package net.shibboleth.idp.saml.saml2.profile.impl;

import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.session.context.LogoutPropagationContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.MessageException;
import org.opensaml.messaging.context.InOutOperationContext;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.MessageLookup;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.OutboundMessageContextLookup;
import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.soap.SAMLSOAPClientContextBuilder;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.security.SecurityException;
import org.opensaml.soap.client.SOAPClient;
import org.opensaml.soap.common.SOAPException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-saml-impl-4.3.3.jar:net/shibboleth/idp/saml/saml2/profile/impl/SOAPLogoutRequest.class */
public class SOAPLogoutRequest extends AbstractProfileAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) SOAPLogoutRequest.class);

    @Nonnull
    private Function<ProfileRequestContext, LogoutRequest> logoutRequestLookupStrategy = new MessageLookup(LogoutRequest.class).compose(new OutboundMessageContextLookup());

    @Nonnull
    private Function<ProfileRequestContext, LogoutPropagationContext> propagationContextLookupStrategy = new ChildContextLookup(LogoutPropagationContext.class);

    @Nonnull
    private Function<ProfileRequestContext, SAMLMetadataContext> metadataContextLookupStrategy = new ChildContextLookup(SAMLMetadataContext.class).compose(new ChildContextLookup(SAMLPeerEntityContext.class).compose(new OutboundMessageContextLookup()));

    @Nonnull
    private Function<ProfileRequestContext, SAMLEndpointContext> endpointContextLookupStrategy = new ChildContextLookup(SAMLEndpointContext.class, true).compose(new ChildContextLookup(SAMLPeerEntityContext.class, true).compose(new OutboundMessageContextLookup()));

    @NonnullAfterInit
    private SOAPClient soapClient;

    @NotEmpty
    @Nullable
    private String soapPipelineName;

    @Nullable
    private LogoutRequest logoutRequest;

    @Nullable
    private LogoutPropagationContext propagationContext;

    @Nullable
    private SAMLMetadataContext mdContext;

    @Nullable
    private SAMLEndpointContext epContext;

    public void setLogoutRequestLookupStrategy(@Nonnull Function<ProfileRequestContext, LogoutRequest> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.logoutRequestLookupStrategy = (Function) Constraint.isNotNull(function, "LogoutRequest lookup strategy cannot be null");
    }

    public void setPropagationContextLookupStrategy(@Nonnull Function<ProfileRequestContext, LogoutPropagationContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.propagationContextLookupStrategy = (Function) Constraint.isNotNull(function, "LogoutPropagationContext lookup strategy cannot be null");
    }

    public void setMetadataContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLMetadataContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.metadataContextLookupStrategy = (Function) Constraint.isNotNull(function, "SAMLMetadataContext lookup strategy cannot be null");
    }

    public void setEndpointContextLookupStrategy(@Nonnull Function<ProfileRequestContext, SAMLEndpointContext> function) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.endpointContextLookupStrategy = (Function) Constraint.isNotNull(function, "SAMLEndpointContext lookup strategy cannot be null");
    }

    public void setSOAPClient(@Nonnull SOAPClient sOAPClient) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.soapClient = (SOAPClient) Constraint.isNotNull(sOAPClient, "SOAPClient cannot be null");
    }

    public void setSOAPPipelineName(@NotEmpty @Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.soapPipelineName = StringSupport.trimOrNull(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.soapClient == null) {
            throw new ComponentInitializationException("SOAPClient cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        this.propagationContext = this.propagationContextLookupStrategy.apply(profileRequestContext);
        if (this.propagationContext == null) {
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
        this.logoutRequest = this.logoutRequestLookupStrategy.apply(profileRequestContext);
        if (this.logoutRequest == null) {
            this.log.warn("{} No LogoutRequest found to process", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
            return false;
        }
        this.epContext = this.endpointContextLookupStrategy.apply(profileRequestContext);
        if (this.epContext != null && this.epContext.getEndpoint() != null && this.epContext.getEndpoint().getLocation() != null) {
            this.mdContext = this.metadataContextLookupStrategy.apply(profileRequestContext);
            return true;
        }
        this.log.warn("{} No destination endpoint found", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        try {
            InOutOperationContext build = new SAMLSOAPClientContextBuilder().setOutboundMessage(this.logoutRequest).setProtocol(SAMLConstants.SAML20P_NS).setPipelineName(this.soapPipelineName).setSecurityConfigurationProfileId(profileRequestContext.getProfileId()).setPeerRoleDescriptor(this.mdContext != null ? this.mdContext.getRoleDescriptor() : null).build();
            this.logoutRequest.setDestination(this.epContext.getEndpoint().getLocation());
            this.log.debug("{} Executing LogoutRequest over SOAP 1.1 binding to endpoint: {}", getLogPrefix(), this.logoutRequest.getDestination());
            this.soapClient.send(this.logoutRequest.getDestination(), build);
            Object message = build.getInboundMessageContext().getMessage();
            if (message == null) {
                throw new MessageException("No response message received");
            }
            if (!(message instanceof LogoutResponse)) {
                throw new MessageException("Message received was not of correct type");
            }
            profileRequestContext.getInboundMessageContext().setMessage(message);
            ((SAMLBindingContext) profileRequestContext.getInboundMessageContext().getSubcontext(SAMLBindingContext.class, true)).setBindingDescriptor(((SAMLBindingContext) profileRequestContext.getOutboundMessageContext().getSubcontext(SAMLBindingContext.class)).getBindingDescriptor());
            this.log.debug("{} Processing LogoutResponse received via SOAP 1.1 binding from endpoint: {}", getLogPrefix(), this.logoutRequest.getDestination());
            handleResponse(profileRequestContext, (LogoutResponse) message);
        } catch (ClassCastException e) {
            this.log.warn("{} SOAP message payload was not an instance of LogoutResponse", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);
        } catch (MessageException | SecurityException | SOAPException e2) {
            this.log.warn("{} SOAP logout request failed", getLogPrefix(), e2);
            ActionSupport.buildEvent(profileRequestContext, EventIds.IO_ERROR);
        }
    }

    private void handleResponse(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull LogoutResponse logoutResponse) {
        Status status = logoutResponse.getStatus();
        if (status == null) {
            this.log.warn("{} LogoutResponse received with no status", getLogPrefix());
            return;
        }
        StatusCode statusCode = status.getStatusCode();
        if (statusCode == null) {
            this.log.warn("{} LogoutResponse received with no status code", getLogPrefix());
            return;
        }
        if (!StatusCode.SUCCESS.equals(statusCode.getValue())) {
            this.log.warn("{} LogoutResponse received with status code '{}'", getLogPrefix(), statusCode.getValue());
            return;
        }
        StatusCode statusCode2 = statusCode.getStatusCode();
        if (statusCode2 != null && statusCode2.getValue() != null && StatusCode.PARTIAL_LOGOUT.equals(statusCode2.getValue())) {
            this.log.debug("{} Logout partially successful", getLogPrefix());
        } else {
            this.log.debug("{} Logout successful", getLogPrefix());
            this.propagationContext.setResult(LogoutPropagationContext.Result.Success);
        }
    }
}
