package org.keycloak.protocol.saml;

import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.jboss.logging.Logger;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.saml.mappers.SAMLAttributeStatementMapper;
import org.keycloak.protocol.saml.mappers.SAMLLoginResponseMapper;
import org.keycloak.protocol.saml.mappers.SAMLRoleListMapper;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.resources.RealmsResource;
import org.w3c.dom.Document;

/* loaded from: input_file:org/keycloak/protocol/saml/SamlProtocol.class */
public class SamlProtocol implements LoginProtocol {
    public static final String ATTRIBUTE_TRUE_VALUE = "true";
    public static final String ATTRIBUTE_FALSE_VALUE = "false";
    public static final String SAML_SIGNING_CERTIFICATE_ATTRIBUTE = "saml.signing.certificate";
    public static final String SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE = "saml.encryption.certificate";
    public static final String SAML_CLIENT_SIGNATURE_ATTRIBUTE = "saml.client.signature";
    public static final String SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE = "saml_assertion_consumer_url_post";
    public static final String SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE = "saml_assertion_consumer_url_redirect";
    public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE = "saml_single_logout_service_url_post";
    public static final String SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE = "saml_single_logout_service_url_redirect";
    public static final String SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE = "saml_force_name_id_format";
    public static final String SAML_NAME_ID_FORMAT_ATTRIBUTE = "saml_name_id_format";
    public static final String LOGIN_PROTOCOL = "saml";
    public static final String SAML_BINDING = "saml_binding";
    public static final String SAML_POST_BINDING = "post";
    public static final String SAML_REDIRECT_BINDING = "get";
    public static final String SAML_SERVER_SIGNATURE = "saml.server.signature";
    public static final String SAML_ASSERTION_SIGNATURE = "saml.assertion.signature";
    public static final String SAML_AUTHNSTATEMENT = "saml.authnstatement";
    public static final String SAML_SIGNATURE_ALGORITHM = "saml.signature.algorithm";
    public static final String SAML_ENCRYPT = "saml.encrypt";
    public static final String SAML_FORCE_POST_BINDING = "saml.force.post.binding";
    public static final String SAML_REQUEST_ID = "SAML_REQUEST_ID";
    public static final String SAML_LOGOUT_BINDING = "saml.logout.binding";
    public static final String SAML_LOGOUT_REQUEST_ID = "SAML_LOGOUT_REQUEST_ID";
    public static final String SAML_LOGOUT_RELAY_STATE = "SAML_LOGOUT_RELAY_STATE";
    public static final String SAML_LOGOUT_BINDING_URI = "SAML_LOGOUT_BINDING_URI";
    public static final String SAML_LOGOUT_SIGNATURE_ALGORITHM = "saml.logout.signature.algorithm";
    public static final String SAML_NAME_ID = "SAML_NAME_ID";
    public static final String SAML_NAME_ID_FORMAT = "SAML_NAME_ID_FORMAT";
    public static final String SAML_PERSISTENT_NAME_ID_FOR = "saml.persistent.name.id.for";
    protected KeycloakSession session;
    protected RealmModel realm;
    protected UriInfo uriInfo;
    protected HttpHeaders headers;
    protected EventBuilder event;
    protected static final Logger logger = Logger.getLogger(SamlProtocol.class);
    public static final String SAML_DEFAULT_NAMEID_FORMAT = JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get();

    /* loaded from: input_file:org/keycloak/protocol/saml/SamlProtocol$ProtocolMapperProcessor.class */
    public static class ProtocolMapperProcessor<T> {
        public final T mapper;
        public final ProtocolMapperModel model;

        public ProtocolMapperProcessor(T t, ProtocolMapperModel protocolMapperModel) {
            this.mapper = t;
            this.model = protocolMapperModel;
        }
    }

    /* renamed from: setSession, reason: merged with bridge method [inline-methods] */
    public SamlProtocol m10setSession(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        return this;
    }

    /* renamed from: setRealm, reason: merged with bridge method [inline-methods] */
    public SamlProtocol m9setRealm(RealmModel realmModel) {
        this.realm = realmModel;
        return this;
    }

    /* renamed from: setUriInfo, reason: merged with bridge method [inline-methods] */
    public SamlProtocol m8setUriInfo(UriInfo uriInfo) {
        this.uriInfo = uriInfo;
        return this;
    }

    /* renamed from: setHttpHeaders, reason: merged with bridge method [inline-methods] */
    public SamlProtocol m7setHttpHeaders(HttpHeaders httpHeaders) {
        this.headers = httpHeaders;
        return this;
    }

