package dk.digitalidentity.samlmodule.controller;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.service.DISAML_LoggingService;
import dk.digitalidentity.samlmodule.service.DISAML_SessionHelper;
import dk.digitalidentity.samlmodule.service.DISAML_TokenUserService;
import dk.digitalidentity.samlmodule.service.metadata.DISAML_IdPMetadataService;
import dk.digitalidentity.samlmodule.service.saml.DISAML_LogoutRequestService;
import dk.digitalidentity.samlmodule.service.saml.DISAML_LogoutResponseService;
import dk.digitalidentity.samlmodule.util.LoggingConstants;
import dk.digitalidentity.samlmodule.util.exceptions.ExternalException;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.credential.UsageType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
/* loaded from: input_file:dk/digitalidentity/samlmodule/controller/DISAML_LogoutController.class */
public class DISAML_LogoutController {
    private static final Logger log = LoggerFactory.getLogger(DISAML_LogoutController.class);

    @Autowired
    private DISAML_LogoutRequestService logoutRequestService;

    @Autowired
    private DISAML_LogoutResponseService logoutResponseService;

    @Autowired
    private DISAML_IdPMetadataService idPMetadataService;

    @Autowired
    private DISAML_LoggingService loggingService;

    @Autowired
    private DISAML_SessionHelper sessionHelper;

    @Autowired
    private DISAML_TokenUserService tokenUserService;

    @Autowired
    private DISAML_Configuration configuration;

    @RequestMapping({"${di.saml.pages.prefix:/saml}/logout"})
    public void logoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ExternalException, InternalException {
        if (log.isTraceEnabled()) {
            log.trace("logoutRequest endpoint called");
        }
        if (StringUtils.hasLength(httpServletRequest.getParameter("SAMLRequest"))) {
            if (log.isDebugEnabled()) {
                log.debug("SAMLRequest found on request. Decoding LogoutRequest object");
            }
            handleLogoutRequest(httpServletRequest, httpServletResponse);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("SAMLRequest not found on request. Starting logout flow");
            }
            handleInitializeLogout(httpServletResponse);
        }
    }

    private void handleInitializeLogout(HttpServletResponse httpServletResponse) throws InternalException, ExternalException {
        MessageContext<SAMLObject> createLogoutRequest = this.logoutRequestService.createLogoutRequest();
        LogoutRequest logoutRequest = (LogoutRequest) createLogoutRequest.getMessage();
        this.sessionHelper.logout(logoutRequest);
        this.tokenUserService.logout();
        HTTPRedirectDeflateEncoder hTTPRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
        hTTPRedirectDeflateEncoder.setMessageContext(createLogoutRequest);
        hTTPRedirectDeflateEncoder.setHttpServletResponse(httpServletResponse);
        this.loggingService.logLogoutRequest(logoutRequest, LoggingConstants.OUTGOING);
        try {
            hTTPRedirectDeflateEncoder.initialize();
            hTTPRedirectDeflateEncoder.encode();
        } catch (ComponentInitializationException | MessageEncodingException e) {
            throw new InternalException("Failed sending LogoutRequest", e);
        }
    }

    private void handleLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InternalException, ExternalException {
        MessageContext<SAMLObject> messageContext = this.logoutRequestService.getMessageContext(httpServletRequest);
        LogoutRequest logoutRequest = this.logoutRequestService.getLogoutRequest(messageContext);
        this.loggingService.logLogoutRequest(logoutRequest, LoggingConstants.INCOMING);
        this.logoutRequestService.validateLogoutRequest(httpServletRequest, messageContext, this.idPMetadataService.getMetadata(), this.idPMetadataService.getPublicKey(UsageType.SIGNING));
        this.sessionHelper.logout(logoutRequest);
        this.tokenUserService.logout();
        MessageContext<SAMLObject> createLogoutResponse = this.logoutResponseService.createLogoutResponse(logoutRequest);
        LogoutResponse logoutResponse = (LogoutResponse) createLogoutResponse.getMessage();
        HTTPRedirectDeflateEncoder hTTPRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
        hTTPRedirectDeflateEncoder.setMessageContext(createLogoutResponse);
        hTTPRedirectDeflateEncoder.setHttpServletResponse(httpServletResponse);
        this.loggingService.logLogoutResponse(logoutResponse, LoggingConstants.OUTGOING);
        try {
            hTTPRedirectDeflateEncoder.initialize();
            hTTPRedirectDeflateEncoder.encode();
        } catch (ComponentInitializationException | MessageEncodingException e) {
            throw new InternalException("Failed sending LogoutResponse", e);
        }
    }

    @RequestMapping({"${di.saml.pages.prefix:/saml}/logout/response"})
    public void logoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InternalException, ExternalException {
        LogoutRequest logoutRequest = this.sessionHelper.getLogoutRequest();
        MessageContext<SAMLObject> messageContext = this.logoutResponseService.getMessageContext(httpServletRequest);
        if (messageContext.getMessage() instanceof Response) {
            handleResponseInsteadOfLogoutResponse((Response) messageContext.getMessage());
        }
        this.loggingService.logLogoutResponse(this.logoutResponseService.getLogoutResponse(messageContext), LoggingConstants.INCOMING);
        EntityDescriptor metadata = this.idPMetadataService.getMetadata();
        this.logoutResponseService.validateLogoutResponse(httpServletRequest, messageContext, metadata.getEntityID(), this.idPMetadataService.getPublicKey(UsageType.SIGNING), logoutRequest);
        this.sessionHelper.invalidateSAMLSession();
        try {
            httpServletResponse.sendRedirect(this.configuration.getPages().getLogout());
        } catch (IOException e) {
            throw new InternalException("Kunne ikke vidresende bruger til logout side efter færdigt logout");
        }
    }

    private void handleResponseInsteadOfLogoutResponse(Response response) throws InternalException, ExternalException {
        Status status = response.getStatus();
        if (status != null) {
            Object obj = "urn:oasis:names:tc:SAML:2.0:status:Requester";
            StatusCode statusCode = status.getStatusCode();
            if (statusCode != null && "urn:oasis:names:tc:SAML:2.0:status:Responder".equals(statusCode.getValue())) {
                obj = "urn:oasis:names:tc:SAML:2.0:status:Responder";
            }
            StatusMessage statusMessage = status.getStatusMessage();
            if (statusMessage != null) {
                String message = statusMessage.getMessage();
                if (StringUtils.hasLength(message)) {
                    if (!"urn:oasis:names:tc:SAML:2.0:status:Requester".equals(obj)) {
                        throw new ExternalException(message);
                    }
                    throw new InternalException(message);
                }
            }
        }
        throw new InternalException("Kan ikke læse LogoutResponse");
    }
}
