package org.mitre.openid.connect.web;

import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import java.text.ParseException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.mitre.jwt.assertion.impl.SelfAssertionValidator;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.util.UriComponentsBuilder;

@Controller
/* loaded from: input_file:org/mitre/openid/connect/web/EndSessionEndpoint.class */
public class EndSessionEndpoint {
    public static final String URL = "endsession";
    private static final String CLIENT_KEY = "client";
    private static final String STATE_KEY = "state";
    private static final String REDIRECT_URI_KEY = "redirectUri";
    private static Logger logger = LoggerFactory.getLogger(EndSessionEndpoint.class);

    @Autowired
    private SelfAssertionValidator validator;

    @Autowired
    private UserInfoService userInfoService;

    @Autowired
    private ClientDetailsEntityService clientService;

    @RequestMapping(value = {"/endsession"}, method = {RequestMethod.GET})
    public String endSession(@RequestParam(value = "id_token_hint", required = false) String str, @RequestParam(value = "post_logout_redirect_uri", required = false) String str2, @RequestParam(value = "state", required = false) String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, Authentication authentication, Model model) {
        JWTClaimsSet jWTClaimsSet = null;
        ClientDetailsEntity clientDetailsEntity = null;
        if (!Strings.isNullOrEmpty(str2)) {
            httpSession.setAttribute(REDIRECT_URI_KEY, str2);
        }
        if (!Strings.isNullOrEmpty(str3)) {
            httpSession.setAttribute("state", str3);
        }
        if (!Strings.isNullOrEmpty(str)) {
            try {
                JWT parse = JWTParser.parse(str);
                if (this.validator.isValid(parse)) {
                    jWTClaimsSet = parse.getJWTClaimsSet();
                    clientDetailsEntity = this.clientService.loadClientByClientId((String) Iterables.getOnlyElement(jWTClaimsSet.getAudience()));
                    httpSession.setAttribute("client", clientDetailsEntity);
                }
            } catch (InvalidClientException e) {
                logger.debug("Invalid client", e);
            } catch (ParseException e2) {
                logger.debug("Invalid id token hint", e2);
            }
        }
        if (authentication == null || !httpServletRequest.isUserInRole("ROLE_USER")) {
            return processLogout(null, httpServletRequest, httpServletResponse, httpSession, authentication, model);
        }
        UserInfo byUsername = this.userInfoService.getByUsername(authentication.getName());
        if (jWTClaimsSet != null) {
            String subject = jWTClaimsSet.getSubject();
            if (Strings.isNullOrEmpty(subject) || subject.equals(byUsername.getSub())) {
            }
        }
        model.addAttribute("client", clientDetailsEntity);
        model.addAttribute("idToken", jWTClaimsSet);
        return "logoutConfirmation";
    }

    @RequestMapping(value = {"/endsession"}, method = {RequestMethod.POST})
    public String processLogout(@RequestParam(value = "approve", required = false) String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, Authentication authentication, Model model) {
        String str2 = (String) httpSession.getAttribute(REDIRECT_URI_KEY);
        String str3 = (String) httpSession.getAttribute("state");
        ClientDetailsEntity clientDetailsEntity = (ClientDetailsEntity) httpSession.getAttribute("client");
        if (!Strings.isNullOrEmpty(str)) {
            if (authentication != null) {
                new SecurityContextLogoutHandler().logout(httpServletRequest, httpServletResponse, authentication);
            }
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        }
        return (Strings.isNullOrEmpty(str2) || clientDetailsEntity == null || clientDetailsEntity.getPostLogoutRedirectUris() == null || !clientDetailsEntity.getPostLogoutRedirectUris().contains(str2)) ? "postLogout" : "redirect:" + UriComponentsBuilder.fromHttpUrl(str2).queryParam("state", new Object[]{str3}).build();
    }
}
