package com.mapr.admin.security;

import com.mapr.admin.Constants;
import com.mapr.admin.lib.MapRCliUtils;
import com.mapr.admin.util.Oauth2Util;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.core.log.LogMessage;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/mapr/admin/security/MySimpleUrlLogoutSuccessHandler.class */
public class MySimpleUrlLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements LogoutSuccessHandler {
    private static final Logger log = LogManager.getLogger((Class<?>) MySimpleUrlLogoutSuccessHandler.class);
    private final ClientRegistrationRepository clientRegistrationRepository;
    private String postLogoutRedirectUri;

    public MySimpleUrlLogoutSuccessHandler(ClientRegistrationRepository clientRegistrationRepository) {
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutSuccessHandler
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        log.info("SSO logout");
        log.info("onLogoutSuccess: Calling cleanup script");
        MapRCliUtils.executeCleanupScript(Constants.MAPR_USER);
        handle(httpServletRequest, httpServletResponse, authentication);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        super.setUseReferer(true);
        String determineTargetUrl = super.determineTargetUrl(httpServletRequest, httpServletResponse, authentication);
        this.postLogoutRedirectUri = determineTargetUrl;
        if (httpServletResponse.isCommitted()) {
            this.logger.debug(LogMessage.format("Did not redirect to %s since response already committed.", determineTargetUrl));
            return;
        }
        if (!(authentication instanceof OAuth2AuthenticationToken) || !(authentication.getPrincipal() instanceof OidcUser)) {
            super.handle(httpServletRequest, httpServletResponse, authentication);
            return;
        }
        URI endpointUri = Oauth2Util.getEndpointUri(authentication, this.clientRegistrationRepository, "end_session_endpoint");
        RestTemplate restTemplate = new RestTemplate();
        HttpHeaders httpHeaders = new HttpHeaders();
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        String idToken = idToken(authentication);
        linkedMultiValueMap.add("id_token_hint", idToken);
        if (Oauth2Util.getRegistrationId(authentication).equalsIgnoreCase("okta")) {
            UriComponents build = UriComponentsBuilder.fromHttpUrl(endpointUri.toString()).queryParam("client_id", Oauth2Util.getInstance().getSsoConf().getClientId()).queryParam("id_token_hint", idToken).build();
            httpHeaders.setContentType(MediaType.APPLICATION_JSON);
            restTemplate.exchange(build.toUriString(), HttpMethod.GET, new HttpEntity<>((MultiValueMap<String, String>) httpHeaders), String.class, new Object[0]);
        } else {
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
            restTemplate.exchange(endpointUri, HttpMethod.POST, new HttpEntity<>(linkedMultiValueMap, httpHeaders), String.class);
        }
        getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, determineTargetUrl);
    }

    private String idToken(Authentication authentication) {
        return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue();
    }

    private String postLogoutRedirectUri(HttpServletRequest httpServletRequest, ClientRegistration clientRegistration) {
        if (this.postLogoutRedirectUri == null) {
            return null;
        }
        UriComponents build = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replacePath(httpServletRequest.getContextPath()).replaceQuery((String) null).fragment((String) null).build();
        HashMap hashMap = new HashMap();
        hashMap.put("baseUrl", build.toUriString());
        hashMap.put(DefaultServerOAuth2AuthorizationRequestResolver.DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME, clientRegistration.getRegistrationId());
        return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri).buildAndExpand(hashMap).toUriString();
    }
}
