package org.alfresco.web.site.servlet;

import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.web.site.servlet.config.AIMSConfig;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;

@Component("aimslogouthandler")
/* loaded from: input_file:org/alfresco/web/site/servlet/AIMSLogoutHandler.class */
public class AIMSLogoutHandler {
    private static final Log logger = LogFactory.getLog(AIMSLogoutHandler.class);
    private String clientId;

    @Autowired(required = false)
    private ClientRegistrationRepository clientRegistrationRepository;

    @Autowired
    private AIMSConfig aimsConfig;
    private String postLogoutRedirectUri;
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        String str = null;
        ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(this.aimsConfig.getResource());
        URI endSessionEndpoint = endSessionEndpoint(findByRegistrationId);
        if (endSessionEndpoint != null) {
            str = endpointUri(endSessionEndpoint, idToken(authentication), postLogoutRedirectUri(httpServletRequest, findByRegistrationId));
        }
        return str;
    }

    private URI endSessionEndpoint(ClientRegistration clientRegistration) {
        Object obj;
        URI uri = null;
        if (clientRegistration != null && (obj = clientRegistration.getProviderDetails().getConfigurationMetadata().get("end_session_endpoint")) != null) {
            uri = URI.create(obj.toString());
        }
        return uri;
    }

    private String idToken(Authentication authentication) {
        return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue();
    }

    private URI postLogoutRedirectUri(HttpServletRequest httpServletRequest, ClientRegistration clientRegistration) {
        if (clientRegistration == null) {
            return null;
        }
        String str = (String) clientRegistration.getProviderDetails().getConfigurationMetadata().get("post_redirect_uri");
        UriComponents build = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replacePath(httpServletRequest.getContextPath()).replaceQuery((String) null).fragment((String) null).build();
        return str == null ? UriComponentsBuilder.fromUriString(httpServletRequest.getRequestURL() + "?success").buildAndExpand(Collections.singletonMap("baseUrl", build.toUriString())).toUri() : UriComponentsBuilder.fromUriString(str).buildAndExpand(Collections.singletonMap("baseUrl", build.toUriString())).toUri();
    }

    private String endpointUri(URI uri, String str, URI uri2) {
        UriComponentsBuilder fromUri = UriComponentsBuilder.fromUri(uri);
        fromUri.queryParam("id_token_hint", new Object[]{str});
        if (uri2 != null) {
            fromUri.queryParam("post_logout_redirect_uri", new Object[]{uri2});
        }
        return fromUri.encode(StandardCharsets.UTF_8).build().toUriString();
    }

    @Deprecated
    public void setPostLogoutRedirectUri(URI uri) {
        Assert.notNull(uri, "postLogoutRedirectUri cannot be null");
        this.postLogoutRedirectUri = uri.toASCIIString();
    }

    public void setPostLogoutRedirectUri(String str) {
        Assert.notNull(str, "postLogoutRedirectUri cannot be null");
        this.postLogoutRedirectUri = str;
    }

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        String determineTargetUrl = determineTargetUrl(httpServletRequest, httpServletResponse, authentication);
        logger.debug("Value of targetUrl is: " + determineTargetUrl);
        if (httpServletResponse.isCommitted()) {
            logger.error("Can't perform the redirect for the targetUrl: " + determineTargetUrl);
        } else {
            this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, determineTargetUrl);
        }
    }
}
