package org.craftercms.security.impl.processors;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import org.craftercms.security.api.AuthenticationService;
import org.craftercms.security.api.RequestContext;
import org.craftercms.security.api.RequestSecurityProcessor;
import org.craftercms.security.api.RequestSecurityProcessorChain;
import org.craftercms.security.api.UserProfile;
import org.craftercms.security.authentication.AuthenticationToken;
import org.craftercms.security.authentication.AuthenticationTokenCache;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-2.3.5.jar:org/craftercms/security/impl/processors/LogoutProcessor.class */
public class LogoutProcessor implements RequestSecurityProcessor {
    public static final Logger logger = LoggerFactory.getLogger(LogoutProcessor.class);
    public static final String DEFAULT_LOGOUT_URL = "/crafter-security-logout";
    public static final String DEFAULT_LOGOUT_METHOD = "GET";
    protected String logoutUrl = DEFAULT_LOGOUT_URL;
    protected String logoutMethod = "GET";
    protected String targetUrl;
    protected AuthenticationTokenCache authenticationTokenCache;
    protected AuthenticationService authenticationService;

    public void setLogoutUrl(String str) {
        this.logoutUrl = str;
    }

    public void setLogoutMethod(String str) {
        this.logoutMethod = str;
    }

    @Required
    public void setTargetUrl(String str) {
        this.targetUrl = str;
    }

    @Required
    public void setAuthenticationTokenCache(AuthenticationTokenCache authenticationTokenCache) {
        this.authenticationTokenCache = authenticationTokenCache;
    }

    @Required
    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    @Override // org.craftercms.security.api.RequestSecurityProcessor
    public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
        if (!isLogoutRequest(requestContext.getRequest())) {
            requestSecurityProcessorChain.processRequest(requestContext);
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Processing logout request");
        }
        if (requestContext.getAuthenticationToken() == null) {
            throw new IllegalArgumentException("Request context doesn't contain an authentication token");
        }
        if (requestContext.getAuthenticationToken().getProfile() == null) {
            throw new IllegalArgumentException("Authentication token of request context doesn't contain a user profile");
        }
        if (requestContext.getAuthenticationToken().getProfile().isAuthenticated()) {
            AuthenticationToken authenticationToken = requestContext.getAuthenticationToken();
            UserProfile profile = authenticationToken.getProfile();
            if (logger.isDebugEnabled()) {
                logger.debug("Removing profile from cache for user " + profile.getUserName());
                logger.debug("Invalidating authentication ticket '" + authenticationToken.getTicket() + "' for user '" + profile.getUserName() + "'");
            }
            this.authenticationTokenCache.removeToken(requestContext, authenticationToken);
            this.authenticationService.invalidateTicket(authenticationToken.getTicket());
            logger.info("Logout for user '" + profile.getUserName() + "' successful");
        }
        redirectToTargetUrl(requestContext);
    }

    protected boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().equals(new StringBuilder().append(httpServletRequest.getContextPath()).append(this.logoutUrl).toString()) && httpServletRequest.getMethod().equals(this.logoutMethod);
    }

    protected void redirectToTargetUrl(RequestContext requestContext) throws IOException {
        requestContext.getResponse().sendRedirect(requestContext.getRequest().getContextPath() + this.targetUrl);
    }
}
