package net.trajano.openidconnect.jaspic.internal.processors;

import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import javax.security.auth.message.AuthStatus;
import javax.ws.rs.core.UriBuilder;
import net.trajano.openidconnect.core.OpenIdProviderConfiguration;
import net.trajano.openidconnect.crypto.Encoding;
import net.trajano.openidconnect.jaspic.OpenIdConnectAuthModule;
import net.trajano.openidconnect.jaspic.internal.Log;
import net.trajano.openidconnect.jaspic.internal.ValidateContext;
import net.trajano.openidconnect.jaspic.internal.ValidateRequestProcessor;

/* loaded from: input_file:net/trajano/openidconnect/jaspic/internal/processors/LogoutRequestProcessor.class */
public class LogoutRequestProcessor implements ValidateRequestProcessor {
    private static final String CONTEXT_ROOT_STATE = Encoding.base64urlEncode("/");

    @Override // net.trajano.openidconnect.jaspic.internal.ValidateRequestProcessor
    public boolean canValidateRequest(ValidateContext validateContext) {
        return !validateContext.hasOption(OpenIdConnectAuthModule.LOGOUT_GOTO_URI_KEY) && validateContext.isSecure() && validateContext.isGetRequest() && validateContext.isRequestUri(OpenIdConnectAuthModule.LOGOUT_URI_KEY);
    }

    @Override // net.trajano.openidconnect.jaspic.internal.ValidateRequestProcessor
    public AuthStatus validateRequest(ValidateContext validateContext) throws IOException, GeneralSecurityException {
        String str;
        String idTokenJwt = validateContext.getTokenCookie().getIdTokenJwt();
        validateContext.deleteAuthCookies();
        OpenIdProviderConfiguration openIDProviderConfig = validateContext.getOpenIDProviderConfig();
        String aSCIIString = UriBuilder.fromUri(validateContext.getReq().getRequestURL().toString()).replacePath(validateContext.getReq().getContextPath()).build(new Object[0]).toASCIIString();
        String header = validateContext.getReq().getHeader("Referer");
        if (header.startsWith(aSCIIString)) {
            StringBuilder sb = new StringBuilder(header.substring(aSCIIString.length()));
            if (validateContext.getReq().getQueryString() != null) {
                sb.append('?');
                sb.append(validateContext.getReq().getQueryString());
            }
            str = Encoding.base64urlEncode(sb.toString());
        } else {
            Log.fine("Referrer " + header + "does not start with context path " + aSCIIString + " using root context", new Object[0]);
            str = CONTEXT_ROOT_STATE;
        }
        URI uri = validateContext.getUri("logout_redirection_endpoint");
        if (openIDProviderConfig.getEndSessionEndpoint() != null) {
            validateContext.getResp().sendRedirect(UriBuilder.fromUri(openIDProviderConfig.getEndSessionEndpoint()).queryParam("post_logout_redirect_uri", new Object[]{uri}).queryParam("id_token_hint", new Object[]{idTokenJwt}).queryParam("state", new Object[]{str}).build(new Object[0]).toASCIIString());
        } else {
            validateContext.getResp().sendRedirect(validateContext.getReq().getServletContext() + "/");
        }
        return AuthStatus.SEND_SUCCESS;
    }
}
