package at.gv.egovernment.moa.id.protocols.pvp2x.builder;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.gui.GroupDefinition;
import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.lang.SerializationUtils;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

@Service("PVP_SingleLogOutBuilder")
/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.class */
public class SingleLogOutBuilder {

    @Autowired(required = true)
    private MOAMetadataProvider metadataProvider;

    @Autowired(required = true)
    ApplicationContext springContext;

    @Autowired
    private IDPCredentialProvider credentialProvider;

    @Autowired
    private SAMLVerificationEngineSP samlVerificationEngine;

    @Autowired
    private IGUIFormBuilder guiBuilder;

    @Autowired(required = true)
    protected IRevisionLogger revisionsLogger;

    @Autowired
    private ITransactionStorage transactionStorage;

    @Autowired(required = true)
    IPVP2BasicConfiguration pvpBasicConfiguration;
    public static final int SLOTIMEOUT = 30000;

    public void toTechnicalLogout(ISLOInformationContainer iSLOInformationContainer, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws EAAFException {
        Logger.trace("Starting Service-Provider logout process ... ");
        this.revisionsLogger.logEvent(iSLOInformationContainer.getSessionID(), iSLOInformationContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);
        Iterator nextBackChannelOA = iSLOInformationContainer.getNextBackChannelOA();
        while (nextBackChannelOA.hasNext()) {
            SLOInformationInterface backChannelOASessionDescripten = iSLOInformationContainer.getBackChannelOASessionDescripten((String) nextBackChannelOA.next());
            LogoutRequest buildSLORequestMessage = buildSLORequestMessage(backChannelOASessionDescripten);
            try {
                Logger.trace("Send backchannel SLO Request to " + backChannelOASessionDescripten.getSpEntityID());
                LogoutResponse logoutResponse = null;
                for (XMLObject xMLObject : MOASAMLSOAPClient.send(backChannelOASessionDescripten.getServiceURL(), buildSLORequestMessage)) {
                    if (xMLObject instanceof LogoutResponse) {
                        logoutResponse = (LogoutResponse) xMLObject;
                    }
                }
                if (logoutResponse == null) {
                    Logger.warn("Single LogOut for OA " + backChannelOASessionDescripten.getSpEntityID() + " FAILED. NO LogOut response received.");
                    iSLOInformationContainer.putFailedOA(backChannelOASessionDescripten.getSpEntityID());
                } else {
                    this.samlVerificationEngine.verifySLOResponse(logoutResponse, TrustEngineFactory.getSignatureKnownKeysTrustEngine(this.metadataProvider));
                }
                checkStatusCode(iSLOInformationContainer, logoutResponse);
            } catch (SOAPException e) {
                Logger.warn("Single LogOut for OA " + backChannelOASessionDescripten.getSpEntityID() + " FAILED.", e);
                iSLOInformationContainer.putFailedOA(backChannelOASessionDescripten.getSpEntityID());
            } catch (SecurityException | InvalidProtocolRequestException e2) {
                Logger.warn("Single LogOut for OA " + backChannelOASessionDescripten.getSpEntityID() + " FAILED.", e2);
                iSLOInformationContainer.putFailedOA(backChannelOASessionDescripten.getSpEntityID());
            }
        }
        PVPSProfilePendingRequest pVPSProfilePendingRequest = null;
        try {
            if (iSLOInformationContainer.hasFrontChannelOA()) {
                String nextRandom = Random.nextRandom();
                Set<Map.Entry> frontChannelOASessionDescriptions = iSLOInformationContainer.getFrontChannelOASessionDescriptions();
                ArrayList arrayList = new ArrayList();
                for (Map.Entry entry : frontChannelOASessionDescriptions) {
                    Logger.trace("Build frontChannel SLO Request for " + ((SLOInformationInterface) entry.getValue()).getSpEntityID());
                    try {
                        arrayList.add(getFrontChannelSLOMessageURL(((SLOInformationInterface) entry.getValue()).getServiceURL(), ((SLOInformationInterface) entry.getValue()).getBinding(), buildSLORequestMessage((SLOInformationInterface) entry.getValue()), httpServletRequest, httpServletResponse, nextRandom));
                    } catch (Exception e3) {
                        Logger.warn("Failed to build SLO request for OA:" + ((String) entry.getKey()));
                        iSLOInformationContainer.putFailedOA((String) entry.getKey());
                    }
                }
                AssertionStore assertionStore = new AssertionStore();
                assertionStore.setArtifact(nextRandom);
                assertionStore.setDatatime(new Date());
                assertionStore.setAssertion(SerializationUtils.serialize(iSLOInformationContainer));
