package eu.cec.digit.ecas.client.session;

import eu.cec.digit.ecas.client.logging.Logger;
import eu.cec.digit.ecas.client.resolver.logging.ClientFactory;
import eu.cec.digit.ecas.client.resolver.session.HttpSessionHandlerStrategy;
import eu.cec.digit.ecas.client.resolver.session.SessionCreationRuntimeException;
import eu.cec.digit.ecas.util.ISO8601DateConverter;
import eu.cec.digit.ecas.util.Line;
import java.io.Serializable;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:eu/cec/digit/ecas/client/session/AbstractSingleSignOutHandler.class */
public abstract class AbstractSingleSignOutHandler implements SingleSignOutHandler, Serializable {
    public static final String SAML_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
    public static final String SAML_FAILURE_REQUESTER = "urn:oasis:names:tc:SAML:2.0:status:Requester";
    public static final String SAML_FAILURE_RESPONDER = "urn:oasis:names:tc:SAML:2.0:status:Responder";
    private static final String LOGOUT_RESPONSE = "<samlp:LogoutResponse xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_{0}\" InResponseTo=\"{1}\" IssueInstant=\"{2}\" Version=\"2.0\"><Issuer>{3}</Issuer><samlp:Status><samlp:StatusCode Value=\"{4}\"/></samlp:Status></samlp:LogoutResponse>";
    private static final Logger LOG;
    private static final String ARTIFACT_PARAMETER_NAME = "ticket";
    private static final String LOGOUT_PARAMETER_NAME = "logoutRequest";
    private static volatile SecureRandom NUMBER_GENERATOR;
    private final SessionMappingStorage sessionMappingStorage = new HashMapBackedSessionMappingStorage();
    static Class class$eu$cec$digit$ecas$client$session$AbstractSingleSignOutHandler;

    private static String digits(long j, int i) {
        long j2 = 1 << (i * 4);
        return Long.toHexString(j2 | (j & (j2 - 1))).substring(1);
    }

    public static String generateID() {
        SecureRandom secureRandom = NUMBER_GENERATOR;
        if (secureRandom == null) {
            SecureRandom secureRandom2 = new SecureRandom();
            secureRandom = secureRandom2;
            NUMBER_GENERATOR = secureRandom2;
        }
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        bArr[6] = (byte) (bArr[6] & 15);
        bArr[6] = (byte) (bArr[6] | 64);
        bArr[8] = (byte) (bArr[8] & 63);
        bArr[8] = (byte) (bArr[8] | 128);
        long j = 0;
        long j2 = 0;
        for (int i = 0; i < 8; i++) {
            j = (j << 8) | (bArr[i] & 255);
        }
        for (int i2 = 8; i2 < 16; i2++) {
            j2 = (j2 << 8) | (bArr[i2] & 255);
        }
        return idToString(j, j2);
    }

    private static String idToString(long j, long j2) {
        return new StringBuffer().append(digits(j >> 32, 8)).append("-").append(digits(j >> 16, 4)).append("-").append(digits(j, 4)).append("-").append(digits(j2 >> 48, 4)).append("-").append(digits(j2, 12)).toString();
    }

    @Override // eu.cec.digit.ecas.client.session.SingleSignOutHandler
    public String destroySession(HttpServletRequest httpServletRequest) {
        String str;
        String parameter = httpServletRequest.getParameter(LOGOUT_PARAMETER_NAME);
        boolean isDebugEnabled = LOG.isDebugEnabled();
        if (isDebugEnabled) {
            LOG.debug(new StringBuffer().append("Logout request (").append(httpServletRequest.getContextPath()).append("):").append(Line.EOL).append(parameter).toString());
        }
        Saml2LogoutRequest parse = Saml2LogoutRequestParser.parse(parameter);
        boolean z = false;
        String sessionIndex = parse.getSessionIndex();
        if (eu.cec.digit.ecas.util.commons.lang.CommonUtils.isNotBlank(sessionIndex)) {
            HttpSession removeSessionByMappingId = this.sessionMappingStorage.removeSessionByMappingId(sessionIndex);
            if (null != removeSessionByMappingId) {
                String id = removeSessionByMappingId.getId();
                if (isDebugEnabled) {
                    LOG.debug(new StringBuffer().append("Invalidating session (").append(httpServletRequest.getContextPath()).append(") [").append(id).append("] for token [").append(sessionIndex).append("]").toString());
                }
                try {
                    HttpSessionHandlerStrategy.getInstance().invalidateSession(removeSessionByMappingId);
                    str = SAML_SUCCESS;
                    z = true;
                } catch (IllegalStateException e) {
                    if (isDebugEnabled) {
                        LOG.debug(new StringBuffer().append("Error invalidating session (").append(httpServletRequest.getContextPath()).append(") [").append(id).append("]").toString(), e);
                    }
                    str = SAML_FAILURE_RESPONDER;
                }
            } else {
                str = processTokenNotFoundLocally(httpServletRequest, sessionIndex);
            }
        } else {
            str = SAML_FAILURE_REQUESTER;
        }
        String format = MessageFormat.format(LOGOUT_RESPONSE, generateID(), parse.getId(), ISO8601DateConverter.toISO8601String(new Date()), httpServletRequest.getRequestURL().toString(), str);
        if (isDebugEnabled) {
            LOG.debug(new StringBuffer().append("Logout request (").append(httpServletRequest.getContextPath()).append("): ").append(z ? "SUCCESS" : "FAILURE").append(": ").append(Line.EOL).append(format).toString());
        }
        return format;
    }

