package io.camunda.zeebe.shared.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ProblemDetail;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/camunda/zeebe/shared/security/ProblemAuthFailureHandler.class */
public final class ProblemAuthFailureHandler implements AuthenticationFailureHandler, AccessDeniedHandler, AuthenticationEntryPoint {
    private final ObjectMapper objectMapper;

    @Autowired
    public ProblemAuthFailureHandler(ObjectMapper objectMapper) {
        this.objectMapper = objectMapper;
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        handleFailure(httpServletRequest, httpServletResponse, HttpStatus.UNAUTHORIZED, authenticationException);
    }

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        Authentication userPrincipal = httpServletRequest.getUserPrincipal();
        if ((userPrincipal instanceof Authentication) && userPrincipal.isAuthenticated()) {
            handleFailure(httpServletRequest, httpServletResponse, HttpStatus.FORBIDDEN, accessDeniedException);
        }
        handleFailure(httpServletRequest, httpServletResponse, HttpStatus.UNAUTHORIZED, accessDeniedException);
    }

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        handleFailure(httpServletRequest, httpServletResponse, HttpStatus.UNAUTHORIZED, authenticationException);
    }

    private void handleFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpStatus httpStatus, Exception exc) throws IOException {
        ProblemDetail forStatus = ProblemDetail.forStatus(httpStatus);
        forStatus.setDetail(exc.getMessage());
        forStatus.setInstance(URI.create(httpServletRequest.getRequestURI()));
        String writeValueAsString = this.objectMapper.writeValueAsString(forStatus);
        httpServletResponse.reset();
        httpServletResponse.setStatus(httpStatus.value());
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentType("application/problem+json");
        httpServletResponse.getWriter().append((CharSequence) writeValueAsString);
    }
}
