package dk.itst.oiosaml.sp.service;

import dk.itst.oiosaml.logging.Audit;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.logging.Operation;
import dk.itst.oiosaml.sp.AuthenticationHandler;
import dk.itst.oiosaml.sp.LogoutAuthenticationHandler;
import dk.itst.oiosaml.sp.metadata.IdpMetadata;
import dk.itst.oiosaml.sp.model.OIOAssertion;
import dk.itst.oiosaml.sp.model.OIOLogoutRequest;
import dk.itst.oiosaml.sp.model.OIOLogoutResponse;
import dk.itst.oiosaml.sp.service.util.Constants;
import dk.itst.oiosaml.sp.service.util.Utils;
import dk.itst.oiosaml.sp.util.LogoutRequestValidationException;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:dk/itst/oiosaml/sp/service/LogoutServiceHTTPRedirectHandler.class */
public class LogoutServiceHTTPRedirectHandler implements SAMLHandler {
    private static final long serialVersionUID = -6035256219067030678L;
    public static final String VERSION = "$Id: LogoutServiceHTTPRedirectHandler.java 2890 2008-05-16 16:18:56Z jre $";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LogoutServiceHTTPRedirectHandler.class);

    @Override // dk.itst.oiosaml.sp.service.SAMLHandler
    public void handleGet(RequestContext requestContext) throws ServletException, IOException {
        HttpServletRequest request = requestContext.getRequest();
        HttpSession session = requestContext.getSession();
        String parameter = request.getParameter(Constants.SAML_SAMLREQUEST);
        String parameter2 = request.getParameter(Constants.SAML_RELAYSTATE);
        String parameter3 = request.getParameter(Constants.SAML_SIGALG);
        String parameter4 = request.getParameter(Constants.SAML_SIGNATURE);
        if (log.isDebugEnabled()) {
            log.debug("samlRequest...:" + parameter);
            log.debug("relayState....:" + parameter2);
            log.debug("sigAlg........:" + parameter3);
            log.debug("signature.....:" + parameter4);
        }
        OIOLogoutRequest fromRedirectRequest = OIOLogoutRequest.fromRedirectRequest(request);
        if (log.isDebugEnabled()) {
            log.debug("Got InboundSAMLMessage..:" + fromRedirectRequest.toXML());
        }
        Audit.log(Operation.LOGOUTREQUEST, false, fromRedirectRequest.getID(), fromRedirectRequest.toXML());
        String str = "urn:oasis:names:tc:SAML:2.0:status:Success";
        String str2 = null;
        OIOAssertion assertion = requestContext.getSessionHandler().getAssertion(session.getId());
        String str3 = null;
        if (assertion != null) {
            str3 = assertion.getIssuer();
        }
        if (str3 == null) {
            log.warn("LogoutRequest received but user is not logged in");
            str3 = fromRedirectRequest.getIssuer();
        }
        if (str3 == null) {
            throw new RuntimeException("User is not logged in, and there is no Issuer in the LogoutRequest. Unable to continue.");
        }
        IdpMetadata.Metadata metadata = requestContext.getIdpMetadata().getMetadata(str3);
        try {
            fromRedirectRequest.validateRequest(parameter4, request.getQueryString(), metadata.getPublicKeys(), requestContext.getSpMetadata().getSingleLogoutServiceHTTPRedirectLocation(), metadata.getEntityID());
            if (assertion != null) {
                log.info("Logging user out via SLO HTTP Redirect: " + assertion.getSubjectNameIDValue());
            } else {
                log.info("Logging user out via SLO HTTP Redirect without active session");
            }
            requestContext.getSessionHandler().logOut(session);
            invokeAuthenticationHandler(requestContext);
        } catch (LogoutRequestValidationException e) {
            str2 = e.getMessage();
            str = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed";
        }
        if (log.isDebugEnabled()) {
            log.debug("Logout status: " + str + ", message: " + str2);
        }
        OIOLogoutResponse fromRequest = OIOLogoutResponse.fromRequest(fromRedirectRequest, str, str2, requestContext.getSpMetadata().getEntityID(), metadata.getSingleLogoutServiceResponseLocation());
        String redirectURL = fromRequest.getRedirectURL(requestContext.getCredential(), parameter2);
        Audit.log(Operation.LOGOUTRESPONSE, true, fromRequest.getID(), fromRequest.toXML());
        if (log.isDebugEnabled()) {
            log.debug("sendRedirect to..:" + redirectURL);
        }
        requestContext.getResponse().sendRedirect(redirectURL);
    }

