package org.nuxeo.ecm.platform.web.common.exceptionhandling;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.Principal;
import java.util.HashMap;
import java.util.Locale;
import java.util.Optional;
import java.util.ResourceBundle;
import javax.security.auth.login.LoginContext;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.common.utils.URIUtils;
import org.nuxeo.common.utils.i18n.I18NUtils;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.io.download.DownloadHelper;
import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants;
import org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter;
import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
import org.nuxeo.ecm.platform.web.common.exceptionhandling.descriptor.ErrorHandler;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/web/common/exceptionhandling/DefaultNuxeoExceptionHandler.class */
public class DefaultNuxeoExceptionHandler implements NuxeoExceptionHandler {
    private static final Log log = LogFactory.getLog(DefaultNuxeoExceptionHandler.class);
    protected NuxeoExceptionHandlerParameters parameters;

    @Override // org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionHandler
    public void setParameters(NuxeoExceptionHandlerParameters nuxeoExceptionHandlerParameters) {
        this.parameters = nuxeoExceptionHandlerParameters;
    }

    protected void startHandlingException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Throwable th) throws ServletException {
        if (httpServletRequest.getAttribute(NuxeoExceptionHandler.EXCEPTION_HANDLER_MARKER) != null) {
            throw new ServletException(th);
        }
        if (log.isDebugEnabled()) {
            log.debug("Initial exception", th);
        }
        httpServletRequest.setAttribute(NuxeoExceptionHandler.EXCEPTION_HANDLER_MARKER, true);
        httpServletRequest.setAttribute(NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY, true);
    }

    @Override // org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionHandler
    public void handleException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Throwable th) throws IOException, ServletException {
        Throwable unwrapException = ExceptionHelper.unwrapException(th);
        if (ExceptionHelper.isSecurityError(unwrapException)) {
            Principal principal = getPrincipal(httpServletRequest);
            if ((principal instanceof NuxeoPrincipal) && ((NuxeoPrincipal) principal).isAnonymous() && handleAnonymousException(httpServletRequest, httpServletResponse)) {
                return;
            }
        }
        startHandlingException(httpServletRequest, httpServletResponse, th);
        try {
            ErrorHandler handler = getHandler(th);
            Integer code = handler.getCode();
            int intValue = code == null ? 500 : code.intValue();
            this.parameters.getListener().startHandling(th, httpServletRequest, httpServletResponse);
            StringWriter stringWriter = new StringWriter();
            th.printStackTrace(new PrintWriter(stringWriter));
            String stringBuffer = stringWriter.getBuffer().toString();
            if (DownloadHelper.isClientAbortError(th)) {
                DownloadHelper.logClientAbort(th);
            } else if (intValue < 500) {
                log.debug(th.getMessage(), th);
            } else {
                log.error(stringBuffer);
                this.parameters.getLogger().error(stringBuffer);
            }
            this.parameters.getListener().beforeSetErrorPageAttribute(unwrapException, httpServletRequest, httpServletResponse);
            httpServletRequest.setAttribute("exception_message", unwrapException.getLocalizedMessage());
            httpServletRequest.setAttribute("user_message", getUserMessage(handler.getMessage(), httpServletRequest.getLocale()));
            httpServletRequest.setAttribute(NXAuthConstants.SECURITY_ERROR, Boolean.valueOf(ExceptionHelper.isSecurityError(unwrapException)));
            httpServletRequest.setAttribute("messageBundle", ResourceBundle.getBundle(this.parameters.getBundleName(), httpServletRequest.getLocale(), Thread.currentThread().getContextClassLoader()));
            String dump = this.parameters.getRequestDumper().getDump(httpServletRequest);
            if (intValue >= 500) {
                this.parameters.getLogger().error(dump);
            }
            httpServletRequest.setAttribute("isDevModeSet", Boolean.valueOf(Framework.isDevModeSet()));
            if (Framework.isDevModeSet()) {
                httpServletRequest.setAttribute("stackTrace", stringBuffer);
                httpServletRequest.setAttribute("request_dump", dump);
            }
            this.parameters.getListener().beforeForwardToErrorPage(unwrapException, httpServletRequest, httpServletResponse);
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.reset();
                httpServletResponse.setStatus(intValue);
                String page = handler.getPage();
                String defaultErrorPage = page == null ? this.parameters.getDefaultErrorPage() : page;
                RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(defaultErrorPage);
                if (requestDispatcher != null) {
                    requestDispatcher.forward(httpServletRequest, httpServletResponse);
                } else {
                    log.error("Cannot forward to error page, no RequestDispatcher found for errorPage=" + defaultErrorPage + " handler=" + handler);
                }
                this.parameters.getListener().responseComplete();
            } else if (!DownloadHelper.isClientAbortError(th)) {
                log.error("Cannot forward to error page: response is already committed", th);
            }
            this.parameters.getListener().afterDispatch(unwrapException, httpServletRequest, httpServletResponse);
        } catch (IOException | RuntimeException e) {
            throw new ServletException(e);
        } catch (ServletException e2) {
            throw e2;
        }
    }

