package org.wso2.carbon.identity.oidc.session.servlet;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest;
import org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthRequestWrapper;
import org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.oidc.session.OIDCSessionConstants;
import org.wso2.carbon.identity.oidc.session.OIDCSessionManagementException;
import org.wso2.carbon.identity.oidc.session.OIDCSessionState;
import org.wso2.carbon.identity.oidc.session.backchannellogout.LogoutRequestSender;
import org.wso2.carbon.identity.oidc.session.cache.OIDCSessionDataCache;
import org.wso2.carbon.identity.oidc.session.cache.OIDCSessionDataCacheEntry;
import org.wso2.carbon.identity.oidc.session.cache.OIDCSessionDataCacheKey;
import org.wso2.carbon.identity.oidc.session.handler.OIDCLogoutHandler;
import org.wso2.carbon.identity.oidc.session.internal.OIDCSessionManagementComponentServiceHolder;
import org.wso2.carbon.identity.oidc.session.util.OIDCSessionManagementUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oidc/session/servlet/OIDCLogoutServlet.class */
public class OIDCLogoutServlet extends HttpServlet {
    private static final Log log = LogFactory.getLog(OIDCLogoutServlet.class);
    private static final String REQUEST_PARAM_SP = "sp";
    private static final long serialVersionUID = -9203934217770142011L;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Cookie oPBrowserStateCookie = OIDCSessionManagementUtil.getOPBrowserStateCookie(httpServletRequest);
        if (oPBrowserStateCookie == null) {
            String str = "opbs cookie not received. Missing session state.";
            if (log.isDebugEnabled()) {
                log.debug(str);
            }
            if (OIDCSessionManagementUtil.handleAlreadyLoggedOutSessionsGracefully()) {
                handleMissingSessionStateGracefully(httpServletRequest, httpServletResponse);
                return;
            }
            if (log.isDebugEnabled()) {
                str = "HandleAlreadyLoggedOutSessionsGracefully configuration disabled. Missing session state is handled by redirecting to error page instead of default logout page.";
                log.debug(str);
            }
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", str), httpServletRequest));
            return;
        }
        if (!OIDCSessionManagementUtil.getSessionManager().sessionExists(oPBrowserStateCookie.getValue())) {
            String str2 = "No valid session found for the received session state.";
            if (log.isDebugEnabled()) {
                log.debug(str2);
            }
            if (OIDCSessionManagementUtil.handleAlreadyLoggedOutSessionsGracefully()) {
                handleMissingSessionStateGracefully(httpServletRequest, httpServletResponse);
                return;
            }
            if (log.isDebugEnabled()) {
                str2 = "HandleAlreadyLoggedOutSessionsGracefully configuration enabled. No valid session found is handled by redirecting to error page instead of default logout page.";
                log.debug(str2);
            }
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", str2), httpServletRequest));
            return;
        }
        String parameter = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_LOGOUT_CONSENT_PARAM);
        if (StringUtils.isNotBlank(parameter)) {
            if (parameter.equals("approve")) {
                sendToFrameworkForLogout(httpServletRequest, httpServletResponse);
                return;
            } else {
                httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(generatePostLogoutRedirectUrl(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "End User denied the logout request"), oPBrowserStateCookie), httpServletRequest));
                return;
            }
        }
        if (httpServletRequest.getParameter(OIDCSessionConstants.OIDC_SESSION_DATA_KEY_PARAM) != null) {
            handleLogoutResponseFromFramework(httpServletRequest, httpServletResponse);
            return;
        }
        String parameter2 = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_ID_TOKEN_HINT_PARAM);
        try {
            if (!getOpenIDConnectSkipUserConsent(parameter2)) {
                sendToConsentUri(httpServletRequest, httpServletResponse);
                return;
            }
            if (StringUtils.isNotBlank(parameter2)) {
                String processLogoutRequest = processLogoutRequest(httpServletRequest, httpServletResponse);
                if (StringUtils.isNotBlank(processLogoutRequest)) {
                    httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(processLogoutRequest, httpServletRequest));
                    return;
                }
            } else {
                OIDCSessionDataCacheEntry oIDCSessionDataCacheEntry = new OIDCSessionDataCacheEntry();
                setStateParameterInCache(httpServletRequest, oIDCSessionDataCacheEntry);
                addSessionDataToCache(oPBrowserStateCookie.getValue(), oIDCSessionDataCacheEntry);
            }
            sendToFrameworkForLogout(httpServletRequest, httpServletResponse);
        } catch (ParseException e) {
            log.error("Error while getting clientId from the IdTokenHint.", e);
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "ID token signature validation failed."), httpServletRequest));
        } catch (IdentityOAuth2Exception e2) {
            log.error("Error while getting service provider from the clientId.", e2);
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "ID token signature validation failed."), httpServletRequest));
        }
    }

