package net.shibboleth.idp.saml.session.impl;

import java.time.Instant;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.saml.session.SAML2SPSession;
import net.shibboleth.idp.session.context.LogoutPropagationContext;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-saml-impl-4.1.2.jar:net/shibboleth/idp/saml/session/impl/AddLogoutRequest.class */
public class AddLogoutRequest extends AbstractProfileAction {
    private boolean overwriteExisting;

    @Nullable
    private Function<ProfileRequestContext, String> issuerLookupStrategy;

    @Nullable
    private IdentifierGenerationStrategy idGenerator;

    @Nullable
    private SAML2SPSession saml2Session;

    @Nullable
    private String issuerId;

    @Nonnull
    private Logger log = LoggerFactory.getLogger((Class<?>) AddLogoutRequest.class);

    @Nonnull
    private Function<ProfileRequestContext, IdentifierGenerationStrategy> idGeneratorLookupStrategy = new Function<ProfileRequestContext, IdentifierGenerationStrategy>() { // from class: net.shibboleth.idp.saml.session.impl.AddLogoutRequest.1
        @Override // java.util.function.Function
        public IdentifierGenerationStrategy apply(ProfileRequestContext profileRequestContext) {
            return new SecureRandomIdentifierGenerationStrategy();
        }
    };

    @Nonnull
    private Function<ProfileRequestContext, LogoutPropagationContext> logoutPropContextLookupStrategy = new ChildContextLookup(LogoutPropagationContext.class);
    private boolean includeSessionIndex = true;

    public void setOverwriteExisting(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.overwriteExisting = z;
    }

    public void setIncludeSessionIndex(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.includeSessionIndex = z;
    }

    public void setIdentifierGeneratorLookupStrategy(@Nonnull Function<ProfileRequestContext, IdentifierGenerationStrategy> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.idGeneratorLookupStrategy = (Function) Constraint.isNotNull(function, "IdentifierGenerationStrategy lookup strategy cannot be null");
    }

    public void setIssuerLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.issuerLookupStrategy = function;
    }

    public void setLogoutPropagationContextLookupStrategy(@Nonnull Function<ProfileRequestContext, LogoutPropagationContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.logoutPropContextLookupStrategy = (Function) Constraint.isNotNull(function, "LogoutPropagationContext lookup strategy cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        MessageContext outboundMessageContext = profileRequestContext.getOutboundMessageContext();
        if (outboundMessageContext == null) {
            this.log.debug("{} No outbound message context", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        if (!this.overwriteExisting && outboundMessageContext.getMessage() != null) {
            this.log.debug("{} Outbound message context already contains a message", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        this.idGenerator = this.idGeneratorLookupStrategy.apply(profileRequestContext);
        if (this.idGenerator == null) {
            this.log.debug("{} No identifier generation strategy", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        if (this.issuerLookupStrategy != null) {
            this.issuerId = this.issuerLookupStrategy.apply(profileRequestContext);
        }
        LogoutPropagationContext apply = this.logoutPropContextLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.debug("{} No logout propagation context", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        if (apply.getSession() == null || !(apply.getSession() instanceof SAML2SPSession)) {
            this.log.debug("{} Logout propgation context did not contain a SAML2SPSession", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        this.saml2Session = (SAML2SPSession) apply.getSession();
        if (this.saml2Session.getId() != null) {
            outboundMessageContext.setMessage(null);
            return true;
        }
        this.log.debug("{} SAML2SPSession in logout propagation context did not contain a service ID", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
        LogoutRequest logoutRequest = (LogoutRequest) ((SAMLObjectBuilder) builderFactory.getBuilderOrThrow(LogoutRequest.DEFAULT_ELEMENT_NAME)).buildObject();
        logoutRequest.setID(this.idGenerator.generateIdentifier());
        logoutRequest.setIssueInstant(Instant.now());
        logoutRequest.setVersion(SAMLVersion.VERSION_20);
        try {
            logoutRequest.setNameID((NameID) XMLObjectSupport.cloneXMLObject(this.saml2Session.getNameID()));
            if (this.issuerId != null) {
                this.log.debug("{} Setting Issuer to {}", getLogPrefix(), this.issuerId);
                Issuer issuer = (Issuer) ((SAMLObjectBuilder) builderFactory.getBuilderOrThrow(Issuer.DEFAULT_ELEMENT_NAME)).buildObject();
                issuer.setValue(this.issuerId);
                logoutRequest.setIssuer(issuer);
            } else {
                this.log.debug("{} No issuer value available, leaving Issuer unset", getLogPrefix());
            }
            if (this.includeSessionIndex) {
                SessionIndex sessionIndex = (SessionIndex) ((SAMLObjectBuilder) builderFactory.getBuilderOrThrow(SessionIndex.DEFAULT_ELEMENT_NAME)).buildObject();
                sessionIndex.setValue(this.saml2Session.getSessionIndex());
                logoutRequest.getSessionIndexes().add(sessionIndex);
            }
            profileRequestContext.getOutboundMessageContext().setMessage(logoutRequest);
        } catch (MarshallingException | UnmarshallingException e) {
            this.log.error("{} Error cloning NameID for use in LogoutRequest for {}", getLogPrefix(), this.saml2Session.getId(), e);
            ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR);
        }
    }
}
