package org.springframework.security.oauth2.server.authorization.oidc.web.authentication;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcLogoutAuthenticationToken;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/oidc/web/authentication/OidcLogoutAuthenticationSuccessHandler.class */
public final class OidcLogoutAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    private final Log logger = LogFactory.getLog(getClass());
    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private final SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
    private LogoutHandler logoutHandler = this::performLogout;

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        if (authentication instanceof OidcLogoutAuthenticationToken) {
            this.logoutHandler.logout(httpServletRequest, httpServletResponse, authentication);
            sendLogoutRedirect(httpServletRequest, httpServletResponse, authentication);
        } else {
            if (this.logger.isErrorEnabled()) {
                this.logger.error(Authentication.class.getSimpleName() + " must be of type " + OidcLogoutAuthenticationToken.class.getName() + " but was " + authentication.getClass().getName());
            }
            throw new OAuth2AuthenticationException(new OAuth2Error("server_error", "Unable to process the OpenID Connect 1.0 RP-Initiated Logout response.", (String) null));
        }
    }

    public void setLogoutHandler(LogoutHandler logoutHandler) {
        Assert.notNull(logoutHandler, "logoutHandler cannot be null");
        this.logoutHandler = logoutHandler;
    }

    private void performLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        OidcLogoutAuthenticationToken oidcLogoutAuthenticationToken = (OidcLogoutAuthenticationToken) authentication;
        if (oidcLogoutAuthenticationToken.isPrincipalAuthenticated()) {
            this.securityContextLogoutHandler.logout(httpServletRequest, httpServletResponse, (Authentication) oidcLogoutAuthenticationToken.getPrincipal());
        }
    }

    private void sendLogoutRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        OidcLogoutAuthenticationToken oidcLogoutAuthenticationToken = (OidcLogoutAuthenticationToken) authentication;
        String str = "/";
        if (oidcLogoutAuthenticationToken.isAuthenticated() && StringUtils.hasText(oidcLogoutAuthenticationToken.getPostLogoutRedirectUri())) {
            UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(oidcLogoutAuthenticationToken.getPostLogoutRedirectUri());
            if (StringUtils.hasText(oidcLogoutAuthenticationToken.getState())) {
                fromUriString.queryParam("state", new Object[]{UriUtils.encode(oidcLogoutAuthenticationToken.getState(), StandardCharsets.UTF_8)});
            }
            str = fromUriString.build(true).toUriString();
        }
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, str);
    }
}