    private String generatePostLogoutRedirectUrl(String str, Cookie cookie) throws UnsupportedEncodingException {
        OIDCSessionDataCacheEntry sessionDataFromCache;
        if (Boolean.parseBoolean(IdentityUtil.getProperty(OIDCSessionConstants.OIDC_LOGOUT_CONSENT_DENIAL_REDIRECT_URL)) && (sessionDataFromCache = getSessionDataFromCache(cookie.getValue())) != null && sessionDataFromCache.getPostLogoutRedirectUri() != null) {
            HashMap hashMap = new HashMap();
            hashMap.put("error", "access_denied");
            hashMap.put("error_description", "End User denied the logout request");
            str = FrameworkUtils.buildURLWithQueryParams(sessionDataFromCache.getPostLogoutRedirectUri(), hashMap);
        }
        return str;
    }

    private String processLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Cookie oPBrowserStateCookie = OIDCSessionManagementUtil.getOPBrowserStateCookie(httpServletRequest);
        String parameter = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_ID_TOKEN_HINT_PARAM);
        String parameter2 = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_POST_LOGOUT_REDIRECT_URI_PARAM);
        String parameter3 = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_STATE_PARAM);
        try {
            try {
                if (!validateIdToken(parameter)) {
                    log.error("ID token signature validation failed.");
                    return OIDCSessionManagementUtil.getErrorPageURL("access_denied", "ID token signature validation failed.");
                }
                String extractClientFromIdToken = extractClientFromIdToken(parameter);
                OAuthAppDO appInformation = new OAuthAppDAO().getAppInformation(extractClientFromIdToken);
                String str = "carbon.super";
                if (appInformation.getUser() != null && appInformation.getUser().getTenantDomain() != null) {
                    str = appInformation.getUser().getTenantDomain();
                }
                setSPAttributeToRequest(httpServletRequest, getServiceProviderName(extractClientFromIdToken, str), str);
                if (!validatePostLogoutUri(parameter2, appInformation.getCallbackUrl())) {
                    return FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "Post logout URI does not match with registered callback URI."), httpServletRequest);
                }
                HashMap hashMap = new HashMap();
                hashMap.put("client_id", extractClientFromIdToken);
                hashMap.put(OIDCSessionConstants.OIDC_CACHE_TENANT_DOMAIN_PARAM, str);
                OIDCSessionDataCacheEntry oIDCSessionDataCacheEntry = new OIDCSessionDataCacheEntry();
                oIDCSessionDataCacheEntry.setIdToken(parameter);
                oIDCSessionDataCacheEntry.setPostLogoutRedirectUri(parameter2);
                oIDCSessionDataCacheEntry.setState(parameter3);
                oIDCSessionDataCacheEntry.setParamMap(new ConcurrentHashMap(hashMap));
                addSessionDataToCache(oPBrowserStateCookie.getValue(), oIDCSessionDataCacheEntry);
                return null;
            } catch (ParseException e) {
                log.error("No valid session found for the received session state.", e);
                return FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "No valid session found for the received session state."), httpServletRequest);
            }
        } catch (IdentityOAuth2Exception | InvalidOAuthClientException e2) {
            log.error("Error occurred while getting application information. Client id not found", e2);
            return FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "Error occurred while getting application information. Client id not found"), httpServletRequest);
        }
    }

    private boolean validateIdToken(String str) {
        RSAPublicKey rSAPublicKey;
        String tenantDomainForSignatureValidation = getTenantDomainForSignatureValidation(str);
        if (StringUtils.isEmpty(tenantDomainForSignatureValidation)) {
            return false;
        }
        try {
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(IdentityTenantUtil.getTenantId(tenantDomainForSignatureValidation));
            if (tenantDomainForSignatureValidation.equals("carbon.super")) {
                rSAPublicKey = (RSAPublicKey) keyStoreManager.getDefaultPublicKey();
            } else {
                rSAPublicKey = (RSAPublicKey) keyStoreManager.getKeyStore(tenantDomainForSignatureValidation.trim().replace(".", "-") + ".jks").getCertificate(tenantDomainForSignatureValidation).getPublicKey();
            }
            return SignedJWT.parse(str).verify(new RSASSAVerifier(rSAPublicKey));
        } catch (JOSEException | ParseException e) {
            log.error("Error occurred while validating id token signature.");
            return false;
        } catch (Exception e2) {
            log.error("Error occurred while validating id token signature.");
            return false;
        }
    }

