package org.xdi.oxauth.authorize.ws.rs;

import java.io.IOException;
import java.util.Map;
import org.codehaus.jackson.JsonGenerationException;
import org.codehaus.jackson.JsonParseException;
import org.codehaus.jackson.map.JsonMappingException;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.faces.FacesManager;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.international.StatusMessage;
import org.jboss.seam.log.Log;
import org.xdi.model.custom.script.conf.CustomScriptConfiguration;
import org.xdi.oxauth.model.common.AuthorizationGrant;
import org.xdi.oxauth.model.common.AuthorizationGrantList;
import org.xdi.oxauth.model.common.SessionState;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.util.Base64Util;
import org.xdi.oxauth.service.SessionStateService;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.service.JsonService;
import org.xdi.util.StringHelper;

@Name("logoutAction")
@Scope(ScopeType.EVENT)
/* loaded from: input_file:org/xdi/oxauth/authorize/ws/rs/LogoutAction.class */
public class LogoutAction {
    private static final String EXTERNAL_LOGOUT = "external_logout";
    private static final String EXTERNAL_LOGOUT_DATA = "external_logout_data";

    @Logger
    private Log log;

    @In
    private FacesMessages facesMessages;

    @In
    private AuthorizationGrantList authorizationGrantList;

    @In
    private SessionStateService sessionStateService;

    @In
    private ExternalAuthenticationService externalAuthenticationService;

    @In
    private JsonService jsonService;

    @In
    private AppConfiguration appConfiguration;
    private String idTokenHint;
    private String postLogoutRedirectUri;
    private SessionState sessionState;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xdi/oxauth/authorize/ws/rs/LogoutAction$ExternalLogoutResult.class */
    public enum ExternalLogoutResult {
        SUCCESS,
        FAILURE,
        REDIRECT
    }

    /* loaded from: input_file:org/xdi/oxauth/authorize/ws/rs/LogoutAction$LogoutParameters.class */
    public static class LogoutParameters {
        private String idTokenHint;
        private String postLogoutRedirectUri;

        public LogoutParameters() {
        }

        public LogoutParameters(String str, String str2) {
            this.idTokenHint = str;
            this.postLogoutRedirectUri = str2;
        }

        public String getIdTokenHint() {
            return this.idTokenHint;
        }

        public void setIdTokenHint(String str) {
            this.idTokenHint = str;
        }

        public String getPostLogoutRedirectUri() {
            return this.postLogoutRedirectUri;
        }

        public void setPostLogoutRedirectUri(String str) {
            this.postLogoutRedirectUri = str;
        }
    }

    public String getIdTokenHint() {
        return this.idTokenHint;
    }

    public void setIdTokenHint(String str) {
        this.idTokenHint = str;
    }

    public String getPostLogoutRedirectUri() {
        return this.postLogoutRedirectUri;
    }

    public void setPostLogoutRedirectUri(String str) {
        this.postLogoutRedirectUri = str;
    }

    public void redirect() {
        SessionState sessionState = this.sessionStateService.getSessionState();
        if (!validateParameters()) {
            try {
                restoreLogoutParametersFromSession(sessionState);
            } catch (IOException e) {
                logoutFailed();
                this.log.debug("Failed to restore logout parameters from session", e, new Object[0]);
            }
            if (!validateParameters()) {
                missingLogoutParameters();
                return;
            }
        }
        ExternalLogoutResult processExternalAuthenticatorLogOut = processExternalAuthenticatorLogOut(sessionState);
        if (ExternalLogoutResult.FAILURE == processExternalAuthenticatorLogOut) {
            logoutFailed();
            return;
        }
        if (ExternalLogoutResult.REDIRECT == processExternalAuthenticatorLogOut) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        if (this.idTokenHint != null && !this.idTokenHint.isEmpty()) {
            sb.append("id_token_hint=").append(this.idTokenHint);
        }
        if (sessionState != null && !this.postLogoutRedirectUri.isEmpty()) {
            sb.append("&session_state=").append(sessionState.getId());
        }
        if (this.postLogoutRedirectUri != null && !this.postLogoutRedirectUri.isEmpty()) {
            sb.append("&post_logout_redirect_uri=").append(this.postLogoutRedirectUri);
        }
        FacesManager.instance().redirectToExternalURL("seam/resource/restv1/oxauth/end_session?" + sb.toString());
    }

    private boolean validateParameters() {
        return (StringHelper.isNotEmpty(this.idTokenHint) || this.sessionState != null) && StringHelper.isNotEmpty(this.postLogoutRedirectUri);
    }