                assertionStore.setType(iSLOInformationContainer.getClass().getName());
                this.transactionStorage.putRaw(nextRandom, assertionStore);
                if (MiscUtil.isEmpty(str)) {
                    str = iSLOInformationContainer.getSloRequest().getAuthURL();
                }
                String str2 = str + "/idpSingleLogout?restart=" + nextRandom;
                DefaultGUIFormBuilderConfiguration defaultGUIFormBuilderConfiguration = new DefaultGUIFormBuilderConfiguration(str, "slo_template.html", (String) null);
                defaultGUIFormBuilderConfiguration.putCustomParameterWithOutEscaption((GroupDefinition) null, "redirectURLs", arrayList);
                defaultGUIFormBuilderConfiguration.putCustomParameterWithOutEscaption((GroupDefinition) null, "timeoutURL", str2);
                defaultGUIFormBuilderConfiguration.putCustomParameter((GroupDefinition) null, "timeout", String.valueOf(SLOTIMEOUT));
                this.guiBuilder.build(httpServletRequest, httpServletResponse, defaultGUIFormBuilderConfiguration, "Single-LogOut GUI");
            } else {
                IRequest sloRequest = iSLOInformationContainer.getSloRequest();
                if (sloRequest == null || !(sloRequest instanceof PVPSProfilePendingRequest)) {
                    DefaultGUIFormBuilderConfiguration defaultGUIFormBuilderConfiguration2 = new DefaultGUIFormBuilderConfiguration(str, "slo_template.html", (String) null);
                    if (iSLOInformationContainer.getSloFailedOAs() == null || iSLOInformationContainer.getSloFailedOAs().size() == 0) {
                        this.revisionsLogger.logEvent(iSLOInformationContainer.getSessionID(), iSLOInformationContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
                        defaultGUIFormBuilderConfiguration2.putCustomParameter((GroupDefinition) null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", (Object[]) null));
                    } else {
                        this.revisionsLogger.logEvent(iSLOInformationContainer.getSessionID(), iSLOInformationContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
                        defaultGUIFormBuilderConfiguration2.putCustomParameterWithOutEscaption((GroupDefinition) null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", (Object[]) null));
                    }
                    this.guiBuilder.build(httpServletRequest, httpServletResponse, defaultGUIFormBuilderConfiguration2, "Single-LogOut GUI");
                } else {
                    PVPSProfilePendingRequest pVPSProfilePendingRequest2 = (PVPSProfilePendingRequest) sloRequest;
                    SingleLogoutService responseSLODescriptor = getResponseSLODescriptor(pVPSProfilePendingRequest2);
                    sendFrontChannelSLOMessage(responseSLODescriptor, buildSLOResponseMessage(responseSLODescriptor, pVPSProfilePendingRequest2, iSLOInformationContainer.getSloFailedOAs()), httpServletRequest, httpServletResponse, pVPSProfilePendingRequest2.getRequest().getRelayState(), pVPSProfilePendingRequest2);
                }
            }
        } catch (MOADatabaseException e4) {
            Logger.error("MOA AssertionDatabase ERROR", e4);
            if (0 != 0) {
                SingleLogoutService responseSLODescriptor2 = getResponseSLODescriptor(null);
                sendFrontChannelSLOMessage(responseSLODescriptor2, buildSLOErrorResponse(responseSLODescriptor2, null, "urn:oasis:names:tc:SAML:2.0:status:Responder"), httpServletRequest, httpServletResponse, pVPSProfilePendingRequest.getRequest().getRelayState(), null);
                this.revisionsLogger.logEvent(iSLOInformationContainer.getSessionID(), iSLOInformationContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
            } else {
                DefaultGUIFormBuilderConfiguration defaultGUIFormBuilderConfiguration3 = new DefaultGUIFormBuilderConfiguration(str, "slo_template.html", (String) null);
                this.revisionsLogger.logEvent(iSLOInformationContainer.getSessionID(), iSLOInformationContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
                defaultGUIFormBuilderConfiguration3.putCustomParameterWithOutEscaption((GroupDefinition) null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", (Object[]) null));
                try {
                    this.guiBuilder.build(httpServletRequest, httpServletResponse, defaultGUIFormBuilderConfiguration3, "Single-LogOut GUI");
                } catch (GUIBuildException e5) {
                    Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e4.getMessage());
                    throw new MOAIDException("builder.09", new Object[]{e4.getMessage()}, e4);
                }
            }
        } catch (Exception e6) {
            e6.printStackTrace();
        } catch (GUIBuildException e7) {
            Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e7.getMessage());
            throw new MOAIDException("builder.09", new Object[]{e7.getMessage()}, e7);
        }
    }

