package org.springframework.security.config.annotation.web.configurers.oauth2.client;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.function.Function;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.logout.CompositeLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurer.class */
public final class OidcLogoutConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<OidcLogoutConfigurer<B>, B> {
    private OidcLogoutConfigurer<B>.BackChannelLogoutConfigurer backChannel;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurer$BackChannelLogoutConfigurer.class */
    public final class BackChannelLogoutConfigurer {
        private AuthenticationConverter authenticationConverter;
        private final AuthenticationManager authenticationManager = new ProviderManager(new OidcBackChannelLogoutAuthenticationProvider());
        private Function<B, LogoutHandler> logoutHandler = this::logoutHandler;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.4.6.jar:org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurer$BackChannelLogoutConfigurer$EitherLogoutHandler.class */
        public static final class EitherLogoutHandler implements LogoutHandler {
            private final LogoutHandler left;
            private final LogoutHandler right;

            EitherLogoutHandler(LogoutHandler logoutHandler, LogoutHandler logoutHandler2) {
                this.left = logoutHandler;
                this.right = logoutHandler2;
            }

            @Override // org.springframework.security.web.authentication.logout.LogoutHandler
            public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
                if (httpServletRequest.getParameter("_spring_security_internal_logout") == null) {
                    this.left.logout(httpServletRequest, httpServletResponse, authentication);
                } else {
                    this.right.logout(httpServletRequest, httpServletResponse, authentication);
                }
            }
        }

        public BackChannelLogoutConfigurer() {
        }

        private AuthenticationConverter authenticationConverter(B b) {
            if (this.authenticationConverter == null) {
                this.authenticationConverter = new OidcLogoutAuthenticationConverter(OAuth2ClientConfigurerUtils.getClientRegistrationRepository(b));
            }
            return this.authenticationConverter;
        }

        private AuthenticationManager authenticationManager() {
            return this.authenticationManager;
        }

        private LogoutHandler logoutHandler(B b) {
            OidcBackChannelLogoutHandler oidcBackChannelLogoutHandler = (OidcBackChannelLogoutHandler) getBeanOrNull(OidcBackChannelLogoutHandler.class);
            return oidcBackChannelLogoutHandler != null ? oidcBackChannelLogoutHandler : new OidcBackChannelLogoutHandler(OAuth2ClientConfigurerUtils.getOidcSessionRegistry(b));
        }

        public OidcLogoutConfigurer<B>.BackChannelLogoutConfigurer logoutUri(String str) {
            this.logoutHandler = httpSecurityBuilder -> {
                OidcBackChannelLogoutHandler oidcBackChannelLogoutHandler = new OidcBackChannelLogoutHandler(OAuth2ClientConfigurerUtils.getOidcSessionRegistry(httpSecurityBuilder));
                oidcBackChannelLogoutHandler.setLogoutUri(str);
                return oidcBackChannelLogoutHandler;
            };
            return this;
        }

        public OidcLogoutConfigurer<B>.BackChannelLogoutConfigurer logoutHandler(LogoutHandler logoutHandler) {
            this.logoutHandler = httpSecurityBuilder -> {
                return logoutHandler;
            };
            return this;
        }

        void configure(B b) {
            LogoutHandler apply = this.logoutHandler.apply(b);
            LogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler();
            LogoutConfigurer logoutConfigurer = (LogoutConfigurer) b.getConfigurer(LogoutConfigurer.class);
            if (logoutConfigurer != null) {
                securityContextLogoutHandler = new CompositeLogoutHandler(logoutConfigurer.getLogoutHandlers());
            }
            b.addFilterBefore(new OidcBackChannelLogoutFilter(authenticationConverter(b), authenticationManager(), new EitherLogoutHandler(apply, securityContextLogoutHandler)), CsrfFilter.class);
        }

        private <T> T getBeanOrNull(Class<?> cls) {
            ApplicationContext applicationContext = (ApplicationContext) ((HttpSecurityBuilder) OidcLogoutConfigurer.this.getBuilder()).getSharedObject(ApplicationContext.class);
            if (applicationContext == null) {
                return null;
            }
            return applicationContext.getBeanProvider(cls).getIfUnique();
        }
    }

    public OidcLogoutConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        ((HttpSecurityBuilder) getBuilder()).setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
        return this;
    }

    public OidcLogoutConfigurer<B> oidcSessionRegistry(OidcSessionRegistry oidcSessionRegistry) {
        Assert.notNull(oidcSessionRegistry, "oidcSessionRegistry cannot be null");
        ((HttpSecurityBuilder) getBuilder()).setSharedObject(OidcSessionRegistry.class, oidcSessionRegistry);
        return this;
    }

    public OidcLogoutConfigurer<B> backChannel(Customizer<OidcLogoutConfigurer<B>.BackChannelLogoutConfigurer> customizer) {
        if (this.backChannel == null) {
            this.backChannel = new BackChannelLogoutConfigurer();
        }
        customizer.customize(this.backChannel);
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter
    @Deprecated(forRemoval = true, since = "6.2")
    public B and() {
        return (B) getBuilder();
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(B b) throws Exception {
        if (this.backChannel != null) {
            this.backChannel.configure(b);
        }
    }
}
