package org.deegree.services.authentication;

import java.io.IOException;
import java.security.AccessControlException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.stream.XMLStreamReader;
import org.apache.axiom.soap.SOAPEnvelope;
import org.deegree.services.controller.Credentials;
import org.deegree.services.controller.CredentialsProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/deegree-services-3.0.1.jar:org/deegree/services/authentication/DeegreeAuthentication.class */
public class DeegreeAuthentication implements CredentialsProvider {
    private static Logger LOG = LoggerFactory.getLogger(DeegreeAuthentication.class);

    @Override // org.deegree.services.controller.CredentialsProvider
    public Credentials doKVP(Map<String, String> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SecurityException, AccessControlException {
        return new Credentials(map.get("USER"), map.get("PASSWORD"), map.get("SESSIONID"));
    }

    @Override // org.deegree.services.controller.CredentialsProvider
    public Credentials doXML(XMLStreamReader xMLStreamReader, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SecurityException {
        return new Credentials(xMLStreamReader.getAttributeValue("", "user"), xMLStreamReader.getAttributeValue("", "password"), xMLStreamReader.getAttributeValue("", "sessionId"));
    }

    @Override // org.deegree.services.controller.CredentialsProvider
    public Credentials doSOAP(SOAPEnvelope sOAPEnvelope, HttpServletRequest httpServletRequest) {
        return null;
    }

    @Override // org.deegree.services.controller.CredentialsProvider
    public void handleException(HttpServletResponse httpServletResponse, SecurityException securityException) throws IOException {
        if (securityException instanceof InvalidCredentialsException) {
            doInvalidCredentialsExceptionException(httpServletResponse, (InvalidCredentialsException) securityException);
        } else {
            doAuthenticationException(httpServletResponse, securityException);
        }
    }

    private void doAuthenticationException(HttpServletResponse httpServletResponse, SecurityException securityException) throws IOException {
        LOG.debug("SecurityException: ");
        httpServletResponse.reset();
    }

    private void doInvalidCredentialsExceptionException(HttpServletResponse httpServletResponse, InvalidCredentialsException invalidCredentialsException) throws IOException {
        LOG.debug("exception should respond Forbidden: ");
        httpServletResponse.sendError(403);
    }
}
