package org.elasticsearch.xpack.security.authc.saml;

import java.time.Clock;
import org.elasticsearch.common.Strings;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlLogoutResponseBuilder.class */
class SamlLogoutResponseBuilder extends SamlMessageBuilder {
    private final String inResponseTo;
    private final String statusValue;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlLogoutResponseBuilder(Clock clock, SpConfiguration spConfiguration, EntityDescriptor entityDescriptor, String str, String str2) {
        super(entityDescriptor, spConfiguration, clock);
        this.inResponseTo = str;
        this.statusValue = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LogoutResponse build() {
        String logoutUrl = getLogoutUrl();
        if (Strings.isNullOrEmpty(logoutUrl)) {
            throw SamlUtils.samlException("Cannot send LogoutResponse because the IDP {} does not provide a logout service", this.identityProvider.getEntityID());
        }
        LogoutResponse buildObject = SamlUtils.buildObject(LogoutResponse.class, LogoutResponse.DEFAULT_ELEMENT_NAME);
        buildObject.setID(buildId());
        buildObject.setIssueInstant(now());
        buildObject.setDestination(logoutUrl);
        buildObject.setIssuer(buildIssuer());
        buildObject.setInResponseTo(this.inResponseTo);
        Status buildObject2 = SamlUtils.buildObject(Status.class, Status.DEFAULT_ELEMENT_NAME);
        StatusCode buildObject3 = SamlUtils.buildObject(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME);
        buildObject3.setValue(this.statusValue);
        buildObject2.setStatusCode(buildObject3);
        buildObject.setStatus(buildObject2);
        return buildObject;
    }

    protected String getLogoutUrl() {
        return getIdentityProviderEndpoint("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", (v0) -> {
            return v0.getSingleLogoutServices();
        });
    }
}
