package org.zowe.apiml.gateway.error.check;

import com.netflix.zuul.exception.ZuulException;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.zowe.apiml.gateway.error.ErrorUtils;
import org.zowe.apiml.gateway.security.service.PassTicketException;
import org.zowe.apiml.gateway.security.service.saf.SafIdtAuthException;
import org.zowe.apiml.gateway.security.service.saf.SafIdtException;
import org.zowe.apiml.message.api.ApiMessageView;
import org.zowe.apiml.message.core.MessageService;
import org.zowe.apiml.security.common.token.TokenExpireException;
import org.zowe.apiml.security.common.token.TokenNotValidException;

/* loaded from: input_file:org/zowe/apiml/gateway/error/check/SecurityErrorCheck.class */
public class SecurityErrorCheck implements ErrorCheck {
    private final MessageService messageService;

    @Override // org.zowe.apiml.gateway.error.check.ErrorCheck
    public ResponseEntity<ApiMessageView> checkError(HttpServletRequest httpServletRequest, Throwable th) {
        if (!(th instanceof ZuulException)) {
            return null;
        }
        Throwable cause = th.getCause();
        ApiMessageView apiMessageView = null;
        if (cause instanceof AuthenticationException) {
            HttpStatus httpStatus = HttpStatus.UNAUTHORIZED;
            if (cause instanceof TokenExpireException) {
                apiMessageView = this.messageService.createMessage("org.zowe.apiml.gateway.security.expiredToken", new Object[0]).mapToView();
            } else if (cause instanceof TokenNotValidException) {
                apiMessageView = this.messageService.createMessage("org.zowe.apiml.gateway.security.invalidToken", new Object[0]).mapToView();
            } else if (cause instanceof BadCredentialsException) {
                apiMessageView = this.messageService.createMessage("org.zowe.apiml.security.login.invalidCredentials", new Object[]{ErrorUtils.getGatewayUri(httpServletRequest)}).mapToView();
            } else if (cause instanceof SafIdtAuthException) {
                apiMessageView = this.messageService.createMessage("org.zowe.apiml.security.idt.auth.failed", new Object[]{cause.getLocalizedMessage() + ". " + getPreviousCause(cause)}).mapToView();
            }
            return ResponseEntity.status(httpStatus).contentType(MediaType.APPLICATION_JSON).body(apiMessageView);
        }
        if (!(cause instanceof AccessDeniedException)) {
            return null;
        }
        HttpStatus httpStatus2 = HttpStatus.FORBIDDEN;
        if (cause instanceof SafIdtException) {
            httpStatus2 = HttpStatus.INTERNAL_SERVER_ERROR;
            apiMessageView = this.messageService.createMessage("org.zowe.apiml.security.idt.failed", new Object[]{cause.getLocalizedMessage() + ". " + getPreviousCause(cause)}).mapToView();
        } else if (cause instanceof PassTicketException) {
            httpStatus2 = HttpStatus.INTERNAL_SERVER_ERROR;
            apiMessageView = this.messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", new Object[]{cause.getLocalizedMessage() + ". " + getPreviousCause(cause)}).mapToView();
        }
        return ResponseEntity.status(httpStatus2).contentType(MediaType.APPLICATION_JSON).body(apiMessageView);
    }

    private static String getPreviousCause(Throwable th) {
        Throwable cause = th.getCause();
        return cause == null ? "" : cause.getMessage();
    }

    @Generated
    public SecurityErrorCheck(MessageService messageService) {
        this.messageService = messageService;
    }
}
