package org.nuxeo.ecm.platform.ui.web.auth.cas2;

import java.io.IOException;
import javax.faces.context.FacesContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
import org.nuxeo.ecm.platform.ui.web.rest.api.URLPolicyService;
import org.nuxeo.ecm.platform.url.api.DocumentView;
import org.nuxeo.ecm.platform.web.common.exceptionhandling.DefaultNuxeoExceptionHandler;
import org.nuxeo.ecm.platform.web.common.exceptionhandling.ExceptionHelper;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/cas2/SecurityExceptionHandler.class */
public class SecurityExceptionHandler extends DefaultNuxeoExceptionHandler {
    public static final String CAS_REDIRECTION_URL = "/cas2.jsp";
    public static final String COOKIE_NAME_LOGOUT_URL = "cookie.name.logout.url";
    private static final Log log = LogFactory.getLog(SecurityExceptionHandler.class);
    Cas2Authenticator cas2Authenticator;
    protected URLPolicyService urlService;

    public void handleException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Throwable th) throws IOException, ServletException {
        if (httpServletResponse.containsHeader("Cache-Control")) {
            httpServletResponse.setHeader("Cache-Control", "no-cache");
        }
        if (!ExceptionHelper.isSecurityError(unwrapException(th)) && !httpServletResponse.containsHeader("sso.initial.url.request")) {
            super.handleException(httpServletRequest, httpServletResponse, th);
            return;
        }
        NuxeoPrincipal userPrincipal = httpServletRequest.getUserPrincipal();
        if (!(userPrincipal instanceof NuxeoPrincipal) || !userPrincipal.isAnonymous()) {
            super.handleException(httpServletRequest, httpServletResponse, th);
            return;
        }
        httpServletResponse.resetBuffer();
        Cookie cookie = new Cookie("sso.initial.url.request", getURLToReach(httpServletRequest));
        cookie.setPath("/");
        cookie.setMaxAge(60);
        httpServletResponse.addCookie(cookie);
        if (!httpServletResponse.isCommitted()) {
            httpServletRequest.getRequestDispatcher(CAS_REDIRECTION_URL).forward(httpServletRequest, httpServletResponse);
        }
        FacesContext.getCurrentInstance().responseComplete();
    }

    protected Cas2Authenticator getCasAuthenticator() throws ClientException {
        if (this.cas2Authenticator != null) {
            return this.cas2Authenticator;
        }
        PluggableAuthenticationService pluggableAuthenticationService = (PluggableAuthenticationService) Framework.getRuntime().getComponent("org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService");
        if (pluggableAuthenticationService == null) {
            throw new ClientException("Can't initialize Nuxeo Pluggable Authentication Service");
        }
        this.cas2Authenticator = (Cas2Authenticator) pluggableAuthenticationService.getPlugin("CAS2_AUTH");
        if (this.cas2Authenticator == null) {
            throw new ClientException("Can't get CAS authenticator");
        }
        return this.cas2Authenticator;
    }

    protected String getURLToReach(HttpServletRequest httpServletRequest) {
        String urlFromDocumentView;
        DocumentView documentView = (DocumentView) httpServletRequest.getAttribute("DocumentView");
        return (documentView == null || (urlFromDocumentView = getURLPolicyService().getUrlFromDocumentView(documentView, "")) == null) ? httpServletRequest.getRequestURL().toString() + "?" + httpServletRequest.getQueryString() : urlFromDocumentView;
    }

    protected URLPolicyService getURLPolicyService() {
        if (this.urlService == null) {
            try {
                this.urlService = (URLPolicyService) Framework.getService(URLPolicyService.class);
            } catch (Exception e) {
                log.error("Could not retrieve the URLPolicyService", e);
            }
        }
        return this.urlService;
    }
}
