package org.springframework.security.oauth2.server.authorization.oidc.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.util.List;
import java.util.Map;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcLogoutAuthenticationToken;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/oidc/web/authentication/OidcLogoutAuthenticationConverter.class */
public final class OidcLogoutAuthenticationConverter implements AuthenticationConverter {
    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"}));

    public Authentication convert(HttpServletRequest httpServletRequest) {
        MultiValueMap<String, String> parameters = getParameters(httpServletRequest);
        String parameter = httpServletRequest.getParameter("id_token_hint");
        if (!StringUtils.hasText(parameter) || httpServletRequest.getParameterValues("id_token_hint").length != 1) {
            throwError("invalid_request", "id_token_hint");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            authentication = ANONYMOUS_AUTHENTICATION;
        }
        String str = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            str = session.getId();
        }
        String str2 = (String) parameters.getFirst(OidcClientMetadataClaimNames.CLIENT_ID);
        if (StringUtils.hasText(str2) && ((List) parameters.get(OidcClientMetadataClaimNames.CLIENT_ID)).size() != 1) {
            throwError("invalid_request", OidcClientMetadataClaimNames.CLIENT_ID);
        }
        String str3 = (String) parameters.getFirst("post_logout_redirect_uri");
        if (StringUtils.hasText(str3) && ((List) parameters.get("post_logout_redirect_uri")).size() != 1) {
            throwError("invalid_request", "post_logout_redirect_uri");
        }
        String str4 = (String) parameters.getFirst("state");
        if (StringUtils.hasText(str4) && ((List) parameters.get("state")).size() != 1) {
            throwError("invalid_request", "state");
        }
        return new OidcLogoutAuthenticationToken(parameter, authentication, str, str2, str3, str4);
    }

    private static MultiValueMap<String, String> getParameters(HttpServletRequest httpServletRequest) {
        Map parameterMap = httpServletRequest.getParameterMap();
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(parameterMap.size());
        parameterMap.forEach((str, strArr) -> {
            if (strArr.length > 0) {
                for (String str : strArr) {
                    linkedMultiValueMap.add(str, str);
                }
            }
        });
        return linkedMultiValueMap;
    }

    private static void throwError(String str, String str2) {
        throw new OAuth2AuthenticationException(new OAuth2Error(str, "OpenID Connect 1.0 Logout Request Parameter: " + str2, "https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling"));
    }
}
