package com.alfaariss.oa.profile.saml2.profile.sso;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.UserException;
import com.alfaariss.oa.api.attribute.ISessionAttributes;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.requestor.IRequestor;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.engine.core.tgt.factory.ITGTAliasStore;
import com.alfaariss.oa.profile.saml2.profile.sso.protocol.SingleLogoutProtocol;
import com.alfaariss.oa.util.logging.RequestorEventLogItem;
import com.alfaariss.oa.util.logging.UserEventLogItem;
import com.alfaariss.oa.util.saml2.ISAML2Requestors;
import com.alfaariss.oa.util.saml2.NameIDFormatter;
import com.alfaariss.oa.util.saml2.SAML2IssueInstantWindow;
import com.alfaariss.oa.util.saml2.SAML2Requestor;
import com.alfaariss.oa.util.saml2.SAML2SecurityException;
import com.alfaariss.oa.util.saml2.StatusException;
import com.alfaariss.oa.util.saml2.binding.AbstractDecodingFactory;
import com.alfaariss.oa.util.saml2.binding.AbstractEncodingFactory;
import com.alfaariss.oa.util.saml2.binding.BindingProperties;
import com.alfaariss.oa.util.saml2.binding.soap11.SOAP11Utils;
import com.alfaariss.oa.util.saml2.crypto.SAML2CryptoUtils;
import com.alfaariss.oa.util.saml2.metadata.role.sso.IDPSSODescriptorBuilder;
import com.alfaariss.oa.util.saml2.profile.AbstractSAML2Profile;
import com.alfaariss.oa.util.validation.SessionValidator;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.util.DatatypeHelper;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/saml2/profile/sso/SingleLogout.class */
public class SingleLogout extends AbstractSAML2Profile {
    public static final String SESSION_REQUEST_PROTOCOLBINDING = "ProtocolBinding";
    public static final String SESSION_REQUEST_ID = "ID";
    public static final String SESSION_REQUEST_RELAYSTATE = "RelayState";
    private static final String SSO_LOGOUT_URI = "logout";
    private static Log _logger;
    private BindingProperties _bindingProperties;
    private SingleLogoutProtocol _protocol;
    private IDPSSODescriptor _idpSSODescriptor;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.alfaariss.oa.profile.saml2.profile.sso.SingleLogout$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/profile/saml2/profile/sso/SingleLogout$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$api$session$SessionState = new int[SessionState.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_LOGOUT_SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_LOGOUT_PARTIAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_LOGOUT_IN_PROGRESS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_LOGOUT_FAILED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public void init(IConfigurationManager iConfigurationManager, Element element, EntityDescriptor entityDescriptor, String str, String str2, ISAML2Requestors iSAML2Requestors, SAML2IssueInstantWindow sAML2IssueInstantWindow, String str3) throws OAException {
        super.init(iConfigurationManager, element, entityDescriptor, str, str2, iSAML2Requestors, sAML2IssueInstantWindow, str3);
        Element section = iConfigurationManager.getSection(element, "bindings");
        if (section == null) {
            _logger.error("No 'bindings' section found in 'profile' section in configuration with profile id: " + this._sID);
            throw new OAException(17);
        }
        this._bindingProperties = new BindingProperties(iConfigurationManager, section);
        Element section2 = iConfigurationManager.getSection(element, "nameid");
        if (section2 == null) {
            _logger.error("No 'nameid' section found in 'profile' section in configuration with profile id: " + this._sID);
            throw new OAException(17);
        }
        ITGTAliasStore aliasStoreSP = this._tgtFactory.getAliasStoreSP();
        if (aliasStoreSP == null) {
            _logger.error("TGT Factory has no SP Role alias support");
            throw new OAException(2);
        }
        this._protocol = new SingleLogoutProtocol(this._cryptoManager.getSecureRandom(), this._sProfileURL, this._tgtFactory, new NameIDFormatter(iConfigurationManager, section2, this._cryptoManager, aliasStoreSP), this._issueInstantWindow, aliasStoreSP);
        updateEntityDescriptor(iConfigurationManager, element);
    }

    public void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        try {
            String parameter = httpServletRequest.getParameter("asid");
            if (parameter == null) {
                processSAMLRequest(httpServletRequest, httpServletResponse);
            } else {
                if (!SessionValidator.validateDefaultSessionId(parameter)) {
