package org.apereo.cas.oidc.web.controllers.logout;

import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CasProtocolConstants;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.oidc.OidcConfigurationContext;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.web.controllers.BaseOidcController;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.web.UrlValidator;
import org.apereo.cas.web.support.WebUtils;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/controllers/logout/OidcLogoutEndpointController.class */
public class OidcLogoutEndpointController extends BaseOidcController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcLogoutEndpointController.class);
    private final UrlValidator urlValidator;
    private final OidcPostLogoutRedirectUrlMatcher postLogoutRedirectUrlMatcher;

    public OidcLogoutEndpointController(OidcConfigurationContext oidcConfigurationContext, OidcPostLogoutRedirectUrlMatcher oidcPostLogoutRedirectUrlMatcher, UrlValidator urlValidator) {
        super(oidcConfigurationContext);
        this.urlValidator = urlValidator;
        this.postLogoutRedirectUrlMatcher = oidcPostLogoutRedirectUrlMatcher;
    }

    /* JADX WARN: Type inference failed for: r0v29, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    @GetMapping({"/oidc/oidcLogout", "/oidc/logout", "/**/oidcLogout"})
    public ResponseEntity handleRequestInternal(@RequestParam(value = "post_logout_redirect_uri", required = false) String str, @RequestParam(value = "state", required = false) String str2, @RequestParam(value = "id_token_hint", required = false) String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!getConfigurationContext().getIssuerService().validateIssuer(new JEEContext(httpServletRequest, httpServletResponse), OidcConstants.LOGOUT_URL)) {
            return new ResponseEntity(OAuth20Utils.toJson(OAuth20Utils.getErrorResponseBody("invalid_request", "Invalid issuer")), HttpStatus.BAD_REQUEST);
        }
        String str4 = null;
        if (StringUtils.isNotBlank(str3)) {
            LOGGER.trace("Decoding logout id token [{}]", str3);
            OidcConfigurationContext configurationContext = getConfigurationContext();
            str4 = configurationContext.getIdTokenSigningAndEncryptionService().decode(str3, Optional.empty()).getStringClaimValue("client_id");
            LOGGER.debug("Client id retrieved from id token is [{}]", str4);
            OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(configurationContext.getServicesManager(), str4);
            LOGGER.debug("Located registered service [{}]", registeredOAuthServiceByClientId);
            WebApplicationService createService = configurationContext.getWebApplicationServiceServiceFactory().createService(str4);
            configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(AuditableContext.builder().service(createService).registeredService(registeredOAuthServiceByClientId).build()).throwExceptionIfNeeded();
            WebUtils.putRegisteredService(httpServletRequest, (RegisteredService) Objects.requireNonNull(registeredOAuthServiceByClientId));
            List list = (List) configurationContext.getSingleLogoutServiceLogoutUrlBuilder().determineLogoutUrl(registeredOAuthServiceByClientId, createService, Optional.of(httpServletRequest)).stream().map((v0) -> {
                return v0.getUrl();
            }).collect(Collectors.toList());
            LOGGER.debug("Logout urls assigned to registered service are [{}]", list);
            if (StringUtils.isNotBlank(str) && registeredOAuthServiceByClientId.getMatchingStrategy() != null) {
                if (registeredOAuthServiceByClientId.matches(str) || list.stream().anyMatch(str5 -> {
                    return this.postLogoutRedirectUrlMatcher.matches(str, str5);
                })) {
                    LOGGER.debug("Requested logout URL [{}] is authorized for redirects", str);
                    return new ResponseEntity(executeLogoutRedirect(Optional.ofNullable(StringUtils.trimToNull(str2)), Optional.of(str), Optional.of(str4), httpServletRequest, httpServletResponse));
                }
            }
            Stream stream = list.stream();
            UrlValidator urlValidator = this.urlValidator;
            Objects.requireNonNull(urlValidator);
            Optional<String> findFirst = stream.filter(urlValidator::isValid).findFirst();
            if (findFirst.isPresent()) {
                return new ResponseEntity(executeLogoutRedirect(Optional.ofNullable(StringUtils.trimToNull(str2)), findFirst, Optional.of(str4), httpServletRequest, httpServletResponse));
            }
            LOGGER.debug("No logout urls could be determined for registered service [{}]", registeredOAuthServiceByClientId.getName());
        }
        return new ResponseEntity(executeLogoutRedirect(Optional.ofNullable(StringUtils.trimToNull(str2)), Optional.empty(), Optional.ofNullable(str4), httpServletRequest, httpServletResponse));
    }

    protected HttpStatus executeLogoutRedirect(Optional<String> optional, Optional<String> optional2, Optional<String> optional3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        optional2.ifPresent(str -> {
            UriComponentsBuilder fromHttpUrl = UriComponentsBuilder.fromHttpUrl(str);
            optional.ifPresent(str -> {
                fromHttpUrl.queryParam("state", str);
            });
            optional3.ifPresent(str2 -> {
                fromHttpUrl.queryParam("client_id", str2);
            });
            String uriString = fromHttpUrl.build().toUriString();
            LOGGER.debug("Final logout redirect URL is [{}]", uriString);
            WebUtils.putLogoutRedirectUrl(httpServletRequest, uriString);
        });
        httpServletRequest.getServletContext().getRequestDispatcher(CasProtocolConstants.ENDPOINT_LOGOUT).forward(httpServletRequest, httpServletResponse);
        return HttpStatus.PERMANENT_REDIRECT;
    }
}
