package org.xdi.oxauth.session.ws.rs;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.lang.StringUtils;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
import org.xdi.model.AuthenticationScriptUsageType;
import org.xdi.model.custom.script.conf.CustomScriptConfiguration;
import org.xdi.oxauth.model.common.AuthorizationGrant;
import org.xdi.oxauth.model.common.AuthorizationGrantList;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.config.Constants;
import org.xdi.oxauth.model.error.ErrorResponseFactory;
import org.xdi.oxauth.model.session.EndSessionErrorResponseType;
import org.xdi.oxauth.model.session.EndSessionParamsValidator;
import org.xdi.oxauth.service.RedirectionUriService;
import org.xdi.oxauth.service.SessionIdService;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.oxauth.util.RedirectUri;
import org.xdi.oxauth.util.RedirectUtil;
import org.xdi.util.StringHelper;

@Name("endSessionRestWebService")
/* loaded from: input_file:org/xdi/oxauth/session/ws/rs/EndSessionRestWebServiceImpl.class */
public class EndSessionRestWebServiceImpl implements EndSessionRestWebService {

    @Logger
    private Log log;

    @In
    private ErrorResponseFactory errorResponseFactory;

    @In
    private RedirectionUriService redirectionUriService;

    @In
    private AuthorizationGrantList authorizationGrantList;

    @In
    private ExternalAuthenticationService externalAuthenticationService;

    @In
    private SessionIdService sessionIdService;

    @Override // org.xdi.oxauth.session.ws.rs.EndSessionRestWebService
    public Response requestEndSession(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityContext securityContext) {
        Response.ResponseBuilder status;
        this.log.debug("Attempting to end session, idTokenHint: {0}, postLogoutRedirectUri: {1}, sessionId: {2}, Is Secure = {3}", new Object[]{str, str2, str4, Boolean.valueOf(securityContext.isSecure())});
        Response.ok();
        if (EndSessionParamsValidator.validateParams(str, str2)) {
            AuthorizationGrant authorizationGrantByIdToken = this.authorizationGrantList.getAuthorizationGrantByIdToken(str);
            boolean z = false;
            boolean z2 = false;
            if (authorizationGrantByIdToken != null) {
                removeSessionId(str4, httpServletRequest, httpServletResponse);
                z = this.externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.LOGOUT);
                if (z) {
                    CustomScriptConfiguration determineCustomScriptConfiguration = this.externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.LOGOUT, 1, "1", Constants.RESULT_LOGOUT);
                    if (determineCustomScriptConfiguration == null) {
                        this.log.error("Failed to get ExternalAuthenticatorConfiguration. auth_step: {0}, auth_mode: {1}, auth_level: {2}", new Object[]{1, "1", Constants.RESULT_LOGOUT});
                    } else {
                        z2 = this.externalAuthenticationService.executeExternalAuthenticatorAuthenticate(determineCustomScriptConfiguration, null, 1);
                        this.log.info("Authentication result for {0}. auth_step: {1}, result: {2}", new Object[]{authorizationGrantByIdToken.getUser().getUserId(), Constants.RESULT_LOGOUT, Boolean.valueOf(z2)});
                    }
                }
            }
            boolean z3 = (authorizationGrantByIdToken == null || z) ? false : true;
            boolean z4 = authorizationGrantByIdToken != null && z && z2;
            if (z3 || z4) {
                authorizationGrantByIdToken.revokeAllTokens();
                String validatePostLogoutRedirectUri = this.redirectionUriService.validatePostLogoutRedirectUri(authorizationGrantByIdToken.getClient().getClientId(), str2);
                if (StringUtils.isNotBlank(validatePostLogoutRedirectUri)) {
                    RedirectUri redirectUri = new RedirectUri(validatePostLogoutRedirectUri);
                    if (StringUtils.isNotBlank(str3)) {
                        redirectUri.addResponseParameter("state", str3);
                    }
                    status = RedirectUtil.getRedirectResponseBuilder(redirectUri.toString(), httpServletRequest);
                } else {
                    status = Response.status(400);
                    status.entity(this.errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
                }
            } else {
                status = Response.status(401);
                status.entity(this.errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_GRANT));
            }
        } else {
            status = Response.status(400);
            status.entity(this.errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
        }
        return status.build();
    }

    private void removeSessionId(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str2 = str;
        if (StringHelper.isEmpty(str2)) {
            str2 = this.sessionIdService.getSessionIdFromCookie(httpServletRequest);
        }
        if (StringHelper.isNotEmpty(str2)) {
            SessionId sessionId = this.sessionIdService.getSessionId(str2);
            if (sessionId == null) {
                this.log.error("Failed to load session from LDAP by session_id: '{0}'", new Object[]{str2});
            } else if (!this.sessionIdService.remove(sessionId)) {
                this.log.error("Failed to remove session_id '{0}' from LDAP", new Object[]{str2});
            }
        }
        this.sessionIdService.removeSessionIdCookie(httpServletResponse);
    }
}
