package org.apereo.cas.support.saml.web.idp.profile.slo;

import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringNameIDEncoder;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties;
import org.apereo.cas.logout.slo.SingleLogoutMessage;
import org.apereo.cas.logout.slo.SingleLogoutMessageCreator;
import org.apereo.cas.logout.slo.SingleLogoutRequest;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.util.RandomUtils;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.soap.common.SOAPObjectBuilder;
import org.opensaml.soap.soap11.Body;
import org.opensaml.soap.soap11.Envelope;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/slo/SamlProfileSingleLogoutMessageCreator.class */
public class SamlProfileSingleLogoutMessageCreator extends AbstractSaml20ObjectBuilder implements SingleLogoutMessageCreator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlProfileSingleLogoutMessageCreator.class);
    private static final long serialVersionUID = -5895467960534493675L;
    protected final transient ServicesManager servicesManager;
    protected final transient SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver;
    protected final SamlIdPProperties samlIdPProperties;
    protected final SamlIdPObjectSigner samlObjectSigner;
    private final transient SOAPObjectBuilder<Envelope> envelopeBuilder;
    private final transient SOAPObjectBuilder<Body> bodyBuilder;

    public SamlProfileSingleLogoutMessageCreator(OpenSamlConfigBean openSamlConfigBean, ServicesManager servicesManager, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, SamlIdPProperties samlIdPProperties, SamlIdPObjectSigner samlIdPObjectSigner) {
        super(openSamlConfigBean);
        this.servicesManager = servicesManager;
        this.samlRegisteredServiceCachingMetadataResolver = samlRegisteredServiceCachingMetadataResolver;
        this.samlIdPProperties = samlIdPProperties;
        this.samlObjectSigner = samlIdPObjectSigner;
        XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
        this.envelopeBuilder = builderFactory.getBuilder(Envelope.DEFAULT_ELEMENT_NAME);
        this.bodyBuilder = builderFactory.getBuilder(Body.DEFAULT_ELEMENT_NAME);
    }

    public SingleLogoutMessage create(SingleLogoutRequest singleLogoutRequest) {
        String str = "_" + String.valueOf(RandomUtils.getNativeInstance().nextLong());
        DateTime plusSeconds = DateTime.now(DateTimeZone.UTC).plusSeconds(this.samlIdPProperties.getResponse().getSkewAllowance());
        SAML2StringNameIDEncoder sAML2StringNameIDEncoder = new SAML2StringNameIDEncoder();
        SamlRegisteredService registeredService = singleLogoutRequest.getRegisteredService();
        sAML2StringNameIDEncoder.setNameFormat((String) StringUtils.defaultIfBlank(registeredService.getRequiredNameIdFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
        sAML2StringNameIDEncoder.setNameQualifier(registeredService.getNameIdQualifier());
        IdPAttribute idPAttribute = new IdPAttribute(AttributePrincipal.class.getName());
        String id = singleLogoutRequest.getTicketGrantingTicket().getAuthentication().getPrincipal().getId();
        LOGGER.trace("Preparing NameID attribute for principal [{}]", id);
        idPAttribute.setValues(CollectionUtils.wrap(new StringAttributeValue(id)));
        RequestAbstractType newLogoutRequest = newLogoutRequest(str, plusSeconds, singleLogoutRequest.getLogoutUrl().toExternalForm(), newIssuer(this.samlIdPProperties.getEntityId()), singleLogoutRequest.getTicketId(), sAML2StringNameIDEncoder.encode(idPAttribute));
        String str2 = (String) singleLogoutRequest.getProperties().get(SamlIdPSingleLogoutServiceLogoutUrlBuilder.PROPERTY_NAME_SINGLE_LOGOUT_BINDING);
        if (this.samlIdPProperties.getLogout().isForceSignedLogoutRequests()) {
            String id2 = singleLogoutRequest.getService().getId();
            SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, registeredService, id2).orElseThrow(() -> {
                return new IllegalArgumentException("Unable to find metadata for saml service " + id2);
            });
            HttpServletRequest httpServletRequestFromRequestAttributes = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
            this.samlObjectSigner.encode(newLogoutRequest, registeredService, samlRegisteredServiceServiceProviderMetadataFacade, HttpRequestUtils.getHttpServletResponseFromRequestAttributes(), httpServletRequestFromRequestAttributes, str2, newLogoutRequest);
        }
        if (!"urn:oasis:names:tc:SAML:2.0:bindings:SOAP".equalsIgnoreCase(str2)) {
            return buildSingleLogoutMessage(newLogoutRequest, newLogoutRequest);
        }
        Envelope buildObject = this.envelopeBuilder.buildObject();
        Body buildObject2 = this.bodyBuilder.buildObject();
        buildObject.setBody(buildObject2);
        buildObject2.getUnknownXMLObjects().add(newLogoutRequest);
        return buildSingleLogoutMessage(newLogoutRequest, buildObject);
    }

    private SingleLogoutMessage buildSingleLogoutMessage(LogoutRequest logoutRequest, XMLObject xMLObject) {
        return SingleLogoutMessage.builder().message(logoutRequest).payload(SamlUtils.transformSamlObject(this.configBean, xMLObject).toString()).build();
    }
}
