package org.springframework.security.saml2.provider.service.web.authentication.logout;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-service-provider-6.5.1.jar:org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2RelyingPartyInitiatedLogoutSuccessHandler.class */
public final class Saml2RelyingPartyInitiatedLogoutSuccessHandler implements LogoutSuccessHandler {
    private final Saml2LogoutRequestResolver logoutRequestResolver;
    private final Log logger = LogFactory.getLog(getClass());
    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private Saml2LogoutRequestRepository logoutRequestRepository = new HttpSessionLogoutRequestRepository();

    public Saml2RelyingPartyInitiatedLogoutSuccessHandler(Saml2LogoutRequestResolver saml2LogoutRequestResolver) {
        this.logoutRequestResolver = saml2LogoutRequestResolver;
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutSuccessHandler
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        Saml2LogoutRequest resolve = this.logoutRequestResolver.resolve(httpServletRequest, authentication);
        if (resolve == null) {
            this.logger.trace("Returning 401 since no logout request generated");
            httpServletResponse.setStatus(401);
            return;
        }
        this.logoutRequestRepository.saveLogoutRequest(resolve, httpServletRequest, httpServletResponse);
        if (resolve.getBinding() == Saml2MessageBinding.REDIRECT) {
            doRedirect(httpServletRequest, httpServletResponse, resolve);
        } else {
            doPost(httpServletResponse, resolve);
        }
    }

    public void setLogoutRequestRepository(Saml2LogoutRequestRepository saml2LogoutRequestRepository) {
        Assert.notNull(saml2LogoutRequestRepository, "logoutRequestRepository cannot be null");
        this.logoutRequestRepository = saml2LogoutRequestRepository;
    }

    private void doRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Saml2LogoutRequest saml2LogoutRequest) throws IOException {
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, UriComponentsBuilder.fromUriString(saml2LogoutRequest.getLocation()).query(saml2LogoutRequest.getParametersQuery()).build(true).toUriString());
    }

    private void doPost(HttpServletResponse httpServletResponse, Saml2LogoutRequest saml2LogoutRequest) throws IOException {
        String createSamlPostRequestFormData = createSamlPostRequestFormData(saml2LogoutRequest.getLocation(), saml2LogoutRequest.getSamlRequest(), saml2LogoutRequest.getRelayState());
        httpServletResponse.setContentType("text/html");
        httpServletResponse.getWriter().write(createSamlPostRequestFormData);
    }

    private String createSamlPostRequestFormData(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append("<!DOCTYPE html>\n");
        sb.append("<html>\n").append("    <head>\n");
        sb.append("        <meta http-equiv=\"Content-Security-Policy\" ").append("content=\"script-src 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='\">\n");
        sb.append("        <meta charset=\"utf-8\" />\n");
        sb.append("    </head>\n");
        sb.append("    <body>\n");
        sb.append("        <noscript>\n");
        sb.append("            <p>\n");
        sb.append("                <strong>Note:</strong> Since your browser does not support JavaScript,\n");
        sb.append("                you must press the Continue button once to proceed.\n");
        sb.append("            </p>\n");
        sb.append("        </noscript>\n");
        sb.append("        \n");
        sb.append("        <form action=\"");
        sb.append(str);
        sb.append("\" method=\"post\">\n");
        sb.append("            <div>\n");
        sb.append("                <input type=\"hidden\" name=\"SAMLRequest\" value=\"");
        sb.append(HtmlUtils.htmlEscape(str2));
        sb.append("\"/>\n");
        if (StringUtils.hasText(str3)) {
            sb.append("                <input type=\"hidden\" name=\"RelayState\" value=\"");
            sb.append(HtmlUtils.htmlEscape(str3));
            sb.append("\"/>\n");
        }
        sb.append("            </div>\n");
        sb.append("            <noscript>\n");
        sb.append("                <div>\n");
        sb.append("                    <input type=\"submit\" value=\"Continue\"/>\n");
        sb.append("                </div>\n");
        sb.append("            </noscript>\n");
        sb.append("        </form>\n");
        sb.append("        \n");
        sb.append("        <script>window.onload = function() { document.forms[0].submit(); }</script>\n");
        sb.append("    </body>\n");
        sb.append("</html>");
        return sb.toString();
    }
}
