package com.sun.identity.saml.servlet;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.services.ldap.DSConfigMgr;
import com.iplanet.services.util.Base64;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.liberty.ws.soapbinding.SOAPBindingConstants;
import com.sun.identity.saml.AssertionManager;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AssertionIDReference;
import com.sun.identity.saml.common.LogUtils;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLRequestVersionTooHighException;
import com.sun.identity.saml.common.SAMLRequestVersionTooLowException;
import com.sun.identity.saml.common.SAMLRequesterException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.AssertionArtifact;
import com.sun.identity.saml.protocol.Query;
import com.sun.identity.saml.protocol.Request;
import com.sun.identity.saml.protocol.Response;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.messaging.JAXMServlet;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPMessage;
import org.apache.bcel.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:115766-05/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/servlet/SAMLSOAPReceiver.class */
public class SAMLSOAPReceiver extends JAXMServlet {
    private static MessageFactory msgFactory = null;
    private static SAMLConstants sc = null;
    public static String localSAMLServiceID = null;
    private static boolean nullRecipient = false;

    public void init(ServletConfig servletConfig) throws ServletException {
        String str = SystemProperties.get("com.iplanet.am.localserver.protocol");
        String str2 = SystemProperties.get("com.iplanet.am.localserver.host");
        String str3 = SystemProperties.get("com.iplanet.am.localserver.port");
        nullRecipient = Boolean.valueOf(SystemProperties.get("com.sun.identity.saml.response.nullrecipient")).booleanValue();
        localSAMLServiceID = new StringBuffer().append(str).append(ISAuthConstants.URL_SEPARATOR).append(str2).append(":").append(str3).toString();
        super.init(servletConfig);
        try {
            msgFactory = MessageFactory.newInstance();
        } catch (SOAPException e) {
            String string = SAMLUtils.bundle.getString("missingSoapMessageFactory");
            SAMLUtils.debug.error(string, e);
            LogUtils.error(Level.INFO, new StringBuffer().append(string).append(": ").append(e.getMessage()).toString());
            throw new ServletException(e.getMessage());
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (SAMLUtils.getMaxContentLength() != 0) {
            int contentLength = httpServletRequest.getContentLength();
            if (contentLength == -1) {
                throw new ServletException(SAMLUtils.bundle.getString("unknownLength"));
            }
            if (contentLength > SAMLUtils.getMaxContentLength()) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("content length too large").append(contentLength).toString());
                }
                throw new ServletException(SAMLUtils.bundle.getString("largeContentLength"));
            }
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        Set checkCaller = checkCaller(httpServletRequest, httpServletResponse);
        if (checkCaller == null) {
            SAMLUtils.debug.error(new StringBuffer().append("Error message from SOAP Receiver:").append(remoteAddr).append(" is untrusted site").toString());
            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("untrustedSite")).append(": ").append(remoteAddr).toString());
            httpServletResponse.sendError(403);
            return;
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(" got request from a trusted server, processing it now..");
        }
        try {
            SOAPMessage onMessage = onMessage(httpServletRequest, httpServletResponse, msgFactory.createMessage(JAXMServlet.getHeaders(httpServletRequest), httpServletRequest.getInputStream()), checkCaller);
            if (onMessage != null) {
                if (onMessage.saveRequired()) {
                    onMessage.saveChanges();
                }
                if (containsFault(onMessage)) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Contains a SOAPFault!");
                    }
                    httpServletResponse.setStatus(500);
                } else {
                    httpServletResponse.setStatus(Constants.GOTO_W);
                }
                JAXMServlet.putHeaders(onMessage.getMimeHeaders(), httpServletResponse);
                ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                onMessage.writeTo(outputStream);
                outputStream.flush();
            }
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    private boolean containsFault(SOAPMessage sOAPMessage) {
        try {
            return sOAPMessage.getSOAPPart().getEnvelope().getBody().hasFault();
        } catch (Exception e) {
            if (!SAMLUtils.debug.messageEnabled()) {
                return false;
            }
            SAMLUtils.debug.message("Error in containFault!");
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v49, types: [org.w3c.dom.Node] */
    private SOAPMessage onMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SOAPMessage sOAPMessage, Set set) {
        try {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("OnMessage called in receiving servlet");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            sOAPMessage.writeTo(byteArrayOutputStream);
            Document dOMDocument = XMLUtils.toDOMDocument(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), SAMLUtils.debug);