    /* renamed from: setEventBuilder, reason: merged with bridge method [inline-methods] */
    public SamlProtocol m6setEventBuilder(EventBuilder eventBuilder) {
        this.event = eventBuilder;
        return this;
    }

    public Response cancelLogin(ClientSessionModel clientSessionModel) {
        return getErrorResponse(clientSessionModel, JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
    }

    public Response invalidSessionError(ClientSessionModel clientSessionModel) {
        return getErrorResponse(clientSessionModel, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get());
    }

    protected String getResponseIssuer(RealmModel realmModel) {
        return RealmsResource.realmBaseUrl(this.uriInfo).build(new Object[]{realmModel.getName()}).toString();
    }

    protected Response getErrorResponse(ClientSessionModel clientSessionModel, String str) {
        SAML2ErrorResponseBuilder status = new SAML2ErrorResponseBuilder().relayState(clientSessionModel.getNote(SAML2BindingBuilder.RELAY_STATE)).destination(clientSessionModel.getRedirectUri()).issuer(getResponseIssuer(this.realm)).status(str);
        try {
            return isPostBinding(clientSessionModel) ? status.postBinding().response() : status.redirectBinding().response();
        } catch (Exception e) {
            return ErrorPage.error(this.session, "failedToProcessResponseMessage", new Object[0]);
        }
    }

    protected boolean isPostBinding(ClientSessionModel clientSessionModel) {
        return SAML_POST_BINDING.equals(clientSessionModel.getNote(SAML_BINDING)) || forcePostBinding(clientSessionModel.getClient());
    }

    public static boolean isLogoutPostBindingForInitiator(UserSessionModel userSessionModel) {
        return SAML_POST_BINDING.equals(userSessionModel.getNote(SAML_LOGOUT_BINDING));
    }

    protected boolean isLogoutPostBindingForClient(ClientSessionModel clientSessionModel) {
        ClientModel client = clientSessionModel.getClient();
        String attribute = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE);
        String attribute2 = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE);
        return attribute == null ? attribute2 == null : forcePostBinding(client) || SAML_POST_BINDING.equals(clientSessionModel.getNote(SAML_BINDING)) || attribute2 == null;
    }

    public static boolean forcePostBinding(ClientModel clientModel) {
        return ATTRIBUTE_TRUE_VALUE.equals(clientModel.getAttribute(SAML_FORCE_POST_BINDING));
    }

    protected String getNameIdFormat(ClientSessionModel clientSessionModel) {
        String note = clientSessionModel.getNote("NAMEID_FORMAT");
        ClientModel client = clientSessionModel.getClient();
        boolean forceNameIdFormat = forceNameIdFormat(client);
        String attribute = client.getAttribute(SAML_NAME_ID_FORMAT_ATTRIBUTE);
        if ((note == null || forceNameIdFormat) && attribute != null) {
            note = attribute.equals("email") ? JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get() : attribute.equals("persistent") ? JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get() : attribute.equals("transient") ? JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get() : attribute.equals("username") ? JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get() : JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get();
        }
        return note == null ? SAML_DEFAULT_NAMEID_FORMAT : note;
    }

    public static boolean forceNameIdFormat(ClientModel clientModel) {
        return ATTRIBUTE_TRUE_VALUE.equals(clientModel.getAttribute(SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE));
    }

    protected String getNameId(String str, ClientSessionModel clientSessionModel, UserSessionModel userSessionModel) {
        if (str.equals(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get())) {
            return userSessionModel.getUser().getEmail();
        }
        if (str.equals(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get())) {
            return "G-" + UUID.randomUUID().toString();
        }
        if (!str.equals(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get())) {
            return str.equals(JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get()) ? userSessionModel.getUser().getUsername() : userSessionModel.getUser().getUsername();
        }
        UserModel user = userSessionModel.getUser();
        String str2 = "saml.persistent.name.id.for." + clientSessionModel.getClient().getClientId();
        String attribute = user.getAttribute(str2);
        if (attribute != null) {
            return attribute;
        }
        String str3 = "G-" + UUID.randomUUID().toString();
        user.setAttribute(str2, str3);
        return str3;
    }