    @Override // org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionHandler
    public boolean handleAnonymousException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        PluggableAuthenticationService pluggableAuthenticationService = (PluggableAuthenticationService) Framework.getRuntime().getComponent(PluggableAuthenticationService.NAME);
        if (pluggableAuthenticationService == null) {
            return false;
        }
        pluggableAuthenticationService.invalidateSession(httpServletRequest);
        String loginURL = getLoginURL(httpServletRequest);
        if (loginURL == null) {
            return false;
        }
        if (httpServletResponse.isCommitted()) {
            log.error("Cannot redirect to login page: response is already committed");
            return true;
        }
        httpServletRequest.setAttribute(NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY, true);
        httpServletResponse.sendRedirect(loginURL);
        this.parameters.getListener().responseComplete();
        return true;
    }

    @Override // org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionHandler
    public String getLoginURL(HttpServletRequest httpServletRequest) {
        PluggableAuthenticationService pluggableAuthenticationService = (PluggableAuthenticationService) Framework.getRuntime().getComponent(PluggableAuthenticationService.NAME);
        HashMap hashMap = new HashMap();
        hashMap.put(NXAuthConstants.SECURITY_ERROR, "true");
        hashMap.put(NXAuthConstants.FORCE_ANONYMOUS_LOGIN, "true");
        if (httpServletRequest.getAttribute(NXAuthConstants.REQUESTED_URL) != null) {
            hashMap.put(NXAuthConstants.REQUESTED_URL, (String) httpServletRequest.getAttribute(NXAuthConstants.REQUESTED_URL));
        } else {
            hashMap.put(NXAuthConstants.REQUESTED_URL, NuxeoAuthenticationFilter.getRequestedUrl(httpServletRequest));
        }
        return URIUtils.addParametersToURIQuery(pluggableAuthenticationService.getBaseURL(httpServletRequest) + NXAuthConstants.LOGOUT_PAGE, hashMap);
    }

    protected ErrorHandler getHandler(Throwable th) {
        String name = ExceptionHelper.unwrapException(th).getClass().getName();
        for (ErrorHandler errorHandler : this.parameters.getHandlers()) {
            if (errorHandler.getError() != null && name.matches(errorHandler.getError())) {
                return errorHandler;
            }
        }
        throw new NuxeoException("No error handler set.");
    }

    protected Object getUserMessage(String str, Locale locale) {
        return I18NUtils.getMessageString(this.parameters.getBundleName(), str, null, locale);
    }

    protected Principal getPrincipal(HttpServletRequest httpServletRequest) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal == null) {
            userPrincipal = (Principal) Optional.ofNullable((LoginContext) httpServletRequest.getAttribute(NXAuthConstants.LOGINCONTEXT_KEY)).map((v0) -> {
                return v0.getSubject();
            }).map((v0) -> {
                return v0.getPrincipals();
            }).flatMap(set -> {
                return set.stream().findFirst();
            }).orElse(null);
        }
        return userPrincipal;
    }
}
