package org.elasticsearch.xpack.security.authc.saml;

import java.time.Clock;
import org.elasticsearch.common.Strings;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestMessageBuilder.class */
class SamlLogoutRequestMessageBuilder extends SamlMessageBuilder {
    private final NameID nameId;
    private final String session;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlLogoutRequestMessageBuilder(Clock clock, SpConfiguration spConfiguration, EntityDescriptor entityDescriptor, NameID nameID, String str) {
        super(entityDescriptor, spConfiguration, clock);
        this.nameId = nameID;
        this.session = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LogoutRequest build() {
        String logoutUrl = getLogoutUrl();
        if (Strings.isNullOrEmpty(logoutUrl)) {
            this.logger.debug("Cannot perform logout because the IDP {} does not provide a logout service", this.identityProvider.getEntityID());
            return null;
        }
        SessionIndex buildObject = SamlUtils.buildObject(SessionIndex.class, SessionIndex.DEFAULT_ELEMENT_NAME);
        buildObject.setValue(this.session);
        Issuer buildIssuer = buildIssuer();
        LogoutRequest buildObject2 = SamlUtils.buildObject(LogoutRequest.class, LogoutRequest.DEFAULT_ELEMENT_NAME);
        buildObject2.setID(buildId());
        buildObject2.setIssueInstant(this.clock.instant());
        buildObject2.setDestination(logoutUrl);
        buildObject2.setNameID(this.nameId);
        buildObject2.getSessionIndexes().add(buildObject);
        buildObject2.setIssuer(buildIssuer);
        return buildObject2;
    }

    protected String getLogoutUrl() {
        return getIdentityProviderEndpoint("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", (v0) -> {
            return v0.getSingleLogoutServices();
        });
    }
}
