package org.apereo.cas.support.saml.web.idp.profile;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.support.saml.SamlIdPConstants;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.SamlUtils;
import org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder;
import org.opensaml.saml.common.SAMLException;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller("sloPostProfileHandlerController")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/SLOPostProfileHandlerController.class */
public class SLOPostProfileHandlerController extends AbstractSamlProfileHandlerController {

    @Value("${cas.samlidp.logout.request.force.signed:true}")
    private boolean forceSignedLogoutRequests = true;

    @Value("${cas.samlidp.logout.slo.callbacks.disabled:false}")
    private boolean singleLogoutCallbacksDisabled;

    @RequestMapping(path = {SamlIdPConstants.ENDPOINT_SAML2_SLO_PROFILE_POST}, method = {RequestMethod.POST})
    protected void handleSaml2ProfileSLOPostRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Exception {
        handleSloPostProfileRequest(httpServletResponse, httpServletRequest, new HTTPPostDecoder());
    }

    protected void handleSloPostProfileRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, BaseHttpServletRequestXMLMessageDecoder baseHttpServletRequestXMLMessageDecoder) throws Exception {
        if (this.singleLogoutCallbacksDisabled) {
            this.logger.info("Processing SAML IdP SLO requests is disabled");
            return;
        }
        RequestAbstractType requestAbstractType = (LogoutRequest) decodeRequest(httpServletRequest, baseHttpServletRequestXMLMessageDecoder, LogoutRequest.class);
        if (this.forceSignedLogoutRequests && !requestAbstractType.isSigned()) {
            throw new SAMLException("Logout request is not signed but should be.");
        }
        if (requestAbstractType.isSigned()) {
            this.samlObjectSigner.verifySamlProfileRequestIfNeeded(requestAbstractType, SamlIdPUtils.getMetadataResolverForAllSamlServices(this.servicesManager, SamlIdPUtils.getIssuerFromSamlRequest(requestAbstractType), this.samlRegisteredServiceCachingMetadataResolver));
        }
        SamlUtils.logSamlObject(this.configBean, requestAbstractType);
        httpServletResponse.sendRedirect(this.casServerPrefix.concat("/logout"));
    }
}
