package org.wso2.carbon.identity.application.authenticator.samlsso.logout.processor;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.inbound.FrameworkLogoutResponse;
import org.wso2.carbon.identity.application.authentication.framework.inbound.FrameworkRuntimeException;
import org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityMessageContext;
import org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityProcessor;
import org.wso2.carbon.identity.application.authentication.framework.inbound.IdentityRequest;
import org.wso2.carbon.identity.application.authentication.framework.inbound.InboundUtil;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.context.SAMLMessageContext;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.dao.SessionInfoDAO;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.exception.SAMLLogoutException;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.request.SAMLLogoutRequest;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.util.SAMLLogoutUtil;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.validators.LogoutRequestValidator;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOConstants;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOUtils;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/logout/processor/SAMLLogoutRequestProcessor.class */
public class SAMLLogoutRequestProcessor extends IdentityProcessor {
    private static final Log log = LogFactory.getLog(SAMLLogoutRequestProcessor.class);

    public boolean canHandle(IdentityRequest identityRequest) {
        return identityRequest instanceof SAMLLogoutRequest;
    }

    /* renamed from: process, reason: merged with bridge method [inline-methods] */
    public FrameworkLogoutResponse.FrameworkLogoutResponseBuilder m7process(IdentityRequest identityRequest) throws SAMLLogoutException {
        SAMLMessageContext<String, String> sAMLMessageContext = new SAMLMessageContext<>(identityRequest, new HashMap());
        try {
            XMLObject unmarshall = sAMLMessageContext.getSAMLLogoutRequest().isPost() ? SSOUtils.unmarshall(SSOUtils.decodeForPost(identityRequest.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ))) : SSOUtils.unmarshall(SSOUtils.decode(identityRequest.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ)));
            if (!(unmarshall instanceof LogoutRequest)) {
                sAMLMessageContext.setValidStatus(false);
                throw new SAMLLogoutException("Invalid Single Logout SAML Request");
            }
            LogoutRequest logoutRequest = (LogoutRequest) unmarshall;
            sAMLMessageContext.setValidStatus(true);
            sAMLMessageContext.setIdPSessionID(SAMLLogoutUtil.getSessionIndex(logoutRequest));
            if (StringUtils.isNotBlank(sAMLMessageContext.getIdPSessionID())) {
                populateContextWithSessionDetails(sAMLMessageContext);
            }
            if (!Boolean.parseBoolean(sAMLMessageContext.getFedIdPConfigs().get("IsSLORequestAccepted"))) {
                throw new SAMLLogoutException("Single logout requests from the federated IdP: " + sAMLMessageContext.getFederatedIdP().getIdentityProviderName() + " are not accepted");
            }
            if (new LogoutRequestValidator(sAMLMessageContext).isValidate(logoutRequest)) {
                LogoutResponse buildResponse = SAMLLogoutUtil.buildResponse(sAMLMessageContext, logoutRequest.getID(), SSOConstants.StatusCodes.SUCCESS_CODE, null);
                sAMLMessageContext.setResponse(SSOUtils.encode(SSOUtils.marshall(buildResponse)));
                sAMLMessageContext.setAcsUrl(buildResponse.getDestination());
            }
            return buildResponseForFrameworkLogout(sAMLMessageContext);
        } catch (SAMLSSOException e) {
            throw new SAMLLogoutException("Error when processing the Logout Request.", e);
        }
    }

