package org.springframework.security.oauth2.server.authorization.oidc.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.util.List;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcLogoutAuthenticationToken;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.3.2.jar:org/springframework/security/oauth2/server/authorization/oidc/web/authentication/OidcLogoutAuthenticationConverter.class */
public final class OidcLogoutAuthenticationConverter implements AuthenticationConverter {
    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));

    @Override // org.springframework.security.web.authentication.AuthenticationConverter
    public Authentication convert(HttpServletRequest httpServletRequest) {
        MultiValueMap<String, String> queryParameters = "GET".equals(httpServletRequest.getMethod()) ? OAuth2EndpointUtils.getQueryParameters(httpServletRequest) : OAuth2EndpointUtils.getFormParameters(httpServletRequest);
        String first = queryParameters.getFirst("id_token_hint");
        if (!StringUtils.hasText(first) || ((List) queryParameters.get("id_token_hint")).size() != 1) {
            throwError("invalid_request", "id_token_hint");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            authentication = ANONYMOUS_AUTHENTICATION;
        }
        String str = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            str = session.getId();
        }
        String first2 = queryParameters.getFirst("client_id");
        if (StringUtils.hasText(first2) && ((List) queryParameters.get("client_id")).size() != 1) {
            throwError("invalid_request", "client_id");
        }
        String first3 = queryParameters.getFirst("post_logout_redirect_uri");
        if (StringUtils.hasText(first3) && ((List) queryParameters.get("post_logout_redirect_uri")).size() != 1) {
            throwError("invalid_request", "post_logout_redirect_uri");
        }
        String first4 = queryParameters.getFirst(OAuth2ParameterNames.STATE);
        if (StringUtils.hasText(first4) && ((List) queryParameters.get(OAuth2ParameterNames.STATE)).size() != 1) {
            throwError("invalid_request", OAuth2ParameterNames.STATE);
        }
        return new OidcLogoutAuthenticationToken(first, authentication, str, first2, first3, first4);
    }

    private static void throwError(String str, String str2) {
        throw new OAuth2AuthenticationException(new OAuth2Error(str, "OpenID Connect 1.0 Logout Request Parameter: " + str2, "https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling"));
    }
}