                    _logger.warn("Invalid session id in request: " + parameter);
                    throw new UserException(UserEvent.REQUEST_INVALID);
                }
                processLogoutResponse(httpServletRequest, httpServletResponse, this._sessionFactory.retrieve(parameter));
            }
        } catch (UserException e) {
            this._eventLogger.info(0 != 0 ? new UserEventLogItem((ISession) null, httpServletRequest.getRemoteAddr(), e.getEvent(), this, (String) null) : new UserEventLogItem((String) null, (String) null, (SessionState) null, e.getEvent(), (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
            if (httpServletResponse.isCommitted()) {
                return;
            }
            try {
                httpServletResponse.sendError(400);
            } catch (IOException e2) {
                _logger.warn("Could not send response", e2);
            }
        }
    }

    private void processSAMLRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        String str = null;
        try {
            AbstractDecodingFactory resolveInstance = AbstractDecodingFactory.resolveInstance(httpServletRequest, httpServletResponse, this._bindingProperties);
            if (resolveInstance == null) {
                _logger.debug("Decoding factory not created: Invalid request");
                throw new MessageDecodingException("Could not determine binding");
            }
            SAMLMessageDecoder decoder = resolveInstance.getDecoder();
            String bindingURI = decoder.getBindingURI();
            _logger.debug("Binding URI: " + bindingURI);
            SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> context = resolveInstance.getContext();
            context.setLocalEntityId(this._sEntityID);
            context.setLocalEntityMetadata(this._entityDescriptor);
            try {
                decoder.decode(context);
                LogoutRequest logoutRequest = (SignableSAMLObject) context.getInboundSAMLMessage();
                if (_logger.isDebugEnabled() && logoutRequest != null) {
                    logXML(logoutRequest);
                }
                if (!(logoutRequest instanceof LogoutRequest)) {
                    _logger.debug("Unsupported SAML message in request");
                    throw new MessageDecodingException("Unsupported SAML message");
                }
                boolean z = bindingURI.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST") || bindingURI.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
                boolean z2 = !DatatypeHelper.isEmpty(context.getInboundMessageTransport().getParameterValue("Signature")) || logoutRequest.isSigned();
                if (!z || z2) {
                    processLogoutRequest(httpServletRequest, httpServletResponse, context, bindingURI, logoutRequest.getReason());
                } else {
                    _logger.debug("LogoutRequest MUST be signed if the HTTP POST or Redirect binding is used");
                    throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
                }
            } catch (SecurityException e) {
                _logger.debug("Could not decode inbound message due to security exception", e);
                throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
            }
        } catch (MessageDecodingException e2) {
            _logger.debug("Decoding error", e2);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
            if (0 != 0 && str.equals("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")) {
                SOAP11Utils.sendSOAPFault((SAMLMessageContext) null, RequestorEvent.REQUEST_INVALID);
                return;
            }
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(400);
                }
            } catch (IOException e3) {
                _logger.warn("Could not send response", e3);
            }
        } catch (OAException e4) {
            throw e4;
        } catch (SAML2SecurityException e5) {
            _logger.debug("Security error", e5);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e5.getEvent(), (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "Security Fault"));
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(403);
                }
            } catch (IOException e6) {
                _logger.warn("Could not send response", e6);
            }
        } catch (StatusException e7) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e7.getEvent(), (String) null, httpServletRequest.getRemoteAddr(), e7.getRequestorID(), this, e7.getMessage()));