    public Response authenticated(UserSessionModel userSessionModel, ClientSessionCode clientSessionCode) {
        ClientSessionModel clientSession = clientSessionCode.getClientSession();
        ClientModel client = clientSession.getClient();
        String note = clientSession.getNote(SAML_REQUEST_ID);
        String note2 = clientSession.getNote(SAML2BindingBuilder.RELAY_STATE);
        String redirectUri = clientSession.getRedirectUri();
        String responseIssuer = getResponseIssuer(this.realm);
        String nameIdFormat = getNameIdFormat(clientSession);
        String nameId = getNameId(nameIdFormat, clientSession, userSessionModel);
        clientSession.setNote(SAML_NAME_ID, nameId);
        clientSession.setNote(SAML_NAME_ID_FORMAT, nameIdFormat);
        SAML2LoginResponseBuilder sAML2LoginResponseBuilder = new SAML2LoginResponseBuilder();
        sAML2LoginResponseBuilder.requestID(note).destination(redirectUri).issuer(responseIssuer).assertionExpiration(this.realm.getAccessCodeLifespan()).subjectExpiration(this.realm.getAccessTokenLifespan()).sessionIndex(clientSession.getId()).requestIssuer(clientSession.getClient().getClientId()).nameIdentifier(nameIdFormat, nameId).authMethod(JBossSAMLURIConstants.AC_UNSPECIFIED.get());
        if (!includeAuthnStatement(client)) {
            sAML2LoginResponseBuilder.disableAuthnStatement(true);
        }
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        ProtocolMapperProcessor<SAMLRoleListMapper> protocolMapperProcessor = null;
        for (ProtocolMapperModel protocolMapperModel : clientSessionCode.getRequestedProtocolMappers()) {
            SAMLRoleListMapper sAMLRoleListMapper = (ProtocolMapper) this.session.getKeycloakSessionFactory().getProviderFactory(ProtocolMapper.class, protocolMapperModel.getProtocolMapper());
            if (sAMLRoleListMapper != null) {
                if (sAMLRoleListMapper instanceof SAMLAttributeStatementMapper) {
                    linkedList.add(new ProtocolMapperProcessor<>((SAMLAttributeStatementMapper) sAMLRoleListMapper, protocolMapperModel));
                }
                if (sAMLRoleListMapper instanceof SAMLLoginResponseMapper) {
                    linkedList2.add(new ProtocolMapperProcessor<>((SAMLLoginResponseMapper) sAMLRoleListMapper, protocolMapperModel));
                }
                if (sAMLRoleListMapper instanceof SAMLRoleListMapper) {
                    protocolMapperProcessor = new ProtocolMapperProcessor<>(sAMLRoleListMapper, protocolMapperModel);
                }
            }
        }
        try {
            ResponseType buildModel = sAML2LoginResponseBuilder.buildModel();
            transformAttributeStatement(linkedList, buildModel, this.session, userSessionModel, clientSession);
            populateRoles(protocolMapperProcessor, buildModel, this.session, userSessionModel, clientSession);
            Document buildDocument = sAML2LoginResponseBuilder.buildDocument(transformLoginResponse(linkedList2, buildModel, this.session, userSessionModel, clientSession));
            SAML2BindingBuilder2 sAML2BindingBuilder2 = new SAML2BindingBuilder2();
            sAML2BindingBuilder2.relayState(note2);
            if (requiresRealmSignature(client)) {
                sAML2BindingBuilder2.signatureAlgorithm(getSignatureAlgorithm(client)).signWith(this.realm.getPrivateKey(), this.realm.getPublicKey(), this.realm.getCertificate()).signDocument();
            }
            if (requiresAssertionSignature(client)) {
                sAML2BindingBuilder2.signatureAlgorithm(getSignatureAlgorithm(client)).signWith(this.realm.getPrivateKey(), this.realm.getPublicKey(), this.realm.getCertificate()).signAssertions();
            }
            if (requiresEncryption(client)) {
                try {
                    sAML2BindingBuilder2.encrypt(SamlProtocolUtils.getEncryptionValidationKey(client));
                } catch (Exception e) {
                    logger.error("failed", e);
                    return ErrorPage.error(this.session, "failedToProcessResponseMessage", new Object[0]);
                }
            }
            try {
                return isPostBinding(clientSession) ? sAML2BindingBuilder2.postBinding(buildDocument).response(redirectUri) : sAML2BindingBuilder2.redirectBinding(buildDocument).response(redirectUri);
            } catch (Exception e2) {
                logger.error("failed", e2);
                return ErrorPage.error(this.session, "failedToProcessResponseMessage", new Object[0]);
            }
        } catch (Exception e3) {
            logger.error("failed", e3);
            return ErrorPage.error(this.session, "failedToProcessResponseMessage", new Object[0]);
        }
    }

    public static boolean requiresRealmSignature(ClientModel clientModel) {
        return ATTRIBUTE_TRUE_VALUE.equals(clientModel.getAttribute(SAML_SERVER_SIGNATURE));
    }

    public static boolean requiresAssertionSignature(ClientModel clientModel) {
        return ATTRIBUTE_TRUE_VALUE.equals(clientModel.getAttribute(SAML_ASSERTION_SIGNATURE));
    }

