package org.springframework.security.web.access;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.core.log.LogMessage;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-6.0.5.jar:org/springframework/security/web/access/ExceptionTranslationFilter.class */
public class ExceptionTranslationFilter extends GenericFilterBean implements MessageSourceAware {
    private SecurityContextHolderStrategy securityContextHolderStrategy;
    private AccessDeniedHandler accessDeniedHandler;
    private AuthenticationEntryPoint authenticationEntryPoint;
    private AuthenticationTrustResolver authenticationTrustResolver;
    private ThrowableAnalyzer throwableAnalyzer;
    private RequestCache requestCache;
    protected MessageSourceAccessor messages;

    /* loaded from: input_file:WEB-INF/lib/spring-security-web-6.0.5.jar:org/springframework/security/web/access/ExceptionTranslationFilter$DefaultThrowableAnalyzer.class */
    private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
        private DefaultThrowableAnalyzer() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.springframework.security.web.util.ThrowableAnalyzer
        public void initExtractorMap() {
            super.initExtractorMap();
            registerExtractor(ServletException.class, th -> {
                ThrowableAnalyzer.verifyThrowableHierarchy(th, ServletException.class);
                return ((ServletException) th).getRootCause();
            });
        }
    }

    public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) {
        this(authenticationEntryPoint, new HttpSessionRequestCache());
    }

    public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache) {
        this.securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
        this.accessDeniedHandler = new AccessDeniedHandlerImpl();
        this.authenticationTrustResolver = new AuthenticationTrustResolverImpl();
        this.throwableAnalyzer = new DefaultThrowableAnalyzer();
        this.requestCache = new HttpSessionRequestCache();
        this.messages = SpringSecurityMessageSource.getAccessor();
        Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
        Assert.notNull(requestCache, "requestCache cannot be null");
        this.authenticationEntryPoint = authenticationEntryPoint;
        this.requestCache = requestCache;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationEntryPoint, "authenticationEntryPoint must be specified");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            Throwable[] determineCauseChain = this.throwableAnalyzer.determineCauseChain(e2);
            RuntimeException runtimeException = (AuthenticationException) this.throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, determineCauseChain);
            if (runtimeException == null) {
                runtimeException = (AccessDeniedException) this.throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class, determineCauseChain);
            }
            if (runtimeException == null) {
                rethrow(e2);
            }
            if (httpServletResponse.isCommitted()) {
                throw new ServletException("Unable to handle the Spring Security Exception because the response is already committed.", e2);
            }
            handleSpringSecurityException(httpServletRequest, httpServletResponse, filterChain, runtimeException);
        }
    }

    private void rethrow(Exception exc) throws ServletException {
        if (exc instanceof ServletException) {
            throw ((ServletException) exc);
        }
        if (!(exc instanceof RuntimeException)) {
            throw new RuntimeException(exc);
        }
        throw ((RuntimeException) exc);
    }

    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    protected AuthenticationTrustResolver getAuthenticationTrustResolver() {
        return this.authenticationTrustResolver;
    }

    private void handleSpringSecurityException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, RuntimeException runtimeException) throws IOException, ServletException {
        if (runtimeException instanceof AuthenticationException) {
            handleAuthenticationException(httpServletRequest, httpServletResponse, filterChain, (AuthenticationException) runtimeException);
        } else if (runtimeException instanceof AccessDeniedException) {
            handleAccessDeniedException(httpServletRequest, httpServletResponse, filterChain, (AccessDeniedException) runtimeException);
        }
    }

    private void handleAuthenticationException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, AuthenticationException authenticationException) throws ServletException, IOException {
        this.logger.trace("Sending to authentication entry point since authentication failed", authenticationException);
        sendStartAuthentication(httpServletRequest, httpServletResponse, filterChain, authenticationException);
    }

    private void handleAccessDeniedException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, AccessDeniedException accessDeniedException) throws ServletException, IOException {
        Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
        if (this.authenticationTrustResolver.isAnonymous(authentication) || this.authenticationTrustResolver.isRememberMe(authentication)) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Sending %s to authentication entry point since access is denied", authentication), accessDeniedException);
            }
            sendStartAuthentication(httpServletRequest, httpServletResponse, filterChain, new InsufficientAuthenticationException(this.messages.getMessage("ExceptionTranslationFilter.insufficientAuthentication", "Full authentication is required to access this resource")));
        } else {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Sending %s to access denied handler since access is denied", authentication), accessDeniedException);
            }
            this.accessDeniedHandler.handle(httpServletRequest, httpServletResponse, accessDeniedException);
        }
    }

    protected void sendStartAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, AuthenticationException authenticationException) throws ServletException, IOException {
        this.securityContextHolderStrategy.setContext(this.securityContextHolderStrategy.createEmptyContext());
        this.requestCache.saveRequest(httpServletRequest, httpServletResponse);
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
    }

    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        Assert.notNull(accessDeniedHandler, "AccessDeniedHandler required");
        this.accessDeniedHandler = accessDeniedHandler;
    }

    public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must not be null");
        this.authenticationTrustResolver = authenticationTrustResolver;
    }

    public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
        Assert.notNull(throwableAnalyzer, "throwableAnalyzer must not be null");
        this.throwableAnalyzer = throwableAnalyzer;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        Assert.notNull(messageSource, "messageSource cannot be null");
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
        Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
        this.securityContextHolderStrategy = securityContextHolderStrategy;
    }
}
