package org.craftercms.security.impl.processors;

import java.io.IOException;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.craftercms.security.api.RequestContext;
import org.craftercms.security.api.RequestSecurityProcessor;
import org.craftercms.security.api.RequestSecurityProcessorChain;
import org.craftercms.security.api.UserProfile;
import org.craftercms.security.authentication.AuthenticationRequiredHandler;
import org.craftercms.security.authorization.AccessDeniedHandler;
import org.craftercms.security.exception.AccessDeniedException;
import org.craftercms.security.exception.AuthenticationRequiredException;
import org.craftercms.security.exception.CrafterSecurityException;
import org.craftercms.security.exception.InvalidCookieException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-v2.4.2.jar:org/craftercms/security/impl/processors/SecurityExceptionProcessor.class */
public class SecurityExceptionProcessor implements RequestSecurityProcessor {
    public static final Logger logger = LoggerFactory.getLogger(SecurityExceptionProcessor.class);
    protected AuthenticationRequiredHandler authenticationRequiredHandler;
    protected AccessDeniedHandler accessDeniedHandler;

    @Required
    public void setAuthenticationRequiredHandler(AuthenticationRequiredHandler authenticationRequiredHandler) {
        this.authenticationRequiredHandler = authenticationRequiredHandler;
    }

    @Required
    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        this.accessDeniedHandler = accessDeniedHandler;
    }

    @Override // org.craftercms.security.api.RequestSecurityProcessor
    public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
        try {
            requestSecurityProcessorChain.processRequest(requestContext);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            CrafterSecurityException findSecurityException = findSecurityException(e2);
            if (findSecurityException == null) {
                throw e2;
            }
            handleSecurityException(findSecurityException, requestContext);
        }
    }

    public CrafterSecurityException findSecurityException(Exception exc) {
        for (Throwable th : ExceptionUtils.getThrowables(exc)) {
            if (th instanceof CrafterSecurityException) {
                return (CrafterSecurityException) th;
            }
        }
        return null;
    }

    protected void handleSecurityException(CrafterSecurityException crafterSecurityException, RequestContext requestContext) throws CrafterSecurityException, IOException {
        if (crafterSecurityException instanceof AuthenticationRequiredException) {
            handleAuthenticationRequiredException((AuthenticationRequiredException) crafterSecurityException, requestContext);
        } else if (crafterSecurityException instanceof AccessDeniedException) {
            handleAccessDeniedException((AccessDeniedException) crafterSecurityException, requestContext);
        } else {
            if (!(crafterSecurityException instanceof InvalidCookieException)) {
                throw crafterSecurityException;
            }
            handleInvalidCookieException((InvalidCookieException) crafterSecurityException, requestContext);
        }
    }

    protected void handleAuthenticationRequiredException(AuthenticationRequiredException authenticationRequiredException, RequestContext requestContext) throws CrafterSecurityException, IOException {
        logger.info("Authentication is required", (Throwable) authenticationRequiredException);
        this.authenticationRequiredHandler.onAuthenticationRequired(authenticationRequiredException, requestContext);
    }

    protected void handleAccessDeniedException(AccessDeniedException accessDeniedException, RequestContext requestContext) throws CrafterSecurityException, IOException {
        UserProfile profile = requestContext.getAuthenticationToken().getProfile();
        if (!profile.isAnonymous()) {
            logger.info("Access denied to user '" + profile.getUserName() + "'", (Throwable) accessDeniedException);
            this.accessDeniedHandler.onAccessDenied(accessDeniedException, requestContext);
        } else {
            try {
                throw new AuthenticationRequiredException("Anonymous user: authentication needed to access a resource", accessDeniedException);
            } catch (AuthenticationRequiredException e) {
                logger.info("Authentication is required", (Throwable) e);
                this.authenticationRequiredHandler.onAuthenticationRequired(e, requestContext);
            }
        }
    }

    protected void handleInvalidCookieException(InvalidCookieException invalidCookieException, RequestContext requestContext) throws CrafterSecurityException, IOException {
        logger.info("Invalid security cookie in request", (Throwable) invalidCookieException);
        requestContext.getResponse().sendError(400, invalidCookieException.getMessage());
    }
}
