package org.springframework.security.saml2.provider.service.web.authentication.logout;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.UUID;
import java.util.function.BiConsumer;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml.saml2.core.impl.LogoutRequestUnmarshaller;
import org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder;
import org.opensaml.saml.saml2.core.impl.LogoutResponseMarshaller;
import org.opensaml.saml.saml2.core.impl.StatusBuilder;
import org.opensaml.saml.saml2.core.impl.StatusCodeBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.core.OpenSamlInitializationService;
import org.springframework.security.saml2.core.Saml2ParameterNames;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/web/authentication/logout/OpenSamlLogoutResponseResolver.class */
final class OpenSamlLogoutResponseResolver {
    private final Log logger = LogFactory.getLog(getClass());
    private final ParserPool parserPool;
    private final LogoutRequestUnmarshaller unmarshaller;
    private final LogoutResponseMarshaller marshaller;
    private final LogoutResponseBuilder logoutResponseBuilder;
    private final IssuerBuilder issuerBuilder;
    private final StatusBuilder statusBuilder;
    private final StatusCodeBuilder statusCodeBuilder;
    private final RelyingPartyRegistrationResolver relyingPartyRegistrationResolver;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSamlLogoutResponseResolver(RelyingPartyRegistrationResolver relyingPartyRegistrationResolver) {
        this.relyingPartyRegistrationResolver = relyingPartyRegistrationResolver;
        XMLObjectProviderRegistry xMLObjectProviderRegistry = (XMLObjectProviderRegistry) ConfigurationService.get(XMLObjectProviderRegistry.class);
        this.parserPool = xMLObjectProviderRegistry.getParserPool();
        this.unmarshaller = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(LogoutRequest.DEFAULT_ELEMENT_NAME);
        this.marshaller = xMLObjectProviderRegistry.getMarshallerFactory().getMarshaller(LogoutResponse.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.marshaller, "logoutResponseMarshaller must be configured in OpenSAML");
        this.logoutResponseBuilder = xMLObjectProviderRegistry.getBuilderFactory().getBuilder(LogoutResponse.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.logoutResponseBuilder, "logoutResponseBuilder must be configured in OpenSAML");
        this.issuerBuilder = xMLObjectProviderRegistry.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.issuerBuilder, "issuerBuilder must be configured in OpenSAML");
        this.statusBuilder = xMLObjectProviderRegistry.getBuilderFactory().getBuilder(Status.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.statusBuilder, "statusBuilder must be configured in OpenSAML");
        this.statusCodeBuilder = xMLObjectProviderRegistry.getBuilderFactory().getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
        Assert.notNull(this.statusCodeBuilder, "statusCodeBuilder must be configured in OpenSAML");
    }

    Saml2LogoutResponse resolve(HttpServletRequest httpServletRequest, Authentication authentication) {
        return resolve(httpServletRequest, authentication, (relyingPartyRegistration, logoutResponse) -> {
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Saml2LogoutResponse resolve(HttpServletRequest httpServletRequest, Authentication authentication, BiConsumer<RelyingPartyRegistration, LogoutResponse> biConsumer) {
        RelyingPartyRegistration resolve = this.relyingPartyRegistrationResolver.resolve(httpServletRequest, getRegistrationId(authentication));
        if (resolve == null) {
            return null;
        }
        LogoutRequest parse = parse(inflateIfRequired(resolve, Saml2Utils.samlDecode(httpServletRequest.getParameter(Saml2ParameterNames.SAML_REQUEST))));
        LogoutResponse buildObject = this.logoutResponseBuilder.buildObject();
        buildObject.setDestination(resolve.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation());
        Issuer buildObject2 = this.issuerBuilder.buildObject();
        buildObject2.setValue(resolve.getEntityId());
        buildObject.setIssuer(buildObject2);
        StatusCode buildObject3 = this.statusCodeBuilder.buildObject();
        buildObject3.setValue("urn:oasis:names:tc:SAML:2.0:status:Success");
        Status buildObject4 = this.statusBuilder.buildObject();
        buildObject4.setStatusCode(buildObject3);
        buildObject.setStatus(buildObject4);
        buildObject.setInResponseTo(parse.getID());
        if (buildObject.getID() == null) {
            buildObject.setID("LR" + UUID.randomUUID());
        }
        biConsumer.accept(resolve, buildObject);
        Saml2LogoutResponse.Builder withRelyingPartyRegistration = Saml2LogoutResponse.withRelyingPartyRegistration(resolve);
        if (resolve.getAssertingPartyDetails().getSingleLogoutServiceBinding() == Saml2MessageBinding.POST) {
            withRelyingPartyRegistration.samlResponse(Saml2Utils.samlEncode(serialize((LogoutResponse) OpenSamlSigningUtils.sign(buildObject, resolve)).getBytes(StandardCharsets.UTF_8)));
            if (httpServletRequest.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
                withRelyingPartyRegistration.relayState(httpServletRequest.getParameter(Saml2ParameterNames.RELAY_STATE));
            }
            return withRelyingPartyRegistration.build();
        }
        String samlEncode = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(serialize(buildObject)));
        withRelyingPartyRegistration.samlResponse(samlEncode);
        OpenSamlSigningUtils.QueryParametersPartial param = OpenSamlSigningUtils.sign(resolve).param(Saml2ParameterNames.SAML_RESPONSE, samlEncode);
        if (httpServletRequest.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
            param.param(Saml2ParameterNames.RELAY_STATE, httpServletRequest.getParameter(Saml2ParameterNames.RELAY_STATE));
        }
        return withRelyingPartyRegistration.parameters(map -> {
            map.putAll(param.parameters());
        }).build();
    }

    private String getRegistrationId(Authentication authentication) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Attempting to resolve registrationId from " + authentication);
        }
        if (authentication == null) {
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof Saml2AuthenticatedPrincipal) {
            return ((Saml2AuthenticatedPrincipal) principal).getRelyingPartyRegistrationId();
        }
        return null;
    }

    private String inflateIfRequired(RelyingPartyRegistration relyingPartyRegistration, byte[] bArr) {
        return relyingPartyRegistration.getSingleLogoutServiceBinding() == Saml2MessageBinding.REDIRECT ? Saml2Utils.samlInflate(bArr) : new String(bArr, StandardCharsets.UTF_8);
    }

    private LogoutRequest parse(String str) throws Saml2Exception {
        try {
            return this.unmarshaller.unmarshall(this.parserPool.parse(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))).getDocumentElement());
        } catch (Exception e) {
            throw new Saml2Exception("Failed to deserialize LogoutRequest", e);
        }
    }

    private String serialize(LogoutResponse logoutResponse) {
        try {
            return SerializeSupport.nodeToString(this.marshaller.marshall(logoutResponse));
        } catch (MarshallingException e) {
            throw new Saml2Exception((Throwable) e);
        }
    }

    static {
        OpenSamlInitializationService.initialize();
    }
}
