package com.ibm.ws.security.saml.sso20.slo;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoHandler;
import com.ibm.ws.security.saml.SsoRequest;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.security.saml.sso20.acs.WebSSOConsumer;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URLDecoder;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/saml/sso20/slo/SLOHandler.class */
public class SLOHandler implements SsoHandler {
    private static TraceComponent tc = Tr.register(SLOHandler.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    SPInitiatedSLO spSlo;
    static final long serialVersionUID = -7256373052801584250L;

    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    @TraceOptions
    /* loaded from: input_file:com/ibm/ws/security/saml/sso20/slo/SLOHandler$MyHttpServletResponseWrapper.class */
    static class MyHttpServletResponseWrapper extends HttpServletResponseWrapper {
        private static final int BUFFER_SIZE = 2048;
        private final StringWriter sw;
        static final long serialVersionUID = -2164199744763013134L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.saml.sso20.slo.SLOHandler$MyHttpServletResponseWrapper", MyHttpServletResponseWrapper.class, (String) null, (String) null);

        public MyHttpServletResponseWrapper(HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
            this.sw = new StringWriter(BUFFER_SIZE);
        }

        public PrintWriter getWriter() throws IOException {
            return new PrintWriter(this.sw);
        }

        public ServletOutputStream getOutputStream() throws IOException {
            throw new UnsupportedOperationException();
        }

        public String toString() {
            return this.sw.toString();
        }
    }

    @Override // com.ibm.ws.security.saml.SsoHandler
    public Constants.SamlSsoVersion getSamlVersion() {
        return Constants.SamlSsoVersion.SAMLSSO20;
    }

    @Override // com.ibm.ws.security.saml.SsoHandler
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoRequest ssoRequest, Map<String, Object> map) throws SamlException {
        verifySsoRequestNotNull(ssoRequest);
        SsoSamlService ssoSamlServiceParameter = getSsoSamlServiceParameter(map);
        debugRequestAndSsoServiceInfo(httpServletRequest, httpServletResponse, ssoRequest, ssoSamlServiceParameter);
        try {
            if (isLogoutEndpointRequest(ssoRequest)) {
                handleLogoutEndpointRequest(httpServletRequest, httpServletResponse, ssoSamlServiceParameter, map);
            } else if (isLogoutResponseFromIdP(httpServletRequest)) {
                handleLogoutResponseFromIdp(httpServletRequest, httpServletResponse, ssoRequest, ssoSamlServiceParameter);
            } else if (isLogoutRequestFromIdp(httpServletRequest)) {
                handleLogoutRequestFromIdp(httpServletRequest, httpServletResponse, ssoRequest, ssoSamlServiceParameter);
            }
            postLogoutRequestProcess();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.slo.SLOHandler", "64", this, new Object[]{httpServletRequest, httpServletResponse, ssoRequest, map});
            throw new SamlException(Tr.formatMessage(tc, "ERROR_HANDLING_LOGOUT_REQUEST", new Object[]{e.getLocalizedMessage()}), e);
        }
    }

    void verifySsoRequestNotNull(SsoRequest ssoRequest) throws SamlException {
        if (ssoRequest == null) {
            throw new SamlException(Tr.formatMessage(tc, "LOGOUT_REQUEST_MISSING_SSO_REQUEST", new Object[0]));
        }
    }

    SsoSamlService getSsoSamlServiceParameter(Map<String, Object> map) throws SamlException {
        if (map == null) {
            throw new SamlException(Tr.formatMessage(tc, "LOGOUT_CANNOT_FIND_SAML_SSO_SERVICE", new Object[0]));
        }
        SsoSamlService ssoSamlService = (SsoSamlService) map.get(Constants.KEY_SAML_SERVICE);
        if (ssoSamlService == null) {
            throw new SamlException(Tr.formatMessage(tc, "LOGOUT_CANNOT_FIND_SAML_SSO_SERVICE", new Object[0]));
        }
        return ssoSamlService;
    }

    void debugRequestAndSsoServiceInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoRequest ssoRequest, SsoSamlService ssoSamlService) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "handleRequest(SLO):", new Object[0]);
            Tr.debug(tc, " providerId:" + ssoSamlService.getProviderId(), new Object[0]);
            Tr.debug(tc, " request:" + httpServletRequest, new Object[0]);
            Tr.debug(tc, " response:" + httpServletResponse, new Object[0]);
            Tr.debug(tc, " Request:" + ssoRequest, new Object[0]);
            Tr.debug(tc, " Service:" + ssoSamlService, new Object[0]);
        }
    }

    boolean isLogoutEndpointRequest(SsoRequest ssoRequest) {
        return Constants.EndpointType.LOGOUT.equals(ssoRequest.getType());
    }

    void handleLogoutEndpointRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoSamlService ssoSamlService, Map<String, Object> map) throws SamlException {
        this.spSlo = new SPInitiatedSLO(ssoSamlService, getSubjectFromParameters(map));
        this.spSlo.buildandSendSLORequest(httpServletRequest, httpServletResponse);
    }

    private Subject getSubjectFromParameters(Map<String, Object> map) throws SamlException {
        if (map.get(Constants.KEY_SECURITY_SUBJECT) != null) {
            return (Subject) map.get(Constants.KEY_SECURITY_SUBJECT);
        }
        Tr.error(tc, "LOGOUT_CANNOT_FIND_SAMLTOKEN", new Object[0]);
        throw new SamlException(Tr.formatMessage(tc, "LOGOUT_CANNOT_FIND_SAMLTOKEN", new Object[0]));
    }

    boolean isLogoutResponseFromIdP(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(Constants.SAMLResponse) != null;
    }

    void handleLogoutResponseFromIdp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoRequest ssoRequest, SsoSamlService ssoSamlService) throws Exception {
        String parameter = httpServletRequest.getParameter(Constants.SAMLResponse);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "logout response = ", new Object[]{parameter});
        }
        int status = httpServletResponse.getStatus();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "logout response status = ", new Object[]{Integer.valueOf(status)});
        }
        new SLOPostLogoutHandler(httpServletRequest, ssoSamlService.getConfig(), WebSSOConsumer.getInstance().handleSAMLLogoutResponse(httpServletRequest, httpServletResponse, ssoSamlService, URLDecoder.decode(httpServletRequest.getParameter(Constants.RELAY_STATE), Constants.UTF8), ssoRequest)).sendToPostLogoutPage(httpServletResponse);
    }

    boolean isLogoutRequestFromIdp(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(Constants.SAMLRequest) != null;
    }

    void handleLogoutRequestFromIdp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoRequest ssoRequest, SsoSamlService ssoSamlService) throws SamlException {
        String parameter = httpServletRequest.getParameter(Constants.SAMLRequest);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "logout request = ", new Object[]{parameter});
        }
        new IdPInitiatedSLO(ssoSamlService, WebSSOConsumer.getInstance().handleSAMLLogoutRequest(httpServletRequest, httpServletResponse, ssoSamlService, null, ssoRequest)).sendSLOResponseToIdp(httpServletRequest, httpServletResponse);
    }

    void postLogoutRequestProcess() {
    }
}
