package org.apereo.cas.support.saml.web.idp.profile.slo;

import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.model.support.saml.idp.SamlIdPLogoutProperties;
import org.apereo.cas.logout.LogoutRedirectionStrategy;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.web.idp.profile.SamlProfileHandlerConfigurationContext;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.web.support.WebUtils;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.ext.saml2aslo.Asynchronous;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/slo/SamlIdPSingleLogoutRedirectionStrategy.class */
public class SamlIdPSingleLogoutRedirectionStrategy implements LogoutRedirectionStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPSingleLogoutRedirectionStrategy.class);
    private final SamlProfileHandlerConfigurationContext configurationContext;

    public int getOrder() {
        return 0;
    }

    public boolean supports(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        SamlRegisteredService registeredService = WebUtils.getRegisteredService(httpServletRequestFromExternalWebflowContext);
        if (!(registeredService instanceof SamlRegisteredService)) {
            return false;
        }
        SamlIdPLogoutProperties logout = this.configurationContext.getCasProperties().getAuthn().getSamlIdp().getLogout();
        SamlRegisteredService samlRegisteredService = registeredService;
        String singleLogoutRequest = WebUtils.getSingleLogoutRequest(httpServletRequestFromExternalWebflowContext);
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        if (StringUtils.isNotBlank(singleLogoutRequest)) {
            atomicBoolean.set(getLogoutRequest(httpServletRequestFromExternalWebflowContext).map((v0) -> {
                return v0.getExtensions();
            }).stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).anyMatch(extensions -> {
                return !extensions.getUnknownXMLObjects(Asynchronous.DEFAULT_ELEMENT_NAME).isEmpty();
            }));
        }
        return logout.isSendLogoutResponse() && samlRegisteredService.isLogoutResponseEnabled() && singleLogoutRequest != null && !atomicBoolean.get();
    }

    public void handle(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        SamlRegisteredService samlRegisteredService = (SamlRegisteredService) WebUtils.getRegisteredService(httpServletRequestFromExternalWebflowContext);
        LogoutRequest logoutRequest = getLogoutRequest(httpServletRequestFromExternalWebflowContext).get();
        String issuerFromSamlObject = SamlIdPUtils.getIssuerFromSamlObject(logoutRequest);
        Optional optional = SamlRegisteredServiceServiceProviderMetadataFacade.get(this.configurationContext.getSamlRegisteredServiceCachingMetadataResolver(), samlRegisteredService, issuerFromSamlObject);
        if (optional.isEmpty()) {
            LOGGER.warn("Cannot find service provider metadata entity linked to [{}]", issuerFromSamlObject);
            return;
        }
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) optional.get();
        String determineLogoutResponseBindingType = determineLogoutResponseBindingType(samlRegisteredService);
        LOGGER.debug("Logout response binding type is determined as [{}]", determineLogoutResponseBindingType);
        String defaultString = StringUtils.defaultString(determineLogoutResponseBindingType);
        boolean z = -1;
        switch (defaultString.hashCode()) {
            case -696232441:
                if (defaultString.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
                    z = true;
                    break;
                }
                break;
            case 1763395627:
                if (defaultString.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                handleSingleLogoutForPostBinding(requestContext, logoutRequest, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
                return;
            case true:
            default:
                handleSingleLogoutForRedirectBinding(requestContext, logoutRequest, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
                return;
        }
    }

    protected String determineLogoutResponseBindingType(SamlRegisteredService samlRegisteredService) {
        return (String) StringUtils.defaultIfBlank(samlRegisteredService.getLogoutResponseBinding(), this.configurationContext.getCasProperties().getAuthn().getSamlIdp().getLogout().getLogoutResponseBinding());
    }

    protected void handleSingleLogoutForRedirectBinding(RequestContext requestContext, LogoutRequest logoutRequest, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        SingleLogoutService singleLogoutService = samlRegisteredServiceServiceProviderMetadataFacade.getSingleLogoutService("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        FunctionUtils.doIfNotNull(singleLogoutService, singleLogoutService2 -> {
            FunctionUtils.doUnchecked(obj -> {
                produceSamlLogoutResponseRedirect(samlRegisteredServiceServiceProviderMetadataFacade, singleLogoutService, requestContext, samlRegisteredService, logoutRequest);
            }, new Object[0]);
        });
    }

    protected void handleSingleLogoutForPostBinding(RequestContext requestContext, LogoutRequest logoutRequest, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        SingleLogoutService singleLogoutService = samlRegisteredServiceServiceProviderMetadataFacade.getSingleLogoutService("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        FunctionUtils.doIfNotNull(singleLogoutService, singleLogoutService2 -> {
            FunctionUtils.doUnchecked(obj -> {
                produceSamlLogoutResponsePost(samlRegisteredServiceServiceProviderMetadataFacade, singleLogoutService, requestContext, samlRegisteredService, logoutRequest);
            }, new Object[0]);
        });
    }

