package io.gravitee.am.management.handlers.management.api.authentication.handler;

import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.identityprovider.api.SimpleAuthenticationContext;
import io.gravitee.am.jwt.JWTParser;
import io.gravitee.am.management.handlers.management.api.authentication.provider.security.EndUserAuthentication;
import io.gravitee.am.management.handlers.management.api.authentication.web.WebAuthenticationDetails;
import io.gravitee.am.management.service.OrganizationUserService;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.LogoutAuditBuilder;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.stream.Stream;
import org.springframework.core.env.Environment;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;

/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/authentication/handler/CustomLogoutSuccessHandler.class */
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
    private static final String LOGOUT_URL_PARAMETER = "target_url";
    private final AuditService auditService;
    private final JWTParser jwtParser;
    private final OrganizationUserService userService;
    private final String authCookieName;

    public CustomLogoutSuccessHandler(AuditService auditService, Environment environment, JWTParser jWTParser, OrganizationUserService organizationUserService) {
        this.auditService = auditService;
        this.jwtParser = jWTParser;
        this.userService = organizationUserService;
        this.authCookieName = environment.getProperty("jwt.cookie-name", "Auth-Graviteeio-AM");
    }

    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(LOGOUT_URL_PARAMETER);
        if (parameter != null && !parameter.isEmpty()) {
            setTargetUrlParameter(LOGOUT_URL_PARAMETER);
        }
        Stream.of((Object[]) httpServletRequest.getCookies()).filter(cookie -> {
            return this.authCookieName.equals(cookie.getName());
        }).findFirst().ifPresent(cookie2 -> {
            try {
                JWT parse = this.jwtParser.parse(cookie2.getValue().substring("Bearer ".length()));
                WebAuthenticationDetails webAuthenticationDetails = new WebAuthenticationDetails(httpServletRequest);
                String str = (String) parse.get("org");
                String sub = parse.getSub();
                this.userService.findById(ReferenceType.ORGANIZATION, str, sub).flatMap(user -> {
                    return this.userService.updateLogoutDate(ReferenceType.ORGANIZATION, str, sub);
                }).doOnSuccess(user2 -> {
                    this.auditService.report(((LogoutAuditBuilder) AuditBuilder.builder(LogoutAuditBuilder.class)).user(user2).reference(Reference.organization(str)).ipAddress(webAuthenticationDetails.getRemoteAddress()).userAgent(webAuthenticationDetails.getUserAgent()));
                }).doOnError(th -> {
                    this.logger.warn("Unable to read user information, trace logout with minimal data", th);
                    this.auditService.report(((LogoutAuditBuilder) AuditBuilder.builder(LogoutAuditBuilder.class)).principal(new EndUserAuthentication(parse.get("username"), null, new SimpleAuthenticationContext())).reference(Reference.organization(str)).ipAddress(webAuthenticationDetails.getRemoteAddress()).userAgent(webAuthenticationDetails.getUserAgent()));
                }).subscribe();
            } catch (Exception e) {
                this.logger.warn("Unable to extract information from authentication cookie", e);
            }
        });
        return super.determineTargetUrl(httpServletRequest, httpServletResponse);
    }
}
