package com.sun.identity.federation.services.logout;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.alliance.FSAllianceManager;
import com.sun.identity.federation.alliance.FSHostedProviderDescriptor;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSLogoutNotification;
import com.sun.identity.federation.message.FSLogoutResponse;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.services.FSServiceManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Set;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:115766-05/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/logout/FSProcessLogoutServlet.class */
public class FSProcessLogoutServlet extends HttpServlet {
    private FSAllianceManager allianceInst = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super/*javax.servlet.GenericServlet*/.init(servletConfig);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSProcessLogoutServlet Initializing...");
        }
        this.allianceInst = FSServiceUtils.getAllianceInstance();
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    private void doGetPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSProcessLogoutServlet doGetPost...");
        }
        if (!FSServiceUtils.isLibertyEnabled()) {
            FSUtils.debug.error(new StringBuffer().append("FSProcessLogoutServlet: ").append(FSUtils.bundle.getString("notLibertyEnabled")).toString());
            FSUtils.error("FSProcessLogoutServlet", FSUtils.bundle.getString("notLibertyEnabled"));
            httpServletResponse.sendError(500, FSUtils.bundle.getString("notLibertyEnabled"));
            return;
        }
        String metaAlias = FSServiceUtils.getMetaAlias(httpServletRequest);
        if (metaAlias == null || metaAlias.length() < 1) {
            FSUtils.debug.message("Unable to retrieve alias, Hosted Provider. Cannot process request");
            httpServletResponse.sendError(500, FSUtils.bundle.getString("aliasNotFound"));
            return;
        }
        if (this.allianceInst == null) {
            FSUtils.debug.error("Cannot retrieve hosted descriptor. Cannot process request");
            httpServletResponse.sendError(500, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
            return;
        }
        try {
            FSHostedProviderDescriptor hostedProviderByMetaAlias = this.allianceInst.getHostedProviderByMetaAlias(metaAlias);
            if (hostedProviderByMetaAlias == null) {
                throw new FSAllianceManagementException(null);
            }
            String str = "";
            String str2 = "";
            try {
                if (this.allianceInst != null) {
                    String providerID = hostedProviderByMetaAlias.getProviderID();
                    str = this.allianceInst.getHostedProvider(providerID).getLocalConfiguration().getLogoutDonePageURL(httpServletRequest);
                    str2 = this.allianceInst.getHostedProvider(providerID).getLocalConfiguration().getErrorPageURL(httpServletRequest);
                }
            } catch (FSAllianceManagementException e) {
                FSUtils.debug.error("FSAllianceManagementException ", e);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("logoutDoneURL : ").append(str).toString());
                FSUtils.debug.message(new StringBuffer().append("commonErrorPage : ").append(str2).toString());
            }
            String str3 = (String) httpServletRequest.getAttribute("logoutSource");
            if (str3 == null) {
                str3 = httpServletRequest.getParameter("logoutSource");
            }
            SSOToken validToken = getValidToken(httpServletRequest);
            String str4 = null;
            if (validToken != null) {
                try {
                    str4 = validToken.getPrincipal().toString();
                } catch (SSOException e2) {
                }
                if (str3 != null) {
                    if (str3.equalsIgnoreCase(IFSConstants.AUTH_LOCAL)) {
                        FSUtils.debug.message("Control where Source is local -  from applink");
                        doLogoutInitiation(httpServletRequest, httpServletResponse, hostedProviderByMetaAlias, validToken, str);
                        return;
                    } else if (str3.equalsIgnoreCase("remote")) {
                        FSUtils.debug.message("Control where Source is remote - not from applink but from other provider. Token valid");
                        doLogoutInitiation(httpServletRequest, httpServletResponse, hostedProviderByMetaAlias, validToken, str);
                        return;
                    } else if (str3.equalsIgnoreCase("logoutGet")) {
                        FSUtils.debug.message("Control where Source is Http Get action - not from applink. Initiation will take care in preLogouthandler ");
                        doLogoutInitiation(httpServletRequest, httpServletResponse, hostedProviderByMetaAlias, validToken, str);
                        return;
                    }
                }
            } else if (str3 != null) {
                if (str3.equalsIgnoreCase(IFSConstants.AUTH_LOCAL)) {
                    redirectForAuthentication(httpServletRequest, httpServletResponse, hostedProviderByMetaAlias);
                    return;
                }
                if (str3.equalsIgnoreCase("remote")) {
                    FSUtils.debug.message("Control where Source is remote - not from applink but from other provider");
                    returnLocallyAfterLogout(httpServletResponse, str, true);
                    return;
                } else if (str3.equalsIgnoreCase("logoutGet")) {
                    FSUtils.debug.message("Control where Source is Http Get action - not from applink ");
                    returnLocallyAfterLogout(httpServletResponse, str, true);
                    return;
                }
            }
            new FSLogoutNotification();
            try {
                FSLogoutNotification parseURLEncodedRequest = FSLogoutNotification.parseURLEncodedRequest(httpServletRequest);
                if (parseURLEncodedRequest != null) {
                    doRequestProcessing(httpServletRequest, httpServletResponse, hostedProviderByMetaAlias, parseURLEncodedRequest, str2, str4);
                } else {
                    FSUtils.debug.message("Bad Logout request. calling showBadRequestErrorPage");
                    showBadRequestErrorPage(httpServletResponse, str2);
                }
            } catch (FSMsgException e3) {
                FSUtils.debug.message("Bad Logout request. calling showBadRequestErrorPage");
                showBadRequestErrorPage(httpServletResponse, str2);
            }
        } catch (FSAllianceManagementException e4) {
            FSUtils.debug.error("Unable to find Hosted Provider. not process request");
            httpServletResponse.sendError(500, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        }
    }

