package org.apereo.cas.oidc.slo;

import com.nimbusds.openid.connect.sdk.claims.LogoutTokenClaimsSet;
import java.util.HashMap;
import java.util.Optional;
import java.util.UUID;
import lombok.Generated;
import org.apereo.cas.logout.slo.SingleLogoutMessage;
import org.apereo.cas.logout.slo.SingleLogoutMessageCreator;
import org.apereo.cas.logout.slo.SingleLogoutRequestContext;
import org.apereo.cas.oidc.OidcConfigurationContext;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredServiceLogoutType;
import org.apereo.cas.util.DigestUtils;
import org.jose4j.jwt.JwtClaims;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/slo/OidcSingleLogoutMessageCreator.class */
public class OidcSingleLogoutMessageCreator implements SingleLogoutMessageCreator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcSingleLogoutMessageCreator.class);
    private final ObjectProvider<OidcConfigurationContext> configurationProvider;

    @Override // org.apereo.cas.logout.slo.SingleLogoutMessageCreator
    public SingleLogoutMessage create(SingleLogoutRequestContext singleLogoutRequestContext) {
        OidcConfigurationContext object = this.configurationProvider.getObject();
        SingleLogoutMessage.SingleLogoutMessageBuilder builder = SingleLogoutMessage.builder();
        if (singleLogoutRequestContext.getLogoutType() != RegisteredServiceLogoutType.BACK_CHANNEL) {
            return builder.payload("").build();
        }
        LOGGER.trace("Building logout token for [{}]", singleLogoutRequestContext.getRegisteredService());
        return builder.payload(object.getIdTokenSigningAndEncryptionService().encode((OidcRegisteredService) singleLogoutRequestContext.getRegisteredService(), buildJwtClaims(singleLogoutRequestContext))).build();
    }

    protected JwtClaims buildJwtClaims(SingleLogoutRequestContext singleLogoutRequestContext) {
        OidcConfigurationContext object = this.configurationProvider.getObject();
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(object.getIssuerService().determineIssuer(Optional.empty()));
        jwtClaims.setSubject(singleLogoutRequestContext.getExecutionRequest().getTicketGrantingTicket().getAuthentication().getPrincipal().getId());
        jwtClaims.setAudience(((OidcRegisteredService) singleLogoutRequestContext.getRegisteredService()).getClientId());
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setJwtId(UUID.randomUUID().toString());
        HashMap hashMap = new HashMap();
        hashMap.put(LogoutTokenClaimsSet.EVENT_TYPE, new HashMap());
        jwtClaims.setClaim("events", hashMap);
        jwtClaims.setClaim("sid", DigestUtils.sha(singleLogoutRequestContext.getExecutionRequest().getTicketGrantingTicket().getId()));
        return jwtClaims;
    }

    @Generated
    public OidcSingleLogoutMessageCreator(ObjectProvider<OidcConfigurationContext> objectProvider) {
        this.configurationProvider = objectProvider;
    }
}