    /* JADX WARN: String concatenation convert failed
    jadx.core.utils.exceptions.JadxRuntimeException: Can't remove SSA var: r7v0 java.lang.String, still in use, count: 1, list:
      (r7v0 java.lang.String) from STR_CONCAT 
      (r7v0 java.lang.String)
      (wrap:java.lang.String:0x0039: INVOKE 
      (wrap:org.opensaml.saml2.core.StatusMessage:0x0034: INVOKE (r0v1 org.opensaml.saml2.core.Status) INTERFACE call: org.opensaml.saml2.core.Status.getStatusMessage():org.opensaml.saml2.core.StatusMessage A[WRAPPED])
     INTERFACE call: org.opensaml.saml2.core.StatusMessage.getMessage():java.lang.String A[WRAPPED])
     A[MD:():java.lang.String (c), SYNTHETIC, WRAPPED]
    	at jadx.core.utils.InsnRemover.removeSsaVar(InsnRemover.java:151)
    	at jadx.core.utils.InsnRemover.unbindResult(InsnRemover.java:116)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:80)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.dex.visitors.SimplifyVisitor.removeStringBuilderInsns(SimplifyVisitor.java:495)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertStringBuilderChain(SimplifyVisitor.java:422)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertInvoke(SimplifyVisitor.java:314)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:145)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyBlock(SimplifyVisitor.java:86)
    	at jadx.core.dex.visitors.SimplifyVisitor.visit(SimplifyVisitor.java:71)
     */
    public void checkStatusCode(ISLOInformationContainer iSLOInformationContainer, LogoutResponse logoutResponse) {
        String str;
        Status status = logoutResponse.getStatus();
        if (status.getStatusCode().getValue().equals("urn:oasis:names:tc:SAML:2.0:status:Success")) {
            iSLOInformationContainer.removeFrontChannelOA(logoutResponse.getIssuer().getValue());
        } else {
            Logger.warn(new StringBuilder().append("Single LogOut for OA ").append(logoutResponse.getIssuer().getValue()).append(" FAILED. (ResponseCode: ").append(status.getStatusCode().getValue()).append(status.getStatusMessage() != null ? str + status.getStatusMessage().getMessage() : " Message: ").append(BPKListAttributeBuilder.LIST_ELEMENT_END).toString());
            iSLOInformationContainer.putFailedOA(logoutResponse.getIssuer().getValue());
        }
        Logger.debug("Single LogOut for OA " + logoutResponse.getIssuer().getValue() + " SUCCESS");
    }

