package org.jboss.seam.security.external.saml.idp;

import java.util.List;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.security.external.InvalidRequestException;
import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.SamlNameIdImpl;
import org.jboss.seam.security.external.dialogues.DialogueBean;
import org.jboss.seam.security.external.dialogues.api.DialogueManager;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
import org.jboss.seam.security.external.saml.SamlConstants;
import org.jboss.seam.security.external.saml.SamlDialogue;
import org.jboss.seam.security.external.saml.SamlMessageFactory;
import org.jboss.seam.security.external.saml.SamlMessageSender;
import org.jboss.seam.security.external.saml.SamlProfile;
import org.jboss.seam.security.external.saml.api.SamlIdpSession;
import org.jboss.seam.security.external.saml.api.SamlNameId;
import org.jboss.seam.security.external.saml.api.SamlPrincipal;
import org.jboss.seam.security.external.spi.SamlIdentityProviderSpi;

/* loaded from: input_file:WEB-INF/lib/seam-security-external-3.1.0.Beta3.jar:org/jboss/seam/security/external/saml/idp/SamlIdpSingleLogoutService.class */
public class SamlIdpSingleLogoutService {

    @Inject
    private SamlMessageFactory samlMessageFactory;

    @Inject
    private SamlMessageSender samlMessageSender;

    @Inject
    private SamlIdpSessions samlIdpSessions;

    @Inject
    private Instance<SamlIdentityProviderSpi> samlIdentityProviderSpi;

    @Inject
    private Instance<DialogueBean> dialogue;

    @Inject
    private Instance<SamlDialogue> samlDialogue;

    @Inject
    private Instance<SamlIdpIncomingLogoutDialogue> samlIdpIncomingLogoutDialogue;

    @Inject
    private Instance<SamlIdpOutgoingLogoutDialogue> samlIdpOutgoingLogoutDialogue;

    @Inject
    private DialogueManager dialogueManager;

    @Inject
    private ResponseHandler responseHandler;

    public void processSPRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestAbstractType requestAbstractType) throws InvalidRequestException {
        if (!(requestAbstractType instanceof LogoutRequestType)) {
            throw new InvalidRequestException("Request should be a single logout request.");
        }
        LogoutRequestType logoutRequestType = (LogoutRequestType) requestAbstractType;
        NameIDType nameID = logoutRequestType.getNameID();
        ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).setNameId(new SamlNameIdImpl(nameID.getValue(), nameID.getFormat(), nameID.getNameQualifier()));
        ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).setSessionIndexes(logoutRequestType.getSessionIndex());
        removeNextSessionParticipant(httpServletResponse);
    }

    public void handleIDPInitiatedSingleLogout(SamlPrincipal samlPrincipal, List<String> list, HttpServletResponse httpServletResponse) {
        ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).setNameId(samlPrincipal.getNameId());
        ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).setSessionIndexes(list);
        removeNextSessionParticipant(httpServletResponse);
    }

    private void removeNextSessionParticipant(HttpServletResponse httpServletResponse) {
        SamlNameId nameId = ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).getNameId();
        List<String> sessionIndexes = ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).getSessionIndexes();
        boolean z = false;
        while (!z) {
            SamlIdpSessionImpl samlIdpSessionImpl = null;
            for (SamlIdpSessionImpl samlIdpSessionImpl2 : this.samlIdpSessions.getSessions()) {
                if (samlIdpSessionImpl2.getPrincipal().getNameId().equals(nameId) && (sessionIndexes == null || sessionIndexes.size() == 0 || sessionIndexes.contains(samlIdpSessionImpl2.getSessionIndex()))) {
                    samlIdpSessionImpl = samlIdpSessionImpl2;
                    break;
                }
            }
            if (samlIdpSessionImpl == null) {
                finishSingleLogoutProcess(httpServletResponse);
                z = true;
            } else if (samlIdpSessionImpl.getServiceProviders().size() != 0) {
                SamlExternalServiceProvider next = samlIdpSessionImpl.getServiceProviders().iterator().next();
                samlIdpSessionImpl.getServiceProviders().remove(next);
                if (next != null && !next.equals(((SamlDialogue) this.samlDialogue.get()).getExternalProvider()) && next.getService(SamlProfile.SINGLE_LOGOUT) != null) {
                    String id = ((DialogueBean) this.dialogue.get()).getId();
                    this.dialogueManager.detachDialogue();
                    this.dialogueManager.beginDialogue();
                    ((SamlIdpOutgoingLogoutDialogue) this.samlIdpOutgoingLogoutDialogue.get()).setIncomingDialogueId(id);
                    sendSingleLogoutRequestToSP(samlIdpSessionImpl, next, httpServletResponse);
                    z = true;
                }
            } else {
                this.samlIdpSessions.removeSession(samlIdpSessionImpl);
                if (((SamlDialogue) this.samlDialogue.get()).getExternalProvider() != null) {
                    ((SamlIdentityProviderSpi) this.samlIdentityProviderSpi.get()).loggedOut(samlIdpSessionImpl);
                }
            }
        }
    }

    private void finishSingleLogoutProcess(HttpServletResponse httpServletResponse) {
        boolean isFailed = ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).isFailed();
        if (((SamlDialogue) this.samlDialogue.get()).getExternalProvider() != null) {
            this.samlMessageSender.sendResponse(((SamlDialogue) this.samlDialogue.get()).getExternalProvider(), this.samlMessageFactory.createStatusResponse(isFailed ? SamlConstants.STATUS_RESPONDER : SamlConstants.STATUS_SUCCESS, null), SamlProfile.SINGLE_LOGOUT, httpServletResponse);
        } else if (isFailed) {
            ((SamlIdentityProviderSpi) this.samlIdentityProviderSpi.get()).globalLogoutFailed(this.responseHandler.createResponseHolder(httpServletResponse));
        } else {
            ((SamlIdentityProviderSpi) this.samlIdentityProviderSpi.get()).globalLogoutSucceeded(this.responseHandler.createResponseHolder(httpServletResponse));
        }
        ((DialogueBean) this.dialogue.get()).setFinished(true);
    }

    public void processSPResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, StatusResponseType statusResponseType) {
        String incomingDialogueId = ((SamlIdpOutgoingLogoutDialogue) this.samlIdpOutgoingLogoutDialogue.get()).getIncomingDialogueId();
        this.dialogueManager.endDialogue();
        this.dialogueManager.attachDialogue(incomingDialogueId);
        if (statusResponseType.getStatus() != null && !statusResponseType.getStatus().getStatusCode().getValue().equals(SamlConstants.STATUS_SUCCESS)) {
            ((SamlIdpIncomingLogoutDialogue) this.samlIdpIncomingLogoutDialogue.get()).setFailed(true);
        }
        removeNextSessionParticipant(httpServletResponse);
    }

    public void sendSingleLogoutRequestToSP(SamlIdpSession samlIdpSession, SamlExternalServiceProvider samlExternalServiceProvider, HttpServletResponse httpServletResponse) {
        LogoutRequestType createLogoutRequest = this.samlMessageFactory.createLogoutRequest(samlIdpSession.getPrincipal().getNameId(), ((SamlIdpSessionImpl) samlIdpSession).getSessionIndex());
        ((SamlDialogue) this.samlDialogue.get()).setExternalProvider(samlExternalServiceProvider);
        this.samlMessageSender.sendRequest(samlExternalServiceProvider, SamlProfile.SINGLE_LOGOUT, createLogoutRequest, httpServletResponse);
    }
}
