package ch.ivyteam.ivy.webservice.process.internal;

import ch.ivyteam.ivy.security.ISecurityContext;
import ch.ivyteam.ivy.security.ISessionInternal;
import java.security.Principal;
import org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.SecurityContext;

/* loaded from: input_file:ch/ivyteam/ivy/webservice/process/internal/IvySingleSignOnAwareAuthenticationInterceptor.class */
public class IvySingleSignOnAwareAuthenticationInterceptor extends SoapHeaderInterceptor {
    private SessionProvider sessionProvider;

    public IvySingleSignOnAwareAuthenticationInterceptor(ISecurityContext iSecurityContext) {
        this.sessionProvider = new SessionProvider(iSecurityContext);
    }

    @Override // org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) throws Fault {
        Principal userPrincipal;
        SecurityContext securityContext = (SecurityContext) message.get(SecurityContext.class);
        if (securityContext == null || (userPrincipal = securityContext.getUserPrincipal()) == null) {
            return;
        }
        trySingleSignOn(userPrincipal);
    }

    private void trySingleSignOn(Principal principal) {
        ISessionInternal create = this.sessionProvider.create();
        try {
            create.authenticateWebContainerApprovedUser(principal);
            if (create.getSessionUser() != null) {
                this.sessionProvider.register(create);
            } else {
                this.sessionProvider.destroy(create);
            }
        } catch (Throwable th) {
            if (0 == 0) {
                this.sessionProvider.destroy(create);
            } else {
                this.sessionProvider.register(create);
            }
            throw th;
        }
    }
}
