package be.atbash.ee.security.sso.server.endpoint;

import be.atbash.ee.security.octopus.SecurityUtils;
import be.atbash.ee.security.octopus.config.Debug;
import be.atbash.ee.security.octopus.config.OctopusCoreConfiguration;
import be.atbash.ee.security.octopus.subject.UserPrincipal;
import be.atbash.ee.security.sso.server.client.ClientInfo;
import be.atbash.ee.security.sso.server.client.ClientInfoRetriever;
import be.atbash.ee.security.sso.server.store.OIDCStoreData;
import be.atbash.ee.security.sso.server.store.SSOTokenStore;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jwt.JWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.LogoutRequest;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Iterator;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebServlet({"/octopus/sso/logout"})
/* loaded from: input_file:be/atbash/ee/security/sso/server/endpoint/LogoutServlet.class */
public class LogoutServlet extends HttpServlet {
    private static final Logger LOGGER = LoggerFactory.getLogger(LogoutServlet.class);

    @Inject
    private OctopusCoreConfiguration octopusCoreConfiguration;

    @Inject
    private SSOTokenStore tokenStore;

    @Inject
    private ClientInfoRetriever clientInfoRetriever;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            LogoutRequest parse = LogoutRequest.parse(httpServletRequest.getQueryString());
            String clientId = getClientId(parse.getIDTokenHint());
            UserPrincipal principal = SecurityUtils.getSubject().getPrincipal();
            doSingleLogout(principal, clientId);
            this.tokenStore.removeUser(principal);
            if (parse.getPostLogoutRedirectionURI() != null) {
                try {
                    httpServletResponse.sendRedirect(parse.getPostLogoutRedirectionURI().toString());
                } catch (IOException e) {
                    throw new AtbashUnexpectedException(e);
                }
            }
            SecurityUtils.getSubject().logout();
            showDebugInfo(principal);
        } catch (ParseException e2) {
            throw new AtbashUnexpectedException(e2);
        }
    }

    private String getClientId(JWT jwt) {
        return jwt.getHeader().getCustomParam("clientId").toString();
    }

    private void doSingleLogout(UserPrincipal userPrincipal, String str) {
        Iterator<OIDCStoreData> it = this.tokenStore.getLoggedInClients(userPrincipal).iterator();
        while (it.hasNext()) {
            OIDCStoreData next = it.next();
            if (str.equals(next.getClientId().getValue())) {
                it.remove();
            } else {
                ClientInfo retrieveInfo = this.clientInfoRetriever.retrieveInfo(next.getClientId().getValue());
                if (retrieveInfo.isOctopusClient()) {
                    sendLogoutRequestToClient(retrieveInfo.getCallbackURL() + "/octopus/sso/SSOLogoutCallback?access_token=" + next.getAccessToken().getValue());
                }
            }
        }
    }

    private void sendLogoutRequestToClient(String str) {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("GET");
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode != 200) {
                LOGGER.warn(String.format("Sending logout request to %s failed with status :  %s, message : %s", str, Integer.valueOf(responseCode), httpURLConnection.getResponseMessage()));
            }
        } catch (IOException e) {
            LOGGER.warn(String.format("Sending logout request to %s failed with %s", str, e.getMessage()));
        }
    }

    private void showDebugInfo(UserPrincipal userPrincipal) {
        if (this.octopusCoreConfiguration.showDebugFor().contains(Debug.SSO_FLOW)) {
            LOGGER.info(String.format("(SSO Server) User %s is logged out (cookie token = %s)", userPrincipal.getName(), userPrincipal.getUserInfo("OCTOPUS_SSO_COOKIE_TOKEN")));
        }
    }
}