    private String getTenantDomainForSignatureValidation(String str) {
        String extractTenantDomainFromIdToken;
        boolean isJWTSignedWithSPKey = OAuthServerConfiguration.getInstance().isJWTSignedWithSPKey();
        if (log.isDebugEnabled()) {
            log.debug("'SignJWTWithSPKey' property is set to : " + isJWTSignedWithSPKey);
        }
        try {
            String extractClientFromIdToken = extractClientFromIdToken(str);
            if (isJWTSignedWithSPKey) {
                extractTenantDomainFromIdToken = OAuth2Util.getTenantDomainOfOauthApp(OAuth2Util.getAppInformationByClientId(extractClientFromIdToken));
                if (log.isDebugEnabled()) {
                    log.debug("JWT signature will be validated with the service provider's tenant domain : " + extractTenantDomainFromIdToken);
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("JWT signature will be validated with user tenant domain.");
                }
                extractTenantDomainFromIdToken = extractTenantDomainFromIdToken(str);
            }
            return extractTenantDomainFromIdToken;
        } catch (IdentityOAuth2Exception | InvalidOAuthClientException e) {
            log.error("Error occurred while getting oauth application information.", e);
            return null;
        } catch (ParseException e2) {
            log.error("Error occurred while extracting client id from id token", e2);
            return null;
        }
    }

    private void sendToConsentUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_ID_TOKEN_HINT_PARAM);
        String oIDCLogoutConsentURL = OIDCSessionManagementUtil.getOIDCLogoutConsentURL();
        if (parameter != null) {
            String processLogoutRequest = processLogoutRequest(httpServletRequest, httpServletResponse);
            if (StringUtils.isNotBlank(processLogoutRequest)) {
                httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(processLogoutRequest, httpServletRequest));
                return;
            }
            oIDCLogoutConsentURL = OIDCSessionManagementUtil.getOIDCLogoutConsentURL();
        } else {
            OIDCSessionDataCacheEntry oIDCSessionDataCacheEntry = new OIDCSessionDataCacheEntry();
            setStateParameterInCache(httpServletRequest, oIDCSessionDataCacheEntry);
            addSessionDataToCache(OIDCSessionManagementUtil.getOPBrowserStateCookie(httpServletRequest).getValue(), oIDCSessionDataCacheEntry);
        }
        httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(oIDCLogoutConsentURL, httpServletRequest));
    }

    private void setStateParameterInCache(HttpServletRequest httpServletRequest, OIDCSessionDataCacheEntry oIDCSessionDataCacheEntry) {
        oIDCSessionDataCacheEntry.setState(httpServletRequest.getParameter(OIDCSessionConstants.OIDC_STATE_PARAM));
    }

    private String appendStateQueryParam(String str, String str2) throws UnsupportedEncodingException {
        HashMap hashMap = new HashMap();
        hashMap.put(OIDCSessionConstants.OIDC_STATE_PARAM, str2);
        if (StringUtils.isNotEmpty(str2)) {
            str = FrameworkUtils.buildURLWithQueryParams(str, hashMap);
        }
        return str;
    }

    private boolean validatePostLogoutUri(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            return true;
        }
        String str3 = null;
        if (str2.startsWith("regexp=")) {
            str3 = str2.substring("regexp=".length());
        }
        if ((str3 != null && str.matches(str3)) || str2.equals(str)) {
            return true;
        }
        log.warn("Provided Post logout redirect URL does not match the registered callback url.");
        return false;
    }

    private String extractClientFromIdToken(String str) throws ParseException {
        String str2 = (String) SignedJWT.parse(str).getJWTClaimsSet().getClaims().get(OIDCSessionConstants.OIDC_ID_TOKEN_AZP_CLAIM);
        if (StringUtils.isBlank(str2)) {
            str2 = (String) SignedJWT.parse(str).getJWTClaimsSet().getAudience().get(0);
            log.info("Provided ID Token does not contain azp claim with client ID. Client ID is extracted from the aud claim in the ID Token.");
        }
        return str2;
    }

