package org.apereo.cas.support.saml.web.idp.profile.slo;

import java.nio.charset.StandardCharsets;
import lombok.Generated;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.velocity.app.VelocityEngine;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.logout.LogoutHttpMessage;
import org.apereo.cas.logout.SingleLogoutExecutionRequest;
import org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler;
import org.apereo.cas.logout.slo.SingleLogoutMessage;
import org.apereo.cas.logout.slo.SingleLogoutMessageCreator;
import org.apereo.cas.logout.slo.SingleLogoutRequestContext;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.HttpUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.web.support.WebUtils;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-web-6.5.4.jar:org/apereo/cas/support/saml/web/idp/profile/slo/SamlIdPSingleLogoutServiceMessageHandler.class */
public class SamlIdPSingleLogoutServiceMessageHandler extends BaseSingleLogoutServiceMessageHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SamlIdPSingleLogoutServiceMessageHandler.class);
    protected final SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver;
    protected final VelocityEngine velocityEngineFactory;
    protected final OpenSamlConfigBean openSamlConfigBean;

    public SamlIdPSingleLogoutServiceMessageHandler(HttpClient httpClient, SingleLogoutMessageCreator singleLogoutMessageCreator, ServicesManager servicesManager, SingleLogoutServiceLogoutUrlBuilder singleLogoutServiceLogoutUrlBuilder, boolean z, AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, VelocityEngine velocityEngine, OpenSamlConfigBean openSamlConfigBean) {
        super(httpClient, singleLogoutMessageCreator, servicesManager, singleLogoutServiceLogoutUrlBuilder, z, authenticationServiceSelectionPlan);
        this.samlRegisteredServiceCachingMetadataResolver = samlRegisteredServiceCachingMetadataResolver;
        this.velocityEngineFactory = velocityEngine;
        this.openSamlConfigBean = openSamlConfigBean;
    }

    @Override // org.apereo.cas.logout.slo.SingleLogoutServiceMessageHandler, org.springframework.core.Ordered
    public int getOrder() {
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler
    public boolean supportsInternal(WebApplicationService webApplicationService, RegisteredService registeredService, SingleLogoutExecutionRequest singleLogoutExecutionRequest) {
        return registeredService instanceof SamlRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v32, types: [org.apereo.cas.util.HttpUtils$HttpExecutionRequest$HttpExecutionRequestBuilder] */
    /* JADX WARN: Type inference failed for: r0v58, types: [org.apereo.cas.util.HttpUtils$HttpExecutionRequest$HttpExecutionRequestBuilder] */
    @Override // org.apereo.cas.logout.slo.BaseSingleLogoutServiceMessageHandler
    public boolean sendMessageToEndpoint(LogoutHttpMessage logoutHttpMessage, SingleLogoutRequestContext singleLogoutRequestContext, SingleLogoutMessage singleLogoutMessage) {
        if (singleLogoutRequestContext.getExecutionRequest().getHttpServletRequest().isPresent()) {
            String issuerFromSamlObject = SamlIdPUtils.getIssuerFromSamlObject((LogoutRequest) SamlUtils.transformSamlObject(this.openSamlConfigBean, EncodingUtils.decodeBase64(WebUtils.getSingleLogoutRequest(singleLogoutRequestContext.getExecutionRequest().getHttpServletRequest().get())), LogoutRequest.class));
            if (singleLogoutRequestContext.getService().getId().equalsIgnoreCase(issuerFromSamlObject)) {
                LOGGER.trace("Skipping single logout request for [{}] as the request initiator", issuerFromSamlObject);
                return true;
            }
        }
        String str = singleLogoutRequestContext.getProperties().get(SamlIdPSingleLogoutServiceLogoutUrlBuilder.PROPERTY_NAME_SINGLE_LOGOUT_BINDING);
        if (SAMLConstants.SAML2_SOAP11_BINDING_URI.equalsIgnoreCase(str)) {
            return super.sendMessageToEndpoint(logoutHttpMessage, singleLogoutRequestContext, singleLogoutMessage);
        }
        HttpResponse httpResponse = null;
        try {
            try {
                LogoutRequest logoutRequest = (LogoutRequest) singleLogoutMessage.getMessage();
                LOGGER.trace("Sending logout request for binding [{}]", str);
                if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equalsIgnoreCase(str)) {
                    SamlIdPHttpRedirectDeflateEncoder samlIdPHttpRedirectDeflateEncoder = new SamlIdPHttpRedirectDeflateEncoder(logoutHttpMessage.getUrl().toExternalForm(), logoutRequest);
                    samlIdPHttpRedirectDeflateEncoder.doEncode();
                    String redirectUrl = samlIdPHttpRedirectDeflateEncoder.getRedirectUrl();
                    LOGGER.trace("Final logout redirect URL is [{}]", redirectUrl);
                    httpResponse = HttpUtils.execute(HttpUtils.HttpExecutionRequest.builder().method(HttpMethod.GET).url(redirectUrl).build());
                } else {
                    String nodeToString = SerializeSupport.nodeToString(XMLObjectSupport.marshall(logoutRequest));
                    LOGGER.trace("Logout request payload is [{}]", nodeToString);
                    String encodeBase64 = EncodingUtils.encodeBase64(nodeToString.getBytes(StandardCharsets.UTF_8), false);
                    LOGGER.trace("Logout message encoded in base64 is [{}]", encodeBase64);
                    httpResponse = HttpUtils.execute(HttpUtils.HttpExecutionRequest.builder().method(HttpMethod.POST).url(logoutHttpMessage.getUrl().toExternalForm()).parameters(CollectionUtils.wrap("SAMLRequest", encodeBase64)).headers(CollectionUtils.wrap("Content-Type", logoutHttpMessage.getContentType())).build());
                }
            } catch (Exception e) {
                LoggingUtils.error(LOGGER, e);
                HttpUtils.close(httpResponse);
            }
            if (httpResponse == null || httpResponse.getStatusLine().getStatusCode() != HttpStatus.OK.value()) {
                HttpUtils.close(httpResponse);
                LOGGER.warn("No (successful) logout response received from the url [{}]", logoutHttpMessage.getUrl().toExternalForm());
                return false;
            }
            LOGGER.trace("Received logout response as [{}]", IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8));
            HttpUtils.close(httpResponse);
            return true;
        } catch (Throwable th) {
            HttpUtils.close(httpResponse);
            throw th;
        }
    }

    @Generated
    public SamlRegisteredServiceCachingMetadataResolver getSamlRegisteredServiceCachingMetadataResolver() {
        return this.samlRegisteredServiceCachingMetadataResolver;
    }

    @Generated
    public VelocityEngine getVelocityEngineFactory() {
        return this.velocityEngineFactory;
    }

    @Generated
    public OpenSamlConfigBean getOpenSamlConfigBean() {
        return this.openSamlConfigBean;
    }
}