            sendResponse(null, httpServletRequest, httpServletResponse, null);
        } catch (Exception e8) {
            _logger.fatal("Could not process SAML request message", e8);
            throw new OAException(1);
        }
    }

    private void updateEntityDescriptor(IConfigurationManager iConfigurationManager, Element element) {
        this._idpSSODescriptor = this._entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (this._idpSSODescriptor == null) {
            throw new IllegalArgumentException("No IDPSSODescriptor available");
        }
        new IDPSSODescriptorBuilder(iConfigurationManager, element, this._idpSSODescriptor).buildSingleLogoutService(this._sProfileURL, this._bindingProperties);
    }

    private void processLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> sAMLMessageContext, String str, String str2) throws OAException, SAML2SecurityException, StatusException {
        validateRequest(sAMLMessageContext, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        ITGT processRequest = this._protocol.processRequest(sAMLMessageContext);
        String inboundSAMLMessageId = sAMLMessageContext.getInboundSAMLMessageId();
        String inboundMessageIssuer = sAMLMessageContext.getInboundMessageIssuer();
        processRequest.removeRequestorID(inboundMessageIssuer);
        boolean z = false;
        if (str2 != null && str2.equals("urn:oasis:names:tc:SAML:2.0:logout:sp-timeout")) {
            z = processRequest.getRequestorIDs().size() > 0;
        }
        if (z || str.equals("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")) {
            this._protocol.processResponse(processRequest, inboundSAMLMessageId, sAMLMessageContext, z);
            sendResponse(sAMLMessageContext, httpServletRequest, httpServletResponse, str);
            this._eventLogger.info(new UserEventLogItem((String) null, processRequest.getId(), (SessionState) null, UserEvent.USER_LOGGED_OUT, processRequest.getUser().getID(), httpServletRequest.getRemoteAddr(), sAMLMessageContext.getInboundMessageIssuer(), this, sAMLMessageContext.getOutboundSAMLMessageId()));
            return;
        }
        ISession createSession = this._sessionFactory.createSession(inboundMessageIssuer);
        ISessionAttributes attributes = createSession.getAttributes();
        attributes.put(getClass(), "ID", inboundSAMLMessageId);
        attributes.put(getClass(), "ProtocolBinding", str);
        String relayState = sAMLMessageContext.getRelayState();
        if (relayState != null) {
            attributes.put(getClass(), "RelayState", relayState);
        }
        createSession.persist();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(this._sProfileURL);
        stringBuffer.append("?");
        stringBuffer.append("asid");
        stringBuffer.append("=");
        stringBuffer.append(createSession.getId());
        createSession.setProfileURL(stringBuffer.toString());
        httpServletRequest.setAttribute("asid", createSession);
        StringBuffer stringBuffer2 = new StringBuffer(this._sWebSSOPath);
        if (!this._sWebSSOPath.endsWith("/")) {
            stringBuffer2.append("/");
        }
        stringBuffer2.append(SSO_LOGOUT_URI);
        _logger.debug("Forwarding user to: " + stringBuffer2.toString());
        RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(stringBuffer2.toString());
        if (requestDispatcher == null) {
            _logger.warn("There is no requestor dispatcher supported with name: " + stringBuffer2.toString());
            throw new OAException(1);
        }
        this._eventLogger.info(new UserEventLogItem(createSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_LOGOUT_IN_PROGRESS, this, (String) null));
        try {
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            _logger.fatal("Could not forward user", e);
            throw new OAException(1);
        }
    }

    private void processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException, UserException {
        UserEvent userEvent;
        try {
            try {
                String requestorId = iSession.getRequestorId();
                IRequestor requestor = this._requestorPoolFactory.getRequestor(requestorId);
                if (requestor == null) {
                    _logger.debug("No OA Requestor found with id: " + requestorId);
                    throw new OAException(1);
                }
                SAML2Requestor requestor2 = this._requestors.getRequestor(requestor);
                SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> createEncodingContext = createEncodingContext(httpServletRequest, httpServletResponse);
