package dk.itst.oiosaml.sp.model;

import dk.itst.oiosaml.common.OIOSAMLConstants;
import dk.itst.oiosaml.common.SAMLUtil;
import dk.itst.oiosaml.error.Layer;
import dk.itst.oiosaml.error.WrappedException;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.sp.model.OIORequest;
import dk.itst.oiosaml.sp.service.session.SessionHandler;
import dk.itst.oiosaml.sp.service.util.Constants;
import dk.itst.oiosaml.sp.service.util.Utils;
import dk.itst.oiosaml.sp.util.LogoutRequestValidationException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.SessionIndex;
import org.opensaml.saml2.core.impl.LogoutRequestBuilder;
import org.opensaml.saml2.core.impl.SessionIndexBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.validation.ValidationException;

/* loaded from: input_file:dk/itst/oiosaml/sp/model/OIOLogoutRequest.class */
public class OIOLogoutRequest extends OIORequest {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OIOLogoutRequest.class);
    private final LogoutRequest request;

    public OIOLogoutRequest(LogoutRequest logoutRequest) {
        super(logoutRequest);
        this.request = logoutRequest;
    }

    public static OIOLogoutRequest fromRedirectRequest(HttpServletRequest httpServletRequest) {
        BasicSAMLMessageContext<LogoutRequest, ?, ?> messageContextFromRequest = getMessageContextFromRequest(httpServletRequest);
        try {
            new HTTPRedirectDeflateDecoder().decode(messageContextFromRequest);
            return new OIOLogoutRequest(messageContextFromRequest.getInboundSAMLMessage());
        } catch (MessageDecodingException e) {
            throw new WrappedException(Layer.CLIENT, e);
        } catch (SecurityException e2) {
            throw new WrappedException(Layer.CLIENT, e2);
        }
    }

    public static OIOLogoutRequest fromPostRequest(HttpServletRequest httpServletRequest) {
        BasicSAMLMessageContext<LogoutRequest, ?, ?> messageContextFromRequest = getMessageContextFromRequest(httpServletRequest);
        try {
            new HTTPPostDecoder().decode(messageContextFromRequest);
            return new OIOLogoutRequest(messageContextFromRequest.getInboundSAMLMessage());
        } catch (MessageDecodingException e) {
            throw new WrappedException(Layer.CLIENT, e);
        } catch (SecurityException e2) {
            throw new WrappedException(Layer.CLIENT, e2);
        }
    }

    private static BasicSAMLMessageContext<LogoutRequest, ?, ?> getMessageContextFromRequest(HttpServletRequest httpServletRequest) {
        BasicSAMLMessageContext<LogoutRequest, ?, ?> basicSAMLMessageContext = new BasicSAMLMessageContext<>();
        basicSAMLMessageContext.setInboundMessageTransport(new HttpServletRequestAdapter(httpServletRequest));
        return basicSAMLMessageContext;
    }

    public String getSessionIndex() {
        String str = null;
        if (this.request.getSessionIndexes() != null && this.request.getSessionIndexes().size() > 0) {
            str = ((SessionIndex) this.request.getSessionIndexes().get(0)).getSessionIndex();
        }
        return str;
    }

    public boolean isSessionIndexOK(String str) {
        String sessionIndex = getSessionIndex();
        return sessionIndex != null && sessionIndex.equals(str);
    }

    public void validateRequest(String str, String str2, PublicKey publicKey, String str3, String str4) throws LogoutRequestValidationException {
        validateRequest(str, str2, Collections.singletonList(publicKey), str3, str4);
    }

    public void validateRequest(String str, String str2, Collection<PublicKey> collection, String str3, String str4) throws LogoutRequestValidationException {
        ArrayList arrayList = new ArrayList();
        validateRequest(str4, str3, collection, arrayList);
        if (str != null) {
            boolean z = false;
            Iterator<PublicKey> it = collection.iterator();
            while (it.hasNext()) {
                if (Utils.verifySignature(str, str2, Constants.SAML_SAMLREQUEST, it.next())) {
                    z = true;
                }
            }
            if (!z) {
                arrayList.add("Invalid signature");
            }
        }
        if (this.request.getNotOnOrAfter() != null && !this.request.getNotOnOrAfter().isAfterNow()) {
            arrayList.add("LogoutRequest is expired. NotOnOrAfter; " + this.request.getNotOnOrAfter());
        }
        if (!arrayList.isEmpty()) {
            throw new LogoutRequestValidationException(arrayList);
        }
    }

    public static OIOLogoutRequest buildLogoutRequest(HttpSession httpSession, String str, String str2, SessionHandler sessionHandler) {
        LogoutRequest buildObject = new LogoutRequestBuilder().buildObject();
        buildObject.setID(Utils.generateUUID());
        buildObject.setIssueInstant(new DateTime(DateTimeZone.UTC));
        buildObject.addNamespace(OIOSAMLConstants.SAML20_NAMESPACE);
        buildObject.setDestination(str);
        buildObject.setReason("urn:oasis:names:tc:SAML:2.0:logout:user");
        buildObject.setIssuer(SAMLUtil.createIssuer(str2));
        OIOAssertion assertion = sessionHandler.getAssertion(httpSession.getId());
        if (assertion != null) {
            NameID createNameID = SAMLUtil.createNameID(assertion.getSubjectNameIDValue());
            createNameID.setFormat(assertion.getAssertion().getSubject().getNameID().getFormat());
            buildObject.setNameID(createNameID);
            SessionIndex buildObject2 = new SessionIndexBuilder().buildObject();
            buildObject.getSessionIndexes().add(buildObject2);
            buildObject2.setSessionIndex(assertion.getSessionIndex());
        }
        try {
            if (log.isDebugEnabled()) {
                log.debug("Validate the logoutRequest...");
            }
            buildObject.validate(true);
            if (log.isDebugEnabled()) {
                log.debug("...OK");
            }
            return new OIOLogoutRequest(buildObject);
        } catch (ValidationException e) {
            throw new WrappedException(Layer.CLIENT, e);
        }
    }

    public String getRedirectRequestURL(Credential credential) {
        try {
            return new OIORequest.Encoder().buildRedirectURL(credential, null);
        } catch (MessageEncodingException e) {
            throw new WrappedException(Layer.CLIENT, e);
        }
    }

    public void setReason(String str) {
        this.request.setReason(str);
    }
}