    @Override // dk.itst.oiosaml.sp.service.SAMLHandler
    public void handlePost(RequestContext requestContext) throws ServletException, IOException {
        HttpServletRequest request = requestContext.getRequest();
        HttpSession session = requestContext.getSession();
        String parameter = request.getParameter(Constants.SAML_SAMLREQUEST);
        String parameter2 = request.getParameter(Constants.SAML_RELAYSTATE);
        String parameter3 = request.getParameter(Constants.SAML_SIGALG);
        String parameter4 = request.getParameter(Constants.SAML_SIGNATURE);
        if (log.isDebugEnabled()) {
            log.debug("samlRequest...:" + parameter);
            log.debug("relayState....:" + parameter2);
            log.debug("sigAlg........:" + parameter3);
            log.debug("signature.....:" + parameter4);
        }
        OIOLogoutRequest fromPostRequest = OIOLogoutRequest.fromPostRequest(request);
        if (log.isDebugEnabled()) {
            log.debug("Got InboundSAMLMessage..:" + fromPostRequest.toXML());
        }
        Audit.log(Operation.LOGOUTREQUEST, false, fromPostRequest.getID(), fromPostRequest.toXML());
        String str = "urn:oasis:names:tc:SAML:2.0:status:Success";
        String str2 = null;
        OIOAssertion assertion = requestContext.getSessionHandler().getAssertion(session.getId());
        String str3 = null;
        if (assertion != null) {
            str3 = assertion.getIssuer();
        }
        if (str3 == null) {
            log.warn("LogoutRequest received but user is not logged in");
            str3 = fromPostRequest.getIssuer();
        }
        if (str3 == null) {
            throw new RuntimeException("User is not logged in, and there is no Issuer in the LogoutRequest. Unable to continue.");
        }
        IdpMetadata.Metadata metadata = requestContext.getIdpMetadata().getMetadata(str3);
        try {
            fromPostRequest.validateRequest(parameter4, request.getQueryString(), metadata.getPublicKeys(), requestContext.getSpMetadata().getSingleLogoutServiceHTTPPostLocation(), metadata.getEntityID());
            if (assertion != null) {
                log.info("Logging user out via SLO HTTP POST: " + assertion.getSubjectNameIDValue());
            } else {
                log.info("Logging user out via SLO HTTP POST without active session");
            }
            requestContext.getSessionHandler().logOut(session);
            invokeAuthenticationHandler(requestContext);
        } catch (LogoutRequestValidationException e) {
            str2 = e.getMessage();
            str = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed";
        }
        if (log.isDebugEnabled()) {
            log.debug("Logout status: " + str + ", message: " + str2);
        }
        OIOLogoutResponse fromRequest = OIOLogoutResponse.fromRequest(fromPostRequest, str, str2, requestContext.getSpMetadata().getEntityID(), metadata.getSingleLogoutServiceResponseLocation());
        String redirectURL = fromRequest.getRedirectURL(requestContext.getCredential(), parameter2);
        Audit.log(Operation.LOGOUTRESPONSE, true, fromRequest.getID(), fromRequest.toXML());
        if (log.isDebugEnabled()) {
            log.debug("sendRedirect to..:" + redirectURL);
        }
        requestContext.getResponse().sendRedirect(redirectURL);
    }

    private static void invokeAuthenticationHandler(RequestContext requestContext) {
        String string = requestContext.getConfiguration().getString(Constants.PROP_AUTHENTICATION_HANDLER, (String) null);
        if (string == null) {
            log.debug("No authentication handler configured");
            return;
        }
        log.debug("Authentication handler: " + string);
        AuthenticationHandler authenticationHandler = (AuthenticationHandler) Utils.newInstance(requestContext.getConfiguration(), Constants.PROP_AUTHENTICATION_HANDLER);
        if (authenticationHandler instanceof LogoutAuthenticationHandler) {
            ((LogoutAuthenticationHandler) authenticationHandler).userLoggedOut(requestContext.getRequest(), requestContext.getResponse());
        }
    }
}
