package org.pac4j.saml.logout.processor;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import lombok.Generated;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.exception.http.FoundAction;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.exception.http.NoContentAction;
import org.pac4j.core.exception.http.OkAction;
import org.pac4j.core.logout.processor.LogoutProcessor;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.HttpActionHelper;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.context.SAMLContextProvider;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.saml.exceptions.SAMLException;
import org.pac4j.saml.logout.impl.SAML2LogoutResponseBuilder;
import org.pac4j.saml.logout.impl.SAML2LogoutResponseMessageSender;
import org.pac4j.saml.transport.Pac4jSAMLResponse;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-6.0.0-RC10-SNAPSHOT.jar:org/pac4j/saml/logout/processor/SAML2LogoutProcessor.class */
public class SAML2LogoutProcessor implements LogoutProcessor {
    private final SAMLContextProvider contextProvider;
    private final SAML2Client saml2Client;
    private final String spLogoutResponseBindingType;
    private final SAML2LogoutResponseBuilder saml2LogoutResponseBuilder;
    private final SAML2LogoutResponseMessageSender saml2LogoutResponseMessageSender;
    private String postLogoutURL;
    private boolean actionOnSuccess = true;

    public SAML2LogoutProcessor(SAML2Client sAML2Client) {
        this.contextProvider = sAML2Client.getContextProvider();
        this.saml2Client = sAML2Client;
        this.spLogoutResponseBindingType = sAML2Client.getConfiguration().getSpLogoutResponseBindingType();
        this.saml2LogoutResponseBuilder = new SAML2LogoutResponseBuilder(this.spLogoutResponseBindingType);
        this.saml2LogoutResponseMessageSender = new SAML2LogoutResponseMessageSender(sAML2Client.getSignatureSigningParametersProvider(), this.spLogoutResponseBindingType, false, sAML2Client.getConfiguration().isSpLogoutRequestSigned());
        this.postLogoutURL = sAML2Client.getConfiguration().getPostLogoutURL();
    }

    @Override // org.pac4j.core.logout.processor.LogoutProcessor
    public HttpAction processLogout(CallContext callContext, Credentials credentials) {
        SAML2Credentials sAML2Credentials = (SAML2Credentials) credentials;
        SAMLObject sAMLObject = (SAMLObject) sAML2Credentials.getContext().getMessageContext().getMessage();
        SAML2MessageContext buildContext = this.contextProvider.buildContext(callContext, this.saml2Client);
        if (sAMLObject instanceof LogoutRequest) {
            sendLogoutResponse(buildContext, sAML2Credentials);
            return adaptLogoutResponseToBinding(callContext.webContext(), buildContext);
        }
        if (!(sAMLObject instanceof LogoutResponse)) {
            throw new SAMLException("SAML message must be a LogoutRequest or LogoutResponse type");
        }
        HttpAction handlePostLogoutResponse = handlePostLogoutResponse(buildContext);
        return handlePostLogoutResponse != null ? handlePostLogoutResponse : NoContentAction.INSTANCE;
    }

    protected void sendLogoutResponse(SAML2MessageContext sAML2MessageContext, SAML2Credentials sAML2Credentials) {
        sAML2MessageContext.getSAMLBindingContext().setRelayState(sAML2Credentials.getContext().getSAMLBindingContext().getRelayState());
        this.saml2LogoutResponseMessageSender.sendMessage(sAML2MessageContext, this.saml2LogoutResponseBuilder.build(sAML2MessageContext), sAML2MessageContext.getSAMLBindingContext().getRelayState());
    }

    protected HttpAction adaptLogoutResponseToBinding(WebContext webContext, SAML2MessageContext sAML2MessageContext) {
        Pac4jSAMLResponse profileRequestContextOutboundMessageTransportResponse = sAML2MessageContext.getProfileRequestContextOutboundMessageTransportResponse();
        return this.spLogoutResponseBindingType.equalsIgnoreCase(SAMLConstants.SAML2_POST_BINDING_URI) ? HttpActionHelper.buildFormPostContentAction(webContext, profileRequestContextOutboundMessageTransportResponse.getOutgoingContent()) : HttpActionHelper.buildRedirectUrlAction(webContext, profileRequestContextOutboundMessageTransportResponse.getRedirectUrl());
    }

    protected HttpAction handlePostLogoutResponse(SAML2MessageContext sAML2MessageContext) {
        if (CommonHelper.isNotBlank(this.postLogoutURL)) {
            return new FoundAction(this.postLogoutURL);
        }
        if (this.actionOnSuccess) {
            return new OkAction("");
        }
        return null;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public void setPostLogoutURL(String str) {
        this.postLogoutURL = str;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public String getPostLogoutURL() {
        return this.postLogoutURL;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public boolean isActionOnSuccess() {
        return this.actionOnSuccess;
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public void setActionOnSuccess(boolean z) {
        this.actionOnSuccess = z;
    }
}
