package org.thingsboard.server.exception;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.msg.tools.MaxPayloadSizeExceededException;
import org.thingsboard.server.common.msg.tools.TbRateLimitsException;
import org.thingsboard.server.controller.UserController;
import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException;
import org.thingsboard.server.service.security.exception.JwtExpiredTokenException;
import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
import org.thingsboard.server.service.security.exception.UserPasswordNotValidException;

@RestControllerAdvice
@Controller
/* loaded from: input_file:org/thingsboard/server/exception/ThingsboardErrorResponseHandler.class */
public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHandler implements AccessDeniedHandler, ErrorController {
    private static final Logger log = LoggerFactory.getLogger(ThingsboardErrorResponseHandler.class);
    private static final Map<HttpStatus, ThingsboardErrorCode> statusToErrorCodeMap = new HashMap();
    private static final Map<ThingsboardErrorCode, HttpStatus> errorCodeToStatusMap;

    private static ThingsboardErrorCode statusToErrorCode(HttpStatus httpStatus) {
        return statusToErrorCodeMap.getOrDefault(httpStatus, ThingsboardErrorCode.GENERAL);
    }

    private static HttpStatus errorCodeToStatus(ThingsboardErrorCode thingsboardErrorCode) {
        return errorCodeToStatusMap.getOrDefault(thingsboardErrorCode, HttpStatus.INTERNAL_SERVER_ERROR);
    }

    @RequestMapping({"/error"})
    public ResponseEntity<Object> handleError(HttpServletRequest httpServletRequest) {
        HttpStatus httpStatus = (HttpStatus) Optional.ofNullable(httpServletRequest.getAttribute("jakarta.servlet.error.status_code")).map(obj -> {
            return HttpStatus.resolve(Integer.parseInt(obj.toString()));
        }).orElse(HttpStatus.INTERNAL_SERVER_ERROR);
        return new ResponseEntity<>(ThingsboardErrorResponse.of((String) Optional.ofNullable(httpServletRequest.getAttribute("jakarta.servlet.error.exception")).map(obj2 -> {
            return ExceptionUtils.getMessage((Throwable) obj2);
        }).orElse(httpStatus.getReasonPhrase()), statusToErrorCode(httpStatus), httpStatus), httpStatus);
    }

    @ExceptionHandler({org.springframework.security.access.AccessDeniedException.class})
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, org.springframework.security.access.AccessDeniedException accessDeniedException) throws IOException, ServletException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
        JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of(UserController.YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED, HttpStatus.FORBIDDEN));
    }

    @ExceptionHandler({Exception.class})
    public void handle(Exception exc, HttpServletResponse httpServletResponse) {
        log.debug("Processing exception {}", exc.getMessage(), exc);
        if (httpServletResponse.isCommitted()) {
            return;
        }
        try {
            httpServletResponse.setContentType("application/json");
            if (exc instanceof ThingsboardException) {
                if (((ThingsboardException) exc).getErrorCode() == ThingsboardErrorCode.SUBSCRIPTION_VIOLATION) {
                    handleSubscriptionException((ThingsboardException) exc, httpServletResponse);
                } else {
                    handleThingsboardException((ThingsboardException) exc, httpServletResponse);
                }
            } else if (exc instanceof TbRateLimitsException) {
                handleRateLimitException(httpServletResponse, (TbRateLimitsException) exc);
            } else if (exc instanceof org.springframework.security.access.AccessDeniedException) {
                handleAccessDeniedException(httpServletResponse);
            } else if (exc instanceof AuthenticationException) {
                handleAuthenticationException((AuthenticationException) exc, httpServletResponse);
            } else if (exc instanceof MaxPayloadSizeExceededException) {
                handleMaxPayloadSizeExceededException(httpServletResponse, (MaxPayloadSizeExceededException) exc);
            } else {
                httpServletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
                JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of(exc.getMessage(), ThingsboardErrorCode.GENERAL, HttpStatus.INTERNAL_SERVER_ERROR));
            }
        } catch (IOException e) {
            log.error("Can't handle exception", e);
        }
    }

    protected ResponseEntity<Object> handleExceptionInternal(Exception exc, @Nullable Object obj, HttpHeaders httpHeaders, HttpStatusCode httpStatusCode, WebRequest webRequest) {
        if (HttpStatus.INTERNAL_SERVER_ERROR.equals(httpStatusCode)) {
            webRequest.setAttribute("jakarta.servlet.error.exception", exc, 0);
        }
        return new ResponseEntity<>(ThingsboardErrorResponse.of(exc.getMessage(), statusToErrorCode((HttpStatus) httpStatusCode), (HttpStatus) httpStatusCode), httpHeaders, httpStatusCode);
    }

    private void handleThingsboardException(ThingsboardException thingsboardException, HttpServletResponse httpServletResponse) throws IOException {
        ThingsboardErrorCode errorCode = thingsboardException.getErrorCode();
        HttpStatus errorCodeToStatus = errorCodeToStatus(errorCode);
        httpServletResponse.setStatus(errorCodeToStatus.value());
        JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of(thingsboardException.getMessage(), errorCode, errorCodeToStatus));
    }

    private void handleRateLimitException(HttpServletResponse httpServletResponse, TbRateLimitsException tbRateLimitsException) throws IOException {
        httpServletResponse.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
        JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of("Too many requests for current " + tbRateLimitsException.getEntityType().name().toLowerCase() + "!", ThingsboardErrorCode.TOO_MANY_REQUESTS, HttpStatus.TOO_MANY_REQUESTS));
    }

