package dk.gov.oio.saml.service;

import dk.gov.oio.saml.util.InternalException;
import dk.gov.oio.saml.util.SamlHelper;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA256;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;

/* loaded from: input_file:dk/gov/oio/saml/service/LogoutResponseService.class */
public class LogoutResponseService {
    private static final Logger log = Logger.getLogger(LogoutResponseService.class);

    public void validateLogoutResponse() {
    }

    public static MessageContext<SAMLObject> createMessageWithLogoutResponse(LogoutRequest logoutRequest, String str) throws InitializationException, InternalException {
        if (log.isDebugEnabled()) {
            log.debug("Create and sign logout response message for  request id '" + logoutRequest.getID() + "'");
        }
        MessageContext<SAMLObject> messageContext = new MessageContext<>();
        messageContext.setMessage(signResponse(createLogoutResponse(str, logoutRequest)));
        SAMLEndpointContext subcontext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true).getSubcontext(SAMLEndpointContext.class, true);
        SingleSignOnService singleSignOnService = (SingleSignOnService) SamlHelper.build(SingleSignOnService.class);
        singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        singleSignOnService.setLocation(str);
        subcontext.setEndpoint(singleSignOnService);
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(CredentialService.getInstance().getPrimaryBasicX509Credential());
        signatureSigningParameters.setSignatureAlgorithm(OIOSAML3Service.getConfig().getSignatureAlgorithm());
        messageContext.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters);
        return messageContext;
    }

    private static LogoutResponse createLogoutResponse(String str, LogoutRequest logoutRequest) throws InitializationException {
        if (log.isDebugEnabled()) {
            log.debug("Create logout response message for  request id '" + logoutRequest.getID() + "'");
        }
        LogoutResponse logoutResponse = (LogoutResponse) SamlHelper.build(LogoutResponse.class);
        String generateIdentifier = new RandomIdentifierGenerationStrategy().generateIdentifier();
        if (log.isDebugEnabled()) {
            log.debug("Created logout response id '" + generateIdentifier + "' for  request id '" + logoutRequest.getID() + "'");
        }
        logoutResponse.setID(generateIdentifier);
        logoutResponse.setDestination(str);
        logoutResponse.setIssueInstant(new DateTime());
        logoutResponse.setInResponseTo(logoutRequest.getID());
        Issuer issuer = (Issuer) SamlHelper.build(Issuer.class);
        logoutResponse.setIssuer(issuer);
        issuer.setValue(OIOSAML3Service.getConfig().getSpEntityID());
        Status status = (Status) SamlHelper.build(Status.class);
        logoutResponse.setStatus(status);
        StatusCode statusCode = (StatusCode) SamlHelper.build(StatusCode.class);
        status.setStatusCode(statusCode);
        statusCode.setValue("urn:oasis:names:tc:SAML:2.0:status:Success");
        return logoutResponse;
    }

    private static LogoutResponse signResponse(LogoutResponse logoutResponse) {
        if (log.isDebugEnabled()) {
            log.debug("Signing logout response message with id '" + logoutResponse.getID() + "'");
        }
        try {
            Signature signature = (Signature) SamlHelper.build(Signature.class);
            BasicX509Credential primaryBasicX509Credential = CredentialService.getInstance().getPrimaryBasicX509Credential();
            SignatureRSASHA256 signatureRSASHA256 = new SignatureRSASHA256();
            signature.setSigningCredential(primaryBasicX509Credential);
            signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            signature.setSignatureAlgorithm(signatureRSASHA256.getURI());
            signature.setKeyInfo(CredentialService.getInstance().getPublicKeyInfo(primaryBasicX509Credential));
            logoutResponse.setSignature(signature);
            SamlHelper.marshallObject(logoutResponse);
            Signer.signObject(signature);
        } catch (SignatureException | InitializationException | InternalException | MarshallingException e) {
            log.error("Signing of '" + logoutResponse.getID() + "' failed", e);
        }
        return logoutResponse;
    }
}
