package com.ibm.ws.security.saml.sso20.slo;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.web.WebUtils;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoConfig;
import com.ibm.ws.security.saml.sso20.binding.BasicMessageContext;
import com.ibm.ws.security.saml.sso20.internal.SsoConfigImpl;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/saml/sso20/slo/SLOPostLogoutHandler.class */
public class SLOPostLogoutHandler {
    private static TraceComponent tc = Tr.register(SLOPostLogoutHandler.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    public static final String PARAM_LOGOUT_STATUS = "logout_status";
    private HttpServletRequest request;
    private SsoConfig config;
    private BasicMessageContext<?, ?, ?> messageContext;
    private SLOMessageContextUtils msgContextUtils;
    static final long serialVersionUID = 3487764489169423141L;

    public SLOPostLogoutHandler(HttpServletRequest httpServletRequest, SsoConfig ssoConfig, BasicMessageContext<?, ?, ?> basicMessageContext) {
        this.request = null;
        this.config = null;
        this.messageContext = null;
        this.msgContextUtils = null;
        this.request = httpServletRequest;
        this.config = ssoConfig;
        this.messageContext = basicMessageContext;
        this.msgContextUtils = new SLOMessageContextUtils(this.messageContext);
    }

    public void sendToPostLogoutPage(HttpServletResponse httpServletResponse) throws IOException {
        if (isValidPostLogoutRedirectUrlConfigured()) {
            redirectToCustomPostLogoutPage(httpServletResponse);
        } else {
            generateDefaultPostLogoutPage(httpServletResponse);
        }
    }

    boolean isValidPostLogoutRedirectUrlConfigured() {
        return getAndValidatePostLogoutRedirectUrl() != null;
    }

    void redirectToCustomPostLogoutPage(HttpServletResponse httpServletResponse) throws IOException {
        String andValidatePostLogoutRedirectUrl = getAndValidatePostLogoutRedirectUrl();
        if (andValidatePostLogoutRedirectUrl != null) {
            httpServletResponse.sendRedirect(andValidatePostLogoutRedirectUrl + "?" + getCustomPostLogoutQueryString());
        } else {
            Tr.debug(tc, "Somehow the redirect URL [{0}] is no longer valid, so will redirect to default post logout page", new Object[]{andValidatePostLogoutRedirectUrl});
            generateDefaultPostLogoutPage(httpServletResponse);
        }
    }

    String getCustomPostLogoutQueryString() {
        String str = "logout_status=";
        try {
            str = str + URLEncoder.encode(getStatusCodeForQueryString(), Constants.UTF8);
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.slo.SLOPostLogoutHandler", "75", this, new Object[0]);
        }
        return str;
    }

    String getStatusCodeForQueryString() {
        String sloStatusCode = this.msgContextUtils.getSloStatusCode();
        if (sloStatusCode == null || sloStatusCode.isEmpty()) {
            sloStatusCode = SLOMessageContextUtils.STATUS_UNKNOWN;
        }
        return sloStatusCode;
    }

    String getAndValidatePostLogoutRedirectUrl() {
        String postLogoutRedirectUrl = this.config.getPostLogoutRedirectUrl();
        if (postLogoutRedirectUrl != null) {
            if (WebUtils.validateUriFormat(postLogoutRedirectUrl, "[a-zA-Z0-9._~%!$&'()*+,;=:@/-]+")) {
                return postLogoutRedirectUrl;
            }
            Tr.error(tc, "SAML20_POST_LOGOUT_URL_NOT_VALID", new Object[]{postLogoutRedirectUrl, SsoConfigImpl.KEY_postLogoutRedirectUrl, this.config.getProviderId()});
        }
        String str = null;
        String formLogoutExitPage = this.messageContext.getCachedRequestInfo().getFormLogoutExitPage();
        if (formLogoutExitPage != null) {
            str = formLogoutExitPage;
        }
        return str;
    }

    void generateDefaultPostLogoutPage(HttpServletResponse httpServletResponse) throws IOException {
        getPostLogoutPageBuilder().writeDefaultLogoutPage(httpServletResponse);
    }

    SLOPostLogoutPageBuilder getPostLogoutPageBuilder() {
        return new SLOPostLogoutPageBuilder(this.request, this.messageContext);
    }
}
