package de.kaiserpfalzedv.commons.spring.security;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.slf4j.ext.XLogger;
import org.slf4j.ext.XLoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

@Component
/* loaded from: input_file:de/kaiserpfalzedv/commons/spring/security/KeycloakLogoutHandler.class */
public class KeycloakLogoutHandler implements LogoutHandler {

    @Generated
    private static final XLogger log = XLoggerFactory.getXLogger(KeycloakLogoutHandler.class);
    private final RestTemplate restTemplate;

    public KeycloakLogoutHandler(RestTemplate restTemplate) {
        this.restTemplate = restTemplate;
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        log.entry(new Object[]{httpServletRequest, httpServletResponse, authentication});
        logoutFromKeycloak((OidcUser) authentication.getPrincipal());
        log.exit();
    }

    private void logoutFromKeycloak(OidcUser oidcUser) {
        log.entry(new Object[]{oidcUser});
        if (this.restTemplate.getForEntity(UriComponentsBuilder.fromUriString(String.valueOf(oidcUser.getIssuer()) + "/protocol/openid-connect/logout").queryParam("id_token_hint", new Object[]{oidcUser.getIdToken().getTokenValue()}).toUriString(), String.class, new Object[0]).getStatusCode().is2xxSuccessful()) {
            log.info("Successfully logged out from Keycloak");
        } else {
            log.error("Could not propagate logout to Keycloak");
        }
        log.exit();
    }
}