    @Override // eu.cec.digit.ecas.client.session.SingleSignOutHandler
    public boolean destroySessionByToken(String str) {
        HttpSession removeSessionByMappingId;
        boolean isDebugEnabled = LOG.isDebugEnabled();
        if (isDebugEnabled) {
            LOG.debug(new StringBuffer().append("Received invalidation request for token [").append(str).append("]").toString());
        }
        if (!eu.cec.digit.ecas.util.commons.lang.CommonUtils.isNotBlank(str) || null == (removeSessionByMappingId = this.sessionMappingStorage.removeSessionByMappingId(str))) {
            return false;
        }
        String id = removeSessionByMappingId.getId();
        if (isDebugEnabled) {
            LOG.debug(new StringBuffer().append("Invalidating session [").append(id).append("] for token [").append(str).append("]").toString());
        }
        try {
            HttpSessionHandlerStrategy.getInstance().invalidateSession(removeSessionByMappingId);
            if (!isDebugEnabled) {
                return true;
            }
            LOG.debug(new StringBuffer().append("Invalidated successfully session [").append(id).append("] for token [").append(str).append("]").toString());
            return true;
        } catch (IllegalStateException e) {
            if (!isDebugEnabled) {
                return false;
            }
            LOG.debug(new StringBuffer().append("Error invalidating session [").append(id).append("]").toString(), e);
            return false;
        }
    }

    @Override // eu.cec.digit.ecas.client.session.SingleSignOutHandler
    public SessionMappingStorage getSessionMappingStorage() {
        return this.sessionMappingStorage;
    }

    @Override // eu.cec.digit.ecas.client.session.SingleSignOutHandler
    public boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        return "POST".equals(httpServletRequest.getMethod()) && eu.cec.digit.ecas.util.commons.lang.CommonUtils.isNotBlank(httpServletRequest.getParameter(LOGOUT_PARAMETER_NAME));
    }

    @Override // eu.cec.digit.ecas.client.session.SingleSignOutHandler
    public boolean isTokenRequest(HttpServletRequest httpServletRequest) {
        return eu.cec.digit.ecas.util.commons.lang.CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, ARTIFACT_PARAMETER_NAME));
    }

    protected String processTokenNotFoundLocally(HttpServletRequest httpServletRequest, String str) {
        return SAML_FAILURE_REQUESTER;
    }

    @Override // eu.cec.digit.ecas.client.session.SingleSignOutHandler
    public void recordSession(HttpServletRequest httpServletRequest) throws IllegalStateException, SessionCreationRuntimeException {
        recordSession(HttpSessionHandlerStrategy.getInstance().getOrCreateSession(httpServletRequest), CommonUtils.safeGetParameter(httpServletRequest, ARTIFACT_PARAMETER_NAME), httpServletRequest.getContextPath());
    }

    @Override // eu.cec.digit.ecas.client.session.SingleSignOutHandler
    public void recordSession(HttpSession httpSession, String str, String str2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(new StringBuffer().append("Recording session (").append(httpSession.toString()).append(") for token \"").append(str).append("\" in context \"").append(str2).append("\"").toString());
        }
        try {
            this.sessionMappingStorage.removeSessionBySessionId(httpSession.getId());
        } catch (Exception e) {
        }
        this.sessionMappingStorage.addSessionByMappingId(str, httpSession);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        ClientFactory clientFactory = ClientFactory.getInstance();
        if (class$eu$cec$digit$ecas$client$session$AbstractSingleSignOutHandler == null) {
            cls = class$("eu.cec.digit.ecas.client.session.AbstractSingleSignOutHandler");
            class$eu$cec$digit$ecas$client$session$AbstractSingleSignOutHandler = cls;
        } else {
            cls = class$eu$cec$digit$ecas$client$session$AbstractSingleSignOutHandler;
        }
        LOG = clientFactory.getLogger(cls);
        NUMBER_GENERATOR = null;
    }
}