                createEncodingContext.setInboundMessageIssuer(requestorId);
                createEncodingContext.setOutboundMessageIssuer(this._sEntityID);
                MetadataProvider metadataProvider = requestor2.getMetadataProvider();
                if (metadataProvider != null) {
                    createEncodingContext.setMetadataProvider(metadataProvider);
                }
                if (iSession.isExpired()) {
                    StringBuffer stringBuffer = new StringBuffer("Expired session with id '");
                    stringBuffer.append(iSession.getId());
                    stringBuffer.append("' found in request sent from IP: ");
                    stringBuffer.append(httpServletRequest.getRemoteAddr());
                    _logger.debug(stringBuffer.toString());
                    throw new UserException(UserEvent.SESSION_EXPIRED);
                }
                ISessionAttributes attributes = iSession.getAttributes();
                String str = (String) attributes.get(getClass(), "ID");
                if (str == null) {
                    StringBuffer stringBuffer2 = new StringBuffer("No session attribute available with name '");
                    stringBuffer2.append("ID");
                    stringBuffer2.append("' in session with ID: ");
                    stringBuffer2.append(iSession.getId());
                    _logger.debug(stringBuffer2.toString());
                    throw new UserException(UserEvent.SESSION_INVALID);
                }
                String str2 = (String) attributes.get(getClass(), "ProtocolBinding");
                if (str2 == null) {
                    StringBuffer stringBuffer3 = new StringBuffer("No session attribute available with name '");
                    stringBuffer3.append("ProtocolBinding");
                    stringBuffer3.append("' in session with ID: ");
                    stringBuffer3.append(iSession.getId());
                    _logger.debug(stringBuffer3.toString());
                    throw new UserException(UserEvent.SESSION_INVALID);
                }
                String str3 = (String) attributes.get(getClass(), "RelayState");
                if (str3 != null) {
                    createEncodingContext.setRelayState(str3);
                }
                createEncodingContext.setLocalEntityId(this._sEntityID);
                UserEvent userEvent2 = UserEvent.INTERNAL_ERROR;
                switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[iSession.getState().ordinal()]) {
                    case 1:
                        this._protocol.processResponse((ITGT) null, str, createEncodingContext);
                        userEvent = UserEvent.USER_LOGGED_OUT;
                        break;
                    case 2:
                        this._protocol.buildErrorResponse(createEncodingContext, "urn:oasis:names:tc:SAML:2.0:status:Success", "urn:oasis:names:tc:SAML:2.0:status:PartialLogout", str);
                        userEvent = UserEvent.USER_LOGOUT_PARTIALLY;
                        break;
                    case 3:
                    case 4:
                        this._protocol.buildErrorResponse(createEncodingContext, "urn:oasis:names:tc:SAML:2.0:status:Responder", null, str);
                        userEvent = UserEvent.USER_LOGOUT_FAILED;
                        break;
                    default:
                        StringBuffer stringBuffer4 = new StringBuffer("Unsupported session state '");
                        stringBuffer4.append(iSession.getState());
                        stringBuffer4.append("' for session with id: ");
                        stringBuffer4.append(iSession.getId());
                        _logger.debug(stringBuffer4.toString());
                        throw new UserException(UserEvent.REQUEST_INVALID);
                }
                sendASynchronousResponse(createEncodingContext, httpServletRequest, httpServletResponse, str2, requestor2);
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), userEvent, this, createEncodingContext.getOutboundSAMLMessageId()));
                if (iSession != null) {
                    iSession.expire();
                    iSession.persist();
                }
            } catch (UserException e) {
                throw e;
            }
        } catch (Throwable th) {
            if (iSession != null) {
                iSession.expire();
                iSession.persist();
            }
            throw th;
        }
    }

    private void sendASynchronousResponse(SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> sAMLMessageContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SAML2Requestor sAML2Requestor) throws OAException {