    private void handleMaxPayloadSizeExceededException(HttpServletResponse httpServletResponse, MaxPayloadSizeExceededException maxPayloadSizeExceededException) throws IOException {
        httpServletResponse.setStatus(HttpStatus.PAYLOAD_TOO_LARGE.value());
        JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of(maxPayloadSizeExceededException.getMessage(), ThingsboardErrorCode.BAD_REQUEST_PARAMS, HttpStatus.PAYLOAD_TOO_LARGE));
    }

    private void handleSubscriptionException(ThingsboardException thingsboardException, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
        JacksonUtil.writeValue(httpServletResponse.getWriter(), JacksonUtil.fromBytes(thingsboardException.getCause().getResponseBodyAsByteArray(), Object.class));
    }

    private void handleAccessDeniedException(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
        JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of(UserController.YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED, HttpStatus.FORBIDDEN));
    }

    private void handleAuthenticationException(AuthenticationException authenticationException, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        if ((authenticationException instanceof BadCredentialsException) || (authenticationException instanceof UsernameNotFoundException)) {
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of("Invalid username or password", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
            return;
        }
        if (authenticationException instanceof DisabledException) {
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of("User account is not active", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
            return;
        }
        if (authenticationException instanceof LockedException) {
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of("User account is locked due to security policy", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
            return;
        }
        if (authenticationException instanceof JwtExpiredTokenException) {
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of("Token has expired", ThingsboardErrorCode.JWT_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED));
            return;
        }
        if (authenticationException instanceof AuthMethodNotSupportedException) {
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of(authenticationException.getMessage(), ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
            return;
        }
        if (authenticationException instanceof UserPasswordExpiredException) {
            UserPasswordExpiredException userPasswordExpiredException = (UserPasswordExpiredException) authenticationException;
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardCredentialsExpiredResponse.of(userPasswordExpiredException.getMessage(), userPasswordExpiredException.getResetToken()));
        } else if (authenticationException instanceof UserPasswordNotValidException) {
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardCredentialsViolationResponse.of(((UserPasswordNotValidException) authenticationException).getMessage()));
        } else {
            JacksonUtil.writeValue(httpServletResponse.getWriter(), ThingsboardErrorResponse.of("Authentication failed", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
        }
    }

    static {
        statusToErrorCodeMap.put(HttpStatus.BAD_REQUEST, ThingsboardErrorCode.BAD_REQUEST_PARAMS);
        statusToErrorCodeMap.put(HttpStatus.UNAUTHORIZED, ThingsboardErrorCode.AUTHENTICATION);
        statusToErrorCodeMap.put(HttpStatus.FORBIDDEN, ThingsboardErrorCode.PERMISSION_DENIED);
        statusToErrorCodeMap.put(HttpStatus.NOT_FOUND, ThingsboardErrorCode.ITEM_NOT_FOUND);
        statusToErrorCodeMap.put(HttpStatus.METHOD_NOT_ALLOWED, ThingsboardErrorCode.BAD_REQUEST_PARAMS);
        statusToErrorCodeMap.put(HttpStatus.NOT_ACCEPTABLE, ThingsboardErrorCode.BAD_REQUEST_PARAMS);
        statusToErrorCodeMap.put(HttpStatus.UNSUPPORTED_MEDIA_TYPE, ThingsboardErrorCode.BAD_REQUEST_PARAMS);
        statusToErrorCodeMap.put(HttpStatus.TOO_MANY_REQUESTS, ThingsboardErrorCode.TOO_MANY_REQUESTS);
        statusToErrorCodeMap.put(HttpStatus.INTERNAL_SERVER_ERROR, ThingsboardErrorCode.GENERAL);
        statusToErrorCodeMap.put(HttpStatus.SERVICE_UNAVAILABLE, ThingsboardErrorCode.GENERAL);
        errorCodeToStatusMap = new HashMap();
        errorCodeToStatusMap.put(ThingsboardErrorCode.GENERAL, HttpStatus.INTERNAL_SERVER_ERROR);
        errorCodeToStatusMap.put(ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED);
        errorCodeToStatusMap.put(ThingsboardErrorCode.JWT_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED);
        errorCodeToStatusMap.put(ThingsboardErrorCode.CREDENTIALS_EXPIRED, HttpStatus.UNAUTHORIZED);
        errorCodeToStatusMap.put(ThingsboardErrorCode.PERMISSION_DENIED, HttpStatus.FORBIDDEN);
        errorCodeToStatusMap.put(ThingsboardErrorCode.INVALID_ARGUMENTS, HttpStatus.BAD_REQUEST);
        errorCodeToStatusMap.put(ThingsboardErrorCode.BAD_REQUEST_PARAMS, HttpStatus.BAD_REQUEST);
        errorCodeToStatusMap.put(ThingsboardErrorCode.ITEM_NOT_FOUND, HttpStatus.NOT_FOUND);
        errorCodeToStatusMap.put(ThingsboardErrorCode.TOO_MANY_REQUESTS, HttpStatus.TOO_MANY_REQUESTS);
        errorCodeToStatusMap.put(ThingsboardErrorCode.TOO_MANY_UPDATES, HttpStatus.TOO_MANY_REQUESTS);
        errorCodeToStatusMap.put(ThingsboardErrorCode.SUBSCRIPTION_VIOLATION, HttpStatus.FORBIDDEN);
        errorCodeToStatusMap.put(ThingsboardErrorCode.VERSION_CONFLICT, HttpStatus.CONFLICT);
    }
}
