package org.craftercms.engine.util.spring.security;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.craftercms.engine.util.ConfigUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:org/craftercms/engine/util/spring/security/ConfigAwarePreAuthenticationFilter.class */
public abstract class ConfigAwarePreAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
    protected boolean alwaysEnabled = false;
    protected String enabledConfigKey;
    protected Class<? extends UserDetails> supportedPrincipalClass;

    public ConfigAwarePreAuthenticationFilter(String str) {
        this.enabledConfigKey = str;
    }

    public void setAlwaysEnabled(boolean z) {
        this.alwaysEnabled = z;
    }

    public void setSupportedPrincipalClass(Class<? extends UserDetails> cls) {
        this.supportedPrincipalClass = cls;
    }

    public boolean isEnabled() {
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        return this.alwaysEnabled || (currentConfig != null && currentConfig.getBoolean(this.enabledConfigKey, false));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isEnabled()) {
            this.logger.debug("Filter is enabled, processing request");
            super.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            this.logger.debug("Filter is disabled, skipping execution");
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    protected boolean principalChanged(HttpServletRequest httpServletRequest, Authentication authentication) {
        this.logger.debug("Current authentication class: " + authentication.getClass().getSimpleName());
        this.logger.debug("Current principal class:" + authentication.getPrincipal().getClass().getSimpleName());
        if ((authentication instanceof PreAuthenticatedAuthenticationToken) && (this.supportedPrincipalClass == null || authentication.getPrincipal().getClass().equals(this.supportedPrincipalClass))) {
            this.logger.debug("Current authentication and principal are supported, continuing verification");
            return super.principalChanged(httpServletRequest, authentication);
        }
        this.logger.debug("Current authentication or principal class is not supported, skipping verification");
        return false;
    }

    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest) {
        return "N/A";
    }
}
