package net.shibboleth.idp.session.impl;

import com.google.common.base.Predicates;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SessionException;
import net.shibboleth.idp.session.SessionResolver;
import net.shibboleth.idp.session.context.LogoutContext;
import net.shibboleth.idp.session.context.SessionContext;
import net.shibboleth.idp.session.criterion.HttpServletRequestCriterion;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.HttpServletSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-session-impl-4.3.3.jar:net/shibboleth/idp/session/impl/ProcessLogout.class */
public class ProcessLogout extends AbstractProfileAction {

    @NonnullAfterInit
    private SessionResolver sessionResolver;

    @Nullable
    private Function<ProfileRequestContext, String> addressLookupStrategy;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) ProcessLogout.class);

    @Nonnull
    private Function<ProfileRequestContext, SubjectContext> subjectContextCreationStrategy = new ChildContextLookup(SubjectContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, SessionContext> sessionContextCreationStrategy = new ChildContextLookup(SessionContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, LogoutContext> logoutContextCreationStrategy = new ChildContextLookup(LogoutContext.class, true);

    @Nonnull
    private Function<ProfileRequestContext, CriteriaSet> sessionResolverCriteriaStrategy = profileRequestContext -> {
        return new CriteriaSet(new HttpServletRequestCriterion());
    };

    public void setSessionResolver(@Nonnull SessionResolver sessionResolver) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionResolver = (SessionResolver) Constraint.isNotNull(sessionResolver, "SessionResolver cannot be null");
    }

    public void setSubjectContextCreationStrategy(@Nonnull Function<ProfileRequestContext, SubjectContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.subjectContextCreationStrategy = (Function) Constraint.isNotNull(function, "SubjectContext creation strategy cannot be null");
    }

    public void setSessionContextCreationStrategy(@Nonnull Function<ProfileRequestContext, SessionContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.sessionContextCreationStrategy = (Function) Constraint.isNotNull(function, "SessionContext creation strategy cannot be null");
    }

    public void setLogoutContextCreationStrategy(@Nonnull Function<ProfileRequestContext, LogoutContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.logoutContextCreationStrategy = (Function) Constraint.isNotNull(function, "LogoutContext creation strategy cannot be null");
    }

    public void setSessionResolverCriteriaStrategy(@Nonnull Function<ProfileRequestContext, CriteriaSet> function) {
        this.sessionResolverCriteriaStrategy = (Function) Constraint.isNotNull(function, "SessionResolver CriteriaSet strategy cannot be null");
    }

    public void setAddressLookupStrategy(@Nullable Function<ProfileRequestContext, String> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.addressLookupStrategy = function;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (!getActivationCondition().equals(Predicates.alwaysFalse()) && this.sessionResolver == null) {
            throw new ComponentInitializationException("SessionResolver cannot be null");
        }
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        String remoteAddr;
        try {
            IdPSession resolveSingle = this.sessionResolver.resolveSingle(this.sessionResolverCriteriaStrategy.apply(profileRequestContext));
            if (resolveSingle == null) {
                this.log.info("{} No active session found matching current request", getLogPrefix());
                return;
            }
            if (this.addressLookupStrategy != null) {
                remoteAddr = this.addressLookupStrategy.apply(profileRequestContext);
            } else {
                HttpServletRequest httpServletRequest = getHttpServletRequest();
                remoteAddr = httpServletRequest != null ? HttpServletSupport.getRemoteAddr(httpServletRequest) : null;
            }
            if (remoteAddr != null) {
                try {
                    if (!resolveSingle.checkAddress(remoteAddr)) {
                        return;
                    }
                } catch (SessionException e) {
                    this.log.error("{} Error validating session against client address", getLogPrefix(), e);
                    ActionSupport.buildEvent(profileRequestContext, EventIds.IO_ERROR);
                    return;
                }
            } else {
                this.log.info("{} No client address available, skipping address check for session", getLogPrefix());
            }
            SubjectContext apply = this.subjectContextCreationStrategy.apply(profileRequestContext);
            if (apply != null) {
                apply.setPrincipalName(resolveSingle.getPrincipalName());
            }
            SessionContext apply2 = this.sessionContextCreationStrategy.apply(profileRequestContext);
            if (apply2 != null) {
                apply2.setIdPSession(resolveSingle);
            }
            LogoutContext apply3 = this.logoutContextCreationStrategy.apply(profileRequestContext);
            if (apply3 == null) {
                this.log.error("{} Unable to create or locate LogoutContext", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
                return;
            }
            apply3.getIdPSessions().add(resolveSingle);
            int i = 1;
            for (SPSession sPSession : resolveSingle.getSPSessions()) {
                apply3.getSessionMap().put(sPSession.getId(), sPSession);
                int i2 = i;
                i++;
                apply3.getKeyedSessionMap().put(Integer.toString(i2), sPSession);
            }
        } catch (ResolverException e2) {
            this.log.error("{} Error resolving matching session(s)", getLogPrefix(), e2);
            ActionSupport.buildEvent(profileRequestContext, EventIds.IO_ERROR);
        }
    }
}
