package org.springframework.security.saml.provider.service.authentication;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml.SamlAuthentication;
import org.springframework.security.saml.SamlException;
import org.springframework.security.saml.provider.SamlLogoutSuccessHandler;
import org.springframework.security.saml.provider.provisioning.SamlProviderProvisioning;
import org.springframework.security.saml.provider.service.ServiceProviderService;
import org.springframework.security.saml.saml2.Saml2Object;
import org.springframework.security.saml.saml2.authentication.LogoutRequest;
import org.springframework.security.saml.saml2.authentication.LogoutResponse;
import org.springframework.security.saml.saml2.authentication.NameIdPrincipal;
import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata;
import org.springframework.security.saml.validation.ValidationResult;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:org/springframework/security/saml/provider/service/authentication/ServiceProviderLogoutHandler.class */
public class ServiceProviderLogoutHandler implements LogoutHandler {
    private static Log logger = LogFactory.getLog(ServiceProviderLogoutHandler.class);
    private final SamlProviderProvisioning<ServiceProviderService> provisioning;

    public ServiceProviderLogoutHandler(SamlProviderProvisioning<ServiceProviderService> samlProviderProvisioning) {
        this.provisioning = samlProviderProvisioning;
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        String parameter = httpServletRequest.getParameter("SAMLRequest");
        String parameter2 = httpServletRequest.getParameter("SAMLResponse");
        try {
            if (StringUtils.hasText(parameter)) {
                receivedLogoutRequest(httpServletRequest, httpServletResponse, authentication, parameter);
            } else if (StringUtils.hasText(parameter2)) {
                receivedLogoutResponse(httpServletRequest, httpServletResponse, authentication, parameter2);
            } else {
                spInitiatedLogout(httpServletRequest, httpServletResponse, authentication);
            }
        } catch (IOException e) {
            throw new SamlException(e);
        }
    }

    protected void receivedLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication, String str) throws IOException {
        ServiceProviderService hostedProvider = this.provisioning.getHostedProvider();
        LogoutRequest logoutRequest = (LogoutRequest) hostedProvider.fromXml(str, true, HttpMethod.GET.name().equalsIgnoreCase(httpServletRequest.getMethod()), LogoutRequest.class);
        ValidationResult validate = hostedProvider.validate(logoutRequest);
        if (validate.hasErrors()) {
            throw new SamlException(validate.toString());
        }
        LogoutResponse logoutResponse = hostedProvider.logoutResponse(logoutRequest, (IdentityProviderMetadata) hostedProvider.getRemoteProvider(logoutRequest));
        httpServletResponse.sendRedirect(getRedirectUrl(hostedProvider, logoutResponse, logoutResponse.getDestination(), "SAMLResponse", httpServletRequest.getParameter("RelayState")));
        httpServletRequest.setAttribute(SamlLogoutSuccessHandler.RUN_SUCCESS, SamlLogoutSuccessHandler.LogoutStatus.REDIRECT);
    }

    protected void receivedLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication, String str) {
        httpServletRequest.setAttribute(SamlLogoutSuccessHandler.RUN_SUCCESS, SamlLogoutSuccessHandler.LogoutStatus.SUCCESS);
    }

    protected void spInitiatedLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        if (authentication instanceof SamlAuthentication) {
            SamlAuthentication samlAuthentication = (SamlAuthentication) authentication;
            logger.debug(String.format("Initiating SP logout for SP:%s", samlAuthentication.getHoldingEntityId()));
            ServiceProviderService hostedProvider = this.provisioning.getHostedProvider();
            hostedProvider.getMetadata();
            IdentityProviderMetadata remoteProvider = hostedProvider.getRemoteProvider(samlAuthentication.getAssertingEntityId());
            LogoutRequest logoutRequest = hostedProvider.logoutRequest(remoteProvider, (NameIdPrincipal) samlAuthentication.getSamlPrincipal());
            if (logoutRequest.getDestination() == null) {
                logger.debug("Unable to send logout request. No destination set.");
            } else {
                logger.debug("Sending logout request through redirect.");
                httpServletResponse.sendRedirect(getRedirectUrl(hostedProvider, logoutRequest, logoutRequest.getDestination().getLocation(), "SAMLRequest", getLogoutRelayState(httpServletRequest, remoteProvider)));
            }
        }
    }

    protected String getLogoutRelayState(HttpServletRequest httpServletRequest, IdentityProviderMetadata identityProviderMetadata) {
        return httpServletRequest.getParameter("RelayState");
    }

    private String getRedirectUrl(ServiceProviderService serviceProviderService, Saml2Object saml2Object, String str, String str2, String str3) throws UnsupportedEncodingException {
        String encodedXml = serviceProviderService.toEncodedXml(serviceProviderService.toXml(saml2Object), true);
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(str);
        if (StringUtils.hasText(str3)) {
            fromUriString.queryParam("RelayState", new Object[]{UriUtils.encode(str3, StandardCharsets.UTF_8.name())});
        }
        return fromUriString.queryParam(str2, new Object[]{UriUtils.encode(encodedXml, StandardCharsets.UTF_8.name())}).build().toUriString();
    }
}
