package org.wso2.carbon.identity.sso.saml.processors;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.SessionIndex;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.builders.SingleLogoutMessageBuilder;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO;
import org.wso2.carbon.identity.sso.saml.dto.SingleLogoutRequestDTO;
import org.wso2.carbon.identity.sso.saml.session.SSOSessionPersistenceManager;
import org.wso2.carbon.identity.sso.saml.session.SessionInfoData;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/processors/SPInitLogoutRequestProcessor.class */
public class SPInitLogoutRequestProcessor {
    private static Log log = LogFactory.getLog(SPInitLogoutRequestProcessor.class);

    public SAMLSSOReqValidationResponseDTO process(LogoutRequest logoutRequest, String str, String str2) throws IdentityException {
        try {
            SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
            sAMLSSOReqValidationResponseDTO.setLogOutReq(true);
            SSOSessionPersistenceManager persistenceManager = SSOSessionPersistenceManager.getPersistenceManager();
            if (StringUtils.isBlank(str)) {
                log.error("Session was already Expired");
                return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Session was already Expired", logoutRequest.getDestination());
            }
            String sessionIndexFromTokenId = persistenceManager.getSessionIndexFromTokenId(str);
            if (StringUtils.isBlank(str)) {
                log.error("Session index value not found in the request");
                SAMLSSOReqValidationResponseDTO buildErrorResponse = buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Session index value not found in the request", null);
                buildErrorResponse.setLogoutFromAuthFramework(true);
                return buildErrorResponse;
            }
            if (logoutRequest != null) {
                if (logoutRequest.getIssuer() == null) {
                    log.error("Issuer should be mentioned in the Logout Request");
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Issuer should be mentioned in the Logout Request", logoutRequest.getDestination());
                }
                if (logoutRequest.getNameID() == null) {
                    log.error("Subject Name should be specified in the Logout Request");
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Subject Name should be specified in the Logout Request", logoutRequest.getDestination());
                }
                logoutRequest.getNameID().getValue();
                if (logoutRequest.getSessionIndexes() == null) {
                    log.error("At least one Session Index should be present in the Logout Request");
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "At least one Session Index should be present in the Logout Request", logoutRequest.getDestination());
                }
                SessionInfoData sessionInfo = persistenceManager.getSessionInfo(sessionIndexFromTokenId);
                if (sessionInfo == null) {
                    log.error("No Established Sessions corresponding to Session Indexes provided.");
                    SAMLSSOReqValidationResponseDTO buildErrorResponse2 = buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "No Established Sessions corresponding to Session Indexes provided.", null);
                    buildErrorResponse2.setLogoutFromAuthFramework(true);
                    return buildErrorResponse2;
                }
                String value = logoutRequest.getIssuer().getValue();
                if (value.contains("@")) {
                    String[] split = value.split("@");
                    if (StringUtils.isNotEmpty(split[0]) && StringUtils.isNotEmpty(split[1])) {
                        value = split[0];
                        SAMLSSOUtil.setTenantDomainInThreadLocal(split[1]);
                        if (log.isDebugEnabled()) {
                            log.debug("Tenant Domain : " + split[1] + " & Issuer name :" + split[0] + " has being spilt");
                        }
                    } else {
                        SAMLSSOUtil.setTenantDomainInThreadLocal(sessionInfo.getServiceProviderList().get(value).getTenantDomain());
                    }
                } else {
                    SAMLSSOUtil.setTenantDomainInThreadLocal(sessionInfo.getServiceProviderList().get(value).getTenantDomain());
                }
                String subject = sessionInfo.getSubject(value);
                Map<String, SAMLSSOServiceProviderDO> serviceProviderList = sessionInfo.getServiceProviderList();
                SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = serviceProviderList.get(value);
                if (sAMLSSOServiceProviderDO.isDoSingleLogout()) {
                    SessionIndex sessionIndex = logoutRequest.getSessionIndexes().size() > 0 ? (SessionIndex) logoutRequest.getSessionIndexes().get(0) : null;
                    if (sessionIndex == null || !sessionIndexFromTokenId.equals(sessionIndex.getSessionIndex())) {
                        String str3 = "Session Index validation for Logout Request failed. Received: [" + (sessionIndex == null ? "null" : sessionIndex.getSessionIndex()) + "]. Expected: [" + sessionIndexFromTokenId + "]";
