package org.apereo.cas.support.saml.web.idp.profile.slo;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPLogoutProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator;
import org.apereo.cas.support.saml.web.idp.profile.sso.request.SSOSamlHttpRequestExtractor;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder;
import org.opensaml.saml.common.SAMLException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/slo/AbstractSamlSLOProfileHandlerController.class */
public abstract class AbstractSamlSLOProfileHandlerController extends AbstractSamlProfileHandlerController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractSamlSLOProfileHandlerController.class);
    private final SSOSamlHttpRequestExtractor samlHttpRequestExtractor;

    public AbstractSamlSLOProfileHandlerController(SamlIdPObjectSigner samlIdPObjectSigner, AuthenticationSystemSupport authenticationSystemSupport, ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, OpenSamlConfigBean openSamlConfigBean, SamlProfileObjectBuilder<? extends SAMLObject> samlProfileObjectBuilder, CasConfigurationProperties casConfigurationProperties, SamlObjectSignatureValidator samlObjectSignatureValidator, SSOSamlHttpRequestExtractor sSOSamlHttpRequestExtractor, Service service) {
        super(samlIdPObjectSigner, authenticationSystemSupport, servicesManager, serviceFactory, samlRegisteredServiceCachingMetadataResolver, openSamlConfigBean, samlProfileObjectBuilder, casConfigurationProperties, samlObjectSignatureValidator, service);
        this.samlHttpRequestExtractor = sSOSamlHttpRequestExtractor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleSloProfileRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, BaseHttpServletRequestXMLMessageDecoder baseHttpServletRequestXMLMessageDecoder) throws Exception {
        SamlIdPLogoutProperties logout = this.casProperties.getAuthn().getSamlIdp().getLogout();
        if (logout.isSingleLogoutCallbacksDisabled()) {
            LOGGER.info("Processing SAML2 IdP SLO requests is disabled");
            return;
        }
        Pair<? extends SignableSAMLObject, MessageContext> extract = this.samlHttpRequestExtractor.extract(httpServletRequest, baseHttpServletRequestXMLMessageDecoder, LogoutRequest.class);
        RequestAbstractType requestAbstractType = (LogoutRequest) extract.getKey();
        MessageContext messageContext = (MessageContext) extract.getValue();
        if (logout.isForceSignedLogoutRequests() && !SAMLBindingSupport.isMessageSigned(messageContext)) {
            throw new SAMLException("Logout request is not signed but should be.");
        }
        if (SAMLBindingSupport.isMessageSigned(messageContext)) {
            String issuerFromSamlObject = SamlIdPUtils.getIssuerFromSamlObject(requestAbstractType);
            LOGGER.trace("SAML logout request from entity id [{}] is signed", issuerFromSamlObject);
            SamlRegisteredService findServiceBy = this.servicesManager.findServiceBy(issuerFromSamlObject, SamlRegisteredService.class);
            LOGGER.trace("SAML registered service tied to [{}] is [{}]", issuerFromSamlObject, findServiceBy);
            SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, findServiceBy, issuerFromSamlObject).get();
            LOGGER.trace("Verifying signature on the SAML logout request for [{}]", issuerFromSamlObject);
            this.samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(requestAbstractType, samlRegisteredServiceServiceProviderMetadataFacade, httpServletRequest, messageContext);
        }
        SamlUtils.logSamlObject(this.configBean, requestAbstractType);
        httpServletResponse.sendRedirect(this.casProperties.getServer().getLogoutUrl());
    }
}