    private String extractTenantDomainFromIdToken(String str) throws ParseException {
        String str2 = null;
        Map map = null;
        JWTClaimsSet jWTClaimsSet = SignedJWT.parse(str).getJWTClaimsSet();
        if (jWTClaimsSet.getClaims().get("realm") instanceof Map) {
            map = (Map) jWTClaimsSet.getClaims().get("realm");
        }
        if (map != null) {
            str2 = (String) map.get("tenant");
        }
        if (StringUtils.isBlank(str2)) {
            if (log.isDebugEnabled()) {
                log.debug("Failed to retrieve tenant domain from 'realm' claim. Hence falling back to 'sub' claim.");
            }
            str2 = MultitenantUtils.getTenantDomain(jWTClaimsSet.getSubject());
            if (log.isDebugEnabled()) {
                log.debug("User tenant domain derived from 'sub' claim of JWT. Tenant domain : " + str2);
            }
        } else if (log.isDebugEnabled()) {
            log.debug("User tenant domain found in 'realm' claim of JWT. Tenant domain : " + str2);
        }
        return str2;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    private void sendToFrameworkForLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            triggerLogoutHandlersForPreLogout(httpServletRequest, httpServletResponse);
        } catch (OIDCSessionManagementException e) {
            log.error("Error executing logout handlers on pre logout.");
            if (log.isDebugEnabled()) {
                log.debug("Error executing logout handlers on pre logout.", e);
            }
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("server_error", "User logout failed."), httpServletRequest));
        }
        String uuid = UUID.randomUUID().toString();
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        HashMap hashMap = new HashMap();
        hashMap.put(OIDCSessionConstants.OIDC_SESSION_DATA_KEY_PARAM, new String[]{uuid});
        authenticationRequest.setRequestQueryParams(hashMap);
        authenticationRequest.addRequestQueryParam("commonAuthLogout", new String[]{"true"});
        authenticationRequest.setCommonAuthCallerPath(httpServletRequest.getRequestURI());
        authenticationRequest.setPost(true);
        OIDCSessionDataCacheEntry sessionDataFromCache = getSessionDataFromCache(OIDCSessionManagementUtil.getOPBrowserStateCookie(httpServletRequest).getValue());
        if (sessionDataFromCache != null) {
            authenticationRequest.setRelyingParty(sessionDataFromCache.getParamMap().get("client_id"));
            authenticationRequest.setTenantDomain(sessionDataFromCache.getParamMap().get(OIDCSessionConstants.OIDC_CACHE_TENANT_DOMAIN_PARAM));
            addSessionDataToCache(uuid, sessionDataFromCache);
        }
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String obj = headerNames.nextElement().toString();
            authenticationRequest.addHeader(obj, httpServletRequest.getHeader(obj));
        }
        addAuthenticationRequestToRequest(httpServletRequest, new AuthenticationRequestCacheEntry(authenticationRequest));
        sendRequestToFramework(httpServletRequest, httpServletResponse, uuid, "oidc");
    }

    private void handleLogoutResponseFromFramework(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_SESSION_DATA_KEY_PARAM);
        OIDCSessionDataCacheEntry sessionDataFromCache = getSessionDataFromCache(parameter);
        if (sessionDataFromCache == null) {
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("server_error", "User logout failed"), httpServletRequest));
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Logout request received from client: " + sessionDataFromCache.getParamMap().get("client_id"));
            Cookie oPBrowserStateCookie = OIDCSessionManagementUtil.getOPBrowserStateCookie(httpServletRequest);
            if (oPBrowserStateCookie != null) {
                OIDCSessionState oIDCSessionState = OIDCSessionManagementUtil.getSessionManager().getOIDCSessionState(oPBrowserStateCookie.getValue());
                if (oIDCSessionState != null) {
                    log.debug("Logout request received for sessionId: " + oIDCSessionState.getSidClaim());
                }
            }
        }
        doBackChannelLogout(httpServletRequest);
        String postLogoutRedirectUri = sessionDataFromCache.getPostLogoutRedirectUri();
        if (postLogoutRedirectUri == null) {
            postLogoutRedirectUri = OIDCSessionManagementUtil.getOIDCLogoutURL();
        }
        try {
            triggerLogoutHandlersForPostLogout(httpServletRequest, httpServletResponse);
        } catch (OIDCSessionManagementException e) {
            log.error("Error executing logout handlers on post logout.");
            if (log.isDebugEnabled()) {
                log.debug("Error executing logout handlers on post logout.", e);
            }
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("server_error", "User logout failed."), httpServletRequest));
        }
        String appendStateQueryParam = appendStateQueryParam(postLogoutRedirectUri, sessionDataFromCache.getState());
        removeSessionDataFromCache(parameter);
        OIDCSessionManagementUtil.getSessionManager().removeOIDCSessionState(OIDCSessionManagementUtil.removeOPBrowserStateCookie(httpServletRequest, httpServletResponse).getValue());
        clearTokenBindingElements(sessionDataFromCache.getParamMap().get("client_id"), httpServletRequest, httpServletResponse);
        httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(appendStateQueryParam, httpServletRequest));
    }

    private void triggerLogoutHandlersForPostLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OIDCSessionManagementException {
        Iterator<OIDCLogoutHandler> it = OIDCSessionManagementComponentServiceHolder.getOIDCLogoutHandlers().iterator();
        while (it.hasNext()) {
            it.next().handlePostLogout(httpServletRequest, httpServletResponse);
        }
    }

    private void triggerLogoutHandlersForPreLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OIDCSessionManagementException {
        Iterator<OIDCLogoutHandler> it = OIDCSessionManagementComponentServiceHolder.getOIDCLogoutHandlers().iterator();
        while (it.hasNext()) {
            it.next().handlePreLogout(httpServletRequest, httpServletResponse);
        }
    }

    private void addAuthenticationRequestToRequest(HttpServletRequest httpServletRequest, AuthenticationRequestCacheEntry authenticationRequestCacheEntry) {
        httpServletRequest.setAttribute("authRequest", authenticationRequestCacheEntry);
    }

    private void sendRequestToFramework(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws ServletException, IOException {
        CommonAuthenticationHandler commonAuthenticationHandler = new CommonAuthenticationHandler();
        CommonAuthRequestWrapper commonAuthRequestWrapper = new CommonAuthRequestWrapper(httpServletRequest);
        commonAuthRequestWrapper.setParameter(OIDCSessionConstants.OIDC_SESSION_DATA_KEY_PARAM, str);
        commonAuthRequestWrapper.setParameter("type", str2);
        CommonAuthResponseWrapper commonAuthResponseWrapper = new CommonAuthResponseWrapper(httpServletResponse);
        commonAuthenticationHandler.doGet(commonAuthRequestWrapper, commonAuthResponseWrapper);
        Object attribute = httpServletRequest.getAttribute("authenticatorFlowStatus");
        if (attribute == null) {
            handleLogoutResponseFromFramework(commonAuthRequestWrapper, httpServletResponse);
            return;
        }
        if (((AuthenticatorFlowStatus) attribute) != AuthenticatorFlowStatus.INCOMPLETE) {
            handleLogoutResponseFromFramework(commonAuthRequestWrapper, httpServletResponse);
        } else if (commonAuthResponseWrapper.isRedirect()) {
            httpServletResponse.sendRedirect(commonAuthResponseWrapper.getRedirectURL());
        } else if (commonAuthResponseWrapper.getContent().length > 0) {
            commonAuthResponseWrapper.write();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void addSessionDataToCache(String str, OIDCSessionDataCacheEntry oIDCSessionDataCacheEntry) {
        OIDCSessionDataCache.getInstance().addToCache(new OIDCSessionDataCacheKey(str), oIDCSessionDataCacheEntry);
    }

    private OIDCSessionDataCacheEntry getSessionDataFromCache(String str) {
        return (OIDCSessionDataCacheEntry) OIDCSessionDataCache.getInstance().getValueFromCache(new OIDCSessionDataCacheKey(str));
    }

    private void removeSessionDataFromCache(String str) {
        OIDCSessionDataCache.getInstance().clearCacheEntry(new OIDCSessionDataCacheKey(str));
    }

    private boolean getOpenIDConnectSkipUserConsent(String str) throws ParseException, IdentityOAuth2Exception {
        if (OAuthServerConfiguration.getInstance().getOpenIDConnectSkipLogoutConsentConfig()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Server wide configuration is to skip the logout consent. So continue without checking for the service provider level configuration.");
            return true;
        }
        if (StringUtils.isNotBlank(str)) {
            if (!validateIdToken(str)) {
                throw new IdentityOAuth2Exception("ID token signature validation failed.");
            }
            String extractClientFromIdToken = extractClientFromIdToken(str);
            ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(extractClientFromIdToken);
            if (serviceProvider != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Get the skip logout consent from service prover. clientID: " + extractClientFromIdToken);
                }
                return FrameworkUtils.isLogoutConsentPageSkippedForSP(serviceProvider);
            }
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Could not able to identify the service provider, so prompting the logout consent.");
        return false;
    }

