package org.wso2.carbon.identity.sso.saml.processors;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.SessionIndex;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.builders.SingleLogoutMessageBuilder;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO;
import org.wso2.carbon.identity.sso.saml.dto.SingleLogoutRequestDTO;
import org.wso2.carbon.identity.sso.saml.session.SSOSessionPersistenceManager;
import org.wso2.carbon.identity.sso.saml.session.SessionInfoData;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/processors/LogoutRequestProcessor.class */
public class LogoutRequestProcessor {
    private static Log log = LogFactory.getLog(LogoutRequestProcessor.class);

    public SAMLSSOReqValidationResponseDTO process(LogoutRequest logoutRequest, String str, String str2) throws IdentityException {
        SessionIndex sessionIndex;
        try {
            SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
            sAMLSSOReqValidationResponseDTO.setLogOutReq(true);
            SSOSessionPersistenceManager persistenceManager = SSOSessionPersistenceManager.getPersistenceManager();
            String sessionIndexFromTokenId = persistenceManager.getSessionIndexFromTokenId(str);
            if (logoutRequest != null) {
                if (logoutRequest.getIssuer() == null) {
                    log.error("Issuer should be mentioned in the Logout Request");
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Issuer should be mentioned in the Logout Request");
                }
                if (logoutRequest.getNameID() == null) {
                    log.error("Subject Name should be specified in the Logout Request");
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Subject Name should be specified in the Logout Request");
                }
                logoutRequest.getNameID().getValue();
                if (logoutRequest.getSessionIndexes() == null) {
                    log.error("At least one Session Index should be present in the Logout Request");
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "At least one Session Index should be present in the Logout Request");
                }
                SessionInfoData sessionInfo = persistenceManager.getSessionInfo(sessionIndexFromTokenId);
                if (sessionInfo == null) {
                    log.error("No Established Sessions corresponding to Session Indexes provided.");
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "No Established Sessions corresponding to Session Indexes provided.");
                }
                String subject = sessionInfo.getSubject();
                String value = logoutRequest.getIssuer().getValue();
                Map<String, SAMLSSOServiceProviderDO> serviceProviderList = sessionInfo.getServiceProviderList();
                SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = serviceProviderList.get(value);
                if (sAMLSSOServiceProviderDO.isDoSingleLogout() && ((sessionIndex = (SessionIndex) logoutRequest.getSessionIndexes().get(0)) == null || !sessionIndexFromTokenId.equals(sessionIndex.getSessionIndex()))) {
                    String str3 = new StringBuilder().append("Session Index validation for Logout Request failed. Received: [").append(sessionIndex).toString() == null ? "null" : sessionIndex.getSessionIndex() + "]. Expected: [" + sessionIndexFromTokenId + "]";
                    log.error(str3);
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, str3);
                }
                if (sAMLSSOServiceProviderDO.isDoValidateSignatureInRequests()) {
                    String property = IdentityUtil.getProperty("SSOService.IdentityProviderURL");
                    if (logoutRequest.getDestination() == null || !property.equals(logoutRequest.getDestination())) {
                        String str4 = "Destination validation for Logout Request failed. Received: [" + logoutRequest.getDestination() + "]. Expected: [" + property + "]";
                        log.error(str4);
                        return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, str4);
                    }
                    if (!SAMLSSOUtil.validateLogoutRequestSignature(logoutRequest, sAMLSSOServiceProviderDO.getCertAlias(), subject, str2)) {
                        log.error("Signature validation for Logout Request failed");
                        return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Signature validation for Logout Request failed");
                    }
                }
                SingleLogoutMessageBuilder singleLogoutMessageBuilder = new SingleLogoutMessageBuilder();
                Map<String, String> rPSessionsList = sessionInfo.getRPSessionsList();
                SingleLogoutRequestDTO[] singleLogoutRequestDTOArr = new SingleLogoutRequestDTO[serviceProviderList.size() - 1];
                String encode = SAMLSSOUtil.encode(SAMLSSOUtil.marshall(singleLogoutMessageBuilder.buildLogoutRequest(subject, sessionIndexFromTokenId, SAMLSSOConstants.SingleLogoutCodes.LOGOUT_USER)));
                int i = 0;
                for (String str5 : serviceProviderList.keySet()) {
                    if (str5.equals(value)) {
                        sAMLSSOReqValidationResponseDTO.setIssuer(serviceProviderList.get(str5).getIssuer());
                        sAMLSSOReqValidationResponseDTO.setAssertionConsumerURL(serviceProviderList.get(str5).getAssertionConsumerUrl());
                        if (serviceProviderList.get(str5).getLogoutURL() != null && serviceProviderList.get(str5).getLogoutURL().length() > 0) {
                            sAMLSSOReqValidationResponseDTO.setAssertionConsumerURL(serviceProviderList.get(str5).getLogoutURL());
                        }
                    } else {
                        SingleLogoutRequestDTO singleLogoutRequestDTO = new SingleLogoutRequestDTO();
                        singleLogoutRequestDTO.setAssertionConsumerURL(serviceProviderList.get(str5).getLogoutURL());
                        if (serviceProviderList.get(str5).getLogoutURL() == null || serviceProviderList.get(str5).getLogoutURL().length() == 0) {
                            singleLogoutRequestDTO.setAssertionConsumerURL(serviceProviderList.get(str5).getAssertionConsumerUrl());
                        }
                        singleLogoutRequestDTO.setLogoutResponse(encode);
                        singleLogoutRequestDTO.setRpSessionId(rPSessionsList.get(str5));
                        singleLogoutRequestDTOArr[i] = singleLogoutRequestDTO;
                        i++;
                    }
                }
                sAMLSSOReqValidationResponseDTO.setLogoutRespDTO(singleLogoutRequestDTOArr);
                sAMLSSOReqValidationResponseDTO.setLogoutResponse(SAMLSSOUtil.encode(SAMLSSOUtil.marshall(singleLogoutMessageBuilder.buildLogoutResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null, sessionInfo, sAMLSSOServiceProviderDO.isDoSignResponse()))));
                sAMLSSOReqValidationResponseDTO.setValid(true);
            }
            return sAMLSSOReqValidationResponseDTO;
        } catch (Exception e) {
            log.error("Error Processing the Logout Request", e);
            throw new IdentityException("Error Processing the Logout Request", e);
        }
    }

    private SAMLSSOReqValidationResponseDTO buildErrorResponse(String str, String str2, String str3) throws Exception {
        SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
        LogoutResponse buildLogoutResponse = new SingleLogoutMessageBuilder().buildLogoutResponse(str, str2, str3, null, false);
        sAMLSSOReqValidationResponseDTO.setLogOutReq(true);
        sAMLSSOReqValidationResponseDTO.setValid(false);
        sAMLSSOReqValidationResponseDTO.setResponse(SAMLSSOUtil.encode(SAMLSSOUtil.marshall(buildLogoutResponse)));
        return sAMLSSOReqValidationResponseDTO;
    }
}
