package dk.digitalidentity.samlmodule.service.saml;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.model.TokenUser;
import dk.digitalidentity.samlmodule.service.DISAML_CredentialService;
import dk.digitalidentity.samlmodule.service.DISAML_SessionHelper;
import dk.digitalidentity.samlmodule.service.metadata.DISAML_IdPMetadataService;
import dk.digitalidentity.samlmodule.service.validation.DISAML_LogoutRequestValidationService;
import dk.digitalidentity.samlmodule.util.RequestDecodeUtil;
import dk.digitalidentity.samlmodule.util.SessionConstant;
import dk.digitalidentity.samlmodule.util.exceptions.ExternalException;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.security.PublicKey;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import org.joda.time.DateTime;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:dk/digitalidentity/samlmodule/service/saml/DISAML_LogoutRequestService.class */
public class DISAML_LogoutRequestService {

    @Autowired
    private DISAML_LogoutRequestValidationService validationService;

    @Autowired
    private DISAML_OpenSAMLHelperService samlHelperService;

    @Autowired
    private DISAML_CredentialService credentialService;

    @Autowired
    private DISAML_IdPMetadataService idPMetadataService;

    @Autowired
    private DISAML_Configuration configuration;

    @Autowired
    private DISAML_SessionHelper sessionHelper;

    public MessageContext<SAMLObject> getMessageContext(HttpServletRequest httpServletRequest) throws InternalException, ExternalException {
        return RequestDecodeUtil.getMessageContext(httpServletRequest);
    }

    public LogoutRequest getLogoutRequest(MessageContext<SAMLObject> messageContext) {
        return (LogoutRequest) messageContext.getMessage();
    }

    public void validateLogoutRequest(HttpServletRequest httpServletRequest, MessageContext<SAMLObject> messageContext, EntityDescriptor entityDescriptor, PublicKey publicKey) throws InternalException, ExternalException {
        this.validationService.validate(httpServletRequest, messageContext, entityDescriptor, publicKey);
    }

    public MessageContext<SAMLObject> createLogoutRequest() throws InternalException, ExternalException {
        MessageContext<SAMLObject> messageContext = new MessageContext<>();
        String location = this.idPMetadataService.getLogoutEndpoint().getLocation();
        messageContext.setMessage(createLogoutRequestObj(location));
        SAMLEndpointContext subcontext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true).getSubcontext(SAMLEndpointContext.class, true);
        SingleSignOnService singleSignOnService = (SingleSignOnService) this.samlHelperService.buildSAMLObject(SingleSignOnService.class);
        singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        singleSignOnService.setLocation(location);
        subcontext.setEndpoint(singleSignOnService);
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(this.credentialService.getBasicX509Credential());
        signatureSigningParameters.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        messageContext.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters);
        return messageContext;
    }

    public LogoutRequest createLogoutRequestObj(String str) throws InternalException {
        LogoutRequest logoutRequest = (LogoutRequest) this.samlHelperService.buildSAMLObject(LogoutRequest.class);
        logoutRequest.setID(new RandomIdentifierGenerationStrategy().generateIdentifier());
        logoutRequest.setDestination(str);
        logoutRequest.setIssueInstant(new DateTime());
        logoutRequest.setReason("urn:oasis:names:tc:SAML:2.0:logout:user");
        Issuer issuer = (Issuer) this.samlHelperService.buildSAMLObject(Issuer.class);
        logoutRequest.setIssuer(issuer);
        issuer.setValue(this.configuration.getSp().getEntityId());
        NameID nameID = (NameID) this.samlHelperService.buildSAMLObject(NameID.class);
        logoutRequest.setNameID(nameID);
        nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        if (SecurityContextHolder.getContext().getAuthentication().getDetails() instanceof TokenUser) {
            nameID.setValue(((TokenUser) SecurityContextHolder.getContext().getAuthentication().getDetails()).getUsername());
        } else {
            nameID.setValue(SecurityContextHolder.getContext().getAuthentication().getName());
        }
        String string = this.sessionHelper.getString(SessionConstant.SESSION_INDEX);
        if (string != null) {
            SessionIndex sessionIndex = (SessionIndex) this.samlHelperService.buildSAMLObject(SessionIndex.class);
            logoutRequest.getSessionIndexes().add(sessionIndex);
            sessionIndex.setSessionIndex(string);
        }
        return logoutRequest;
    }
}
