package no.kantega.security.api.impl.identity;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import no.kantega.security.api.identity.DefaultIdentity;
import no.kantega.security.api.identity.Identity;
import no.ntnu.it.fw.saml2api.IDPConf;
import no.ntnu.it.fw.saml2api.SAML2Exception;
import no.ntnu.it.fw.saml2api.SAML2Util;
import no.ntnu.it.fw.saml2api.SPConf;
import no.ntnu.it.fw.saml2api.exthiggins.SAMLLogoutResponse;
import no.ntnu.it.fw.saml2api.http.Common;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;

/* loaded from: input_file:no/kantega/security/api/impl/identity/FeideSAML2LogoutController.class */
public class FeideSAML2LogoutController extends AbstractFeideConfigurable implements Controller {
    private static Logger log = LoggerFactory.getLogger(FeideSAML2LogoutController.class);
    private String authenticationContext;
    private UserSessionManager userSessionManager = new UserSessionManager();
    private String defaultUnAuthenticatedUrl;

    public ModelAndView handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        init(httpServletRequest.getSession());
        avoidCaching(httpServletResponse);
        httpServletResponse.sendRedirect(isLogoutRequestFromFeide(httpServletRequest) ? handleLogoutRequestFromFeide(httpServletRequest) : isLogoutResponseFromFeide(httpServletRequest) ? handleLogoutResponseFromFeide(httpServletRequest) : startLogout(httpServletRequest));
        return null;
    }

    private boolean isLogoutRequestFromFeide(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("SAMLRequest") != null;
    }

    private boolean isLogoutResponseFromFeide(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("SAMLResponse") != null;
    }

    private String handleLogoutRequestFromFeide(HttpServletRequest httpServletRequest) throws SAML2Exception {
        ServletContext servletContext = httpServletRequest.getSession().getServletContext();
        String createSAMLLogoutResponse = SAML2Util.createSAMLLogoutResponse(Common.getConfigIDP(servletContext), Common.getConfigSP(servletContext), httpServletRequest.getParameter("SAMLRequest"), httpServletRequest.getParameter("RelayState"));
        log.info("Logout request from IDP, redirect to: " + createSAMLLogoutResponse);
        return createSAMLLogoutResponse;
    }

    private String handleLogoutResponseFromFeide(HttpServletRequest httpServletRequest) throws SAML2Exception {
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        String parameter2 = httpServletRequest.getParameter("RelayState");
        SAMLLogoutResponse parseSAMLogoutResponse = SAML2Util.parseSAMLogoutResponse(parameter);
        if (log.isDebugEnabled()) {
            log.debug("Parsed LogoutResponse:" + SAML2Util.dom2String(parseSAMLogoutResponse.getDocument()));
        }
        return parameter2;
    }

    private String startLogout(HttpServletRequest httpServletRequest) throws SAML2Exception {
        String parameter = httpServletRequest.getParameter("redirect");
        log.info("Start logout, redirect:" + parameter);
        ServletContext servletContext = httpServletRequest.getSession().getServletContext();
        IDPConf configIDP = Common.getConfigIDP(servletContext);
        SPConf configSP = Common.getConfigSP(servletContext);
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(this.authenticationContext + FeideSAML2IdentityResolver.SESSION_IDENTITY_NAME);
        String str2 = (String) session.getAttribute(this.authenticationContext + FeideSAML2IdentityResolver.SESSION_IDENTITY_DOMAIN);
        String str3 = this.defaultUnAuthenticatedUrl;
        if (str != null && str2 != null) {
            Identity defaultIdentity = new DefaultIdentity();
            defaultIdentity.setUserId(str);
            defaultIdentity.setDomain(str2);
            if (this.userSessionManager.userHasValidSession(defaultIdentity)) {
                UserSession userSession = this.userSessionManager.getUserSession(defaultIdentity);
                this.userSessionManager.removeUserSession(defaultIdentity);
                session.removeAttribute(this.authenticationContext + FeideSAML2IdentityResolver.SESSION_IDENTITY_NAME);
                session.removeAttribute(this.authenticationContext + FeideSAML2IdentityResolver.SESSION_IDENTITY_DOMAIN);
                str3 = SAML2Util.createSAMLLogoutRequest(configIDP, configSP, userSession.getSamlNameId(), userSession.getSamlSessionIndex(), parameter);
            }
        }
        log.info("Created SAML logout request, redirect to:" + str3);
        return str3;
    }

    private void avoidCaching(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
        httpServletResponse.setDateHeader("Expires", 0L);
    }

    @Required
    public void setAuthenticationContext(String str) {
        this.authenticationContext = str;
    }

    @Required
    public void setDefaultUnAuthenticatedUrl(String str) {
        this.defaultUnAuthenticatedUrl = str;
    }
}