            Element documentElement = dOMDocument.getDocumentElement();
            String localName = dOMDocument.getDocumentElement().getLocalName();
            if (localName == null || localName.equals("")) {
                SAMLUtils.debug.error("Local name of the SOAPElement in  the SOAPMessage passed seems to be missing");
                return FormSOAPError(httpServletResponse, "Client", "nullInput", "LocalNameMissing");
            }
            if (!localName.equals("Envelope") || !documentElement.getNamespaceURI().equals("http://schemas.xmlsoap.org/soap/envelope/")) {
                SAMLUtils.debug.error("SOAPReceiver: Could not parse SOAPMessage, either root element is not Envelope or invalid name space or prefix");
                return FormSOAPError(httpServletResponse, "Client", "invalidElement", "envelopeInvalid");
            }
            NodeList childNodes = dOMDocument.getChildNodes();
            int length = childNodes.getLength();
            if (length <= 0) {
                SAMLUtils.debug.error("SOAPReceiver: Message does not have body");
                return FormSOAPError(httpServletResponse, "Client", "missingBody", null);
            }
            Element element = null;
            for (int i = 0; i < length; i++) {
                element = childNodes.item(i);
                if (element.getNodeType() == 1 && element.getLocalName().equals(SOAPBindingConstants.TAG_BODY)) {
                    break;
                }
            }
            Response extractProcessRequest = extractProcessRequest(httpServletRequest, element, set);
            if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_RESPONSE)).booleanValue()) {
                extractProcessRequest.signXML();
            }
            return FormMessageResponse(httpServletResponse, extractProcessRequest);
        } catch (Exception e) {
            SAMLUtils.debug.error("Error in processing Request", e);
            return FormSOAPError(httpServletResponse, DSConfigMgr.SERVER, "cannotProcessRequest", null);
        }
    }

    private Response extractProcessRequest(HttpServletRequest httpServletRequest, Element element, Set set) {
        Response response = null;
        String generateID = SAMLUtils.generateID();
        String str = null;
        ArrayList arrayList = new ArrayList();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String str2 = nullRecipient ? null : remoteAddr;
        String stringBuffer = new StringBuffer().append(SAMLUtils.bundle.getString("invalidRequestLogMessage")).append(" ").append(remoteAddr).append(": ").toString();
        String stringBuffer2 = new StringBuffer().append(SAMLUtils.bundle.getString("responseLogMessage")).append(" ").append(remoteAddr).append(": ").toString();
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:protocol", "Request");
        int length = elementsByTagNameNS.getLength();
        if (length == 0) {
            SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
            try {
                response = new Response(generateID, null, new Status(new StatusCode("samlp:Requester"), SAMLUtils.bundle.getString("missingRequest"), null), str2, arrayList);
            } catch (SAMLException e) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e.getMessage()).toString());
            }
            LogUtils.error(Level.INFO, new StringBuffer().append(stringBuffer).append(response.toString()).toString());
            return response;
        }
        boolean z = false;
        Request request = null;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Node item = elementsByTagNameNS.item(i);
            if (item.getNodeType() == 1 && item.getLocalName().equals("Request")) {
                try {
                    request = new Request((Element) item);
                    SAMLUtils.debug.message("found request ");
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append(" Received Request:").append(request.toString()).toString());
                    }
                    LogUtils.access(Level.FINE, new StringBuffer().append(SAMLUtils.bundle.getString("requestLogMessage")).append(" ").append(remoteAddr).append(": ").append(request.toString()).toString());
                    str = request.getRequestID();
                    z = true;
                } catch (SAMLRequestVersionTooHighException e2) {
                    StringTokenizer stringTokenizer = new StringTokenizer(new String(e2.getMessage()), "|");
                    String nextToken = stringTokenizer.nextToken();
                    String nextToken2 = stringTokenizer.nextToken();
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("SOAPReceiver:setting status to samlp:VersionMismatch ").append(nextToken2).toString());
                    }
                    try {
                        response = new Response(generateID, nextToken, new Status(new StatusCode("samlp:RequestVersionTooHigh"), nextToken2, null), str2, arrayList);
                    } catch (SAMLException e3) {
                        SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e3.getMessage()).toString());
                    }
                    LogUtils.error(Level.INFO, new StringBuffer().append(stringBuffer).append(response.toString()).toString());
                    return response;
                } catch (SAMLRequestVersionTooLowException e4) {
                    StringTokenizer stringTokenizer2 = new StringTokenizer(new String(e4.getMessage()), "|");
                    String nextToken3 = stringTokenizer2.nextToken();
                    String nextToken4 = stringTokenizer2.nextToken();
