package org.cloudfoundry.identity.uaa.provider.saml;

import java.io.IOException;
import java.net.URI;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.utils.URIBuilder;
import org.cloudfoundry.identity.uaa.web.UaaSavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.6.0.jar:org/cloudfoundry/identity/uaa/provider/saml/LoginSAMLAuthenticationFailureHandler.class */
public class LoginSAMLAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private static final Log LOG = LogFactory.getLog(LoginSAMLAuthenticationFailureHandler.class);

    @Override // org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        HttpSession session;
        DefaultSavedRequest defaultSavedRequest;
        String[] strArr;
        String str = null;
        if ((authenticationException instanceof LoginSAMLException) && (session = httpServletRequest.getSession()) != null && (defaultSavedRequest = (DefaultSavedRequest) session.getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE)) != null && (strArr = defaultSavedRequest.getParameterMap().get(OAuth2Utils.REDIRECT_URI)) != null && strArr.length > 0) {
            URIBuilder uRIBuilder = new URIBuilder(URI.create(strArr[0]));
            uRIBuilder.addParameter("error", OAuth2Exception.ACCESS_DENIED);
            uRIBuilder.addParameter(OAuth2Exception.DESCRIPTION, authenticationException.getMessage());
            str = uRIBuilder.toString();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Error redirect to: " + str);
            }
            getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, str);
        }
        if (str == null) {
            Throwable cause = authenticationException.getCause();
            if (cause == null) {
                this.logger.debug(authenticationException);
                super.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
            } else {
                AuthenticationServiceException authenticationServiceException = new AuthenticationServiceException(cause.getMessage(), cause.getCause());
                this.logger.debug(cause);
                super.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationServiceException);
            }
        }
    }
}
