package org.apereo.cas.web.flow.actions.logout;

import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.core5.net.URIBuilder;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviders;
import org.apereo.cas.support.pac4j.authentication.DelegatedAuthenticationClientLogoutRequest;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.TransientSessionTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.web.flow.DelegationWebflowUtils;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.jooq.lambda.Unchecked;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.jee.http.adapter.JEEHttpActionAdapter;
import org.pac4j.saml.client.SAML2Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/actions/logout/DelegatedSaml2ClientFinishLogoutAction.class */
public class DelegatedSaml2ClientFinishLogoutAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedSaml2ClientFinishLogoutAction.class);
    private final DelegatedIdentityProviders identityProviders;
    private final SessionStore sessionStore;
    private final OpenSamlConfigBean openSamlConfigBean;
    private final TicketRegistry ticketRegistry;
    private final TicketFactory ticketFactory;
    private final ServiceFactory serviceFactory;

    protected Event doExecuteInternal(RequestContext requestContext) {
        JEEContext jEEContext = new JEEContext(WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext), WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext));
        String delegatedAuthenticationClientName = DelegationWebflowUtils.getDelegatedAuthenticationClientName(requestContext);
        if (delegatedAuthenticationClientName != null) {
            String str = (String) WebUtils.getLogoutRedirectUrl(requestContext, String.class);
            DelegatedAuthenticationClientLogoutRequest delegatedAuthenticationClientLogoutRequest = (DelegatedAuthenticationClientLogoutRequest) DelegationWebflowUtils.getDelegatedAuthenticationLogoutRequest(requestContext, DelegatedAuthenticationClientLogoutRequest.class);
            Optional findClient = this.identityProviders.findClient(delegatedAuthenticationClientName);
            Class<SAML2Client> cls = SAML2Client.class;
            Objects.requireNonNull(SAML2Client.class);
            Optional filter = findClient.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<SAML2Client> cls2 = SAML2Client.class;
            Objects.requireNonNull(SAML2Client.class);
            filter.map((v1) -> {
                return r1.cast(v1);
            }).ifPresent(sAML2Client -> {
                sAML2Client.init();
                Optional.ofNullable(delegatedAuthenticationClientLogoutRequest).filter(delegatedAuthenticationClientLogoutRequest2 -> {
                    return StringUtils.isNotBlank(str);
                }).filter(delegatedAuthenticationClientLogoutRequest3 -> {
                    return StringUtils.isNotBlank(delegatedAuthenticationClientLogoutRequest.getLocation());
                }).ifPresent(Unchecked.consumer(delegatedAuthenticationClientLogoutRequest4 -> {
                    try {
                        Optional.ofNullable(new URIBuilder(delegatedAuthenticationClientLogoutRequest.getLocation()).getFirstQueryParam("SAMLRequest")).ifPresent(Unchecked.consumer(nameValuePair -> {
                            LogoutRequest convertToSamlObject = SamlUtils.convertToSamlObject(this.openSamlConfigBean, nameValuePair.getValue(), LogoutRequest.class);
                            Service createService = this.serviceFactory.createService(convertToSamlObject.getIssuer().getValue());
                            createService.setTenant(ClientInfoHolder.getClientInfo().getTenant());
                            DelegationWebflowUtils.putDelegatedAuthenticationLogoutRequestTicket(requestContext, this.ticketRegistry.addTicket(this.ticketFactory.get(TransientSessionTicket.class).create(TransientSessionTicketFactory.normalizeTicketId(convertToSamlObject.getID()), createService, Map.of(DelegatedAuthenticationClientLogoutRequest.class.getName(), delegatedAuthenticationClientLogoutRequest))));
                        }));
                        LOGGER.debug("Captured post logout url: [{}]", str);
                        WebUtils.putLogoutRedirectUrl(requestContext, (String) null);
                    } catch (Throwable th) {
                        LOGGER.debug("Captured post logout url: [{}]", str);
                        WebUtils.putLogoutRedirectUrl(requestContext, (String) null);
                        throw th;
                    }
                }));
            });
            return null;
        }
        String str2 = requestContext.getRequestParameters().get("RelayState");
        if (!StringUtils.isNotBlank(str2)) {
            return null;
        }
        Optional findClient2 = this.identityProviders.findClient(str2);
        Class<SAML2Client> cls3 = SAML2Client.class;
        Objects.requireNonNull(SAML2Client.class);
        Optional filter2 = findClient2.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<SAML2Client> cls4 = SAML2Client.class;
        Objects.requireNonNull(SAML2Client.class);
        filter2.map((v1) -> {
            return r1.cast(v1);
        }).ifPresent(sAML2Client2 -> {
            FunctionUtils.doAndHandle(obj -> {
                sAML2Client2.init();
                LOGGER.debug("Located client from relay-state [{}]", sAML2Client2);
                CallContext callContext = new CallContext(jEEContext, this.sessionStore);
                sAML2Client2.getCredentialsExtractor().extract(callContext).ifPresent(credentials -> {
                    JEEHttpActionAdapter.INSTANCE.adapt(sAML2Client2.getLogoutProcessor().processLogout(callContext, credentials), jEEContext);
                });
            });
        });
        return null;
    }

    @Generated
    public DelegatedSaml2ClientFinishLogoutAction(DelegatedIdentityProviders delegatedIdentityProviders, SessionStore sessionStore, OpenSamlConfigBean openSamlConfigBean, TicketRegistry ticketRegistry, TicketFactory ticketFactory, ServiceFactory serviceFactory) {
        this.identityProviders = delegatedIdentityProviders;
        this.sessionStore = sessionStore;
        this.openSamlConfigBean = openSamlConfigBean;
        this.ticketRegistry = ticketRegistry;
        this.ticketFactory = ticketFactory;
        this.serviceFactory = serviceFactory;
    }
}
