package net.n2oapp.security.admin.auth.server.logout;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
import net.n2oapp.security.admin.api.criteria.ClientCriteria;
import net.n2oapp.security.admin.api.model.Client;
import net.n2oapp.security.admin.api.service.ClientService;
import net.n2oapp.security.admin.auth.server.UserTokenConverter;
import net.n2oapp.security.auth.common.LogoutHandler;
import net.n2oapp.security.auth.common.User;
import org.codehaus.jackson.map.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.Signer;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:net/n2oapp/security/admin/auth/server/logout/OIDCBackChannelLogoutHandler.class */
public class OIDCBackChannelLogoutHandler implements LogoutHandler {
    private static final Logger log = LoggerFactory.getLogger(OIDCBackChannelLogoutHandler.class);
    private ClientService clientService;
    private Signer signer;
    private RestTemplate restTemplate = new RestTemplate();
    private ObjectMapper mapper = new ObjectMapper();

    public OIDCBackChannelLogoutHandler(Signer signer, ClientService clientService) {
        this.clientService = clientService;
        this.signer = signer;
    }

    public void doLogout(Authentication authentication) {
        for (Client client : getTargetClients()) {
            if (client.getLogoutUrl() != null && (authentication instanceof OAuth2Authentication)) {
                try {
                    this.restTemplate.exchange(prepareUrl(client.getLogoutUrl()), HttpMethod.POST, prepareRequest(client.getClientId(), (OAuth2Authentication) authentication), String.class, new Object[0]);
                } catch (Exception e) {
                    log.error("Back-Channel logout for " + client.getClientId() + " failed", e);
                }
            }
        }
    }

    private List<Client> getTargetClients() {
        ClientCriteria clientCriteria = new ClientCriteria();
        clientCriteria.setSize(Integer.MAX_VALUE);
        return (List) this.clientService.findAll(clientCriteria).stream().filter((v0) -> {
            return v0.getIsAuthorizationCode();
        }).collect(Collectors.toList());
    }

    private HttpEntity<MultiValueMap<String, String>> prepareRequest(String str, OAuth2Authentication oAuth2Authentication) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("logout_token", createLogoutToken(str, oAuth2Authentication));
        return new HttpEntity<>(linkedMultiValueMap, httpHeaders);
    }

    private String createLogoutToken(String str, OAuth2Authentication oAuth2Authentication) {
        HashMap hashMap = new HashMap();
        hashMap.put("iss", "auth-gateway");
        hashMap.put("aud", str);
        hashMap.put("event", "LOGOUT");
        hashMap.put("username", ((User) oAuth2Authentication.getUserAuthentication().getPrincipal()).getUsername());
        hashMap.put(UserTokenConverter.SID, ((OAuth2AuthenticationDetails) oAuth2Authentication.getDetails()).getSessionId());
        try {
            return JwtHelper.encode(this.mapper.writeValueAsString(hashMap), this.signer).getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("Cannot convert access token to JSON", e);
        }
    }

    private String prepareUrl(String str) throws URISyntaxException {
        return new URI(str + "/backchannel_logout").normalize().toString();
    }
}
