package com.evolveum.midpoint.web.security.saml;

import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
import com.evolveum.midpoint.web.security.module.authentication.Saml2ModuleAuthentication;
import com.evolveum.midpoint.web.security.provider.Saml2Provider;
import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.AuthenticatedPrincipal;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest;
import org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver;
import org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/saml/MidpointSaml2LogoutRequestResolver.class */
public class MidpointSaml2LogoutRequestResolver implements Saml2LogoutRequestResolver {
    private final OpenSaml4LogoutRequestResolver resolver;

    public MidpointSaml2LogoutRequestResolver(OpenSaml4LogoutRequestResolver openSaml4LogoutRequestResolver) {
        this.resolver = openSaml4LogoutRequestResolver;
        this.resolver.setParametersConsumer(this::resolveParameters);
    }

    private void resolveParameters(OpenSaml4LogoutRequestResolver.LogoutRequestParameters logoutRequestParameters) {
        if (logoutRequestParameters.getLogoutRequest() == null || logoutRequestParameters.getAuthentication() == null || !(logoutRequestParameters.getAuthentication().getPrincipal() instanceof Saml2Provider.MidpointSaml2AuthenticatedPrincipal)) {
            return;
        }
        LogoutRequest logoutRequest = logoutRequestParameters.getLogoutRequest();
        Saml2Provider.MidpointSaml2AuthenticatedPrincipal midpointSaml2AuthenticatedPrincipal = (Saml2Provider.MidpointSaml2AuthenticatedPrincipal) logoutRequestParameters.getAuthentication().getPrincipal();
        logoutRequest.getNameID().setSPNameQualifier(midpointSaml2AuthenticatedPrincipal.getSpNameQualifier());
        logoutRequest.getNameID().setFormat(midpointSaml2AuthenticatedPrincipal.getNameIdFormat());
    }

    @Override // org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver
    public Saml2LogoutRequest resolve(HttpServletRequest httpServletRequest, Authentication authentication) {
        Saml2AuthenticationToken saml2AuthenticationToken = null;
        if (authentication instanceof MidpointAuthentication) {
            ModuleAuthentication processingModuleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
            if (processingModuleAuthentication instanceof Saml2ModuleAuthentication) {
                if (processingModuleAuthentication.getAuthentication() instanceof Saml2AuthenticationToken) {
                    saml2AuthenticationToken = (Saml2AuthenticationToken) processingModuleAuthentication.getAuthentication();
                } else if (((processingModuleAuthentication.getAuthentication() instanceof PreAuthenticatedAuthenticationToken) || (processingModuleAuthentication.getAuthentication() instanceof AnonymousAuthenticationToken)) && (processingModuleAuthentication.getAuthentication().getDetails() instanceof Saml2AuthenticationToken)) {
                    saml2AuthenticationToken = (Saml2AuthenticationToken) processingModuleAuthentication.getAuthentication().getDetails();
                }
            }
        } else if ((authentication instanceof AnonymousAuthenticationToken) && (authentication.getDetails() instanceof Saml2AuthenticationToken)) {
            saml2AuthenticationToken = (Saml2AuthenticationToken) authentication.getDetails();
        }
        if (saml2AuthenticationToken == null) {
            return this.resolver.resolve(httpServletRequest, authentication);
        }
        AuthenticatedPrincipal authenticatedPrincipal = saml2AuthenticationToken.getDetails() instanceof AuthenticatedPrincipal ? (AuthenticatedPrincipal) saml2AuthenticationToken.getDetails() : null;
        if (!(authenticatedPrincipal instanceof Saml2AuthenticatedPrincipal)) {
            final String entityId = saml2AuthenticationToken.getRelyingPartyRegistration().getEntityId();
            final String registrationId = saml2AuthenticationToken.getRelyingPartyRegistration().getRegistrationId();
            authenticatedPrincipal = new Saml2AuthenticatedPrincipal() { // from class: com.evolveum.midpoint.web.security.saml.MidpointSaml2LogoutRequestResolver.1
                @Override // org.springframework.security.core.AuthenticatedPrincipal
                public String getName() {
                    return entityId;
                }

                @Override // org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
                public String getRelyingPartyRegistrationId() {
                    return registrationId;
                }
            };
        }
        return this.resolver.resolve(httpServletRequest, new Saml2Authentication(authenticatedPrincipal, saml2AuthenticationToken.getSaml2Response(), null));
    }
}