    private SSOToken getValidToken(HttpServletRequest httpServletRequest) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSProcessLogoutServlet::getValidToken");
        }
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            if (sSOTokenManager.isValidToken(createSSOToken)) {
                return createSSOToken;
            }
            if (!FSUtils.debug.messageEnabled()) {
                return null;
            }
            FSUtils.debug.message("SSOToken is not valid, redirecting for authentication");
            return null;
        } catch (SSOException e) {
            if (!FSUtils.debug.messageEnabled()) {
                return null;
            }
            FSUtils.debug.message(new StringBuffer().append("SSOException caught: ").append(e).toString());
            return null;
        }
    }

    private void doRequestProcessing(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSHostedProviderDescriptor fSHostedProviderDescriptor, FSLogoutNotification fSLogoutNotification, String str, String str2) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSProcessLogoutServlet::doRequestProcessing");
        }
        int minorVersion = fSLogoutNotification.getMinorVersion();
        String providerId = fSLogoutNotification.getProviderId();
        boolean z = true;
        if (FSServiceUtils.isSigningOn()) {
            try {
                FSProviderDescriptor provider = this.allianceInst.getProvider(providerId);
                if (provider == null) {
                    FSUtils.debug.error("Remote provider metadata not found.");
                    FSUtils.debug.error("Cannot retrieve provider descriptor.");
                    FSUtils.error("FSProcessLogoutServlet::doRequestProcessing", FSUtils.bundle.getString(IFSConstants.LOGOUT_INVALID_PROVIDER));
                    returnToSource(httpServletResponse, providerId, IFSConstants.SAML_FAILURE, str, minorVersion, fSHostedProviderDescriptor, str2);
                    return;
                }
                FSUtils.debug.message("Calling verifyLogoutSignature");
                z = verifyLogoutSignature(httpServletRequest, provider);
            } catch (FSAllianceManagementException e) {
                FSUtils.debug.error("Remote provider metadata not found.");
                FSUtils.debug.error("Cannot retrieve provider descriptor.");
                FSUtils.error("FSProcessLogoutServlet::doRequestProcessing", FSUtils.bundle.getString(IFSConstants.LOGOUT_INVALID_PROVIDER));
                returnToSource(httpServletResponse, providerId, IFSConstants.SAML_FAILURE, str, minorVersion, fSHostedProviderDescriptor, str2);
                return;
            } catch (FSException e2) {
                FSUtils.debug.error("FSFedTerminationHandler::processTerminationRequest Signature on Logout request is invalidCannot proceed federation Logout");
                FSUtils.error("FSProcessLogoutServlet", FSUtils.bundle.getString(IFSConstants.LOGOUT_INVALID_SIGNATURE));
                returnToSource(httpServletResponse, providerId, IFSConstants.SAML_FAILURE, str, minorVersion, fSHostedProviderDescriptor, str2);
                return;
            } catch (SAMLException e3) {
                FSUtils.debug.error("FSFedTerminationHandler::processTerminationRequest Signature on Logout request is invalidCannot proceed federation Logout");
                FSUtils.error("FSProcessLogoutServlet", FSUtils.bundle.getString(IFSConstants.LOGOUT_INVALID_SIGNATURE));
                returnToSource(httpServletResponse, providerId, IFSConstants.SAML_FAILURE, str, minorVersion, fSHostedProviderDescriptor, str2);
                return;
            }
        }
        if (z) {
            Set activeTrustedProviders = fSHostedProviderDescriptor.getLocalConfiguration().getActiveTrustedProviders();
            if (activeTrustedProviders == null) {
                FSUtils.debug.error("Remote provider not in trusted list");
                FSUtils.debug.error("Trusted provider list is empty.");
            } else if (activeTrustedProviders.contains(providerId)) {
                SSOToken validToken = getValidToken(httpServletRequest);
                if (validToken != null) {
                    FSServiceManager fSServiceManager = FSServiceManager.getInstance();
                    if (fSServiceManager == null) {
                        FSUtils.debug.message("FSServiceManager Instance null. Cannot continue logout");
                        FSUtils.error("FSProcessLogoutServlet", FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED_MANAGER));
                        returnToSource(httpServletResponse, providerId, IFSConstants.SAML_FAILURE, str, minorVersion, fSHostedProviderDescriptor, str2);
                        return;
                    } else {
                        FSUtils.debug.message("FSServiceManager Instance not null");
                        FSPreLogoutHandler preLogoutHandler = fSServiceManager.getPreLogoutHandler();
                        if (preLogoutHandler != null) {
                            preLogoutHandler.setLogoutRequest(fSLogoutNotification);
                            preLogoutHandler.setHostedDescriptor(fSHostedProviderDescriptor);
                            preLogoutHandler.processSingleLogoutRequest(httpServletRequest, httpServletResponse, validToken);
                            return;
                        }
                    }
                } else {
                    FSUtils.debug.message("Invalid SSOToken in request processing. Nothing to logout");
                    String userDN = FSLogoutUtil.getUserDN(fSLogoutNotification, fSHostedProviderDescriptor.getProviderID());
                    if (userDN != null) {
                        FSLogoutUtil.destroyPrincipalSession(userDN, fSHostedProviderDescriptor.getProviderID());
                        returnToSource(httpServletResponse, providerId, IFSConstants.SAML_FAILURE, str, minorVersion, fSHostedProviderDescriptor, str2);
                        return;
                    }
                }
            } else {
                FSUtils.debug.error("Remote provider not in trusted list");
            }
        } else {
            FSUtils.debug.error("FSFedTerminationServlet::doRequestProcesing Signature on Logout request is invalidCannot proceed federation Logout");
            FSUtils.error("FSFedTerminationHandler", FSUtils.bundle.getString(IFSConstants.LOGOUT_INVALID_SIGNATURE));
        }
        returnToSource(httpServletResponse, providerId, IFSConstants.SAML_FAILURE, str, minorVersion, fSHostedProviderDescriptor, str2);
    }

