package net.shibboleth.idp.session.impl;

import com.google.common.base.Function;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SPSessionSerializerRegistry;
import net.shibboleth.idp.session.context.LogoutContext;
import net.shibboleth.idp.session.context.LogoutPropagationContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.opensaml.messaging.MessageException;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.storage.StorageSerializer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:net/shibboleth/idp/session/impl/PopulateLogoutPropagationContext.class */
public class PopulateLogoutPropagationContext extends AbstractProfileAction {

    @NotEmpty
    @Nonnull
    private static final String SESSION_PARAM_BYREF = "SessionKey";

    @NotEmpty
    @Nonnull
    private static final String SESSION_PARAM_BYVAL = "SPSession";

    @NonnullAfterInit
    private DataSealer dataSealer;

    @NonnullAfterInit
    private SPSessionSerializerRegistry spSessionSerializerRegistry;

    @Nullable
    private SPSession session;

    @Nullable
    private String sessionKey;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PopulateLogoutPropagationContext.class);

    @Nonnull
    private Function<ProfileRequestContext, LogoutPropagationContext> contextCreationStrategy = new ChildContextLookup(LogoutPropagationContext.class, true);

    public void setDataSealer(@Nonnull DataSealer dataSealer) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.dataSealer = (DataSealer) Constraint.isNotNull(dataSealer, "DataSealer cannot be null");
    }

    public void setSPSessionSerializerRegistry(@Nonnull SPSessionSerializerRegistry sPSessionSerializerRegistry) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.spSessionSerializerRegistry = (SPSessionSerializerRegistry) Constraint.isNotNull(sPSessionSerializerRegistry, "Registry cannot be null");
    }

    public void setLogoutPropagationContextCreationStrategy(@Nonnull Function<ProfileRequestContext, LogoutPropagationContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.contextCreationStrategy = (Function) Constraint.isNotNull(function, "LogoutPropagationContext creation strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.spSessionSerializerRegistry == null) {
            throw new ComponentInitializationException("SPSessionSerializerRegistry cannot be null");
        }
        if (this.dataSealer == null) {
            throw new ComponentInitializationException("DataSealer cannot be null");
        }
    }

    protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        RequestContext requestContext = getRequestContext(profileRequestContext);
        if (requestContext == null) {
            this.log.error("{} Spring RequestContext is not set", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
            return false;
        }
        String str = requestContext.getRequestParameters().get(SESSION_PARAM_BYREF);
        String str2 = requestContext.getRequestParameters().get(SESSION_PARAM_BYVAL);
        try {
            if (str != null) {
                this.sessionKey = str;
                this.session = getSessionByReference(requestContext, this.sessionKey);
            } else {
                if (str2 == null) {
                    this.log.warn("{} No session parameter provided, nothing to do", getLogPrefix());
                    ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
                    return false;
                }
                this.session = getSessionByValue(str2);
            }
            this.log.debug("{} Got session to propagate logout: {}", getLogPrefix(), this.session);
            return true;
        } catch (MessageException e) {
            this.log.warn("{} Required state not found: {}", e.getMessage());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
            return false;
        } catch (MessageDecodingException e2) {
            this.log.warn("{} Message decoding exception: {}", e2.getMessage());
            ActionSupport.buildEvent(profileRequestContext, "UnableToDecode");
            return false;
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        LogoutPropagationContext logoutPropagationContext = (LogoutPropagationContext) this.contextCreationStrategy.apply(profileRequestContext);
        if (logoutPropagationContext == null) {
            this.log.error("{} Unable to create or locate SingleLogoutContext", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
        } else {
            logoutPropagationContext.setSession(this.session);
            logoutPropagationContext.setSessionKey(this.sessionKey);
        }
    }

    @Nonnull
    private SPSession getSessionByReference(@Nonnull RequestContext requestContext, @Nonnull String str) throws MessageException {
        LogoutContext logoutContext = (LogoutContext) requestContext.getExternalContext().getSessionMap().get(SaveLogoutContext.LOGOUT_CONTEXT_KEY, LogoutContext.class);
        if (logoutContext == null) {
            throw new MessageException("LogoutContext not found in HTTP session.");
        }
        SPSession sPSession = (SPSession) logoutContext.getKeyedSessionMap().get(str);
        if (sPSession == null) {
            throw new MessageException("Session not found for key: " + str);
        }
        return sPSession;
    }

    @Nonnull
    private SPSession getSessionByValue(@Nonnull String str) throws MessageDecodingException {
        try {
            String unwrap = this.dataSealer.unwrap(str);
            int indexOf = unwrap.indexOf(58);
            if (indexOf <= 0) {
                throw new MessageDecodingException("No class identifier found in decrypted message");
            }
            String substring = unwrap.substring(0, indexOf);
            StorageSerializer lookup = this.spSessionSerializerRegistry.lookup(Class.forName(substring).asSubclass(SPSession.class));
            if (lookup == null) {
                throw new MessageDecodingException("No serializer registered for session type: " + substring);
            }
            return (SPSession) lookup.deserialize(1L, "session", "key", unwrap.substring(indexOf + 1), Long.valueOf(System.currentTimeMillis()));
        } catch (IOException | ClassNotFoundException | DataSealerException e) {
            throw new MessageDecodingException("Error deserializing encrypted SPSession", e);
        }
    }
}
