package org.springframework.security.saml2.provider.service.web.authentication.logout;

import java.security.MessageDigest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-service-provider-5.6.0.jar:org/springframework/security/saml2/provider/service/web/authentication/logout/HttpSessionLogoutRequestRepository.class */
public final class HttpSessionLogoutRequestRepository implements Saml2LogoutRequestRepository {
    private static final String DEFAULT_LOGOUT_REQUEST_ATTR_NAME = HttpSessionLogoutRequestRepository.class.getName() + ".LOGOUT_REQUEST";

    @Override // org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
    public Saml2LogoutRequest loadLogoutRequest(HttpServletRequest httpServletRequest) {
        Assert.notNull(httpServletRequest, "request cannot be null");
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        Saml2LogoutRequest saml2LogoutRequest = (Saml2LogoutRequest) session.getAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME);
        if (stateParameterEquals(httpServletRequest, saml2LogoutRequest)) {
            return saml2LogoutRequest;
        }
        return null;
    }

    @Override // org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
    public void saveLogoutRequest(Saml2LogoutRequest saml2LogoutRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Assert.notNull(httpServletRequest, "request cannot be null");
        Assert.notNull(httpServletResponse, "response cannot be null");
        if (saml2LogoutRequest == null) {
            httpServletRequest.getSession().removeAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME);
        } else {
            Assert.hasText(saml2LogoutRequest.getRelayState(), "logoutRequest.state cannot be empty");
            httpServletRequest.getSession().setAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME, saml2LogoutRequest);
        }
    }

    @Override // org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
    public Saml2LogoutRequest removeLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Assert.notNull(httpServletRequest, "request cannot be null");
        Assert.notNull(httpServletResponse, "response cannot be null");
        Saml2LogoutRequest loadLogoutRequest = loadLogoutRequest(httpServletRequest);
        if (loadLogoutRequest == null) {
            return null;
        }
        httpServletRequest.getSession().removeAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME);
        return loadLogoutRequest;
    }

    private String getStateParameter(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("RelayState");
    }

    private boolean stateParameterEquals(HttpServletRequest httpServletRequest, Saml2LogoutRequest saml2LogoutRequest) {
        String stateParameter = getStateParameter(httpServletRequest);
        if (stateParameter == null || saml2LogoutRequest == null) {
            return false;
        }
        return MessageDigest.isEqual(Utf8.encode(stateParameter), Utf8.encode(saml2LogoutRequest.getRelayState()));
    }
}
