package com.alfaariss.oa.profile.saml2.listener;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.logging.IAuthority;
import com.alfaariss.oa.api.requestor.IRequestor;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.api.tgt.ITGTListener;
import com.alfaariss.oa.api.tgt.TGTEventError;
import com.alfaariss.oa.api.tgt.TGTListenerEvent;
import com.alfaariss.oa.api.tgt.TGTListenerException;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.requestor.factory.IRequestorPoolFactory;
import com.alfaariss.oa.engine.core.tgt.factory.ITGTAliasStore;
import com.alfaariss.oa.profile.saml2.listener.slo.SynchronousSingleLogout;
import com.alfaariss.oa.util.logging.UserEventLogItem;
import com.alfaariss.oa.util.saml2.SAML2Requestor;
import com.alfaariss.oa.util.saml2.SAML2Requestors;
import java.util.List;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/saml2/listener/SAML2TGTListener.class */
public class SAML2TGTListener implements ITGTListener, IAuthority {
    private static final String AUTHORITY_NAME = "SAML2ProfileTGTListener_";
    private static Log _logger;
    private static Log _eventLogger;
    private boolean _bEnabled;
    private String _sProfileID;
    private ITGTAliasStore _spAliasStore;
    private SAML2Requestors _saml2Requestors;
    private IRequestorPoolFactory _requestorPoolFactory;
    private SynchronousSingleLogout _singleLogout;

    /* renamed from: com.alfaariss.oa.profile.saml2.listener.SAML2TGTListener$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/profile/saml2/listener/SAML2TGTListener$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent = new int[TGTListenerEvent.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[TGTListenerEvent.ON_CREATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[TGTListenerEvent.ON_EXPIRE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[TGTListenerEvent.ON_REMOVE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public SAML2TGTListener(IConfigurationManager iConfigurationManager, Element element, String str, SAML2Requestors sAML2Requestors, EntityDescriptor entityDescriptor) throws OAException {
        String param;
        _logger = LogFactory.getLog(SAML2TGTListener.class);
        _eventLogger = LogFactory.getLog("com.alfaariss.oa.EventLogger");
        this._bEnabled = true;
        Element section = iConfigurationManager.getSection(element, "logout");
        if (section != null && (param = iConfigurationManager.getParam(section, "enabled")) != null) {
            if (param.equalsIgnoreCase("FALSE")) {
                this._bEnabled = false;
            } else if (!param.equalsIgnoreCase("TRUE")) {
                _logger.error("Unknown value in 'enabled' configuration item: " + param);
                throw new OAException(17);
            }
        }
        if (!this._bEnabled) {
            _logger.info("Logout Manager: disabled");
            return;
        }
        this._sProfileID = str;
        this._saml2Requestors = sAML2Requestors;
        Engine engine = Engine.getInstance();
        this._requestorPoolFactory = engine.getRequestorPoolFactory();
        this._spAliasStore = engine.getTGTFactory().getAliasStoreSP();
        if (this._spAliasStore == null) {
            _logger.error("Required SP Role TGT alias storage is disabled");
            throw new OAException(2);
        }
        this._singleLogout = new SynchronousSingleLogout(entityDescriptor);
    }

    public void processTGTEvent(TGTListenerEvent tGTListenerEvent, ITGT itgt) throws TGTListenerException {
        if (this._bEnabled) {
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$tgt$TGTListenerEvent[tGTListenerEvent.ordinal()]) {
                case 1:
                default:
                    return;
                case 2:
                    Vector vector = new Vector();
                    vector.addAll(processRemove(itgt, "urn:oasis:names:tc:SAML:2.0:logout:global-timeout"));
                    if (!vector.isEmpty()) {
                        throw new TGTListenerException(vector);
                    }
                    return;
                case 3:
                    Vector vector2 = new Vector();
                    vector2.addAll(processRemove(itgt, "urn:oasis:names:tc:SAML:2.0:logout:user"));
                    if (!vector2.isEmpty()) {
                        throw new TGTListenerException(vector2);
                    }
                    return;
            }
        }
    }

    public String getAuthority() {
        return AUTHORITY_NAME + this._sProfileID;
    }

    public boolean isEnabled() {
        return this._bEnabled;
    }

    private List<TGTEventError> processRemove(ITGT itgt, String str) {
        SingleLogoutService resolveSPSSOService;
        Vector vector = new Vector();
        IRequestor iRequestor = null;
        IUser user = itgt.getUser();
        for (String str2 : itgt.getRequestorIDs()) {
            try {
                String alias = this._spAliasStore.getAlias("session_index", str2, itgt.getId());
                if (alias != null) {
                    iRequestor = this._requestorPoolFactory.getRequestor(str2);
                    SAML2Requestor requestor = this._saml2Requestors.getRequestor(iRequestor);
                    if (requestor != null && (resolveSPSSOService = resolveSPSSOService(requestor)) != null) {
                        UserEvent processSynchronous = this._singleLogout.processSynchronous(user, requestor, resolveSPSSOService, str, itgt.getAttributes(), alias, itgt.getId());
                        if (processSynchronous != UserEvent.USER_LOGGED_OUT) {
                            vector.add(new TGTEventError(processSynchronous, iRequestor.getFriendlyName()));
                        }
                        _eventLogger.info(new UserEventLogItem((String) null, itgt.getId(), (SessionState) null, processSynchronous, user.getID(), user.getOrganization(), (String) null, str2, this, (String) null));
                    }
                }
            } catch (OAException e) {
                vector.add(iRequestor != null ? new TGTEventError(UserEvent.INTERNAL_ERROR, iRequestor.getFriendlyName()) : new TGTEventError(UserEvent.INTERNAL_ERROR));
                _eventLogger.info(new UserEventLogItem((String) null, itgt.getId(), (SessionState) null, UserEvent.INTERNAL_ERROR, itgt.getUser().getID(), itgt.getUser().getOrganization(), (String) null, str2, this, (String) null));
            }
        }
        return vector;
    }

    private SingleLogoutService resolveSPSSOService(SAML2Requestor sAML2Requestor) {
        SPSSODescriptor role;
        List<SingleLogoutService> singleLogoutServices;
        try {
            MetadataProvider metadataProvider = sAML2Requestor.getMetadataProvider();
            if (metadataProvider != null && (role = metadataProvider.getRole(sAML2Requestor.getID(), SPSSODescriptor.DEFAULT_ELEMENT_NAME, "urn:oasis:names:tc:SAML:2.0:protocol")) != null && (singleLogoutServices = role.getSingleLogoutServices()) != null && !singleLogoutServices.isEmpty()) {
                for (SingleLogoutService singleLogoutService : singleLogoutServices) {
                    if ("urn:oasis:names:tc:SAML:2.0:bindings:SOAP".equals(singleLogoutService.getBinding())) {
                        return singleLogoutService;
                    }
                }
            }
            return null;
        } catch (MetadataProviderException e) {
            _logger.debug("No SPSSODescriptor found in metadata for requestor : " + sAML2Requestor.getID(), e);
            return null;
        }
    }
}
