package org.springframework.security.saml;

import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLException;
import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml.context.SAMLContextProvider;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.log.SAMLLogger;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.util.DefaultURLComparator;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.security.saml.websso.SingleLogoutProfile;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-1.0.10.RELEASE.jar:org/springframework/security/saml/SAMLLogoutProcessingFilter.class */
public class SAMLLogoutProcessingFilter extends LogoutFilter {
    protected SAMLProcessor processor;
    protected SingleLogoutProfile logoutProfile;
    protected SAMLLogger samlLogger;
    protected SAMLContextProvider contextProvider;
    protected URIComparator uriComparator;
    protected static final Logger log = LoggerFactory.getLogger((Class<?>) SAMLLogoutProcessingFilter.class);
    public static final String FILTER_URL = "/saml/SingleLogout";
    private final List<LogoutHandler> handlers;
    private String filterProcessesUrl;

    public SAMLLogoutProcessingFilter(String str, LogoutHandler... logoutHandlerArr) {
        super(str, logoutHandlerArr);
        this.uriComparator = new DefaultURLComparator();
        setFilterProcessesUrl(FILTER_URL);
        this.handlers = Arrays.asList(logoutHandlerArr);
    }

    public SAMLLogoutProcessingFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... logoutHandlerArr) {
        super(logoutSuccessHandler, logoutHandlerArr);
        this.uriComparator = new DefaultURLComparator();
        this.handlers = Arrays.asList(logoutHandlerArr);
        setFilterProcessesUrl(FILTER_URL);
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutFilter, javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        processLogout((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    public void processLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!requiresLogout(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            log.debug("Processing SAML logout message");
            SAMLMessageContext localEntity = this.contextProvider.getLocalEntity(httpServletRequest, httpServletResponse);
            localEntity.setCommunicationProfileId(getProfileName());
            this.processor.retrieveMessage(localEntity);
            localEntity.setLocalEntityEndpoint(SAMLUtil.getEndpoint(localEntity.getLocalEntityRoleMetadata().getEndpoints(), localEntity.getInboundSAMLBinding(), localEntity.getInboundMessageTransport(), this.uriComparator));
            if (localEntity.getInboundSAMLMessage() instanceof LogoutResponse) {
                try {
                    this.logoutProfile.processLogoutResponse(localEntity);
                    log.debug("Performing local logout after receiving logout response from {}", localEntity.getPeerEntityId());
                    super.doFilter(httpServletRequest, httpServletResponse, filterChain);
                    this.samlLogger.log("LogoutResponse", SAMLConstants.SUCCESS, localEntity);
                    return;
                } catch (Exception e) {
                    log.debug("Received logout response is invalid", (Throwable) e);
                    this.samlLogger.log("LogoutResponse", SAMLConstants.FAILURE, localEntity, e);
                    return;
                }
            }
            if (localEntity.getInboundSAMLMessage() instanceof LogoutRequest) {
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                SAMLCredential sAMLCredential = null;
                if (authentication != null) {
                    sAMLCredential = (SAMLCredential) authentication.getCredentials();
                }
                try {
                    try {
                        if (this.logoutProfile.processLogoutRequest(localEntity, sAMLCredential)) {
                            log.debug("Performing local logout after receiving logout request from {}", localEntity.getPeerEntityId());
                            Iterator<LogoutHandler> it = this.handlers.iterator();
                            while (it.hasNext()) {
                                it.next().logout(httpServletRequest, httpServletResponse, authentication);
                            }
                        }
                        this.logoutProfile.sendLogoutResponse(localEntity, StatusCode.SUCCESS_URI, null);
                        this.samlLogger.log("LogoutRequest", SAMLConstants.SUCCESS, localEntity);
                    } catch (SAMLStatusException e2) {
                        log.debug("Received logout request is invalid, responding with error", (Throwable) e2);
                        this.logoutProfile.sendLogoutResponse(localEntity, e2.getStatusCode(), e2.getStatusMessage());
                        this.samlLogger.log("LogoutRequest", SAMLConstants.FAILURE, localEntity, e2);
                    }
                } catch (Exception e3) {
                    log.debug("Error processing logout request", (Throwable) e3);
                    this.samlLogger.log("LogoutRequest", SAMLConstants.FAILURE, localEntity, e3);
                    throw new ServletException("Error processing logout request", e3);
                }
            }
        } catch (SAMLException e4) {
            log.debug("Incoming SAML message is invalid", (Throwable) e4);
            throw new ServletException("Incoming SAML message is invalid", e4);
        } catch (MetadataProviderException e5) {
            log.debug("Error determining metadata contracts", (Throwable) e5);
            throw new ServletException("Error determining metadata contracts", e5);
        } catch (MessageDecodingException e6) {
            log.debug("Error decoding incoming SAML message", (Throwable) e6);
            throw new ServletException("Error decoding incoming SAML message", e6);
        } catch (SecurityException e7) {
            log.debug("Incoming SAML message failed security validation", (Throwable) e7);
            throw new ServletException("Incoming SAML message failed security validation", e7);
        }
    }

    protected String getProfileName() {
        return SAMLConstants.SAML2_SLO_PROFILE_URI;
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutFilter
    protected boolean requiresLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return SAMLUtil.processFilter(getFilterProcessesUrl(), httpServletRequest);
    }

    @Autowired
    public void setSAMLProcessor(SAMLProcessor sAMLProcessor) {
        Assert.notNull(sAMLProcessor, "SAML Processor can't be null");
        this.processor = sAMLProcessor;
    }

    @Autowired
    public void setLogoutProfile(SingleLogoutProfile singleLogoutProfile) {
        Assert.notNull(singleLogoutProfile, "SingleLogoutProfile can't be null");
        this.logoutProfile = singleLogoutProfile;
    }

    @Autowired
    public void setSamlLogger(SAMLLogger sAMLLogger) {
        Assert.notNull(sAMLLogger, "SAML logger can't be null");
        this.samlLogger = sAMLLogger;
    }

    @Autowired
    public void setContextProvider(SAMLContextProvider sAMLContextProvider) {
        Assert.notNull(sAMLContextProvider, "Context provider can't be null");
        this.contextProvider = sAMLContextProvider;
    }

    @Autowired(required = false)
    public void setUriComparator(URIComparator uRIComparator) {
        Assert.notNull(uRIComparator, "URI comparator can't be null");
        this.uriComparator = uRIComparator;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(this.processor, "SAMLProcessor must be set");
        Assert.notNull(this.contextProvider, "Context provider must be set");
        Assert.notNull(this.logoutProfile, "Logout profile must be set");
        Assert.notNull(this.samlLogger, "SAML Logger must be set");
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutFilter
    public void setFilterProcessesUrl(String str) {
        this.filterProcessesUrl = str;
        super.setFilterProcessesUrl(str);
    }

    public String getFilterProcessesUrl() {
        return this.filterProcessesUrl;
    }
}
