package org.springframework.security.config.annotation.web.configurers.oauth2.client;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:WEB-INF/lib/spring-security-config-6.4.4.jar:org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutFilter.class */
class OidcBackChannelLogoutFilter extends OncePerRequestFilter {
    private final AuthenticationConverter authenticationConverter;
    private final AuthenticationManager authenticationManager;
    private final LogoutHandler logoutHandler;
    private final Log logger = LogFactory.getLog(getClass());
    private final OAuth2ErrorHttpMessageConverter errorHttpMessageConverter = new OAuth2ErrorHttpMessageConverter();

    /* JADX INFO: Access modifiers changed from: package-private */
    public OidcBackChannelLogoutFilter(AuthenticationConverter authenticationConverter, AuthenticationManager authenticationManager, LogoutHandler logoutHandler) {
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        Assert.notNull(logoutHandler, "logoutHandler cannot be null");
        this.authenticationConverter = authenticationConverter;
        this.authenticationManager = authenticationManager;
        this.logoutHandler = logoutHandler;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            Authentication convert = this.authenticationConverter.convert(httpServletRequest);
            if (convert == null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            try {
                this.logoutHandler.logout(httpServletRequest, httpServletResponse, this.authenticationManager.authenticate(convert));
            } catch (AuthenticationServiceException e) {
                this.logger.debug("Failed to process OIDC Back-Channel Logout", e);
                throw e;
            } catch (AuthenticationException e2) {
                handleAuthenticationFailure(httpServletResponse, e2);
            }
        } catch (AuthenticationServiceException e3) {
            this.logger.debug("Failed to process OIDC Back-Channel Logout", e3);
            throw e3;
        } catch (AuthenticationException e4) {
            handleAuthenticationFailure(httpServletResponse, e4);
        }
    }

    private void handleAuthenticationFailure(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        this.logger.debug("Failed to process OIDC Back-Channel Logout", exc);
        httpServletResponse.setStatus(400);
        this.errorHttpMessageConverter.write(oauth2Error(exc), (MediaType) null, new ServletServerHttpResponse(httpServletResponse));
    }

    private OAuth2Error oauth2Error(Exception exc) {
        return exc instanceof OAuth2AuthenticationException ? ((OAuth2AuthenticationException) exc).getError() : new OAuth2Error("invalid_request", exc.getMessage(), "https://openid.net/specs/openid-connect-backchannel-1_0.html#Validation");
    }
}
