package org.wso2.carbon.identity.application.authenticator.samlsso.logout.validators;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.function.Consumer;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.context.SAMLMessageContext;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.exception.SAMLLogoutException;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.util.LambdaExceptionUtil;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.util.SAMLLogoutUtil;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOConstants;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/logout/validators/LogoutRequestValidator.class */
public class LogoutRequestValidator {
    private static final Log log = LogFactory.getLog(LogoutRequestValidator.class);
    private SAMLMessageContext samlMessageContext;

    public LogoutRequestValidator(SAMLMessageContext sAMLMessageContext) {
        this.samlMessageContext = sAMLMessageContext;
    }

    public boolean isValidate(LogoutRequest logoutRequest) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(LambdaExceptionUtil.rethrowConsumer(this::isSAMLVersionValid));
        arrayList.add(LambdaExceptionUtil.rethrowConsumer(this::isIssuerValid));
        arrayList.add(LambdaExceptionUtil.rethrowConsumer(this::isSubjectValid));
        arrayList.add(LambdaExceptionUtil.rethrowConsumer(this::isValidLogoutReqSignature));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ((Consumer) it.next()).accept(logoutRequest);
            if (!this.samlMessageContext.getValidStatus().booleanValue()) {
                return false;
            }
        }
        return true;
    }

    private void isSAMLVersionValid(LogoutRequest logoutRequest) throws SAMLLogoutException {
        if (SAMLVersion.VERSION_20.equals(logoutRequest.getVersion())) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Invalid SAML Version in Logout Request. SAML Version should be equal to 2.0");
        }
        this.samlMessageContext.setValidStatus(false);
        throw new SAMLLogoutException("Invalid SAML Version in Logout Request. SAML Version should be equal to 2.0", SAMLLogoutUtil.buildErrorResponse(this.samlMessageContext, logoutRequest.getID(), SSOConstants.StatusCodes.VERSION_MISMATCH, "Invalid SAML Version in Logout Request. SAML Version should be equal to 2.0"), logoutRequest.getDestination(), this.samlMessageContext.getRelayState());
    }

    private void isIssuerValid(LogoutRequest logoutRequest) throws SAMLLogoutException {
        if (logoutRequest.getIssuer().getValue() == null) {
            if (log.isDebugEnabled()) {
                log.debug("Issuer value cannot be null in the Logout Request");
            }
            this.samlMessageContext.setValidStatus(false);
            throw new SAMLLogoutException("Issuer value cannot be null in the Logout Request", SAMLLogoutUtil.buildErrorResponse(this.samlMessageContext, logoutRequest.getID(), SSOConstants.StatusCodes.REQUESTOR_ERROR, "Issuer value cannot be null in the Logout Request"), logoutRequest.getDestination(), this.samlMessageContext.getRelayState());
        }
        if (StringUtils.isBlank(logoutRequest.getIssuer().getFormat()) || !SSOConstants.ISSUER_FORMAT.equals(logoutRequest.getIssuer().getFormat())) {
            if (log.isDebugEnabled()) {
                log.debug("Invalid Issuer Format in the logout request");
            }
            this.samlMessageContext.setValidStatus(false);
            throw new SAMLLogoutException("Invalid Issuer Format in the logout request", SAMLLogoutUtil.buildErrorResponse(this.samlMessageContext, logoutRequest.getID(), SSOConstants.StatusCodes.REQUESTOR_ERROR, "Invalid Issuer Format in the logout request"), logoutRequest.getDestination(), this.samlMessageContext.getRelayState());
        }
    }

    private void isSubjectValid(LogoutRequest logoutRequest) throws SAMLLogoutException {
        if (logoutRequest.getNameID() == null && logoutRequest.getBaseID() == null && logoutRequest.getEncryptedID() == null) {
            if (log.isDebugEnabled()) {
                log.debug("Subject Name should be specified in the Logout Request");
            }
            this.samlMessageContext.setValidStatus(false);
            throw new SAMLLogoutException("Subject Name should be specified in the Logout Request", SAMLLogoutUtil.buildErrorResponse(this.samlMessageContext, logoutRequest.getID(), SSOConstants.StatusCodes.REQUESTOR_ERROR, "Subject Name should be specified in the Logout Request"), logoutRequest.getDestination(), this.samlMessageContext.getRelayState());
        }
    }

    private void isValidLogoutReqSignature(LogoutRequest logoutRequest) throws SAMLLogoutException {
        if (!Boolean.parseBoolean(this.samlMessageContext.getFedIdPConfigs().get("IsLogoutReqSigned")) || SAMLLogoutUtil.isValidSignature(logoutRequest, this.samlMessageContext)) {
            return;
        }
        String str = "Signature validation failed for logout request with issuer: " + logoutRequest.getIssuer().getValue();
        if (log.isDebugEnabled()) {
            log.debug(str);
        }
        this.samlMessageContext.setValidStatus(false);
        throw new SAMLLogoutException(str, SAMLLogoutUtil.buildErrorResponse(this.samlMessageContext, logoutRequest.getID(), SSOConstants.StatusCodes.REQUESTOR_ERROR, str), logoutRequest.getDestination(), this.samlMessageContext.getRelayState());
    }
}