        SAMLObject outboundSAMLMessage;
        try {
            LogoutResponse outboundSAMLMessage2 = sAMLMessageContext.getOutboundSAMLMessage();
            if (!this._signingEnabled) {
                _logger.warn("No outbound signing credential found: responses must be signed, make sure server signing is enabled");
                throw new OAException(1);
            }
            SingleLogoutService resolveSingleLogoutServiceEndpoint = resolveSingleLogoutServiceEndpoint(sAML2Requestor, str);
            if (resolveSingleLogoutServiceEndpoint == null) {
                StringBuffer stringBuffer = new StringBuffer("No SingleLogoutService with supported binding for response available (");
                stringBuffer.append(str);
                stringBuffer.append(") for requestor with ID: ");
                stringBuffer.append(sAML2Requestor.getID());
                _logger.warn(stringBuffer.toString());
                throw new OAException(1);
            }
            String binding = resolveSingleLogoutServiceEndpoint.getBinding();
            String responseLocation = resolveSingleLogoutServiceEndpoint.getResponseLocation();
            if (responseLocation == null) {
                _logger.debug("No SingleLogoutService response location for response available, using 'location'");
                responseLocation = resolveSingleLogoutServiceEndpoint.getLocation();
            } else {
                resolveSingleLogoutServiceEndpoint.setLocation(responseLocation);
            }
            if (responseLocation == null) {
                _logger.warn("No SingleLogoutService location for response available");
                throw new OAException(1);
            }
            outboundSAMLMessage2.setDestination(responseLocation);
            sAMLMessageContext.setLocalEntityMetadata(this._entityDescriptor);
            sAMLMessageContext.setLocalEntityRoleMetadata(this._idpSSODescriptor);
            sAMLMessageContext.setPeerEntityEndpoint(resolveSingleLogoutServiceEndpoint);
            if (this._signingEnabled) {
                sAMLMessageContext.setOutboundSAMLMessageSigningCredential(SAML2CryptoUtils.retrieveMySigningCredentials(this._cryptoManager, this._entityDescriptor.getEntityID()));
            }
            AbstractEncodingFactory.createInstance(httpServletRequest, httpServletResponse, binding, this._bindingProperties).getEncoder().encode(sAMLMessageContext);
            if (_logger.isDebugEnabled() && (outboundSAMLMessage = sAMLMessageContext.getOutboundSAMLMessage()) != null) {
                logXML(outboundSAMLMessage);
            }
        } catch (MessageEncodingException e) {
            _logger.error("Could not send reponse", e);
            throw new OAException(1);
        }
    }

    private void sendResponse(SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> sAMLMessageContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws OAException {
        String binding;
        SAMLObject outboundSAMLMessage;
        try {
            LogoutResponse outboundSAMLMessage2 = sAMLMessageContext.getOutboundSAMLMessage();
            LogoutRequest inboundSAMLMessage = sAMLMessageContext.getInboundSAMLMessage();
            if (this._signingEnabled) {
                sAMLMessageContext.setOutboundSAMLMessageSigningCredential(SAML2CryptoUtils.retrieveMySigningCredentials(this._cryptoManager, this._sEntityID));
            }
            if (str.equals("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")) {
                binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
            } else {
                if (!this._signingEnabled) {
                    _logger.warn("No outbound signing credential found: responses must be signed, make sure server signing is enabled");
                    throw new OAException(1);
                }
                String inboundMessageIssuer = sAMLMessageContext.getInboundMessageIssuer();
                IRequestor requestor = this._requestorPoolFactory.getRequestor(inboundMessageIssuer);
                if (requestor == null) {
                    _logger.debug("No OA Requestor found with id: " + inboundMessageIssuer);
                    throw new OAException(1);
                }
                SAML2Requestor requestor2 = this._requestors.getRequestor(requestor);
                if (requestor2 == null) {
                    _logger.warn("No SingleLogoutService location for response available, no requestor information configured. Request ID: " + inboundSAMLMessage.getID());
