoginException e) {
                httpServletResponse.setStatus(401);
                AuditLogger.logSecurityEvent("Unauthorized login attempt. Message: " + e.getMessage() + ".", (Throwable) null);
                if (logger.isWarnEnabled()) {
                    logger.warn(e.getMessage(), e);
                }
            }
        }
    }

    public void destroy() {
    }
}