    private void doBackChannelLogout(HttpServletRequest httpServletRequest) {
        LogoutRequestSender.getInstance().sendLogoutRequests(httpServletRequest);
        if (log.isDebugEnabled()) {
            log.debug("Sending backchannel logout request.");
        }
    }

    private void setSPAttributeToRequest(HttpServletRequest httpServletRequest, String str, String str2) {
        httpServletRequest.setAttribute(REQUEST_PARAM_SP, str);
        httpServletRequest.setAttribute("tenantDomain", str2);
    }

    private String getServiceProviderName(String str, String str2) {
        String str3 = null;
        try {
            str3 = OIDCSessionManagementComponentServiceHolder.getApplicationMgtService().getServiceProviderNameByClientId(str, "oauth2", str2);
        } catch (IdentityApplicationManagementException e) {
            log.error("Error while getting Service provider name for client Id:" + str + " in tenant: " + str2, e);
        }
        return str3;
    }

    private void handleMissingSessionStateGracefully(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String errorPageURL;
        String oIDCLogoutURL = OIDCSessionManagementUtil.getOIDCLogoutURL();
        String parameter = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_ID_TOKEN_HINT_PARAM);
        String parameter2 = httpServletRequest.getParameter(OIDCSessionConstants.OIDC_POST_LOGOUT_REDIRECT_URI_PARAM);
        if (StringUtils.isEmpty(parameter) || StringUtils.isEmpty(parameter2)) {
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(oIDCLogoutURL, httpServletRequest));
            return;
        }
        try {
            String extractClientFromIdToken = extractClientFromIdToken(parameter);
            if (!validateIdToken(parameter)) {
                if (log.isDebugEnabled()) {
                    log.debug("ID token signature validation failed. Client id from id token: " + extractClientFromIdToken);
                }
                httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "ID token signature validation failed."), httpServletRequest));
                return;
            }
            try {
                errorPageURL = validatePostLogoutUri(parameter2, new OAuthAppDAO().getAppInformation(extractClientFromIdToken).getCallbackUrl()) ? parameter2 : OIDCSessionManagementUtil.getErrorPageURL("access_denied", "Post logout URI does not match with registered callback URI.");
            } catch (InvalidOAuthClientException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Error occurred while getting application information. Client id not found. Client id from id token: " + extractClientFromIdToken, e);
                }
                errorPageURL = OIDCSessionManagementUtil.getErrorPageURL("access_denied", "Error occurred while getting application information. Client id not found.");
            } catch (IdentityOAuth2Exception e2) {
                log.error("Error occurred while getting application information. Client id not found. Client id from id token: " + extractClientFromIdToken, e2);
                errorPageURL = OIDCSessionManagementUtil.getErrorPageURL("access_denied", "Error occurred while getting application information. Client id not found.");
            }
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(errorPageURL, httpServletRequest));
        } catch (ParseException e3) {
            if (log.isDebugEnabled()) {
                log.debug("Error occurred while retrieving client id from id token.", e3);
            }
            httpServletResponse.sendRedirect(FrameworkUtils.getRedirectURL(OIDCSessionManagementUtil.getErrorPageURL("access_denied", "Error occurred while extracting data from id token."), httpServletRequest));
        }
    }

    private void clearTokenBindingElements(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            OAuthAppDO appInformationByClientId = OAuth2Util.getAppInformationByClientId(str);
            if (StringUtils.isBlank(appInformationByClientId.getTokenBindingType())) {
                return;
            }
            List<TokenBinder> tokenBinders = OIDCSessionManagementComponentServiceHolder.getInstance().getTokenBinders();
            if (tokenBinders.isEmpty()) {
                return;
            }
            tokenBinders.stream().filter(tokenBinder -> {
                return appInformationByClientId.getTokenBindingType().equals(tokenBinder.getBindingType());
            }).findAny().ifPresent(tokenBinder2 -> {
                tokenBinder2.clearTokenBindingElements(httpServletRequest, httpServletResponse);
            });
        } catch (IdentityOAuth2Exception | InvalidOAuthClientException e) {
            log.error("Failed to load the app information for the client id: " + str, e);
        }
    }
}