    private void doLogoutInitiation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSHostedProviderDescriptor fSHostedProviderDescriptor, SSOToken sSOToken, String str) {
        FSUtils.debug.message("Entered FSProcessLogoutServlet::doLogoutInitiation");
        try {
            FSUtils.debug.message(new StringBuffer().append("In FSProcessLogoutServlet:doLogoutInitiation for: ").append(sSOToken.getPrincipal().toString()).toString());
            FSServiceManager fSServiceManager = FSServiceManager.getInstance();
            if (fSServiceManager != null) {
                FSUtils.debug.message("FSServiceManager Instance not null");
                FSPreLogoutHandler preLogoutHandler = fSServiceManager.getPreLogoutHandler();
                if (preLogoutHandler != null) {
                    preLogoutHandler.setHostedDescriptor(fSHostedProviderDescriptor);
                    preLogoutHandler.handleSingleLogout(httpServletRequest, httpServletResponse, sSOToken);
                    return;
                } else {
                    FSUtils.debug.error("FSPreLogoutHandler Object null.Cannot continue logout");
                    FSUtils.error("FSProcessLogoutServlet", FSUtils.bundle.getString(IFSConstants.LOGOUT_INVALID_HANDLER));
                }
            } else {
                FSUtils.debug.message("FSServiceManager Instance null. Cannot continue logout");
                FSUtils.error("FSProcessLogoutServlet", FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED_MANAGER));
            }
            returnLocallyAfterLogout(httpServletResponse, str, false);
        } catch (SSOException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSProcessLogoutServlet::doLogoutInitiation::SSOExceptionError in Token. Process halted.");
            }
            FSUtils.debug.error(new StringBuffer().append("FSProcessLogoutServlet::doLogoutInitiation ").append(FSUtils.bundle.getString(IFSConstants.LOGOUT_TOKEN_INVALID)).toString());
            FSUtils.error("FSProcessLogoutServlet::doLogoutInitiation", FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED));
            returnLocallyAfterLogout(httpServletResponse, str, false);
        }
    }

