package org.apache.brooklyn.rest.resources;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.brooklyn.core.mgmt.entitlement.Entitlements;
import org.apache.brooklyn.core.mgmt.entitlement.WebEntitlementContext;
import org.apache.brooklyn.rest.api.LogoutApi;
import org.apache.brooklyn.rest.filter.BrooklynSecurityProviderFilterHelper;
import org.apache.brooklyn.rest.security.provider.DelegatingSecurityProvider;
import org.apache.brooklyn.rest.util.MultiSessionAttributeAdapter;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.eclipse.jetty.server.session.Session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/rest/resources/LogoutResource.class */
public class LogoutResource extends AbstractBrooklynRestResource implements LogoutApi {
    private static final Logger log = LoggerFactory.getLogger(LogoutResource.class);
    public static final String DID_LOGOUT = "org.apache.brooklyn.server.DidLogout";

    @Context
    HttpServletRequest req;

    @Context
    UriInfo uri;

    @Deprecated
    public Response unAuthorize() {
        return Response.status(Response.Status.UNAUTHORIZED).build();
    }

    @Deprecated
    public Response logoutUser(String str) {
        if (!str.equals(Entitlements.getEntitlementContext().user())) {
            return Response.temporaryRedirect(this.uri.getBaseUriBuilder().path(LogoutApi.class).path(LogoutApi.class, "redirect").build(new Object[0])).entity("User requested to log out does not match actual user logged in").build();
        }
        doLogout();
        return Response.status(Response.Status.OK).build();
    }

    public Response logout(String str, String str2) {
        MultiSessionAttributeAdapter of = MultiSessionAttributeAdapter.of(this.req, false);
        WebEntitlementContext entitlementContext = Entitlements.getEntitlementContext();
        String user = entitlementContext == null ? null : entitlementContext.user();
        Logger logger = log;
        Object[] objArr = new Object[4];
        objArr[0] = user;
        objArr[1] = of != null ? of.getId() + " " : "";
        objArr[2] = of;
        objArr[3] = str;
        logger.debug("Logging out: {}, session id {} ({}), unauthorized={}", objArr);
        MutableMap of2 = MutableMap.of();
        of2.addIfNotNull("currentUser", user);
        of2.addIfNotNull("requestedUser", str2);
        of2.addIfNotNull("sessionId", of == null ? null : of.getId());
        of2.addIfNotNull("requestedSessionId", this.req.getRequestedSessionId());
        if (str2 != null && !str2.equals(user)) {
            return Response.status(Response.Status.FORBIDDEN).entity(of2.add("message", "The user requested to be logged out is not the user currently logged in")).build();
        }
        doLogout();
        return str != null ? Response.status(Response.Status.UNAUTHORIZED).entity(of2.add("message", str)).build() : Response.status(Response.Status.OK).entity(of2.add("message", "Logged out user " + user)).build();
    }

    private void doLogout() {
        MultiSessionAttributeAdapter of = MultiSessionAttributeAdapter.of(this.req);
        of.configureWhetherToSetInAll(true).removeAttribute(BrooklynSecurityProviderFilterHelper.AUTHENTICATED_USER_SESSION_ATTRIBUTE);
        new DelegatingSecurityProvider(mgmt()).logout(of.getPreferredSession());
        try {
            this.req.logout();
        } catch (ServletException e) {
            Exceptions.propagate(e);
        }
        this.req.setAttribute(DID_LOGOUT, true);
        of.getPreferredSession().invalidate();
        if ((of.getOriginalSession() instanceof Session) && of.getOriginalSession().isValid()) {
            throw new IllegalStateException(MultiSessionAttributeAdapter.info(of.getOriginalSession()) + " is valid after invaildating " + MultiSessionAttributeAdapter.info(of.getPreferredSession()));
        }
    }
}
