package org.springframework.security.oauth2.server.authorization.oidc.authentication;

import java.util.function.Consumer;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcLogoutAuthenticationValidator.class */
public final class OidcLogoutAuthenticationValidator implements Consumer<OidcLogoutAuthenticationContext> {
    public static final Consumer<OidcLogoutAuthenticationContext> DEFAULT_POST_LOGOUT_REDIRECT_URI_VALIDATOR = OidcLogoutAuthenticationValidator::validatePostLogoutRedirectUri;
    private final Consumer<OidcLogoutAuthenticationContext> authenticationValidator = DEFAULT_POST_LOGOUT_REDIRECT_URI_VALIDATOR;

    @Override // java.util.function.Consumer
    public void accept(OidcLogoutAuthenticationContext oidcLogoutAuthenticationContext) {
        this.authenticationValidator.accept(oidcLogoutAuthenticationContext);
    }

    private static void validatePostLogoutRedirectUri(OidcLogoutAuthenticationContext oidcLogoutAuthenticationContext) {
        OidcLogoutAuthenticationToken authentication = oidcLogoutAuthenticationContext.getAuthentication();
        RegisteredClient registeredClient = oidcLogoutAuthenticationContext.getRegisteredClient();
        if (StringUtils.hasText(authentication.getPostLogoutRedirectUri()) && !registeredClient.getPostLogoutRedirectUris().contains(authentication.getPostLogoutRedirectUri())) {
            throw new OAuth2AuthenticationException(new OAuth2Error("invalid_request", "OpenID Connect 1.0 Logout Request Parameter: post_logout_redirect_uri", "https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling"));
        }
    }
}
