package org.springframework.security.oauth2.client.oidc.web.logout;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.4.7.jar:org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.class */
public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
    private final ClientRegistrationRepository clientRegistrationRepository;
    private String postLogoutRedirectUri;

    public OidcClientInitiatedLogoutSuccessHandler(ClientRegistrationRepository clientRegistrationRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        String str = null;
        if ((authentication instanceof OAuth2AuthenticationToken) && (authentication.getPrincipal() instanceof OidcUser)) {
            URI endSessionEndpoint = endSessionEndpoint(this.clientRegistrationRepository.findByRegistrationId(((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId()));
            if (endSessionEndpoint != null) {
                str = endpointUri(endSessionEndpoint, idToken(authentication), postLogoutRedirectUri(httpServletRequest));
            }
        }
        return str != null ? str : super.determineTargetUrl(httpServletRequest, httpServletResponse);
    }

    private URI endSessionEndpoint(ClientRegistration clientRegistration) {
        Object obj;
        if (clientRegistration == null || (obj = clientRegistration.getProviderDetails().getConfigurationMetadata().get("end_session_endpoint")) == null) {
            return null;
        }
        return URI.create(obj.toString());
    }

    private String idToken(Authentication authentication) {
        return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue();
    }

    private String postLogoutRedirectUri(HttpServletRequest httpServletRequest) {
        if (this.postLogoutRedirectUri == null) {
            return null;
        }
        return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri).buildAndExpand(Collections.singletonMap("baseUrl", UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replacePath(httpServletRequest.getContextPath()).replaceQuery((String) null).fragment((String) null).build().toUriString())).toUriString();
    }

    private String endpointUri(URI uri, String str, String str2) {
        UriComponentsBuilder fromUri = UriComponentsBuilder.fromUri(uri);
        fromUri.queryParam("id_token_hint", str);
        if (str2 != null) {
            fromUri.queryParam("post_logout_redirect_uri", str2);
        }
        return fromUri.encode(StandardCharsets.UTF_8).build().toUriString();
    }

    @Deprecated
    public void setPostLogoutRedirectUri(URI uri) {
        Assert.notNull(uri, "postLogoutRedirectUri cannot be null");
        this.postLogoutRedirectUri = uri.toASCIIString();
    }

    public void setPostLogoutRedirectUri(String str) {
        Assert.notNull(str, "postLogoutRedirectUri cannot be null");
        this.postLogoutRedirectUri = str;
    }
}
