package org.forgerock.openidconnect.restlet;

import java.net.URI;
import javax.inject.Inject;
import org.forgerock.json.jose.common.JwtReconstruction;
import org.forgerock.json.jose.jws.SignedJwt;
import org.forgerock.oauth2.core.ClientRegistration;
import org.forgerock.oauth2.core.ClientRegistrationStore;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.OAuth2RequestFactory;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.OAuth2Exception;
import org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException;
import org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.oauth2.restlet.ExceptionHandler;
import org.forgerock.oauth2.restlet.OAuth2RestletException;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openidconnect.OpenIDConnectEndSession;
import org.restlet.Response;
import org.restlet.data.Reference;
import org.restlet.representation.Representation;
import org.restlet.resource.Get;
import org.restlet.resource.ServerResource;
import org.restlet.routing.Redirector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidconnect/restlet/EndSession.class */
public class EndSession extends ServerResource {
    private final Logger logger = LoggerFactory.getLogger("OAuth2Provider");
    private final OAuth2RequestFactory requestFactory;
    private final OpenIDConnectEndSession openIDConnectEndSession;
    private final ExceptionHandler exceptionHandler;
    private final ClientRegistrationStore clientRegistrationStore;

    @Inject
    public EndSession(OAuth2RequestFactory oAuth2RequestFactory, OpenIDConnectEndSession openIDConnectEndSession, ExceptionHandler exceptionHandler, ClientRegistrationStore clientRegistrationStore) {
        this.requestFactory = oAuth2RequestFactory;
        this.openIDConnectEndSession = openIDConnectEndSession;
        this.exceptionHandler = exceptionHandler;
        this.clientRegistrationStore = clientRegistrationStore;
    }

    @Get
    public Representation endSession() throws OAuth2RestletException {
        OAuth2Request create = this.requestFactory.create(getRequest());
        String str = (String) create.getParameter("id_token_hint");
        String str2 = (String) create.getParameter("post_logout_redirect_uri");
        String str3 = (String) create.getParameter("state");
        try {
            try {
                this.openIDConnectEndSession.endSession(create, str);
            } catch (ServerException e) {
                this.logger.warn("Error while removing session, possibly already timed out. Skipping...", e);
            }
            if (StringUtils.isNotEmpty(str2)) {
                return handleRedirect(create, str, str2, str3);
            }
            return null;
        } catch (OAuth2Exception e2) {
            throw new OAuth2RestletException(e2.getStatusCode(), e2.getError(), e2.getMessage(), null);
        }
    }

    protected void doCatch(Throwable th) {
        this.exceptionHandler.handle(th, getResponse());
    }

    private Representation handleRedirect(OAuth2Request oAuth2Request, String str, String str2, String str3) throws RedirectUriMismatchException, InvalidClientException, RelativeRedirectUriException, NotFoundException {
        validateRedirect(oAuth2Request, str, str2);
        Response response = getResponse();
        Reference reference = new Reference(str2);
        if (str3 != null && !str3.isEmpty()) {
            reference.addQueryParameter("state", str3);
        }
        new Redirector(getContext(), reference.toString(), 2).handle(getRequest(), response);
        if (response == null) {
            return null;
        }
        return response.getEntity();
    }

    private void validateRedirect(OAuth2Request oAuth2Request, String str, String str2) throws InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException, NotFoundException {
        ClientRegistration clientRegistration = this.clientRegistrationStore.get((String) new JwtReconstruction().reconstructJwt(str, SignedJwt.class).getClaimsSet().getClaim("azp"), oAuth2Request);
        URI create = URI.create(str2);
        if (!create.isAbsolute()) {
            throw new RelativeRedirectUriException();
        }
        if (!clientRegistration.getPostLogoutRedirectUris().contains(create)) {
            throw new RedirectUriMismatchException();
        }
    }
}
