package dk.digitalidentity.samlmodule.service.saml;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.service.DISAML_CredentialService;
import dk.digitalidentity.samlmodule.service.metadata.DISAML_IdPMetadataService;
import dk.digitalidentity.samlmodule.service.validation.DISAML_LogoutResponseValidationService;
import dk.digitalidentity.samlmodule.util.RequestDecodeUtil;
import dk.digitalidentity.samlmodule.util.exceptions.ExternalException;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.security.PublicKey;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import org.joda.time.DateTime;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:dk/digitalidentity/samlmodule/service/saml/DISAML_LogoutResponseService.class */
public class DISAML_LogoutResponseService {

    @Autowired
    private DISAML_LogoutResponseValidationService validationService;

    @Autowired
    private DISAML_OpenSAMLHelperService samlHelperService;

    @Autowired
    private DISAML_CredentialService credentialService;

    @Autowired
    private DISAML_IdPMetadataService idPMetadataService;

    @Autowired
    private DISAML_Configuration configuration;

    public MessageContext<SAMLObject> getMessageContext(HttpServletRequest httpServletRequest) throws InternalException, ExternalException {
        return RequestDecodeUtil.getMessageContext(httpServletRequest);
    }

    public LogoutResponse getLogoutResponse(MessageContext<SAMLObject> messageContext) {
        return (LogoutResponse) messageContext.getMessage();
    }

    public void validateLogoutResponse(HttpServletRequest httpServletRequest, MessageContext<SAMLObject> messageContext, String str, PublicKey publicKey, LogoutRequest logoutRequest) throws InternalException, ExternalException {
        this.validationService.validate(httpServletRequest, messageContext, str, publicKey, logoutRequest);
    }

    public MessageContext<SAMLObject> createLogoutResponse(LogoutRequest logoutRequest) throws ExternalException, InternalException {
        MessageContext<SAMLObject> messageContext = new MessageContext<>();
        String logoutResponseEndpoint = this.idPMetadataService.getLogoutResponseEndpoint();
        messageContext.setMessage(createLogoutReponseObj(logoutRequest, logoutResponseEndpoint));
        SAMLEndpointContext subcontext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true).getSubcontext(SAMLEndpointContext.class, true);
        SingleSignOnService singleSignOnService = (SingleSignOnService) this.samlHelperService.buildSAMLObject(SingleSignOnService.class);
        singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        singleSignOnService.setLocation(logoutResponseEndpoint);
        subcontext.setEndpoint(singleSignOnService);
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(this.credentialService.getBasicX509Credential());
        signatureSigningParameters.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        messageContext.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters);
        return messageContext;
    }

    public LogoutResponse createLogoutReponseObj(LogoutRequest logoutRequest, String str) {
        LogoutResponse logoutResponse = (LogoutResponse) this.samlHelperService.buildSAMLObject(LogoutResponse.class);
        logoutResponse.setID(new RandomIdentifierGenerationStrategy().generateIdentifier());
        logoutResponse.setDestination(str);
        logoutResponse.setIssueInstant(new DateTime());
        logoutResponse.setInResponseTo(logoutRequest.getID());
        Issuer issuer = (Issuer) this.samlHelperService.buildSAMLObject(Issuer.class);
        logoutResponse.setIssuer(issuer);
        issuer.setValue(this.configuration.getSp().getEntityId());
        Status status = (Status) this.samlHelperService.buildSAMLObject(Status.class);
        logoutResponse.setStatus(status);
        StatusCode statusCode = (StatusCode) this.samlHelperService.buildSAMLObject(StatusCode.class);
        status.setStatusCode(statusCode);
        statusCode.setValue("urn:oasis:names:tc:SAML:2.0:status:Success");
        return logoutResponse;
    }
}
