package net.shibboleth.idp.session.impl;

import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SessionException;
import net.shibboleth.idp.session.SessionManager;
import net.shibboleth.idp.session.SessionResolver;
import net.shibboleth.idp.session.context.LogoutContext;
import net.shibboleth.idp.session.context.SessionContext;
import net.shibboleth.idp.session.criterion.HttpServletRequestCriterion;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/session/impl/ProcessLogout.class */
public class ProcessLogout extends AbstractProfileAction {

    @NonnullAfterInit
    private SessionResolver sessionResolver;

    @NonnullAfterInit
    private SessionManager sessionManager;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ProcessLogout.class);

    @Nonnull
    private Predicate<ProfileRequestContext> checkAddressCondition = Predicates.alwaysTrue();

    @Nonnull
    private Function<ProfileRequestContext, SubjectContext> subjectContextCreationStrategy = new ChildContextLookup(SubjectContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, SessionContext> sessionContextCreationStrategy = new ChildContextLookup(SessionContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, LogoutContext> logoutContextCreationStrategy = new ChildContextLookup(LogoutContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, CriteriaSet> sessionResolverCriteriaStrategy = new Function<ProfileRequestContext, CriteriaSet>() { // from class: net.shibboleth.idp.session.impl.ProcessLogout.1
        public CriteriaSet apply(ProfileRequestContext profileRequestContext) {
            return new CriteriaSet(new Criterion[]{new HttpServletRequestCriterion()});
        }
    };

    public void setCheckAddressCondition(@Nonnull Predicate<ProfileRequestContext> predicate) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.checkAddressCondition = (Predicate) Constraint.isNotNull(predicate, "Address checking condition cannot be null");
    }

    public void setSessionResolver(@Nonnull SessionResolver sessionResolver) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionResolver = (SessionResolver) Constraint.isNotNull(sessionResolver, "SessionResolver cannot be null");
    }

    public void setSessionManager(@Nonnull SessionManager sessionManager) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionManager = (SessionManager) Constraint.isNotNull(sessionManager, "SessionManager cannot be null");
    }

    public void setSubjectContextCreationStrategy(@Nonnull Function<ProfileRequestContext, SubjectContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.subjectContextCreationStrategy = (Function) Constraint.isNotNull(function, "SubjectContext creation strategy cannot be null");
    }

    public void setSessionContextCreationStrategy(@Nonnull Function<ProfileRequestContext, SessionContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionContextCreationStrategy = (Function) Constraint.isNotNull(function, "SessionContext creation strategy cannot be null");
    }

    public void setLogoutContextCreationStrategy(@Nonnull Function<ProfileRequestContext, LogoutContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.logoutContextCreationStrategy = (Function) Constraint.isNotNull(function, "LogoutContext creation strategy cannot be null");
    }

    public void setSessionResolverCriteriaStrategy(@Nonnull Function<ProfileRequestContext, CriteriaSet> function) {
        this.sessionResolverCriteriaStrategy = (Function) Constraint.isNotNull(function, "SessionResolver CriteriaSet strategy cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (getActivationCondition().equals(Predicates.alwaysFalse())) {
            return;
        }
        if (this.sessionResolver == null) {
            throw new ComponentInitializationException("SessionResolver cannot be null");
        }
        if (this.sessionManager == null) {
            throw new ComponentInitializationException("SessionManager cannot be null");
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        try {
            IdPSession idPSession = (IdPSession) this.sessionResolver.resolveSingle(this.sessionResolverCriteriaStrategy.apply(profileRequestContext));
            if (idPSession == null) {
                this.log.info("{} No active session found matching current request", getLogPrefix());
                return;
            }
            if (this.checkAddressCondition.apply(profileRequestContext)) {
                HttpServletRequest httpServletRequest = getHttpServletRequest();
                if (httpServletRequest == null || httpServletRequest.getRemoteAddr() == null) {
                    this.log.info("{} No servlet request or client address available, skipping address check for sessions", getLogPrefix());
                } else {
                    try {
                        if (!idPSession.checkAddress(httpServletRequest.getRemoteAddr())) {
                            return;
                        }
                    } catch (SessionException e) {
                        this.log.error("{} Error binding session to client address", getLogPrefix(), e);
                        ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
                        return;
                    }
                }
            } else {
                this.log.debug("{} Bypassing address check for session {}", getLogPrefix(), idPSession.getId());
            }
            SubjectContext subjectContext = (SubjectContext) this.subjectContextCreationStrategy.apply(profileRequestContext);
            if (subjectContext != null) {
                subjectContext.setPrincipalName(idPSession.getPrincipalName());
            }
            SessionContext sessionContext = (SessionContext) this.sessionContextCreationStrategy.apply(profileRequestContext);
            if (sessionContext != null) {
                sessionContext.setIdPSession(idPSession);
            }
            LogoutContext logoutContext = (LogoutContext) this.logoutContextCreationStrategy.apply(profileRequestContext);
            if (logoutContext == null) {
                this.log.error("{} Unable to create or locate LogoutContext", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
                return;
            }
            int i = 1;
            for (SPSession sPSession : idPSession.getSPSessions()) {
                logoutContext.getSessionMap().put(sPSession.getId(), sPSession);
                int i2 = i;
                i++;
                logoutContext.getKeyedSessionMap().put(Integer.toString(i2), sPSession);
            }
            try {
                this.sessionManager.destroySession(idPSession.getId(), true);
            } catch (SessionException e2) {
                this.log.error("{} Error destroying session", getLogPrefix(), e2);
                ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
            }
        } catch (ResolverException e3) {
            this.log.error("{} Error resolving matching session(s)", getLogPrefix(), e3);
            ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
        }
    }
}