                    throw new OAException(1);
                }
                SingleLogoutService resolveSingleLogoutServiceEndpoint = resolveSingleLogoutServiceEndpoint(requestor2, str);
                if (resolveSingleLogoutServiceEndpoint == null) {
                    StringBuffer stringBuffer = new StringBuffer("No SingleLogoutService with supported binding (");
                    stringBuffer.append(str);
                    stringBuffer.append(") for response available. Request ID ");
                    stringBuffer.append(inboundSAMLMessage.getID());
                    _logger.warn(stringBuffer.toString());
                    throw new OAException(1);
                }
                binding = resolveSingleLogoutServiceEndpoint.getBinding();
                String responseLocation = resolveSingleLogoutServiceEndpoint.getResponseLocation();
                if (responseLocation == null) {
                    _logger.debug("No SingleLogoutService response location for response available, using 'location'. Request ID: " + inboundSAMLMessage.getID());
                    responseLocation = resolveSingleLogoutServiceEndpoint.getLocation();
                } else {
                    resolveSingleLogoutServiceEndpoint.setLocation(responseLocation);
                }
                if (responseLocation == null) {
                    _logger.warn("No SingleLogoutService location for response available. Request ID: " + inboundSAMLMessage.getID());
                    throw new OAException(1);
                }
                outboundSAMLMessage2.setDestination(responseLocation);
                sAMLMessageContext.setPeerEntityEndpoint(resolveSingleLogoutServiceEndpoint);
            }
            AbstractEncodingFactory.createInstance(httpServletRequest, httpServletResponse, binding, this._bindingProperties).getEncoder().encode(sAMLMessageContext);
            if (_logger.isDebugEnabled() && (outboundSAMLMessage = sAMLMessageContext.getOutboundSAMLMessage()) != null) {
                logXML(outboundSAMLMessage);
            }
        } catch (MessageEncodingException e) {
            _logger.error("Could not send reponse", e);
            throw new OAException(1);
        }
    }

    private SingleLogoutService resolveSingleLogoutServiceEndpoint(SAML2Requestor sAML2Requestor, String str) throws OAException {
        if (!$assertionsDisabled && sAML2Requestor == null) {
            throw new AssertionError("Empty SAML2 requestor");
        }
        try {
            MetadataProvider metadataProvider = sAML2Requestor.getMetadataProvider();
            if (metadataProvider == null) {
                _logger.warn("No ChainingMetadataProvider found for requestor: " + sAML2Requestor.getID());
                throw new OAException(1);
            }
            SPSSODescriptor role = metadataProvider.getRole(sAML2Requestor.getID(), SPSSODescriptor.DEFAULT_ELEMENT_NAME, "urn:oasis:names:tc:SAML:2.0:protocol");
            if (role == null) {
                _logger.warn("No SPSSODescriptor in metadata: Can't resolve response target for requestor: " + sAML2Requestor.getID());
                throw new OAException(1);
            }
            SingleLogoutService singleLogoutService = null;
            List singleLogoutServices = role.getSingleLogoutServices();
            String str2 = this._bindingProperties.getDefault();
            SingleLogoutService singleLogoutService2 = null;
            Iterator it = singleLogoutServices.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SingleLogoutService singleLogoutService3 = (SingleLogoutService) it.next();
                String binding = singleLogoutService3.getBinding();
                if (binding != null && this._bindingProperties.isSupported(binding)) {
                    if (binding.equals(str)) {
                        singleLogoutService = singleLogoutService3;
                        break;
                    }
                    if (singleLogoutService2 == null && binding.equals(str2)) {
                        singleLogoutService2 = singleLogoutService3;
                    }
                }
            }
            if (singleLogoutService == null) {
                singleLogoutService = singleLogoutService2;
            }
            return singleLogoutService;
        } catch (Exception e) {
            _logger.fatal("Could not resolve SingleLogoutService", e);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        }
    }

    static {
        $assertionsDisabled = !SingleLogout.class.desiredAssertionStatus();
        _logger = LogFactory.getLog(SingleLogout.class);
    }
}
