package org.springframework.security.saml;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLException;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml.context.SAMLContextProvider;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.log.SAMLLogger;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.security.saml.websso.SingleLogoutProfile;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-1.0.0.RELEASE.jar:org/springframework/security/saml/SAMLLogoutFilter.class */
public class SAMLLogoutFilter extends LogoutFilter {
    protected SingleLogoutProfile profile;
    protected SAMLLogger samlLogger;
    protected SAMLContextProvider contextProvider;
    protected static final String LOGOUT_PARAMETER = "local";
    protected LogoutHandler[] globalHandlers;
    public static final String FILTER_URL = "/saml/logout";

    public SAMLLogoutFilter(String str, LogoutHandler[] logoutHandlerArr, LogoutHandler[] logoutHandlerArr2) {
        super(str, logoutHandlerArr);
        this.globalHandlers = logoutHandlerArr2;
        setFilterProcessesUrl(FILTER_URL);
    }

    public SAMLLogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler[] logoutHandlerArr, LogoutHandler[] logoutHandlerArr2) {
        super(logoutSuccessHandler, logoutHandlerArr);
        this.globalHandlers = logoutHandlerArr2;
        setFilterProcessesUrl(FILTER_URL);
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        FilterInvocation filterInvocation = new FilterInvocation(servletRequest, servletResponse, filterChain);
        processLogout(filterInvocation.getRequest(), filterInvocation.getResponse(), filterChain);
    }

    public void processLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!requiresLogout(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication == null || !isGlobalLogout(httpServletRequest, authentication)) {
                super.doFilter(httpServletRequest, httpServletResponse, filterChain);
            } else {
                Assert.isInstanceOf(SAMLCredential.class, authentication.getCredentials(), "Authentication object doesn't contain SAML credential, cannot perform global logout");
                for (LogoutHandler logoutHandler : this.globalHandlers) {
                    logoutHandler.logout(httpServletRequest, httpServletResponse, authentication);
                }
                SAMLCredential sAMLCredential = (SAMLCredential) authentication.getCredentials();
                httpServletRequest.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, sAMLCredential.getLocalEntityID());
                httpServletRequest.setAttribute(SAMLConstants.PEER_ENTITY_ID, sAMLCredential.getRemoteEntityID());
                SAMLMessageContext localAndPeerEntity = this.contextProvider.getLocalAndPeerEntity(httpServletRequest, httpServletResponse);
                this.profile.sendLogoutRequest(localAndPeerEntity, sAMLCredential);
                this.samlLogger.log("LogoutRequest", SAMLConstants.SUCCESS, localAndPeerEntity);
            }
        } catch (SAMLException e) {
            this.logger.debug("Error initializing global logout", e);
            throw new ServletException("Error initializing global logout", e);
        } catch (MetadataProviderException e2) {
            this.logger.debug("Error processing metadata", e2);
            throw new ServletException("Error processing metadata", e2);
        } catch (MessageEncodingException e3) {
            this.logger.debug("Error encoding outgoing message", e3);
            throw new ServletException("Error encoding outgoing message", e3);
        }
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutFilter
    protected boolean requiresLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return SAMLUtil.processFilter(getFilterProcessesUrl(), httpServletRequest);
    }

    protected boolean isGlobalLogout(HttpServletRequest httpServletRequest, Authentication authentication) {
        String parameter = httpServletRequest.getParameter("local");
        return (parameter == null || !"true".equals(parameter.toLowerCase().trim())) && (authentication.getCredentials() instanceof SAMLCredential);
    }

    @Autowired
    public void setSamlLogger(SAMLLogger sAMLLogger) {
        Assert.notNull(sAMLLogger, "SAML Logger can't be null");
        this.samlLogger = sAMLLogger;
    }

    @Autowired
    public void setProfile(SingleLogoutProfile singleLogoutProfile) {
        Assert.notNull(singleLogoutProfile, "SingleLogoutProfile can't be null");
        this.profile = singleLogoutProfile;
    }

    @Autowired
    public void setContextProvider(SAMLContextProvider sAMLContextProvider) {
        Assert.notNull(sAMLContextProvider, "Context provider can't be null");
        this.contextProvider = sAMLContextProvider;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(this.profile, "Single logout profile must be set");
        Assert.notNull(this.contextProvider, "Context provider must be set");
        Assert.notNull(this.samlLogger, "SAML Logger must be set");
    }
}