    public String getFrontChannelSLOMessageURL(String str, String str2, RequestAbstractType requestAbstractType, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str3) throws MOAIDException, CredentialsNotAvailableException {
        try {
            X509Credential iDPAssertionSigningCredential = this.credentialProvider.getIDPAssertionSigningCredential();
            Logger.debug("create SAML RedirectBinding response");
            StringRedirectDeflateEncoder stringRedirectDeflateEncoder = new StringRedirectDeflateEncoder();
            BasicSAMLMessageContext basicSAMLMessageContext = new BasicSAMLMessageContext();
            SingleLogoutService buildObject = new SingleLogoutServiceBuilder().buildObject();
            buildObject.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
            buildObject.setLocation(str);
            basicSAMLMessageContext.setOutboundSAMLMessageSigningCredential(iDPAssertionSigningCredential);
            basicSAMLMessageContext.setPeerEntityEndpoint(buildObject);
            basicSAMLMessageContext.setOutboundSAMLMessage(requestAbstractType);
            basicSAMLMessageContext.setRelayState(str3);
            stringRedirectDeflateEncoder.encode(basicSAMLMessageContext);
            return stringRedirectDeflateEncoder.getRedirectURL();
        } catch (MessageEncodingException e) {
            Logger.error("Message Encoding exception", e);
            throw new MOAIDException("pvp2.01", (Object[]) null, e);
        }
    }

    public String getFrontChannelSLOMessageURL(SingleLogoutService singleLogoutService, StatusResponseType statusResponseType, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws MOAIDException, CredentialsNotAvailableException {
        try {
            X509Credential iDPAssertionSigningCredential = this.credentialProvider.getIDPAssertionSigningCredential();
            Logger.debug("create SAML RedirectBinding response");
            StringRedirectDeflateEncoder stringRedirectDeflateEncoder = new StringRedirectDeflateEncoder();
            BasicSAMLMessageContext basicSAMLMessageContext = new BasicSAMLMessageContext();
            basicSAMLMessageContext.setOutboundSAMLMessageSigningCredential(iDPAssertionSigningCredential);
            basicSAMLMessageContext.setPeerEntityEndpoint(singleLogoutService);
            basicSAMLMessageContext.setOutboundSAMLMessage(statusResponseType);
            basicSAMLMessageContext.setRelayState(str);
            stringRedirectDeflateEncoder.encode(basicSAMLMessageContext);
            return stringRedirectDeflateEncoder.getRedirectURL();
        } catch (MessageEncodingException e) {
            Logger.error("Message Encoding exception", e);
            throw new MOAIDException("pvp2.01", (Object[]) null, e);
        }
    }

    public void sendFrontChannelSLOMessage(SingleLogoutService singleLogoutService, LogoutResponse logoutResponse, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, PVPSProfilePendingRequest pVPSProfilePendingRequest) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException {
        IEncoder iEncoder = null;
        if (singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
            iEncoder = (IEncoder) this.springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
        } else if (singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
            iEncoder = (IEncoder) this.springContext.getBean("PVPPOSTBinding", PostBinding.class);
        }
        if (iEncoder == null) {
            throw new BindingNotSupportedException(singleLogoutService.getBinding());
        }
        try {
            iEncoder.encodeRespone(httpServletRequest, httpServletResponse, logoutResponse, singleLogoutService.getLocation(), str, this.credentialProvider.getIDPAssertionSigningCredential(), pVPSProfilePendingRequest);
        } catch (SecurityException e) {
            Logger.error("Security exception", e);
            throw new MOAIDException("pvp2.01", (Object[]) null, e);
        } catch (MessageEncodingException e2) {
            Logger.error("Message Encoding exception", e2);
            throw new MOAIDException("pvp2.01", (Object[]) null, e2);
        }
    }