    private ExternalLogoutResult processExternalAuthenticatorLogOut(SessionState sessionState) {
        Boolean endSessionWithAccessToken;
        if (sessionState != null && sessionState.getSessionAttributes().containsKey(EXTERNAL_LOGOUT)) {
            this.log.debug("Detected callback from external system. Resuming logout.", new Object[0]);
            return ExternalLogoutResult.SUCCESS;
        }
        AuthorizationGrant authorizationGrantByIdToken = this.authorizationGrantList.getAuthorizationGrantByIdToken(this.idTokenHint);
        if (authorizationGrantByIdToken == null && (endSessionWithAccessToken = this.appConfiguration.getEndSessionWithAccessToken()) != null && endSessionWithAccessToken.booleanValue()) {
            authorizationGrantByIdToken = this.authorizationGrantList.getAuthorizationGrantByAccessToken(this.idTokenHint);
        }
        if (authorizationGrantByIdToken == null && sessionState == null) {
            return ExternalLogoutResult.FAILURE;
        }
        String acr = authorizationGrantByIdToken == null ? this.sessionStateService.getAcr(sessionState) : authorizationGrantByIdToken.getAcrValues();
        if (!StringHelper.isNotEmpty(acr)) {
            return ExternalLogoutResult.SUCCESS;
        }
        this.log.debug("Attemptinmg to execute logout method of '{0}' external authenticator.", new Object[]{acr});
        CustomScriptConfiguration customScriptConfigurationByName = this.externalAuthenticationService.getCustomScriptConfigurationByName(acr);
        if (customScriptConfigurationByName == null) {
            this.log.error("Failed to get ExternalAuthenticatorConfiguration. acr_values: {0}", new Object[]{acr});
            return ExternalLogoutResult.FAILURE;
        }
        ExternalLogoutResult externalLogoutResult = this.externalAuthenticationService.executeExternalLogout(customScriptConfigurationByName, null) ? ExternalLogoutResult.SUCCESS : ExternalLogoutResult.FAILURE;
        this.log.debug("Logout result is '{0}' for session '{1}', userDn: '{2}'", new Object[]{externalLogoutResult, sessionState.getId(), sessionState.getUserDn()});
        if (this.externalAuthenticationService.executeExternalGetApiVersion(customScriptConfigurationByName) < 3) {
            return externalLogoutResult;
        }
        this.log.trace("According to API version script supports logout redirects", new Object[0]);
        String logoutExternalUrl = this.externalAuthenticationService.getLogoutExternalUrl(customScriptConfigurationByName, null);
        this.log.debug("External logout result is '{0}' for user '{1}'", new Object[]{logoutExternalUrl, sessionState.getUserDn()});
        if (StringHelper.isEmpty(logoutExternalUrl)) {
            return externalLogoutResult;
        }
        try {
            storeLogoutParametersInSession(sessionState);
            FacesManager.instance().redirectToExternalURL(logoutExternalUrl);
            return ExternalLogoutResult.REDIRECT;
        } catch (IOException e) {
            this.log.debug("Failed to persist logout parameters in session", e, new Object[0]);
            return ExternalLogoutResult.FAILURE;
        }
    }

    private void storeLogoutParametersInSession(SessionState sessionState) throws JsonGenerationException, JsonMappingException, IOException {
        Map<String, String> sessionAttributes = sessionState.getSessionAttributes();
        String base64urlencode = Base64Util.base64urlencode(this.jsonService.objectToJson(new LogoutParameters(this.idTokenHint, this.postLogoutRedirectUri)).getBytes("UTF-8"));
        sessionAttributes.put(EXTERNAL_LOGOUT, Boolean.toString(true));
        sessionAttributes.put(EXTERNAL_LOGOUT_DATA, base64urlencode);
        this.sessionStateService.updateSessionState(sessionState);
    }

    private boolean restoreLogoutParametersFromSession(SessionState sessionState) throws IllegalArgumentException, JsonParseException, JsonMappingException, IOException {
        if (sessionState == null) {
            return false;
        }
        this.sessionState = sessionState;
        Map<String, String> sessionAttributes = sessionState.getSessionAttributes();
        if (!sessionAttributes.containsKey(EXTERNAL_LOGOUT)) {
            return false;
        }
        LogoutParameters logoutParameters = (LogoutParameters) this.jsonService.jsonToObject(new String(Base64Util.base64urldecode(sessionAttributes.get(EXTERNAL_LOGOUT_DATA)), "UTF-8"), LogoutParameters.class);
        this.idTokenHint = logoutParameters.getIdTokenHint();
        this.postLogoutRedirectUri = logoutParameters.getPostLogoutRedirectUri();
        return true;
    }

    public void missingLogoutParameters() {
        this.facesMessages.addFromResourceBundle(StatusMessage.Severity.ERROR, "logout.missingParameters", new Object[0]);
        FacesManager.instance().redirect("/error.xhtml");
    }

    public void logoutFailed() {
        this.facesMessages.add(StatusMessage.Severity.ERROR, "Failed to process logout", new Object[0]);
        FacesManager.instance().redirect("/error.xhtml");
    }
}
