package org.nuxeo.ecm.platform.web.common.exceptionhandling;

import java.io.IOException;
import java.util.HashMap;
import javax.faces.context.FacesContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.common.utils.URIUtils;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants;
import org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter;
import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/web/common/exceptionhandling/NuxeoSecurityExceptionHandler.class */
public class NuxeoSecurityExceptionHandler extends DefaultNuxeoExceptionHandler {
    protected static final Log log = LogFactory.getLog(NuxeoSecurityExceptionHandler.class);
    protected PluggableAuthenticationService service;

    @Override // org.nuxeo.ecm.platform.web.common.exceptionhandling.DefaultNuxeoExceptionHandler, org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionHandler
    public void handleException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Throwable th) throws IOException, ServletException {
        if (!ExceptionHelper.isSecurityError(unwrapException(th))) {
            super.handleException(httpServletRequest, httpServletResponse, th);
            return;
        }
        NuxeoPrincipal userPrincipal = httpServletRequest.getUserPrincipal();
        if ((userPrincipal instanceof NuxeoPrincipal) && userPrincipal.isAnonymous() && handleAnonymousException(httpServletRequest, httpServletResponse)) {
            return;
        }
        super.handleException(httpServletRequest, httpServletResponse, th);
    }

    protected boolean handleAnonymousException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        HashMap hashMap = new HashMap();
        hashMap.put(NXAuthConstants.SECURITY_ERROR, "true");
        hashMap.put(NXAuthConstants.FORCE_ANONYMOUS_LOGIN, "true");
        if (httpServletRequest.getAttribute(NXAuthConstants.REQUESTED_URL) != null) {
            hashMap.put(NXAuthConstants.REQUESTED_URL, (String) httpServletRequest.getAttribute(NXAuthConstants.REQUESTED_URL));
        } else {
            hashMap.put(NXAuthConstants.REQUESTED_URL, NuxeoAuthenticationFilter.getRequestedUrl(httpServletRequest));
        }
        if (httpServletResponse.isCommitted()) {
            log.error("Cannot redirect to login page: response is already commited");
            return true;
        }
        String str = initAuthenticationService().getBaseURL(httpServletRequest) + NXAuthConstants.LOGOUT_PAGE;
        httpServletRequest.setAttribute(NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY, true);
        httpServletResponse.sendRedirect(URIUtils.addParametersToURIQuery(str, hashMap));
        FacesContext currentInstance = FacesContext.getCurrentInstance();
        if (currentInstance != null) {
            currentInstance.responseComplete();
            return true;
        }
        log.error("Cannot set response complete: faces context is null");
        return true;
    }

    protected PluggableAuthenticationService initAuthenticationService() throws ServletException {
        this.service = (PluggableAuthenticationService) Framework.getRuntime().getComponent(PluggableAuthenticationService.NAME);
        if (this.service != null) {
            return this.service;
        }
        log.error("Unable to get Service org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService");
        throw new ServletException("Can't initialize Nuxeo Pluggable Authentication Service");
    }
}
