package org.nuxeo.ecm.platform.ui.web.auth;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.nuxeo.ecm.core.api.impl.UserPrincipal;
import org.nuxeo.ecm.core.api.local.ClientLoginModule;
import org.nuxeo.ecm.core.api.local.LoginStack;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/TrustingNuxeoAuthenticationFilter.class */
public class TrustingNuxeoAuthenticationFilter implements Filter {
    protected static final String BASIC_SP = "Basic ";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String username = getUsername(httpServletRequest);
        if (username == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        UserPrincipal userPrincipal = new UserPrincipal(username, (List) null, false, isAdministrator(username));
        LoginStack threadLocalLogin = ClientLoginModule.getThreadLocalLogin();
        threadLocalLogin.push(userPrincipal, (Object) null, (Subject) null);
        try {
            filterChain.doFilter(new NuxeoSecuredRequestWrapper(httpServletRequest, userPrincipal), servletResponse);
            threadLocalLogin.pop();
        } catch (Throwable th) {
            threadLocalLogin.pop();
            throw th;
        }
    }

    public void destroy() {
    }

    protected String getUsername(HttpServletRequest httpServletRequest) {
        String str;
        int indexOf;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.startsWith(BASIC_SP) && (indexOf = (str = new String(Base64.getDecoder().decode(header.substring(BASIC_SP.length())), StandardCharsets.UTF_8)).indexOf(58)) >= 0) {
            return str.substring(0, indexOf);
        }
        return null;
    }

    protected boolean isAdministrator(String str) {
        return str.startsWith("admin");
    }
}
