package org.apereo.cas.support.saml.web.idp.profile;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.support.saml.SamlIdPConstants;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.util.Pair;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder;
import org.opensaml.saml.common.SAMLException;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/SLOPostProfileHandlerController.class */
public class SLOPostProfileHandlerController extends AbstractSamlProfileHandlerController {
    @RequestMapping(path = {SamlIdPConstants.ENDPOINT_SAML2_SLO_PROFILE_POST}, method = {RequestMethod.POST})
    protected void handleSaml2ProfileSLOPostRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Exception {
        handleSloPostProfileRequest(httpServletResponse, httpServletRequest, new HTTPPostDecoder());
    }

    protected void handleSloPostProfileRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, BaseHttpServletRequestXMLMessageDecoder baseHttpServletRequestXMLMessageDecoder) throws Exception {
        if (isSingleLogoutCallbacksDisabled()) {
            this.logger.info("Processing SAML IdP SLO requests is disabled");
            return;
        }
        Pair<? extends SignableSAMLObject, MessageContext> decodeRequest = decodeRequest(httpServletRequest, baseHttpServletRequestXMLMessageDecoder, LogoutRequest.class);
        RequestAbstractType requestAbstractType = (LogoutRequest) LogoutRequest.class.cast(decodeRequest.getFirst());
        MessageContext messageContext = (MessageContext) decodeRequest.getSecond();
        if (isForceSignedLogoutRequests() && !SAMLBindingSupport.isMessageSigned(messageContext)) {
            throw new SAMLException("Logout request is not signed but should be.");
        }
        if (SAMLBindingSupport.isMessageSigned(messageContext)) {
            this.samlObjectSigner.verifySamlProfileRequestIfNeeded(requestAbstractType, SamlIdPUtils.getMetadataResolverForAllSamlServices(this.servicesManager, SamlIdPUtils.getIssuerFromSamlRequest(requestAbstractType), this.samlRegisteredServiceCachingMetadataResolver), httpServletRequest, messageContext);
        }
        SamlUtils.logSamlObject(this.configBean, requestAbstractType);
        httpServletResponse.sendRedirect(getLogoutUrl());
    }
}