    public LogoutRequest buildSLORequestMessage(SLOInformationInterface sLOInformationInterface) throws EAAFException {
        LogoutRequest logoutRequest = (LogoutRequest) SAML2Utils.createSAMLObject(LogoutRequest.class);
        try {
            logoutRequest.setID(new SecureRandomIdentifierGenerator().generateIdentifier());
            DateTime dateTime = new DateTime();
            Issuer issuer = (Issuer) SAML2Utils.createSAMLObject(Issuer.class);
            issuer.setValue(this.pvpBasicConfiguration.getIDPEntityId(sLOInformationInterface.getAuthURL()));
            issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
            logoutRequest.setIssuer(issuer);
            logoutRequest.setIssueInstant(dateTime);
            logoutRequest.setNotOnOrAfter(dateTime.plusMinutes(5));
            logoutRequest.setDestination(sLOInformationInterface.getServiceURL());
            NameID nameID = (NameID) SAML2Utils.createSAMLObject(NameID.class);
            nameID.setFormat(sLOInformationInterface.getUserNameIDFormat());
            nameID.setValue(sLOInformationInterface.getUserNameIdentifier());
            logoutRequest.setNameID(nameID);
            try {
                X509Credential iDPAssertionSigningCredential = this.credentialProvider.getIDPAssertionSigningCredential();
                Signature signature = (Signature) SAML2Utils.createSAMLObject(Signature.class);
                signature.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
                signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
                signature.setSigningCredential(iDPAssertionSigningCredential);
                logoutRequest.setSignature(signature);
                Configuration.getMarshallerFactory().getMarshaller(logoutRequest).marshall(logoutRequest, DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument());
                Signer.signObject(signature);
                return logoutRequest;
            } catch (Exception e) {
                Logger.error("Single LogOut request signing FAILED!", e);
                throw new MOAIDException("pvp2.19", (Object[]) null);
            }
        } catch (NoSuchAlgorithmException e2) {
            Logger.error("Internal server error", e2);
            throw new AuthenticationException("pvp2.13", new Object[0]);
        }
    }

    public LogoutResponse buildSLOErrorResponse(SingleLogoutService singleLogoutService, PVPSProfilePendingRequest pVPSProfilePendingRequest, String str) throws EAAFException {
        LogoutResponse buildBasicResponse = buildBasicResponse(singleLogoutService, pVPSProfilePendingRequest);
        Status status = (Status) SAML2Utils.createSAMLObject(Status.class);
        StatusCode statusCode = (StatusCode) SAML2Utils.createSAMLObject(StatusCode.class);
        StatusMessage statusMessage = (StatusMessage) SAML2Utils.createSAMLObject(StatusMessage.class);
        statusCode.setValue(str);
        statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", (Object[]) null));
        StatusCode statusCode2 = (StatusCode) SAML2Utils.createSAMLObject(StatusCode.class);
        statusCode2.setValue("urn:oasis:names:tc:SAML:2.0:status:PartialLogout");
        statusCode.setStatusCode(statusCode2);
        status.setStatusCode(statusCode);
        status.setStatusMessage(statusMessage);
        buildBasicResponse.setStatus(status);
        return buildBasicResponse;
    }

    public LogoutResponse buildSLOResponseMessage(SingleLogoutService singleLogoutService, PVPSProfilePendingRequest pVPSProfilePendingRequest, List<String> list) throws EAAFException {
        Status successStatus;
        LogoutResponse buildBasicResponse = buildBasicResponse(singleLogoutService, pVPSProfilePendingRequest);
        if (list == null || list.size() == 0) {
            successStatus = SAML2Utils.getSuccessStatus();
        } else {
            successStatus = (Status) SAML2Utils.createSAMLObject(Status.class);
            StatusCode statusCode = (StatusCode) SAML2Utils.createSAMLObject(StatusCode.class);
            StatusMessage statusMessage = (StatusMessage) SAML2Utils.createSAMLObject(StatusMessage.class);
            statusCode.setValue("urn:oasis:names:tc:SAML:2.0:status:Success");
            statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", (Object[]) null));
            StatusCode statusCode2 = (StatusCode) SAML2Utils.createSAMLObject(StatusCode.class);
            statusCode2.setValue("urn:oasis:names:tc:SAML:2.0:status:PartialLogout");
            statusCode.setStatusCode(statusCode2);
            successStatus.setStatusCode(statusCode);
            successStatus.setStatusMessage(statusMessage);
        }
        buildBasicResponse.setStatus(successStatus);
        return buildBasicResponse;
    }