    protected void produceSamlLogoutResponseRedirect(SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, SingleLogoutService singleLogoutService, RequestContext requestContext, SamlRegisteredService samlRegisteredService, LogoutRequest logoutRequest) throws Exception {
        LogoutResponse buildSamlLogoutResponse = buildSamlLogoutResponse(samlRegisteredServiceServiceProviderMetadataFacade, singleLogoutService, requestContext, samlRegisteredService, logoutRequest);
        String location = StringUtils.isBlank(singleLogoutService.getResponseLocation()) ? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation();
        LOGGER.trace("Encoding logout response given endpoint [{}] for binding [{}]", location, singleLogoutService.getBinding());
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        SamlIdPHttpRedirectDeflateEncoder samlIdPHttpRedirectDeflateEncoder = new SamlIdPHttpRedirectDeflateEncoder(location, buildSamlLogoutResponse);
        samlIdPHttpRedirectDeflateEncoder.setRelayState(httpServletRequestFromExternalWebflowContext.getParameter("RelayState"));
        samlIdPHttpRedirectDeflateEncoder.doEncode();
        String redirectUrl = samlIdPHttpRedirectDeflateEncoder.getRedirectUrl();
        LOGGER.debug("Final logout redirect URL is [{}]", redirectUrl);
        WebUtils.putLogoutRedirectUrl(httpServletRequestFromExternalWebflowContext, redirectUrl);
    }

    protected void produceSamlLogoutResponsePost(SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, SingleLogoutService singleLogoutService, RequestContext requestContext, SamlRegisteredService samlRegisteredService, LogoutRequest logoutRequest) throws Exception {
        LogoutResponse buildSamlLogoutResponse = buildSamlLogoutResponse(samlRegisteredServiceServiceProviderMetadataFacade, singleLogoutService, requestContext, samlRegisteredService, logoutRequest);
        String location = StringUtils.isBlank(singleLogoutService.getResponseLocation()) ? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation();
        LOGGER.trace("Encoding logout response given endpoint [{}] for binding [{}]", location, singleLogoutService.getBinding());
        String nodeToString = SerializeSupport.nodeToString(XMLObjectSupport.marshall(buildSamlLogoutResponse));
        LOGGER.trace("Logout request payload is [{}]", nodeToString);
        String encodeBase64 = EncodingUtils.encodeBase64(nodeToString);
        LOGGER.trace("Logout message encoded in base64 is [{}]", encodeBase64);
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        Map wrap = CollectionUtils.wrap("SAMLResponse", encodeBase64);
        FunctionUtils.doIfNotNull(httpServletRequestFromExternalWebflowContext.getParameter("RelayState"), str -> {
            wrap.put("RelayState", str);
        });
        WebUtils.putLogoutPostUrl(requestContext, location);
        WebUtils.putLogoutPostData(requestContext, wrap);
    }

    protected LogoutResponse buildSamlLogoutResponse(SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, SingleLogoutService singleLogoutService, RequestContext requestContext, SamlRegisteredService samlRegisteredService, LogoutRequest logoutRequest) throws Exception {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        String str = "_" + String.valueOf(RandomUtils.nextLong());
        SamlIdPLogoutResponseObjectBuilder logoutResponseBuilder = this.configurationContext.getLogoutResponseBuilder();
        Status newStatus = logoutResponseBuilder.newStatus("urn:oasis:names:tc:SAML:2.0:status:Success", "Success");
        Issuer newIssuer = logoutResponseBuilder.newIssuer(this.configurationContext.getCasProperties().getAuthn().getSamlIdp().getCore().getEntityId());
        String location = StringUtils.isBlank(singleLogoutService.getResponseLocation()) ? singleLogoutService.getLocation() : singleLogoutService.getResponseLocation();
        LOGGER.trace("Creating logout response for binding [{}] with issuer [{}], location [{}] and service provider [{}]", new Object[]{singleLogoutService.getBinding(), newIssuer, location, samlRegisteredServiceServiceProviderMetadataFacade.getEntityId()});
        LogoutResponse newLogoutResponse = logoutResponseBuilder.newLogoutResponse(str, location, newIssuer, newStatus, logoutRequest.getID());
        if (!this.configurationContext.getCasProperties().getAuthn().getSamlIdp().getLogout().isSignLogoutResponse()) {
            return newLogoutResponse;
        }
        LOGGER.trace("Signing logout request for service provider [{}]", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
        LogoutResponse encode = this.configurationContext.getSamlObjectSigner().encode(newLogoutResponse, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, httpServletResponseFromExternalWebflowContext, httpServletRequestFromExternalWebflowContext, singleLogoutService.getBinding(), logoutRequest, new MessageContext());
        SamlUtils.logSamlObject(this.configurationContext.getOpenSamlConfigBean(), encode);
        return encode;
    }

    private Optional<LogoutRequest> getLogoutRequest(HttpServletRequest httpServletRequest) {
        String singleLogoutRequest = WebUtils.getSingleLogoutRequest(httpServletRequest);
        return Optional.ofNullable(singleLogoutRequest).map(str -> {
            return SamlUtils.transformSamlObject(this.configurationContext.getOpenSamlConfigBean(), EncodingUtils.decodeBase64(singleLogoutRequest), LogoutRequest.class);
        });
    }

    @Generated
    public SamlIdPSingleLogoutRedirectionStrategy(SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext) {
        this.configurationContext = samlProfileHandlerConfigurationContext;
    }
}
