package org.apache.syncope.sra.security.saml2;

import org.apache.syncope.sra.SessionConfig;
import org.apache.syncope.sra.security.pac4j.NoOpSessionStore;
import org.apache.syncope.sra.security.pac4j.RedirectionActionUtils;
import org.apache.syncope.sra.security.pac4j.ServerWebExchangeContext;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.CacheManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.logout.ServerLogoutHandler;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/syncope/sra/security/saml2/SAML2RequestServerLogoutHandler.class */
public class SAML2RequestServerLogoutHandler implements ServerLogoutHandler {
    private static final Logger LOG = LoggerFactory.getLogger(SAML2RequestServerLogoutHandler.class);
    private final SAML2Client saml2Client;
    private final CacheManager cacheManager;

    public SAML2RequestServerLogoutHandler(SAML2Client sAML2Client, CacheManager cacheManager) {
        this.saml2Client = sAML2Client;
        this.cacheManager = cacheManager;
    }

    public Mono<Void> logout(WebFilterExchange webFilterExchange, Authentication authentication) {
        return webFilterExchange.getExchange().getSession().flatMap(webSession -> {
            SAML2Credentials sAML2Credentials = (SAML2Credentials) authentication.getPrincipal();
            LOG.debug("Creating SAML2 SP Logout Request for IDP[{}] and Profile[{}]", this.saml2Client.getIdentityProviderResolvedEntityId(), sAML2Credentials.getUserProfile());
            ServerWebExchangeContext serverWebExchangeContext = new ServerWebExchangeContext(webFilterExchange.getExchange());
            this.cacheManager.getCache(SessionConfig.DEFAULT_CACHE).evictIfPresent(webSession.getId());
            return webSession.invalidate().then((Mono) this.saml2Client.getLogoutAction(serverWebExchangeContext, NoOpSessionStore.INSTANCE, sAML2Credentials.getUserProfile(), (String) null).map(redirectionAction -> {
                return RedirectionActionUtils.handle(redirectionAction, serverWebExchangeContext);
            }).orElseThrow(() -> {
                return new IllegalStateException("No action generated");
            }));
        }).onErrorResume(Mono::error);
    }
}
