package com.netflix.spinnaker.fiat.shared;

import com.netflix.spinnaker.fiat.shared.FiatPermissionEvaluator;
import com.netflix.spinnaker.kork.api.exceptions.AccessDeniedDetails;
import com.netflix.spinnaker.kork.web.exceptions.ExceptionMessageDecorator;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.StringJoiner;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.servlet.error.DefaultErrorAttributes;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;

@ControllerAdvice
/* loaded from: input_file:com/netflix/spinnaker/fiat/shared/FiatAccessDeniedExceptionHandler.class */
public class FiatAccessDeniedExceptionHandler {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final DefaultErrorAttributes defaultErrorAttributes = new DefaultErrorAttributes();
    private final ExceptionMessageDecorator exceptionMessageDecorator;

    public FiatAccessDeniedExceptionHandler(ExceptionMessageDecorator exceptionMessageDecorator) {
        this.exceptionMessageDecorator = exceptionMessageDecorator;
    }

    @ExceptionHandler({AccessDeniedException.class})
    public void handleAccessDeniedException(AccessDeniedException accessDeniedException, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws IOException {
        storeException(httpServletRequest, httpServletResponse, accessDeniedException);
        this.log.error("Encountered exception while processing request {}:{} with headers={}", new Object[]{httpServletRequest.getMethod(), httpServletRequest.getRequestURI(), requestHeaders(httpServletRequest).toString(), accessDeniedException});
        httpServletResponse.sendError(HttpStatus.FORBIDDEN.value(), (String) FiatPermissionEvaluator.getAuthorizationFailure().map(authorizationFailure -> {
            return authorizationFailureMessage(authorizationFailure, accessDeniedException);
        }).orElse("Access is denied"));
    }

    private String authorizationFailureMessage(FiatPermissionEvaluator.AuthorizationFailure authorizationFailure, AccessDeniedException accessDeniedException) {
        StringJoiner stringJoiner = new StringJoiner(" ");
        defaultErrorDecoration(stringJoiner, authorizationFailure);
        return this.exceptionMessageDecorator.decorate(accessDeniedException, stringJoiner.toString(), new AccessDeniedDetails(authorizationFailure.getResourceType().toString(), authorizationFailure.getResourceName(), authorizationFailure.hasAuthorization() ? authorizationFailure.getAuthorization().toString() : null));
    }

    private void defaultErrorDecoration(StringJoiner stringJoiner, FiatPermissionEvaluator.AuthorizationFailure authorizationFailure) {
        stringJoiner.add("Access denied to").add(authorizationFailure.getResourceType().toString().replace("_", " ").toLowerCase()).add(authorizationFailure.getResourceName());
        if (authorizationFailure.hasAuthorization()) {
            stringJoiner.add("- required authorization:").add(authorizationFailure.getAuthorization().toString());
        }
    }

    private Map<String, String> requestHeaders(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        if (httpServletRequest.getHeaderNames() != null) {
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                hashMap.put(str, httpServletRequest.getHeader(str));
            }
        }
        return hashMap;
    }

    private void storeException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) {
        this.defaultErrorAttributes.resolveException(httpServletRequest, httpServletResponse, (Object) null, exc);
    }
}