    private void redirectForAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSHostedProviderDescriptor fSHostedProviderDescriptor) throws IOException {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSProcessLogoutServlet::redirectForAuthentication");
        }
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(FSServiceUtils.getBaseURL(httpServletRequest));
            stringBuffer.append(IFSConstants.PRE_LOGIN_PAGE);
            stringBuffer.append(stringBuffer.toString().indexOf(63) < 0 ? '?' : '&');
            stringBuffer.append(IFSConstants.META_ALIAS);
            stringBuffer.append('=');
            stringBuffer.append(fSHostedProviderDescriptor.getLocalConfiguration().getProviderAlias());
            String parameterString = getParameterString(httpServletRequest);
            if (parameterString != null && parameterString.length() > 0) {
                stringBuffer.append('&').append(parameterString);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("Redirecting for authentication to: ").append(stringBuffer.toString()).toString());
            }
            httpServletResponse.sendRedirect(stringBuffer.toString());
        } catch (IOException e) {
            FSUtils.debug.error(new StringBuffer().append("Error when redirecting : ").append(e.getMessage()).toString());
        }
    }

    private String getParameterString(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String obj = parameterNames.nextElement().toString();
            String[] parameterValues = httpServletRequest.getParameterValues(obj);
            for (int i = 0; parameterValues != null && i < parameterValues.length; i++) {
                stringBuffer.append(obj).append('=').append(parameterValues[i]).append('&');
            }
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("Parameter String: ").append((Object) stringBuffer).toString());
        }
        return stringBuffer.toString();
    }

    private void returnToSource(HttpServletResponse httpServletResponse, String str, String str2, String str3, int i, FSHostedProviderDescriptor fSHostedProviderDescriptor, String str4) {
        try {
            if (this.allianceInst == null) {
                FSUtils.debug.message("Alliance Manager instance is null");
                httpServletResponse.sendError(500, FSUtils.bundle.getString("unableToReturnToSource"));
                return;
            }
            String sLOServiceReturnURL = this.allianceInst.getProvider(str).getSLOServiceReturnURL();
            if (sLOServiceReturnURL != null && sLOServiceReturnURL.length() >= 1) {
                FSUtils.debug.message(new StringBuffer().append("returnToSource returns URL : ").append(sLOServiceReturnURL).toString());
                httpServletResponse.sendRedirect(buildSignedResponse(sLOServiceReturnURL, str2, i, fSHostedProviderDescriptor, str4));
                return;
            }
            FSUtils.debug.message("returnToSource returns sendErroras source provider is unknown");
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str3);
            stringBuffer.append(str3.indexOf(63) < 0 ? '?' : '&');
            stringBuffer.append(IFSConstants.FEDERROR);
            stringBuffer.append('=');
            stringBuffer.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED)));
            stringBuffer.append('&');
            stringBuffer.append(IFSConstants.FEDREMARK);
            stringBuffer.append('=');
            stringBuffer.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.METADATA_ERROR)));
            FSUtils.debug.message(new StringBuffer().append("Redirecting to Error page : ").append(stringBuffer.toString()).toString());
            httpServletResponse.sendRedirect(stringBuffer.toString());
        } catch (FSAllianceManagementException e) {
            try {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append(str3);
                stringBuffer2.append(str3.indexOf(63) < 0 ? '?' : '&');
                stringBuffer2.append(IFSConstants.FEDERROR);
                stringBuffer2.append('=');
                stringBuffer2.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED)));
                stringBuffer2.append('&');
                stringBuffer2.append(IFSConstants.FEDREMARK);
                stringBuffer2.append('=');
                stringBuffer2.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.METADATA_ERROR)));
                FSUtils.debug.error(new StringBuffer().append("Redirecting to Error page : ").append(stringBuffer2.toString()).toString());
                httpServletResponse.sendRedirect(stringBuffer2.toString());
            } catch (IOException e2) {
                FSUtils.debug.error("Redirect/sendError failed. Control halted");
            }
        } catch (IOException e3) {
            FSUtils.debug.error(new StringBuffer().append("Redirect/sendError failed. Control halted").append(e3.getMessage()).toString());
        }
    }

