package org.apereo.cas.web.flow.actions.logout;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.core5.http.HttpResponse;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.logout.slo.SingleLogoutContinuation;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.util.http.HttpExecutionRequest;
import org.apereo.cas.util.http.HttpUtils;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.pac4j.core.client.Client;
import org.pac4j.core.credentials.SessionKeyCredentials;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/actions/logout/DelegatedAuthenticationIdentityProviderLogoutAction.class */
public class DelegatedAuthenticationIdentityProviderLogoutAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedAuthenticationIdentityProviderLogoutAction.class);
    private final DelegatedClientAuthenticationConfigurationContext configContext;

    protected Event doExecuteInternal(RequestContext requestContext) throws Exception {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        JEEContext jEEContext = new JEEContext(httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext);
        String str = (String) this.configContext.getDelegatedClientNameExtractor().extract(jEEContext).orElseThrow(() -> {
            return new IllegalArgumentException("Unable to determine delegated client name");
        });
        Client client = (Client) this.configContext.getIdentityProviders().findClient(str).orElseThrow(() -> {
            return new IllegalArgumentException("Unable to determine delegated client for " + str);
        });
        LOGGER.debug("Received logout request from [{}]", client.getName());
        ClientCredential credential = WebUtils.getCredential(requestContext, ClientCredential.class);
        if (credential == null || !HttpMethod.POST.matches(httpServletRequestFromExternalWebflowContext.getMethod())) {
            return new Event(this, "proceed");
        }
        jEEContext.getRequestAttribute(SingleLogoutContinuation.class.getName(), SingleLogoutContinuation.class).stream().filter(singleLogoutContinuation -> {
            return StringUtils.isNotBlank(singleLogoutContinuation.getUrl());
        }).findFirst().ifPresent(singleLogoutContinuation2 -> {
            HttpExecutionRequest build = HttpExecutionRequest.builder().method(singleLogoutContinuation2.getMethod()).url(singleLogoutContinuation2.getUrl()).parameters(singleLogoutContinuation2.getData()).build();
            LOGGER.debug("Sending delegated logout response to [{}]", build.getUrl());
            HttpResponse execute = HttpUtils.execute(build);
            FunctionUtils.doIf(execute == null || HttpStatus.valueOf(execute.getCode()).isError(), obj -> {
                LOGGER.warn("Submitting logout response to [{}] failed with response [{}]", singleLogoutContinuation2.getUrl(), obj);
            }).accept(execute);
            httpServletRequestFromExternalWebflowContext.removeAttribute(SingleLogoutContinuation.class.getName());
        });
        SAML2Credentials credentials = credential.getCredentials();
        if (credentials instanceof SAML2Credentials) {
            Object message = credentials.getContext().getMessageContext().getMessage();
            if (message instanceof LogoutRequest) {
                ((LogoutRequest) message).getSessionIndexes().forEach(sessionIndex -> {
                    String value = sessionIndex.getValue();
                    LOGGER.debug("Destroying SSO session for SAML authn delegation / session index: [{}]", value);
                    removeSsoSessionsForSessionIndex(httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext, "sessionindex", value);
                });
                return new Event(this, "done");
            }
        }
        if (client instanceof OidcClient) {
            SessionKeyCredentials credentials2 = credential.getCredentials();
            if (credentials2 instanceof SessionKeyCredentials) {
                String sessionKey = credentials2.getSessionKey();
                LOGGER.debug("Destroying SSO session for OIDC authn delegation / sid: [{}]", sessionKey);
                removeSsoSessionsForSessionIndex(httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext, "sid", sessionKey);
            }
        }
        return new Event(this, "done");
    }

    private void removeSsoSessionsForSessionIndex(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        Stream filter = this.configContext.getTicketRegistry().getSessionsWithAttributes(Map.of(str, List.of(Objects.requireNonNull(str2)))).filter(ticket -> {
            return !ticket.isExpired();
        });
        Class<TicketGrantingTicket> cls = TicketGrantingTicket.class;
        Objects.requireNonNull(TicketGrantingTicket.class);
        filter.map((v1) -> {
            return r1.cast(v1);
        }).findFirst().ifPresent(ticketGrantingTicket -> {
            this.configContext.getSingleLogoutRequestExecutor().execute(ticketGrantingTicket.getId(), httpServletRequest, httpServletResponse);
        });
    }

    @Generated
    public DelegatedAuthenticationIdentityProviderLogoutAction(DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
        this.configContext = delegatedClientAuthenticationConfigurationContext;
    }
}