    private LogoutResponse buildBasicResponse(SingleLogoutService singleLogoutService, PVPSProfilePendingRequest pVPSProfilePendingRequest) throws EAAFException {
        LogoutResponse logoutResponse = (LogoutResponse) SAML2Utils.createSAMLObject(LogoutResponse.class);
        Issuer issuer = (Issuer) SAML2Utils.createSAMLObject(Issuer.class);
        issuer.setValue(this.pvpBasicConfiguration.getIDPEntityId(pVPSProfilePendingRequest.getAuthURLWithOutSlash()));
        issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        logoutResponse.setIssuer(issuer);
        logoutResponse.setIssueInstant(new DateTime());
        logoutResponse.setDestination(singleLogoutService.getLocation());
        try {
            logoutResponse.setID(new SecureRandomIdentifierGenerator().generateIdentifier());
            if ((pVPSProfilePendingRequest.getRequest() instanceof PVPSProfileRequest) && (pVPSProfilePendingRequest.getRequest().getSamlRequest() instanceof LogoutRequest)) {
                logoutResponse.setInResponseTo(pVPSProfilePendingRequest.getRequest().getSamlRequest().getID());
            }
            return logoutResponse;
        } catch (NoSuchAlgorithmException e) {
            Logger.error("Internal server error", e);
            throw new AuthenticationException("pvp2.13", new Object[0]);
        }
    }

    public SingleLogoutService getRequestSLODescriptor(String str) throws NOSLOServiceDescriptorException {
        try {
            SingleLogoutService singleLogoutService = null;
            for (SingleLogoutService singleLogoutService2 : this.metadataProvider.getEntityDescriptor(str).getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getSingleLogoutServices()) {
                if (singleLogoutService2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")) {
                    singleLogoutService = singleLogoutService2;
                } else if (singleLogoutService2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") && ((singleLogoutService != null && !singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")) || singleLogoutService == null)) {
                    singleLogoutService = singleLogoutService2;
                }
            }
            if (singleLogoutService != null) {
                return singleLogoutService;
            }
            Logger.error("Found no valid SLO ServiceDescriptor in Metadata");
            throw new NOSLOServiceDescriptorException("NO valid SLO ServiceDescriptor", null);
        } catch (MetadataProviderException e) {
            Logger.error("Found no SLO ServiceDescriptor in Metadata");
            throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
        }
    }

    public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest pVPSProfilePendingRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
        EntityDescriptor entityMetadata = pVPSProfilePendingRequest.getRequest().getEntityMetadata(this.metadataProvider);
        IDPSSODescriptor sPSSODescriptor = entityMetadata.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (sPSSODescriptor == null) {
            Logger.debug("No PVP SPSSO descriptor found --> search IDPSSO descriptor");
            sPSSODescriptor = entityMetadata.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        }
        if (sPSSODescriptor == null) {
            Logger.error("Found no SLO ServiceDescriptor in Metadata");
            throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
        }
        SingleLogoutService singleLogoutService = null;
        for (SingleLogoutService singleLogoutService2 : sPSSODescriptor.getSingleLogoutServices()) {
            if (singleLogoutService2.getBinding().equals(pVPSProfilePendingRequest.getBinding())) {
                singleLogoutService = singleLogoutService2;
            }
        }
        if (singleLogoutService == null) {
            if (sPSSODescriptor.getSingleLogoutServices().size() == 0) {
                Logger.error("Found no SLO ServiceDescriptor in Metadata");
                throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
            }
            singleLogoutService = (SingleLogoutService) sPSSODescriptor.getSingleLogoutServices().get(0);
        }
        return singleLogoutService;
    }

