package org.camunda.bpm.webapp.impl.security.auth;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import org.camunda.bpm.webapp.impl.IllegalWebAppConfigurationException;
import org.camunda.bpm.webapp.impl.security.SecurityActions;
import org.camunda.bpm.webapp.impl.util.ServletContextUtil;
import org.camunda.bpm.webapp.impl.util.ServletFilterUtil;

/* loaded from: input_file:WEB-INF/classes/org/camunda/bpm/webapp/impl/security/auth/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    public static final String AUTH_CACHE_TTL_INIT_PARAM_NAME = "cacheTimeToLive";
    protected Long cacheTimeToLive = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(AUTH_CACHE_TTL_INIT_PARAM_NAME);
        if (ServletFilterUtil.isEmpty(initParameter)) {
            return;
        }
        this.cacheTimeToLive = Long.valueOf(Long.parseLong(initParameter.trim()));
        if (this.cacheTimeToLive.longValue() < 0) {
            throw new IllegalWebAppConfigurationException("'cacheTimeToLive' cannot be negative.");
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession(true);
        Authentications authsFromSession = AuthenticationUtil.getAuthsFromSession(session);
        if (this.cacheTimeToLive != null) {
            if (this.cacheTimeToLive.longValue() > 0) {
                ServletContextUtil.setCacheTTLForLogin(this.cacheTimeToLive.longValue(), servletRequest.getServletContext());
            }
            AuthenticationUtil.updateCache(authsFromSession, session, this.cacheTimeToLive.longValue());
        }
        Authentications.setCurrent(authsFromSession);
        try {
            SecurityActions.runWithAuthentications(() -> {
                filterChain.doFilter(servletRequest, servletResponse);
                return null;
            }, authsFromSession);
            Authentications.clearCurrent();
            AuthenticationUtil.updateSession(httpServletRequest.getSession(false), authsFromSession);
        } catch (Throwable th) {
            Authentications.clearCurrent();
            AuthenticationUtil.updateSession(httpServletRequest.getSession(false), authsFromSession);
            throw th;
        }
    }

    public void destroy() {
    }

    public Long getCacheTimeToLive() {
        return this.cacheTimeToLive;
    }
}
