package org.apache.cxf.fediz.core.handler;

import java.io.IOException;
import java.io.InputStream;
import java.net.URLEncoder;
import java.util.Map;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
import org.apache.cxf.fediz.core.processor.RedirectionResponse;
import org.apache.cxf.fediz.core.spi.ReplyConstraintCallback;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/fediz-core-1.4.3.jar:org/apache/cxf/fediz/core/handler/LogoutHandler.class */
public class LogoutHandler implements RequestHandler<Boolean> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) LogoutHandler.class);
    protected final FedizContext fedizConfig;
    private final String servletContextPath;
    private Element token;

    public LogoutHandler(FedizContext fedizContext) {
        this(fedizContext, "/");
    }

    public LogoutHandler(FedizContext fedizContext, String str) {
        this.fedizConfig = fedizContext;
        this.servletContextPath = str;
    }

    @Override // org.apache.cxf.fediz.core.handler.RequestHandler
    public boolean canHandleRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("wa");
        if ("wsignout1.0".equals(parameter) || "wsignoutcleanup1.0".equals(parameter)) {
            return true;
        }
        String logoutURL = this.fedizConfig.getLogoutURL();
        return (logoutURL == null || logoutURL.isEmpty() || this.servletContextPath == null || !httpServletRequest.getRequestURI().equals(new StringBuilder().append(this.servletContextPath).append(logoutURL).toString())) ? false : true;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.cxf.fediz.core.handler.RequestHandler
    public Boolean handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("wa");
        return "wsignout1.0".equals(parameter) ? Boolean.valueOf(signout(httpServletRequest, httpServletResponse)) : "wsignoutcleanup1.0".equals(parameter) ? Boolean.valueOf(signoutCleanup(httpServletRequest, httpServletResponse)) : Boolean.valueOf(customLogout(httpServletRequest, httpServletResponse));
    }

    protected boolean customLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOG.info("Custom Logout URL was invoked.");
        return signout(httpServletRequest, httpServletResponse);
    }

    protected boolean signoutCleanup(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOG.info("SignOutCleanup request found. Terminating user session.");
        httpServletRequest.getSession().invalidate();
        String parameter = httpServletRequest.getParameter("wreply");
        if (parameter != null && !parameter.isEmpty()) {
            Pattern pattern = null;
            try {
                pattern = resolveLogoutRedirectToConstraint(httpServletRequest, this.fedizConfig);
            } catch (Exception e) {
                LOG.error("Error redirecting user after logout: {}", e.getMessage());
            }
            if (pattern == null) {
                LOG.debug("No regular expression constraint configured for logout. Ignoring wreply parameter");
            } else if (pattern.matcher(parameter).matches()) {
                try {
                    LOG.debug("Redirecting user after logout to: {}", parameter);
                    httpServletResponse.sendRedirect(URLEncoder.encode(parameter, "UTF-8"));
                    return true;
                } catch (IOException e2) {
                    LOG.error("Error redirecting user after logout: {}", e2.getMessage());
                }
            } else {
                LOG.warn("The received wreply address {} does not match the configured constraint {}", parameter, pattern);
            }
        }
        writeLogoutImage(httpServletResponse);
        return true;
    }

    private Pattern resolveLogoutRedirectToConstraint(HttpServletRequest httpServletRequest, FedizContext fedizContext) throws IOException, UnsupportedCallbackException {
        Object logoutRedirectToConstraint = fedizContext.getLogoutRedirectToConstraint();
        if (logoutRedirectToConstraint instanceof Pattern) {
            return (Pattern) logoutRedirectToConstraint;
        }
        if (!(logoutRedirectToConstraint instanceof CallbackHandler)) {
            return null;
        }
        CallbackHandler callbackHandler = (CallbackHandler) logoutRedirectToConstraint;
        ReplyConstraintCallback replyConstraintCallback = new ReplyConstraintCallback(httpServletRequest);
        callbackHandler.handle(new Callback[]{replyConstraintCallback});
        return replyConstraintCallback.getReplyConstraint();
    }

    public void setToken(Element element) {
        this.token = element;
    }

    protected boolean signout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOG.debug("SignOut request found. Redirecting to IDP...");
        try {
            RedirectionResponse createSignOutRequest = FedizProcessorFactory.newFedizProcessor(this.fedizConfig.getProtocol()).createSignOutRequest(httpServletRequest, this.token != null ? new SamlAssertionWrapper(this.token) : null, this.fedizConfig);
            String redirectionURL = createSignOutRequest.getRedirectionURL();
            if (redirectionURL == null) {
                LOG.warn("Failed to create SignOutRequest.");
                return false;
            }
            Map<String, String> headers = createSignOutRequest.getHeaders();
            if (!headers.isEmpty()) {
                for (Map.Entry<String, String> entry : headers.entrySet()) {
                    httpServletResponse.addHeader(entry.getKey(), entry.getValue());
                }
            }
            httpServletResponse.sendRedirect(redirectionURL);
            return true;
        } catch (Exception e) {
            LOG.warn("Failed to create SignOutRequest: " + e.getMessage());
            try {
                httpServletResponse.sendError(500, "Failed to create SignOutRequest.");
                return false;
            } catch (IOException e2) {
                LOG.error("Failed to send error response: {}", e2.getMessage());
                return false;
            }
        }
    }

    protected void writeLogoutImage(HttpServletResponse httpServletResponse) {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("logout.jpg");
        if (resourceAsStream == null) {
            LOG.warn("Could not write logout.jpg");
            return;
        }
        byte[] bArr = new byte[1024];
        try {
            try {
                httpServletResponse.setContentType("image/jpeg");
                ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                while (true) {
                    int read = resourceAsStream.read(bArr);
                    if (read == -1) {
                        outputStream.flush();
                        try {
                            return;
                        } catch (IOException e) {
                            return;
                        }
                    }
                    outputStream.write(bArr, 0, read);
                }
            } catch (IOException e2) {
                LOG.error("Could not send logout image: {}", e2.getMessage());
                try {
                    resourceAsStream.close();
                } catch (IOException e3) {
                }
            }
        } finally {
            try {
                resourceAsStream.close();
            } catch (IOException e4) {
            }
        }
    }
}
