package com.alfaariss.oa.authentication.remote.saml2.logout;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.idmapper.IIDMapper;
import com.alfaariss.oa.api.logging.IAuthority;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.api.tgt.ITGTListener;
import com.alfaariss.oa.api.tgt.TGTEventError;
import com.alfaariss.oa.api.tgt.TGTListenerEvent;
import com.alfaariss.oa.api.tgt.TGTListenerException;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.authentication.remote.saml2.BaseSAML2AuthenticationMethod;
import com.alfaariss.oa.authentication.remote.saml2.beans.SAMLRemoteUser;
import com.alfaariss.oa.authentication.remote.saml2.profile.logout.LogoutProfile;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.idp.storage.IIDPStorage;
import com.alfaariss.oa.engine.core.tgt.factory.ITGTAliasStore;
import com.alfaariss.oa.util.logging.UserEventLogItem;
import com.alfaariss.oa.util.saml2.NameIDFormatter;
import com.alfaariss.oa.util.saml2.SAML2Exchange;
import com.alfaariss.oa.util.saml2.idp.SAML2IDP;
import java.util.Hashtable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/authentication/remote/saml2/logout/LogoutManager.class */
public class LogoutManager implements ITGTListener, IAuthority {
    private static final String AUTHORITY_NAME = "SAML2AuthNLogoutManager_";
    private static Log _logger;
    private static Log _eventLogger;
    private String _sMethodID;
    private LogoutProfile _profile;
    private Hashtable<TGTListenerEvent, String> _htReasons;
    private IIDPStorage _store;
    private boolean _bEnabled;
    private ITGTAliasStore _aliasStoreIDPRole;
    private NameIDFormatter _nameIDFormatter;

    /* renamed from: com.alfaariss.oa.authentication.remote.saml2.logout.LogoutManager$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/authentication/remote/saml2/logout/LogoutManager$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent = new int[TGTListenerEvent.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[TGTListenerEvent.ON_CREATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[TGTListenerEvent.ON_EXPIRE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[TGTListenerEvent.ON_REMOVE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public LogoutManager(IConfigurationManager iConfigurationManager, Element element, String str, IIDPStorage iIDPStorage, IIDMapper iIDMapper, String str2) throws OAException {
        String param;
        this._store = null;
        _logger = LogFactory.getLog(LogoutManager.class);
        _eventLogger = LogFactory.getLog("com.alfaariss.oa.EventLogger");
        this._bEnabled = true;
        Element section = iConfigurationManager.getSection(element, "logout");
        if (section != null && (param = iConfigurationManager.getParam(section, "enabled")) != null) {
            if (param.equalsIgnoreCase("FALSE")) {
                this._bEnabled = false;
            } else if (!param.equalsIgnoreCase("TRUE")) {
                _logger.error("Unknown value in 'enabled' configuration item: " + param);
                throw new OAException(17);
            }
        }
        if (!this._bEnabled) {
            _logger.info("Logout Manager: disabled");
            return;
        }
        this._sMethodID = str;
        this._store = iIDPStorage;
        this._htReasons = new Hashtable<>();
        if (section != null) {
            Element section2 = iConfigurationManager.getSection(section, "event");
            while (true) {
                Element element2 = section2;
                if (element2 == null) {
                    break;
                }
                String param2 = iConfigurationManager.getParam(element2, "id");
                if (param2 == null) {
                    _logger.error("No 'id' parameter in 'event' section found in configuration");
                    throw new OAException(17);
                }
                TGTListenerEvent valueOf = TGTListenerEvent.valueOf(param2);
                if (valueOf == null) {
                    _logger.error("Invalid 'id' parameter in 'event' section found in configuration: " + param2);
                    throw new OAException(2);
                }
                String param3 = iConfigurationManager.getParam(element2, "reason");
                if (param3 == null) {
                    _logger.error("No 'reason' parameter in 'event' section found in configuration");
                    throw new OAException(17);
                }
                if (this._htReasons.containsKey(valueOf)) {
                    _logger.error("Configured 'id' parameter in 'event' section is not unique in configuration: " + param2);
                    throw new OAException(2);
                }
                this._htReasons.put(valueOf, param3);
                section2 = iConfigurationManager.getNextSection(element2);
            }
        }
        if (this._htReasons.isEmpty()) {
            _logger.info("No optional event reason configured, using defaults");
        }
        this._aliasStoreIDPRole = Engine.getInstance().getTGTFactory().getAliasStoreIDP();
        if (this._aliasStoreIDPRole == null) {
            _logger.error("No IDP Role TGT Alias Store available");
            throw new OAException(2);
        }
        this._nameIDFormatter = new NameIDFormatter(Engine.getInstance().getCryptoManager(), this._aliasStoreIDPRole);
        this._profile = new LogoutProfile("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
        this._profile.init(iConfigurationManager, null, SAML2Exchange.getEntityDescriptor(str2), iIDMapper, this._store, this._sMethodID, str2, null, null, null);
    }

