package org.pac4j.saml.credentials.extractor;

import java.util.Optional;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.extractor.CredentialsExtractor;
import org.pac4j.core.util.HttpActionHelper;
import org.pac4j.core.util.Pac4jConstants;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.context.SAMLContextProvider;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.saml.logout.impl.SAML2LogoutResponseBuilder;
import org.pac4j.saml.logout.impl.SAML2LogoutResponseMessageSender;
import org.pac4j.saml.profile.api.SAML2ProfileHandler;
import org.pac4j.saml.transport.Pac4jSAMLResponse;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-5.7.1.jar:org/pac4j/saml/credentials/extractor/SAML2CredentialsExtractor.class */
public class SAML2CredentialsExtractor implements CredentialsExtractor {
    protected final SAMLContextProvider contextProvider;
    protected final SAML2ProfileHandler<AuthnRequest> profileHandler;
    protected final SAML2ProfileHandler<LogoutRequest> logoutProfileHandler;
    protected final String spLogoutResponseBindingType;
    protected SAML2LogoutResponseBuilder saml2LogoutResponseBuilder;
    protected final SAML2LogoutResponseMessageSender saml2LogoutResponseMessageSender;
    protected final SAML2Client saml2Client;

    public SAML2CredentialsExtractor(SAML2Client sAML2Client) {
        this.saml2Client = sAML2Client;
        this.contextProvider = sAML2Client.getContextProvider();
        this.profileHandler = sAML2Client.getProfileHandler();
        this.logoutProfileHandler = sAML2Client.getLogoutProfileHandler();
        this.spLogoutResponseBindingType = sAML2Client.getConfiguration().getSpLogoutResponseBindingType();
        this.saml2LogoutResponseBuilder = new SAML2LogoutResponseBuilder(this.spLogoutResponseBindingType);
        this.saml2LogoutResponseMessageSender = new SAML2LogoutResponseMessageSender(sAML2Client.getSignatureSigningParametersProvider(), this.spLogoutResponseBindingType, false, sAML2Client.getConfiguration().isSpLogoutRequestSigned());
    }

    @Override // org.pac4j.core.credentials.extractor.CredentialsExtractor
    public Optional<Credentials> extract(WebContext webContext, SessionStore sessionStore) {
        SAML2MessageContext buildContext = this.contextProvider.buildContext(this.saml2Client, webContext, sessionStore);
        if (!isLogoutEndpointRequest(webContext, buildContext)) {
            return receiveLogin(buildContext, webContext);
        }
        receiveLogout(buildContext);
        sendLogoutResponse(buildContext);
        adaptLogoutResponseToBinding(webContext, buildContext);
        return Optional.empty();
    }

    protected Optional<Credentials> receiveLogin(SAML2MessageContext sAML2MessageContext, WebContext webContext) {
        sAML2MessageContext.setSaml2Configuration(this.saml2Client.getConfiguration());
        return Optional.ofNullable((SAML2Credentials) this.profileHandler.receive(sAML2MessageContext));
    }

    protected void adaptLogoutResponseToBinding(WebContext webContext, SAML2MessageContext sAML2MessageContext) {
        Pac4jSAMLResponse profileRequestContextOutboundMessageTransportResponse = sAML2MessageContext.getProfileRequestContextOutboundMessageTransportResponse();
        if (!this.spLogoutResponseBindingType.equalsIgnoreCase(SAMLConstants.SAML2_POST_BINDING_URI)) {
            throw HttpActionHelper.buildRedirectUrlAction(webContext, profileRequestContextOutboundMessageTransportResponse.getRedirectUrl());
        }
        throw HttpActionHelper.buildFormPostContentAction(webContext, profileRequestContextOutboundMessageTransportResponse.getOutgoingContent());
    }

    protected void sendLogoutResponse(SAML2MessageContext sAML2MessageContext) {
        this.saml2LogoutResponseMessageSender.sendMessage(sAML2MessageContext, this.saml2LogoutResponseBuilder.build(sAML2MessageContext), sAML2MessageContext.getSAMLBindingContext().getRelayState());
    }

    protected void receiveLogout(SAML2MessageContext sAML2MessageContext) {
        sAML2MessageContext.setSaml2Configuration(this.saml2Client.getConfiguration());
        this.logoutProfileHandler.receive(sAML2MessageContext);
    }

    protected boolean isLogoutEndpointRequest(WebContext webContext, SAML2MessageContext sAML2MessageContext) {
        return webContext.getRequestParameter(Pac4jConstants.LOGOUT_ENDPOINT_PARAMETER).isPresent();
    }

    public SAML2LogoutResponseBuilder getSaml2LogoutResponseBuilder() {
        return this.saml2LogoutResponseBuilder;
    }

    public void setSaml2LogoutResponseBuilder(SAML2LogoutResponseBuilder sAML2LogoutResponseBuilder) {
        this.saml2LogoutResponseBuilder = sAML2LogoutResponseBuilder;
    }
}
