package net.shibboleth.idp.session.impl;

import java.io.IOException;
import java.lang.reflect.GenericDeclaration;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.idp.session.SPSession;
import net.shibboleth.idp.session.SPSessionSerializerRegistry;
import net.shibboleth.idp.session.context.LogoutContext;
import net.shibboleth.idp.session.context.LogoutPropagationContext;
import net.shibboleth.shared.annotation.constraint.NonnullBeforeExec;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.security.DataSealer;
import net.shibboleth.shared.security.DataSealerException;
import org.opensaml.messaging.MessageException;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.storage.StorageSerializer;
import org.slf4j.Logger;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:WEB-INF/lib/idp-session-impl-5.0.0.jar:net/shibboleth/idp/session/impl/PopulateLogoutPropagationContext.class */
public class PopulateLogoutPropagationContext extends AbstractProfileAction {

    @Nonnull
    @NotEmpty
    private static final String SESSION_NOT_FOUND = "SessionNotFound";

    @Nonnull
    @NotEmpty
    private static final String SESSION_PARAM_BYREF = "SessionKey";

    @Nonnull
    @NotEmpty
    private static final String SESSION_PARAM_BYVAL = "SPSession";

    @Nullable
    private DataSealer dataSealer;

    @Nullable
    private SPSessionSerializerRegistry spSessionSerializerRegistry;

    @Nullable
    private Function<ProfileRequestContext, SPSession> sessionLookupStrategy;

    @NonnullBeforeExec
    private SPSession session;

    @Nullable
    private String sessionKey;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) PopulateLogoutPropagationContext.class);

    @Nonnull
    private Function<ProfileRequestContext, LogoutPropagationContext> contextCreationStrategy = new ChildContextLookup(LogoutPropagationContext.class, true);

    public void setDataSealer(@Nullable DataSealer dataSealer) {
        checkSetterPreconditions();
        this.dataSealer = dataSealer;
    }

    public void setSPSessionSerializerRegistry(@Nullable SPSessionSerializerRegistry sPSessionSerializerRegistry) {
        checkSetterPreconditions();
        this.spSessionSerializerRegistry = sPSessionSerializerRegistry;
    }

    public void setLogoutPropagationContextCreationStrategy(@Nonnull Function<ProfileRequestContext, LogoutPropagationContext> function) {
        checkSetterPreconditions();
        this.contextCreationStrategy = (Function) Constraint.isNotNull(function, "LogoutPropagationContext creation strategy cannot be null");
    }

    public void setSessionLookupStrategy(@Nullable Function<ProfileRequestContext, SPSession> function) {
        checkSetterPreconditions();
        this.sessionLookupStrategy = function;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext)) {
            return false;
        }
        if (this.sessionLookupStrategy != null) {
            this.session = this.sessionLookupStrategy.apply(profileRequestContext);
            if (this.session != null) {
                this.log.debug("{} Got session to propagate logout: {}", getLogPrefix(), this.session);
                return true;
            }
            this.log.debug("{} No sessions remaining for logout propagation", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "SessionNotFound");
            return false;
        }
        RequestContext requestContext = getRequestContext(profileRequestContext);
        if (requestContext == null) {
            this.log.error("{} Spring RequestContext is not set", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.UNABLE_TO_DECODE);
            return false;
        }
        String str = requestContext.getRequestParameters().get("SessionKey");
        String str2 = requestContext.getRequestParameters().get(SESSION_PARAM_BYVAL);
        try {
            if (str != null) {
                this.sessionKey = str;
                this.session = getSessionByReference(requestContext, this.sessionKey);
            } else {
                if (str2 == null) {
                    this.log.warn("{} No session parameter provided, nothing to do", getLogPrefix());
                    ActionSupport.buildEvent(profileRequestContext, EventIds.UNABLE_TO_DECODE);
                    return false;
                }
                if (this.dataSealer == null || this.spSessionSerializerRegistry == null) {
                    this.log.error("{} No DataSealer/SerializerRegistry provided, unable to process session passed by value", getLogPrefix());
                    ActionSupport.buildEvent(profileRequestContext, EventIds.UNABLE_TO_DECODE);
                    return false;
                }
                this.session = getSessionByValue(str2);
            }
            this.log.debug("{} Got session to propagate logout: {}", getLogPrefix(), this.session);
            return true;
        } catch (MessageDecodingException e) {
            this.log.warn("{} Message decoding exception", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, EventIds.UNABLE_TO_DECODE);
            return false;
        } catch (MessageException e2) {
            this.log.warn("{} Required state not found", getLogPrefix(), e2);
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
            return false;
        }
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        LogoutPropagationContext apply = this.contextCreationStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.error("{} Unable to create or locate LogoutPropagationContext", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
        } else {
            apply.setSession(this.session);
            apply.setSessionKey(this.sessionKey);
            apply.setResult(LogoutPropagationContext.Result.Failure);
            apply.setDetail(null);
        }
    }

    @Nonnull
    private SPSession getSessionByReference(@Nonnull RequestContext requestContext, @Nonnull String str) throws MessageException {
        LogoutContext logoutContext = (LogoutContext) requestContext.getExternalContext().getSessionMap().get(SaveLogoutContext.LOGOUT_CONTEXT_KEY, LogoutContext.class);
        if (logoutContext == null) {
            throw new MessageException("LogoutContext not found in HTTP session.");
        }
        SPSession sPSession = logoutContext.getKeyedSessionMap().get(str);
        if (sPSession == null) {
            throw new MessageException("Session not found for key: " + str);
        }
        return sPSession;
    }

    @Nonnull
    private SPSession getSessionByValue(@Nonnull String str) throws MessageDecodingException {
        try {
            if (!$assertionsDisabled && this.dataSealer == null) {
                throw new AssertionError();
            }
            String unwrap = this.dataSealer.unwrap(str);
            int indexOf = unwrap.indexOf(58);
            if (indexOf <= 0) {
                throw new MessageDecodingException("No class identifier found in decrypted message");
            }
            String substring = unwrap.substring(0, indexOf);
            GenericDeclaration asSubclass = Class.forName(substring).asSubclass(SPSession.class);
            if (!$assertionsDisabled && asSubclass == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && this.spSessionSerializerRegistry == null) {
                throw new AssertionError();
            }
            StorageSerializer lookup = this.spSessionSerializerRegistry.lookup(asSubclass);
            if (lookup == null) {
                throw new MessageDecodingException("No serializer registered for session type: " + substring);
            }
            String substring2 = unwrap.substring(indexOf + 1);
            if ($assertionsDisabled || substring2 != null) {
                return (SPSession) lookup.deserialize(1L, "session", "key", substring2, Long.valueOf(System.currentTimeMillis()));
            }
            throw new AssertionError();
        } catch (IOException | ClassNotFoundException | DataSealerException e) {
            throw new MessageDecodingException("Error deserializing encrypted SPSession", e);
        }
    }

    static {
        $assertionsDisabled = !PopulateLogoutPropagationContext.class.desiredAssertionStatus();
    }
}
