package org.craftercms.security.processors.impl;

import java.io.IOException;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.authentication.AuthenticationRequiredHandler;
import org.craftercms.security.authorization.AccessDeniedHandler;
import org.craftercms.security.exception.AccessDeniedException;
import org.craftercms.security.exception.AuthenticationRequiredException;
import org.craftercms.security.exception.SecurityProviderException;
import org.craftercms.security.processors.RequestSecurityProcessor;
import org.craftercms.security.processors.RequestSecurityProcessorChain;
import org.craftercms.security.utils.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-2.5.0-RC3.jar:org/craftercms/security/processors/impl/SecurityExceptionProcessor.class */
public class SecurityExceptionProcessor implements RequestSecurityProcessor {
    public static final Logger logger = LoggerFactory.getLogger(SecurityExceptionProcessor.class);
    protected AuthenticationRequiredHandler authenticationRequiredHandler;
    protected AccessDeniedHandler accessDeniedHandler;

    @Required
    public void setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler) {
        this.authenticationRequiredHandler = authenticationRequiredHandler;
    }

    @Required
    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        this.accessDeniedHandler = accessDeniedHandler;
    }

    @Override // org.craftercms.security.processors.RequestSecurityProcessor
    public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
        try {
            requestSecurityProcessorChain.processRequest(requestContext);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            SecurityProviderException findSecurityException = findSecurityException(e2);
            if (findSecurityException == null) {
                throw e2;
            }
            handleSecurityProviderException(findSecurityException, requestContext);
        }
    }

    public SecurityProviderException findSecurityException(Exception exc) {
        for (Throwable th : ExceptionUtils.getThrowables(exc)) {
            if (th instanceof SecurityProviderException) {
                return (SecurityProviderException) th;
            }
        }
        return null;
    }

    protected void handleSecurityProviderException(SecurityProviderException securityProviderException, RequestContext requestContext) throws SecurityProviderException, IOException {
        if (securityProviderException instanceof AuthenticationRequiredException) {
            handleAuthenticationRequiredException(requestContext, (AuthenticationRequiredException) securityProviderException);
        } else {
            if (!(securityProviderException instanceof AccessDeniedException)) {
                throw securityProviderException;
            }
            handleAccessDeniedException(requestContext, (AccessDeniedException) securityProviderException);
        }
    }

    protected void handleAuthenticationRequiredException(RequestContext requestContext, AuthenticationRequiredException authenticationRequiredException) throws SecurityProviderException, IOException {
        logger.debug("Authentication is required", (Throwable) authenticationRequiredException);
        this.authenticationRequiredHandler.handle(requestContext, authenticationRequiredException);
    }

    protected void handleAccessDeniedException(RequestContext requestContext, AccessDeniedException accessDeniedException) throws SecurityProviderException, IOException {
        Authentication authentication = SecurityUtils.getAuthentication(requestContext.getRequest());
        if (authentication != null) {
            logger.debug("Access denied to user '" + authentication.getProfile().getUsername() + "'", (Throwable) accessDeniedException);
            this.accessDeniedHandler.handle(requestContext, accessDeniedException);
        } else {
            try {
                throw new AuthenticationRequiredException("Authentication required to access the resource", accessDeniedException);
            } catch (AuthenticationRequiredException e) {
                logger.debug("Authentication is required", (Throwable) e);
                this.authenticationRequiredHandler.handle(requestContext, e);
            }
        }
    }
}