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("SOAPReceiver:setting status to samlp:VersionMismatch ").append(nextToken4).toString());
                    }
                    try {
                        response = new Response(generateID, nextToken3, new Status(new StatusCode("samlp:RequestVersionTooLow"), nextToken4, null), str2, arrayList);
                    } catch (SAMLException e5) {
                        SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e5.getMessage()).toString());
                    }
                    LogUtils.error(Level.INFO, new StringBuffer().append(stringBuffer).append(response.toString()).toString());
                    return response;
                } catch (SAMLRequesterException e6) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("SOAPReceiver:setting status to samlp:Requester ").append(e6.getMessage()).toString());
                    }
                    try {
                        response = new Response(generateID, str, new Status(new StatusCode("samlp:Requester"), new String(e6.getMessage()), null), str2, arrayList);
                    } catch (SAMLException e7) {
                        SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e7.getMessage()).toString());
                    }
                    LogUtils.error(Level.INFO, new StringBuffer().append(stringBuffer).append(response.toString()).toString());
                    return response;
                } catch (Exception e8) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("SOAPReceiver:setting status to samlp:Responder ").append(e8.getMessage()).toString());
                    }
                    try {
                        response = new Response(generateID, str, new Status(new StatusCode("samlp:Responder"), new String(e8.getMessage()), null), str2, arrayList);
                    } catch (SAMLException e9) {
                        SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e9.getMessage()).toString());
                    }
                    LogUtils.error(Level.INFO, new StringBuffer().append(stringBuffer).append(response.toString()).toString());
                    return response;
                }
            } else {
                i++;
            }
        }
        if (!z) {
            SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
            try {
                response = new Response(generateID, str, new Status(new StatusCode("samlp:Requester"), SAMLUtils.bundle.getString("missingRequest"), null), str2, arrayList);
            } catch (SAMLException e10) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e10.getMessage()).toString());
            }
            LogUtils.error(Level.INFO, new StringBuffer().append(stringBuffer).append(response.toString()).toString());
            return response;
        }
        if (!request.isSignatureValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: couldn't verify the signature on Request.");
            }
            try {
                response = new Response(generateID, str, new Status(new StatusCode("samlp:Requester"), SAMLUtils.bundle.getString("cannotVerifyRequest"), null), str2, arrayList);
                response.setMajorVersion(request.getMajorVersion());
                response.setMinorVersion(request.getMinorVersion());
            } catch (SAMLException e11) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e11.getMessage()).toString());
                LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e11.getMessage()).toString());
            }
            LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
            return response;
        }
        int contentType = request.getContentType();
        if (contentType == -1) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver:Found element in the request which are not supported");
            }
            try {
                response = new Response(generateID, str, new Status(new StatusCode("samlp:Responder"), SAMLUtils.bundle.getString("unsupportedElement"), null), str2, arrayList);
                response.setMajorVersion(request.getMajorVersion());
                response.setMinorVersion(request.getMinorVersion());
            } catch (SAMLException e12) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e12.getMessage()).toString());
                LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e12.getMessage()).toString());
            }
            LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
            return response;
        }
        List respondWith = request.getRespondWith();
        if (!parseRespondWith(respondWith)) {
            SAMLUtils.debug.error("SOAPReceiver:Supported statements are not present in the RespondWith element.");
            try {
                response = new Response(generateID, str, new Status(new StatusCode("samlp:Responder"), SAMLUtils.bundle.getString("unsupportedStatement"), null), str2, arrayList);
                response.setMajorVersion(request.getMajorVersion());
                response.setMinorVersion(request.getMinorVersion());
            } catch (SAMLException e13) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e13.getMessage()).toString());
                LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e13.getMessage()).toString());
            }
            LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
            return response;
        }
        try {
            AssertionManager assertionManager = AssertionManager.getInstance();
            List list = null;
