package digital.nedra.commons.starter.keycloak.session.config.support;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

@Component
/* loaded from: input_file:digital/nedra/commons/starter/keycloak/session/config/support/KeycloakLogoutHandler.class */
public class KeycloakLogoutHandler extends SecurityContextLogoutHandler {
    private static final Logger log = LoggerFactory.getLogger(KeycloakLogoutHandler.class);
    private final RestTemplate restTemplate = new RestTemplate();

    @Value("${starters.keycloak.protocol-url}")
    private String protocolUrl;

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        super.logout(httpServletRequest, httpServletResponse, authentication);
        if (authentication == null) {
            log.info("The user has already logged out");
            return;
        }
        if (this.restTemplate.getForEntity(UriComponentsBuilder.fromUriString(this.protocolUrl + "/logout").queryParam("id_token_hint", new Object[]{((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue()}).toUriString(), String.class, new Object[0]).getStatusCode().is2xxSuccessful()) {
            log.info("Successfully logged out in Keycloak");
        } else {
            log.info("Could not propagate logout to Keycloak");
        }
    }
}