    private FrameworkLogoutResponse.FrameworkLogoutResponseBuilder buildResponseForFrameworkLogout(SAMLMessageContext<String, String> sAMLMessageContext) {
        IdentityRequest request = sAMLMessageContext.getRequest();
        Map parameterMap = request.getParameterMap();
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        authenticationRequest.appendRequestQueryParams(parameterMap);
        if (request.getHeaderMap() != null) {
            Map headerMap = request.getHeaderMap();
            authenticationRequest.getClass();
            headerMap.forEach(authenticationRequest::addHeader);
        }
        authenticationRequest.setTenantDomain(sAMLMessageContext.getTenantDomain());
        authenticationRequest.setRelyingParty(getRelyingPartyId(sAMLMessageContext));
        authenticationRequest.setType(getType(sAMLMessageContext));
        try {
            authenticationRequest.setCommonAuthCallerPath(URLEncoder.encode(getCallbackPath(sAMLMessageContext), StandardCharsets.UTF_8.name()));
            authenticationRequest.addRequestQueryParam("commonAuthLogout", new String[]{"true"});
            authenticationRequest.addRequestQueryParam("sessionId", new String[]{sAMLMessageContext.getSessionID()});
            AuthenticationRequestCacheEntry authenticationRequestCacheEntry = new AuthenticationRequestCacheEntry(authenticationRequest);
            String generateUUID = UUIDGenerator.generateUUID();
            authenticationRequestCacheEntry.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
            FrameworkUtils.addAuthenticationRequestToCache(generateUUID, authenticationRequestCacheEntry);
            InboundUtil.addContextToCache(generateUUID, sAMLMessageContext);
            FrameworkLogoutResponse.FrameworkLogoutResponseBuilder frameworkLogoutResponseBuilder = new FrameworkLogoutResponse.FrameworkLogoutResponseBuilder(sAMLMessageContext);
            frameworkLogoutResponseBuilder.setContextKey(generateUUID);
            frameworkLogoutResponseBuilder.setCallbackPath(getCallbackPath(sAMLMessageContext));
            frameworkLogoutResponseBuilder.setAuthType(getType(sAMLMessageContext));
            try {
                frameworkLogoutResponseBuilder.setRedirectURL(ServiceURLBuilder.create().addPath(new String[]{"commonauth"}).build().getAbsolutePublicURL());
                return frameworkLogoutResponseBuilder;
            } catch (URLBuilderException e) {
                throw FrameworkRuntimeException.error("Error while building commonauth URL.", e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw FrameworkRuntimeException.error("Error occurred while URL encoding callback path: " + getCallbackPath(sAMLMessageContext), e2);
        }
    }

    private void populateContextWithSessionDetails(SAMLMessageContext<String, String> sAMLMessageContext) throws SAMLLogoutException {
        Map<String, String> sessionDetails = new SessionInfoDAO().getSessionDetails(sAMLMessageContext.getIdPSessionID());
        if (sessionDetails != null) {
            if (StringUtils.isNotBlank(sAMLMessageContext.getSAMLLogoutRequest().getTenantDomain())) {
                sAMLMessageContext.setTenantDomain(sAMLMessageContext.getSAMLLogoutRequest().getTenantDomain());
            } else {
                sAMLMessageContext.setTenantDomain("carbon.super");
            }
            try {
                IdentityProvider idPByName = IdentityProviderManager.getInstance().getIdPByName(sessionDetails.get("idpName"), sAMLMessageContext.getTenantDomain());
                sAMLMessageContext.setSessionID(sessionDetails.get("sessionId"));
                sAMLMessageContext.setFederatedIdP(idPByName);
                sAMLMessageContext.setFedIdPConfigs(SAMLLogoutUtil.getFederatedIdPConfigs(idPByName));
            } catch (IdentityProviderManagementException e) {
                throw new SAMLLogoutException("Error when getting the Identity Provider by IdP name: " + sessionDetails.get("idpName") + "with tenant domain: " + sAMLMessageContext.getTenantDomain(), e);
            }
        }
    }

    public String getType(IdentityMessageContext identityMessageContext) {
        return SSOConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getCallbackPath(IdentityMessageContext identityMessageContext) {
        try {
            return ServiceURLBuilder.create().addPath(new String[]{SSOConstants.SAML_SLO_URL}).build().getAbsolutePublicURL();
        } catch (URLBuilderException e) {
            throw FrameworkRuntimeException.error("Error while building callback path.", e);
        }
    }

    public String getRelyingPartyId() {
        return null;
    }

    public String getRelyingPartyId(IdentityMessageContext identityMessageContext) {
        return null;
    }
}