    public void parseActiveOAs(SLOInformationContainer sLOInformationContainer, List<OASessionStore> list, String str) {
        if (sLOInformationContainer.getActiveBackChannelOAs() == null) {
            sLOInformationContainer.setActiveBackChannelOAs(new LinkedHashMap<>());
        }
        if (sLOInformationContainer.getActiveFrontChannalOAs() == null) {
            sLOInformationContainer.setActiveFrontChannalOAs(new LinkedHashMap<>());
        }
        if (list != null) {
            for (OASessionStore oASessionStore : list) {
                if (!oASessionStore.getOaurlprefix().equals(str)) {
                    if (PVP2XProtocol.NAME.equals(oASessionStore.getProtocolType())) {
                        try {
                            SingleLogoutService requestSLODescriptor = getRequestSLODescriptor(oASessionStore.getOaurlprefix());
                            if (requestSLODescriptor.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")) {
                                sLOInformationContainer.getActiveBackChannelOAs().put(oASessionStore.getOaurlprefix(), new SLOInformationImpl(oASessionStore.getAuthURL(), oASessionStore.getOaurlprefix(), oASessionStore.getAssertionSessionID(), oASessionStore.getUserNameID(), oASessionStore.getUserNameIDFormat(), oASessionStore.getProtocolType(), requestSLODescriptor.getBinding(), requestSLODescriptor.getLocation()));
                            } else {
                                sLOInformationContainer.getActiveFrontChannalOAs().put(oASessionStore.getOaurlprefix(), new SLOInformationImpl(oASessionStore.getAuthURL(), oASessionStore.getOaurlprefix(), oASessionStore.getAssertionSessionID(), oASessionStore.getUserNameID(), oASessionStore.getUserNameIDFormat(), oASessionStore.getProtocolType(), requestSLODescriptor.getBinding(), requestSLODescriptor.getLocation()));
                            }
                        } catch (NOSLOServiceDescriptorException e) {
                            sLOInformationContainer.putFailedOA(oASessionStore.getOaurlprefix());
                        }
                    } else {
                        sLOInformationContainer.putFailedOA(oASessionStore.getOaurlprefix());
                    }
                }
            }
        }
    }

    public void parseActiveIDPs(SLOInformationContainer sLOInformationContainer, List<InterfederationSessionStore> list, String str) {
        if (sLOInformationContainer.getActiveBackChannelOAs() == null) {
            sLOInformationContainer.setActiveBackChannelOAs(new LinkedHashMap<>());
        }
        if (sLOInformationContainer.getActiveFrontChannalOAs() == null) {
            sLOInformationContainer.setActiveFrontChannalOAs(new LinkedHashMap<>());
        }
        if (list != null) {
            for (InterfederationSessionStore interfederationSessionStore : list) {
                if (!interfederationSessionStore.getIdpurlprefix().equals(str)) {
                    try {
                        SingleLogoutService requestSLODescriptor = getRequestSLODescriptor(interfederationSessionStore.getIdpurlprefix());
                        sLOInformationContainer.getActiveFrontChannalOAs().put(interfederationSessionStore.getIdpurlprefix(), new SLOInformationImpl(interfederationSessionStore.getAuthURL(), interfederationSessionStore.getIdpurlprefix(), interfederationSessionStore.getSessionIndex(), interfederationSessionStore.getUserNameID(), "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", PVP2XProtocol.NAME, requestSLODescriptor.getBinding(), requestSLODescriptor.getLocation()));
                    } catch (NOSLOServiceDescriptorException e) {
                        sLOInformationContainer.putFailedOA(interfederationSessionStore.getIdpurlprefix());
                    }
                }
            }
        }
    }
}