    public static boolean includeAuthnStatement(ClientModel clientModel) {
        return ATTRIBUTE_TRUE_VALUE.equals(clientModel.getAttribute(SAML_AUTHNSTATEMENT));
    }

    public static SignatureAlgorithm getSignatureAlgorithm(ClientModel clientModel) {
        SignatureAlgorithm valueOf;
        String attribute = clientModel.getAttribute(SAML_SIGNATURE_ALGORITHM);
        return (attribute == null || (valueOf = SignatureAlgorithm.valueOf(attribute)) == null) ? SignatureAlgorithm.RSA_SHA256 : valueOf;
    }

    private boolean requiresEncryption(ClientModel clientModel) {
        return ATTRIBUTE_TRUE_VALUE.equals(clientModel.getAttribute(SAML_ENCRYPT));
    }

    public void transformAttributeStatement(List<ProtocolMapperProcessor<SAMLAttributeStatementMapper>> list, ResponseType responseType, KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionModel clientSessionModel) {
        AssertionType assertion = ((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion();
        AttributeStatementType attributeStatementType = new AttributeStatementType();
        assertion.addStatement(attributeStatementType);
        for (ProtocolMapperProcessor<SAMLAttributeStatementMapper> protocolMapperProcessor : list) {
            protocolMapperProcessor.mapper.transformAttributeStatement(attributeStatementType, protocolMapperProcessor.model, keycloakSession, userSessionModel, clientSessionModel);
        }
    }

    public ResponseType transformLoginResponse(List<ProtocolMapperProcessor<SAMLLoginResponseMapper>> list, ResponseType responseType, KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionModel clientSessionModel) {
        for (ProtocolMapperProcessor<SAMLLoginResponseMapper> protocolMapperProcessor : list) {
            responseType = protocolMapperProcessor.mapper.transformLoginResponse(responseType, protocolMapperProcessor.model, keycloakSession, userSessionModel, clientSessionModel);
        }
        return responseType;
    }

    public void populateRoles(ProtocolMapperProcessor<SAMLRoleListMapper> protocolMapperProcessor, ResponseType responseType, KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionModel clientSessionModel) {
        if (protocolMapperProcessor == null) {
            return;
        }
        AssertionType assertion = ((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion();
        AttributeStatementType attributeStatementType = new AttributeStatementType();
        assertion.addStatement(attributeStatementType);
        protocolMapperProcessor.mapper.mapRoles(attributeStatementType, protocolMapperProcessor.model, keycloakSession, userSessionModel, clientSessionModel);
    }

    public Response consentDenied(ClientSessionModel clientSessionModel) {
        return getErrorResponse(clientSessionModel, JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
    }

    public static String getLogoutServiceUrl(UriInfo uriInfo, ClientModel clientModel, String str) {
        String attribute = SAML_POST_BINDING.equals(str) ? clientModel.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE) : clientModel.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE);
        if (attribute == null && (clientModel instanceof ClientModel)) {
            attribute = clientModel.getManagementUrl();
        }
        if (attribute == null || attribute.trim().equals("")) {
            return null;
        }
        return ResourceAdminManager.resolveUri(uriInfo.getRequestUri(), attribute);
    }

    public Response frontchannelLogout(UserSessionModel userSessionModel, ClientSessionModel clientSessionModel) {
        ClientModel client = clientSessionModel.getClient();
        if (!(client instanceof ClientModel)) {
            return null;
        }
        try {
            if (isLogoutPostBindingForClient(clientSessionModel)) {
                String logoutServiceUrl = getLogoutServiceUrl(this.uriInfo, client, SAML_POST_BINDING);
                return createLogoutRequest(logoutServiceUrl, clientSessionModel, client).postBinding().request(logoutServiceUrl);
            }
            logger.debug("frontchannel redirect binding");
            String logoutServiceUrl2 = getLogoutServiceUrl(this.uriInfo, client, SAML_REDIRECT_BINDING);
            return createLogoutRequest(logoutServiceUrl2, clientSessionModel, client).redirectBinding().request(logoutServiceUrl2);
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (ProcessingException e2) {
            throw new RuntimeException((Throwable) e2);
        } catch (ConfigurationException e3) {
            throw new RuntimeException((Throwable) e3);
        } catch (ParsingException e4) {
            throw new RuntimeException((Throwable) e4);
        }
    }

