package org.squashtest.tm.web.backend.exceptionresolver;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.errors.IntrusionException;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.AbstractHandlerExceptionResolver;
import org.springframework.web.servlet.view.json.MappingJackson2JsonView;
import org.squashtest.tm.core.foundation.logger.Logger;
import org.squashtest.tm.core.foundation.logger.LoggerFactory;
import org.squashtest.tm.web.backend.exceptionresolver.HandlerSimpleExceptionResolver;

@Component
/* loaded from: input_file:WEB-INF/classes/org/squashtest/tm/web/backend/exceptionresolver/HandlerIntrusionExceptionResolver.class */
public class HandlerIntrusionExceptionResolver extends AbstractHandlerExceptionResolver {
    private static final Logger LOGGER = LoggerFactory.getLogger(HandlerIntrusionExceptionResolver.class);

    @Override // org.springframework.web.servlet.handler.AbstractHandlerExceptionResolver
    @ExceptionHandler({IntrusionException.class})
    protected ModelAndView doResolveException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
        if (!(exc instanceof IntrusionException)) {
            return null;
        }
        IntrusionException intrusionException = (IntrusionException) exc;
        LOGGER.error(intrusionException.getLogMessage(), exc);
        httpServletResponse.setStatus(403);
        String userMessage = intrusionException.getUserMessage();
        if (userMessage.isBlank()) {
            userMessage = "An intrusion was detected";
        }
        if (ExceptionResolverUtils.clientAcceptsMIME(httpServletRequest, MimeType.APPLICATION_JSON)) {
            return new ModelAndView(new MappingJackson2JsonView(), "intrusionException", userMessage);
        }
        if (ExceptionResolverUtils.clientAcceptsMIME(httpServletRequest, MimeType.TEXT_PLAIN)) {
            return new ModelAndView(new HandlerSimpleExceptionResolver.PlainTextView(), "simpleError", userMessage);
        }
        return null;
    }
}