    public String buildSignedResponse(String str, String str2, int i, FSHostedProviderDescriptor fSHostedProviderDescriptor, String str3) {
        try {
            FSLogoutResponse fSLogoutResponse = new FSLogoutResponse();
            fSLogoutResponse.setID(IFSConstants.LOGOUTID);
            if (str3 != null) {
                FSReturnSessionManager fSReturnSessionManager = FSReturnSessionManager.getInstance(fSHostedProviderDescriptor.getProviderID());
                HashMap hashMap = new HashMap();
                if (fSReturnSessionManager != null) {
                    hashMap = fSReturnSessionManager.getUserProviderInfo(str3);
                }
                if (hashMap != null) {
                    String str4 = (String) hashMap.get("RELAYSTATE");
                    String str5 = (String) hashMap.get(IFSConstants.LOGOUT_STATUS);
                    String str6 = (String) hashMap.get(IFSConstants.RESPONSE_TO);
                    fSReturnSessionManager.removeUserProviderInfo(str3);
                    FSUtils.debug.message(new StringBuffer().append("Deleted ").append(str3).append(" from return list").toString());
                    fSLogoutResponse.setResponseTo(str6);
                    fSLogoutResponse.setRelayState(str4);
                    fSLogoutResponse.setProviderId(fSHostedProviderDescriptor.getProviderID());
                    fSLogoutResponse.setStatus(str5);
                } else {
                    fSLogoutResponse.setStatus(str2);
                    fSLogoutResponse.setProviderId(fSHostedProviderDescriptor.getProviderID());
                }
            } else {
                fSLogoutResponse.setStatus(str2);
                fSLogoutResponse.setProviderId(fSHostedProviderDescriptor.getProviderID());
            }
            fSLogoutResponse.setMinorVersion(i);
            String uRLEncodedQueryString = fSLogoutResponse.toURLEncodedQueryString();
            if (FSServiceUtils.isSigningOn()) {
                String keyInfo = fSHostedProviderDescriptor.getKeyInfo();
                if (keyInfo == null || keyInfo.equals("")) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: signSAMLRequest:couldn't obtain this site's cert alias.");
                    }
                    throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
                }
                uRLEncodedQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, keyInfo);
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str);
            if (str.indexOf(63) == -1) {
                stringBuffer.append('?');
            } else {
                stringBuffer.append('&');
            }
            stringBuffer.append(uRLEncodedQueryString);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("Response to be sent : ").append(stringBuffer.toString()).toString());
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            return null;
        }
    }

    public void returnLocallyAfterLogout(HttpServletResponse httpServletResponse, String str, boolean z) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str);
            stringBuffer.append(str.indexOf(63) < 0 ? '?' : '&');
            stringBuffer.append(IFSConstants.LOGOUT_STATUS);
            stringBuffer.append('=');
            if (z) {
                stringBuffer.append(IFSConstants.LOGOUT_SUCCESS);
            } else {
                stringBuffer.append(IFSConstants.LOGOUT_FAILURE);
            }
            httpServletResponse.sendRedirect(stringBuffer.toString());
        } catch (IOException e) {
            FSUtils.debug.error(new StringBuffer().append("Redirect failed. Control halted").append(e.getMessage()).toString());
        }
    }

    private boolean verifyLogoutSignature(HttpServletRequest httpServletRequest, FSProviderDescriptor fSProviderDescriptor) throws SAMLException, FSException {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSProcessLogoutServlet::verifyLogoutSignature");
        }
        String keyInfo = fSProviderDescriptor.getKeyInfo();
        if (keyInfo == null || keyInfo.equals("")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSProcessLogoutServlet.verifyLogoutSignature: couldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("The certAlias is : ").append(keyInfo).toString());
        }
        if (!FSSignatureUtil.verifyRequestSignature(httpServletRequest, keyInfo)) {
            FSUtils.debug.error("Logout request is not properly signed");
            return false;
        }
        if (!FSUtils.debug.messageEnabled()) {
            return true;
        }
        FSUtils.debug.message("Logout request is properly signed");
        return true;
    }

    private void showBadRequestErrorPage(HttpServletResponse httpServletResponse, String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        stringBuffer.append(str.indexOf(63) < 0 ? '?' : '&');
        stringBuffer.append(IFSConstants.FEDERROR);
        stringBuffer.append('=');
        stringBuffer.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_IMPROPER)));
        stringBuffer.append('&');
        stringBuffer.append(IFSConstants.FEDREMARK);
        stringBuffer.append('=');
        stringBuffer.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED)));
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("Redirecting to Error page : ").append(stringBuffer.toString()).toString());
        }
        try {
            httpServletResponse.sendRedirect(stringBuffer.toString());
        } catch (IOException e) {
            FSUtils.debug.error("Failed to redirect to error page");
        }
    }
}
