package com.appiancorp.security.auth.oidc.logout;

import com.appiancorp.security.LogoutSuccessHandlerDelegate;
import com.appiancorp.security.auth.AppianLoginContext;
import com.appiancorp.security.auth.oidc.OidcAppianLoginContext;
import com.appiancorp.security.auth.oidc.OidcSettingsSelector;
import com.appiancorp.security.auth.oidc.persistence.entities.OidcSettings;
import com.appiancorp.security.auth.oidc.persistence.service.OidcSettingsService;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.base.Strings;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/appiancorp/security/auth/oidc/logout/OidcLogoutSuccessHandlerDelegate.class */
public class OidcLogoutSuccessHandlerDelegate implements LogoutSuccessHandlerDelegate {
    private static final Logger LOG = LoggerFactory.getLogger(OidcLogoutSuccessHandlerDelegate.class);
    public static final String ID_TOKEN_HINT_QUERY_NAME = "id_token_hint";
    public static final String CLIENT_ID_QUERY_NAME = "client_id";
    private final OidcSettingsSelector oidcSettingsSelector;
    private final OidcSettingsService oidcSettingsService;
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    public OidcLogoutSuccessHandlerDelegate(OidcSettingsService oidcSettingsService, OidcSettingsSelector oidcSettingsSelector) {
        this.oidcSettingsService = oidcSettingsService;
        this.oidcSettingsSelector = oidcSettingsSelector;
    }

    public boolean delegate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        URI endSessionEndpoint;
        OidcAppianLoginContext appianLoginContext = getAppianLoginContext(authentication);
        if (appianLoginContext == null || (endSessionEndpoint = getEndSessionEndpoint(authentication.getName())) == null) {
            return false;
        }
        String determineTargetUrl = determineTargetUrl(httpServletRequest, endSessionEndpoint, appianLoginContext);
        if (httpServletResponse.isCommitted()) {
            LOG.warn("Did not redirect to {} since response already committed.", determineTargetUrl);
            return true;
        }
        LOG.debug("Redirecting to target {}", determineTargetUrl);
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, determineTargetUrl);
        return true;
    }

    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }

    private String determineTargetUrl(HttpServletRequest httpServletRequest, URI uri, OidcAppianLoginContext oidcAppianLoginContext) {
        return buildEndpointUri(uri, oidcAppianLoginContext.getIdToken(), oidcAppianLoginContext.getClientId());
    }

    private URI getEndSessionEndpoint(String str) {
        Optional selectSettingsForUser = this.oidcSettingsSelector.selectSettingsForUser(this.oidcSettingsService.getAllOidcSettings(), str);
        if (!selectSettingsForUser.isPresent()) {
            LOG.error("Unable to find oidc settings for user");
            return null;
        }
        OidcSettings oidcSettings = (OidcSettings) selectSettingsForUser.get();
        if (Strings.isNullOrEmpty(oidcSettings.getEndSessionEndpoint())) {
            LOG.debug("No end session endpoint configured via admin console.");
            return null;
        }
        LOG.debug("Found end session point {} on oidc settings.", oidcSettings.getEndSessionEndpoint());
        return URI.create(oidcSettings.getEndSessionEndpoint());
    }

    private String buildEndpointUri(URI uri, String str, String str2) {
        return UriComponentsBuilder.fromUri(uri).queryParam(ID_TOKEN_HINT_QUERY_NAME, new Object[]{str}).queryParam(CLIENT_ID_QUERY_NAME, new Object[]{str2}).encode(StandardCharsets.UTF_8).build().toUriString();
    }

    private OidcAppianLoginContext getAppianLoginContext(Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (!(principal instanceof AppianUserDetails)) {
            LOG.debug("RP Logout will be skipped since {} is not instance of AppianUserDetails.", principal.getClass().getName());
            return null;
        }
        AppianLoginContext appianLoginContext = ((AppianUserDetails) principal).getAppianLoginContext();
        if (appianLoginContext instanceof OidcAppianLoginContext) {
            return (OidcAppianLoginContext) appianLoginContext;
        }
        LOG.debug("RP Logout will be skipped since {} is not an instance of {}", appianLoginContext.getClass().getName(), OidcAppianLoginContext.class.getSimpleName());
        return null;
    }
}
