package org.cloudfoundry.identity.uaa.authentication;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandler.class */
public final class WhitelistLogoutHandler extends SimpleUrlLogoutSuccessHandler {
    private static final Log logger = LogFactory.getLog(WhitelistLogoutHandler.class);
    private List<String> whitelist;
    private ClientServicesExtension clientDetailsService;

    public WhitelistLogoutHandler(List<String> list) {
        this.whitelist = null;
        this.whitelist = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
    public boolean isAlwaysUseDefaultTargetUrl() {
        return false;
    }

    public void setWhitelist(List<String> list) {
        this.whitelist = list;
    }

    public ClientServicesExtension getClientDetailsService() {
        return this.clientDetailsService;
    }

    public void setClientDetailsService(ClientServicesExtension clientServicesExtension) {
        this.clientDetailsService = clientServicesExtension;
    }

    private Set<String> getClientWhitelist(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("client_id");
        Set<String> set = null;
        if (StringUtils.hasText(parameter)) {
            try {
                set = this.clientDetailsService.loadClientByClientId(parameter, IdentityZoneHolder.get().getId()).getRegisteredRedirectUri();
            } catch (NoSuchClientException e) {
                logger.debug(String.format("Unable to find client with ID:%s for logout redirect", parameter));
            }
        }
        return set;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
    public String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String determineTargetUrl = super.determineTargetUrl(httpServletRequest, httpServletResponse);
        if (isInternalRedirect(determineTargetUrl, httpServletRequest)) {
            return determineTargetUrl;
        }
        String defaultTargetUrl = getDefaultTargetUrl();
        return determineTargetUrl.equals(defaultTargetUrl) ? determineTargetUrl : UaaUrlUtils.findMatchingRedirectUri(combineSets(this.whitelist, getClientWhitelist(httpServletRequest)), determineTargetUrl, defaultTargetUrl);
    }

    private boolean isInternalRedirect(String str, HttpServletRequest httpServletRequest) {
        return str.startsWith(httpServletRequest.getRequestURL().toString().replaceAll("/logout\\.do$", "/"));
    }

    private static <T> Set<T> combineSets(Collection<T>... collectionArr) {
        HashSet hashSet = null;
        for (Collection<T> collection : collectionArr) {
            if (collection != null) {
                if (hashSet == null) {
                    hashSet = new HashSet(collection);
                } else {
                    hashSet.addAll(collection);
                }
            }
        }
        return hashSet;
    }
}