    public Response finishLogout(UserSessionModel userSessionModel) {
        logger.debug("finishLogout");
        String note = userSessionModel.getNote(SAML_LOGOUT_BINDING_URI);
        if (note == null) {
            logger.error("Can't finish SAML logout as there is no logout binding set");
            return ErrorPage.error(this.session, "failedLogout", new Object[0]);
        }
        String note2 = userSessionModel.getNote(SAML_LOGOUT_RELAY_STATE);
        SAML2LogoutResponseBuilder sAML2LogoutResponseBuilder = new SAML2LogoutResponseBuilder();
        sAML2LogoutResponseBuilder.logoutRequestID(userSessionModel.getNote(SAML_LOGOUT_REQUEST_ID));
        sAML2LogoutResponseBuilder.destination(note);
        sAML2LogoutResponseBuilder.issuer(getResponseIssuer(this.realm));
        sAML2LogoutResponseBuilder.relayState(note2);
        String note3 = userSessionModel.getNote(SAML_LOGOUT_SIGNATURE_ALGORITHM);
        if (note3 != null) {
            sAML2LogoutResponseBuilder.signatureAlgorithm(SignatureAlgorithm.valueOf(note3)).signWith(this.realm.getPrivateKey(), this.realm.getPublicKey(), this.realm.getCertificate()).signDocument();
        }
        try {
            return isLogoutPostBindingForInitiator(userSessionModel) ? sAML2LogoutResponseBuilder.postBinding().response(note) : sAML2LogoutResponseBuilder.redirectBinding().response(note);
        } catch (ConfigurationException e) {
            throw new RuntimeException((Throwable) e);
        } catch (ProcessingException e2) {
            throw new RuntimeException((Throwable) e2);
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }

    public void backchannelLogout(UserSessionModel userSessionModel, ClientSessionModel clientSessionModel) {
        InputStream content;
        InputStream content2;
        ClientModel client = clientSessionModel.getClient();
        String logoutServiceUrl = getLogoutServiceUrl(this.uriInfo, client, SAML_POST_BINDING);
        if (logoutServiceUrl == null) {
            logger.warnv("Can't do backchannel logout. No SingleLogoutService POST Binding registered for client: {1}", client.getClientId());
            return;
        }
        try {
            String encoded = createLogoutRequest(logoutServiceUrl, clientSessionModel, client).postBinding().encoded();
            HttpClient httpClient = this.session.getProvider(HttpClientProvider.class).getHttpClient();
            for (int i = 0; i < 2; i++) {
                try {
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(new BasicNameValuePair("SAMLRequest", encoded));
                    arrayList.add(new BasicNameValuePair("BACK_CHANNEL_LOGOUT", "BACK_CHANNEL_LOGOUT"));
                    UrlEncodedFormEntity urlEncodedFormEntity = new UrlEncodedFormEntity(arrayList, "UTF-8");
                    HttpPost httpPost = new HttpPost(logoutServiceUrl);
                    httpPost.setEntity(urlEncodedFormEntity);
                    HttpResponse execute = httpClient.execute(httpPost);
                    try {
                        if (execute.getStatusLine().getStatusCode() == 302 && !logoutServiceUrl.endsWith("/")) {
                            String value = execute.getFirstHeader("Location").getValue();
                            String str = logoutServiceUrl + "/";
                            if (str.equals(value)) {
                                logoutServiceUrl = str;
                                HttpEntity entity = execute.getEntity();
                                if (entity != null && (content2 = entity.getContent()) != null) {
                                    content2.close();
                                }
                            }
                        }
                        return;
                    } finally {
                        HttpEntity entity2 = execute.getEntity();
                        if (entity2 != null && (content = entity2.getContent()) != null) {
                            content.close();
                        }
                    }
                } catch (IOException e) {
                    logger.warn("failed to send saml logout", e);
                    return;
                }
            }
        } catch (Exception e2) {
            logger.warn("failed to send saml logout", e2);
        }
    }

    protected SAML2LogoutRequestBuilder createLogoutRequest(String str, ClientSessionModel clientSessionModel, ClientModel clientModel) {
        SAML2LogoutRequestBuilder destination = new SAML2LogoutRequestBuilder().assertionExpiration(this.realm.getAccessCodeLifespan()).issuer(getResponseIssuer(this.realm)).userPrincipal(clientSessionModel.getNote(SAML_NAME_ID), clientSessionModel.getNote(SAML_NAME_ID_FORMAT)).destination(str);
        if (requiresRealmSignature(clientModel)) {
            destination.signatureAlgorithm(getSignatureAlgorithm(clientModel)).signWith(this.realm.getPrivateKey(), this.realm.getPublicKey(), this.realm.getCertificate()).signDocument();
        }
        return destination;
    }

    public void close() {
    }
}