                        log.error(str3);
                        return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, str3, logoutRequest.getDestination());
                    }
                }
                if (sAMLSSOServiceProviderDO.isDoValidateSignatureInRequests()) {
                    String property = IdentityUtil.getProperty("SSOService.IdentityProviderURL");
                    if (StringUtils.isBlank(property)) {
                        property = IdentityUtil.getServerURL(SAMLSSOConstants.SAMLSSO_URL);
                    }
                    if (logoutRequest.getDestination() == null || !property.equals(logoutRequest.getDestination())) {
                        String str4 = "Destination validation for Logout Request failed. Received: [" + logoutRequest.getDestination() + "]. Expected: [" + property + "]";
                        log.error(str4);
                        return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, str4, logoutRequest.getDestination());
                    }
                    if (!SAMLSSOUtil.validateLogoutRequestSignature(logoutRequest, sAMLSSOServiceProviderDO.getCertAlias(), subject, str2)) {
                        log.error("Signature validation for Logout Request failed");
                        return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Signature validation for Logout Request failed", logoutRequest.getDestination());
                    }
                }
                SingleLogoutMessageBuilder singleLogoutMessageBuilder = new SingleLogoutMessageBuilder();
                Map<String, String> rPSessionsList = sessionInfo.getRPSessionsList();
                ArrayList arrayList = new ArrayList();
                for (Map.Entry<String, SAMLSSOServiceProviderDO> entry : serviceProviderList.entrySet()) {
                    String key = entry.getKey();
                    SAMLSSOServiceProviderDO value2 = entry.getValue();
                    if (key.equals(value)) {
                        sAMLSSOReqValidationResponseDTO.setIssuer(value2.getIssuer());
                        if (StringUtils.isNotBlank(value2.getSloResponseURL())) {
                            sAMLSSOReqValidationResponseDTO.setAssertionConsumerURL(value2.getSloResponseURL());
                        } else {
                            sAMLSSOReqValidationResponseDTO.setAssertionConsumerURL(value2.getAssertionConsumerUrl());
                        }
                    } else {
                        SingleLogoutRequestDTO singleLogoutRequestDTO = new SingleLogoutRequestDTO();
                        if (StringUtils.isNotBlank(value2.getSloRequestURL())) {
                            singleLogoutRequestDTO.setAssertionConsumerURL(value2.getSloRequestURL());
                        } else if (StringUtils.isNotBlank(value2.getSloResponseURL())) {
                            singleLogoutRequestDTO.setAssertionConsumerURL(value2.getSloResponseURL());
                        } else {
                            singleLogoutRequestDTO.setAssertionConsumerURL(value2.getAssertionConsumerUrl());
                        }
                        singleLogoutRequestDTO.setLogoutResponse(SAMLSSOUtil.encode(SAMLSSOUtil.marshall(singleLogoutMessageBuilder.buildLogoutRequest(sessionInfo.getSubject(key), sessionIndexFromTokenId, SAMLSSOConstants.SingleLogoutCodes.LOGOUT_USER, singleLogoutRequestDTO.getAssertionConsumerURL(), value2.getNameIDFormat(), value2.getTenantDomain()))));
                        singleLogoutRequestDTO.setRpSessionId(rPSessionsList.get(key));
                        arrayList.add(singleLogoutRequestDTO);
                    }
                }
                sAMLSSOReqValidationResponseDTO.setLogoutRespDTO((SingleLogoutRequestDTO[]) arrayList.toArray(new SingleLogoutRequestDTO[arrayList.size()]));
                sAMLSSOReqValidationResponseDTO.setLogoutResponse(SAMLSSOUtil.encode(SAMLSSOUtil.marshall(singleLogoutMessageBuilder.buildLogoutResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null, sAMLSSOReqValidationResponseDTO.getAssertionConsumerURL(), SAMLSSOUtil.getTenantDomainFromThreadLocal()))));
                sAMLSSOReqValidationResponseDTO.setValid(true);
            }
            return sAMLSSOReqValidationResponseDTO;
        } catch (UserStoreException | IdentityException e) {
            throw new IdentityException("Error Processing the Logout Request", e);
        }
    }

    private SAMLSSOReqValidationResponseDTO buildErrorResponse(String str, String str2, String str3, String str4) throws IdentityException {
        SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
        LogoutResponse buildLogoutResponse = new SingleLogoutMessageBuilder().buildLogoutResponse(str, str2, str3, str4, null);
        sAMLSSOReqValidationResponseDTO.setLogOutReq(true);
        sAMLSSOReqValidationResponseDTO.setValid(false);
        try {
            sAMLSSOReqValidationResponseDTO.setResponse(SAMLSSOUtil.compressResponse(SAMLSSOUtil.marshall(buildLogoutResponse)));
            return sAMLSSOReqValidationResponseDTO;
        } catch (IOException e) {
            throw new IdentityException("Error while creating logout response", e);
        }
    }
}