    public void processTGTEvent(TGTListenerEvent tGTListenerEvent, ITGT itgt) throws TGTListenerException {
        if (this._bEnabled) {
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[tGTListenerEvent.ordinal()]) {
                case 1:
                    processCreate(itgt);
                    return;
                case 2:
                    String str = this._htReasons.get(tGTListenerEvent);
                    if (str == null) {
                        str = "urn:oasis:names:tc:SAML:2.0:logout:sp-timeout";
                    }
                    logout(str, itgt);
                    return;
                case 3:
                    String str2 = this._htReasons.get(tGTListenerEvent);
                    if (str2 == null) {
                        str2 = "urn:oasis:names:tc:SAML:2.0:logout:user";
                    }
                    logout(str2, itgt);
                    return;
                default:
                    return;
            }
        }
    }

    public String getAuthority() {
        return AUTHORITY_NAME + this._sMethodID;
    }

    public boolean isEnabled() {
        return this._bEnabled;
    }

    public void destroy() {
        if (this._profile != null) {
            this._profile.destroy();
        }
    }

    private void processCreate(ITGT itgt) throws TGTListenerException {
        try {
            SAMLRemoteUser user = itgt.getUser();
            if (user instanceof SAMLRemoteUser) {
                SAMLRemoteUser sAMLRemoteUser = user;
                String idp = sAMLRemoteUser.getIDP();
                if (this._store.exists(idp)) {
                    String id = itgt.getId();
                    String str = sAMLRemoteUser.getSessionIndexes().get(0);
                    if (str != null) {
                        this._aliasStoreIDPRole.putAlias("session_index", idp, id, str);
                    }
                    String format = sAMLRemoteUser.getFormat();
                    String id2 = sAMLRemoteUser.getID();
                    if (format != null && id2 != null) {
                        this._nameIDFormatter.store(id, format, idp, id2);
                    }
                }
            }
        } catch (TGTListenerException e) {
            throw e;
        } catch (OAException e2) {
            throw new TGTListenerException(new TGTEventError(UserEvent.INTERNAL_ERROR));
        }
    }

    private void logout(String str, ITGT itgt) throws TGTListenerException {
        SAML2IDP saml2idp;
        String alias;
        SAML2IDP saml2idp2 = null;
        try {
            IUser user = itgt.getUser();
            if (user instanceof SAMLRemoteUser) {
                String idp = ((SAMLRemoteUser) user).getIDP();
                saml2idp2 = (SAML2IDP) this._store.getIDP(idp);
                if (saml2idp2 != null && this._profile.getService(saml2idp2) != null && (((saml2idp = (SAML2IDP) itgt.getAttributes().get(BaseSAML2AuthenticationMethod.class, this._sMethodID, "aslogout_organization")) == null || !saml2idp2.equals(saml2idp)) && (alias = this._aliasStoreIDPRole.getAlias("session_index", idp, itgt.getId())) != null)) {
                    UserEvent processSynchronous = this._profile.processSynchronous(user, saml2idp2, str, alias);
                    _eventLogger.info(new UserEventLogItem((String) null, itgt.getId(), (SessionState) null, processSynchronous, user.getID(), user.getOrganization(), (String) null, (String) null, this, (String) null));
                    if (processSynchronous != UserEvent.USER_LOGGED_OUT) {
                        throw new TGTListenerException(new TGTEventError(processSynchronous, saml2idp2.getFriendlyName()));
                    }
                }
            }
        } catch (TGTListenerException e) {
            throw e;
        } catch (OAException e2) {
            TGTEventError tGTEventError = saml2idp2 != null ? new TGTEventError(UserEvent.USER_LOGOUT_FAILED, saml2idp2.getFriendlyName()) : new TGTEventError(UserEvent.USER_LOGOUT_FAILED);
            _eventLogger.info(new UserEventLogItem((String) null, itgt.getId(), (SessionState) null, UserEvent.USER_LOGOUT_FAILED, itgt.getUser().getID(), itgt.getUser().getOrganization(), (String) null, (String) null, this, (String) null));
            throw new TGTListenerException(tGTEventError);
        }
    }
}
