package org.wso2.carbon.identity.sso.saml.processors;

import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.dto.QueryParamDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO;
import org.wso2.carbon.identity.sso.saml.session.SSOSessionPersistenceManager;
import org.wso2.carbon.identity.sso.saml.session.SessionInfoData;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/processors/IdPInitLogoutRequestProcessor.class */
public class IdPInitLogoutRequestProcessor implements IdpInitSSOLogoutRequestProcessor {
    private static final Log log = LogFactory.getLog(IdPInitLogoutRequestProcessor.class);
    private String spEntityID;
    private String returnTo;

    @Override // org.wso2.carbon.identity.sso.saml.processors.IdpInitSSOLogoutRequestProcessor
    @Deprecated
    public SAMLSSOReqValidationResponseDTO process(String str, QueryParamDTO[] queryParamDTOArr, String str2) throws IdentityException {
        return process(str, queryParamDTOArr, str2, "carbon.super");
    }

    public SAMLSSOReqValidationResponseDTO process(String str, QueryParamDTO[] queryParamDTOArr, String str2, String str3) throws IdentityException {
        init(queryParamDTOArr);
        SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
        try {
            sAMLSSOReqValidationResponseDTO.setLogOutReq(true);
            if (StringUtils.isBlank(str)) {
                log.error(SAMLSSOConstants.Notification.INVALID_SESSION);
                sAMLSSOReqValidationResponseDTO.setValid(false);
                sAMLSSOReqValidationResponseDTO.setLogoutFromAuthFramework(true);
                return sAMLSSOReqValidationResponseDTO;
            }
            SSOSessionPersistenceManager persistenceManager = SSOSessionPersistenceManager.getPersistenceManager();
            String sessionIndexFromTokenId = persistenceManager.getSessionIndexFromTokenId(str, str3);
            SessionInfoData sessionInfo = persistenceManager.getSessionInfo(sessionIndexFromTokenId, str3);
            if (sessionInfo == null) {
                log.error(SAMLSSOConstants.Notification.INVALID_SESSION);
                sAMLSSOReqValidationResponseDTO.setValid(false);
                sAMLSSOReqValidationResponseDTO.setLogoutFromAuthFramework(true);
                return sAMLSSOReqValidationResponseDTO;
            }
            sAMLSSOReqValidationResponseDTO.setSessionIndex(sessionIndexFromTokenId);
            Map<String, SAMLSSOServiceProviderDO> serviceProviderList = sessionInfo.getServiceProviderList();
            if (!StringUtils.isBlank(this.spEntityID)) {
                SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = serviceProviderList.get(this.spEntityID);
                if (sAMLSSOServiceProviderDO == null) {
                    log.error(String.format(SAMLSSOConstants.Notification.INVALID_SP_ENTITY_ID, this.spEntityID));
                    sAMLSSOReqValidationResponseDTO.setValid(false);
                    return sAMLSSOReqValidationResponseDTO;
                }
                if (!sAMLSSOServiceProviderDO.isIdPInitSLOEnabled()) {
                    log.error(String.format(SAMLSSOConstants.Notification.IDP_SLO_NOT_ENABLED, this.spEntityID));
                    sAMLSSOReqValidationResponseDTO.setValid(false);
                    return sAMLSSOReqValidationResponseDTO;
                }
                if (!StringUtils.isNotBlank(this.returnTo)) {
                    sAMLSSOReqValidationResponseDTO.setReturnToURL(str2 + "?spEntityID=" + this.spEntityID);
                } else {
                    if (!sAMLSSOServiceProviderDO.getIdpInitSLOReturnToURLList().contains(this.returnTo) && !sAMLSSOServiceProviderDO.getAssertionConsumerUrlList().contains(this.returnTo)) {
                        log.error(SAMLSSOConstants.Notification.INVALID_RETURN_TO_URL);
                        sAMLSSOReqValidationResponseDTO.setValid(false);
                        return sAMLSSOReqValidationResponseDTO;
                    }
                    sAMLSSOReqValidationResponseDTO.setReturnToURL(this.returnTo);
                }
                sAMLSSOReqValidationResponseDTO.setIssuer(sAMLSSOServiceProviderDO.getIssuer());
                SAMLSSOUtil.setTenantDomainInThreadLocal(sAMLSSOServiceProviderDO.getTenantDomain());
            } else {
                if (StringUtils.isNotBlank(this.returnTo)) {
                    log.error(SAMLSSOConstants.Notification.NO_SP_ENTITY_PARAM);
                    sAMLSSOReqValidationResponseDTO.setValid(false);
                    return sAMLSSOReqValidationResponseDTO;
                }
                sAMLSSOReqValidationResponseDTO.setReturnToURL(str2);
            }
            sAMLSSOReqValidationResponseDTO.setValid(true);
            return sAMLSSOReqValidationResponseDTO;
        } catch (UserStoreException | IdentityException e) {
            throw IdentityException.error(SAMLSSOConstants.Notification.IDP_SLO_VALIDATE_ERROR, e);
        }
    }

    private void init(QueryParamDTO[] queryParamDTOArr) {
        for (QueryParamDTO queryParamDTO : queryParamDTOArr) {
            if (SAMLSSOConstants.QueryParameter.SP_ENTITY_ID.toString().equals(queryParamDTO.getKey())) {
                this.spEntityID = SAMLSSOUtil.resolveIssuerQualifier(queryParamDTOArr, SAMLSSOUtil.splitAppendedTenantDomain(queryParamDTO.getValue()));
            } else if (SAMLSSOConstants.QueryParameter.RETURN_TO.toString().equals(queryParamDTO.getKey())) {
                this.returnTo = queryParamDTO.getValue();
            }
        }
    }
}