            ArrayList arrayList2 = new ArrayList();
            if (contentType == 3) {
                list = request.getAssertionArtifact();
                int size = list.size();
                for (int i2 = 0; i2 < size; i2++) {
                    if (!isThisSiteID(((AssertionArtifact) list.get(i2)).getSourceID())) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("SOAPReceiver:Artifact has invalid SourceID");
                        }
                        try {
                            response = new Response(generateID, str, new Status(new StatusCode("samlp:Requester"), SAMLUtils.bundle.getString("mismatchSourceID"), null), str2, arrayList);
                            response.setMajorVersion(request.getMajorVersion());
                            response.setMinorVersion(request.getMinorVersion());
                        } catch (SAMLException e14) {
                            SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response: ").append(e14.getMessage()).toString());
                            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e14.getMessage()).toString());
                        }
                        LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
                        return response;
                    }
                }
                for (int i3 = 0; i3 < size; i3++) {
                    try {
                        Assertion assertion = assertionManager.getAssertion((AssertionArtifact) list.get(i3), set);
                        if (assertion != null) {
                            arrayList2.add(i3, assertion);
                        }
                    } catch (SAMLException e15) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("SOAPReceiver: could not find matching assertion");
                        }
                        try {
                            response = new Response(generateID, str, new Status(new StatusCode("samlp:Success"), e15.getMessage(), null), str2, arrayList);
                            response.setMajorVersion(request.getMajorVersion());
                            response.setMinorVersion(request.getMinorVersion());
                        } catch (SAMLException e16) {
                            SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response: ").append(e16.getMessage()).toString());
                            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e16.getMessage()).toString());
                        }
                        LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
                        return response;
                    }
                }
            } else if (contentType == 2) {
                List assertionIDReference = request.getAssertionIDReference();
                int size2 = assertionIDReference.size();
                for (int i4 = 0; i4 < size2; i4++) {
                    try {
                        Assertion assertion2 = assertionManager.getAssertion((AssertionIDReference) assertionIDReference.get(i4), set);
                        if (assertion2 != null) {
                            arrayList2.add(i4, assertion2);
                        }
                    } catch (SAMLException e17) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("SOAPReceiver: could not find matching assertion");
                        }
                        try {
                            response = new Response(generateID, str, new Status(new StatusCode("samlp:Success"), e17.getMessage(), null), str2, arrayList);
                            response.setMajorVersion(request.getMajorVersion());
                            response.setMinorVersion(request.getMinorVersion());
                        } catch (SAMLException e18) {
                            SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response: ").append(e18.getMessage()).toString());
                            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e18.getMessage()).toString());
                        }
                        LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
                        return response;
                    }
                }
            } else {
                if (contentType != 0 && contentType != 1 && contentType != 4) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:Request contents has element which is not supported at this time");
                    }
                    try {
                        response = new Response(generateID, str, new Status(new StatusCode("samlp:Responder"), SAMLUtils.bundle.getString("unsupportedElement"), null), str2, arrayList);
                        response.setMajorVersion(request.getMajorVersion());
                        response.setMinorVersion(request.getMinorVersion());
                    } catch (SAMLException e19) {
                        SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e19.getMessage()).toString());
                        LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e19.getMessage()).toString());
                    }
                    LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
                    return response;
                }
                Query query = request.getQuery();
                if (query != null) {
                    try {
                        Assertion assertion3 = assertionManager.getAssertion(query, (String) set.iterator().next());
                        if (assertion3 != null) {
                            arrayList2.add(assertion3);
                        }
                    } catch (SAMLException e20) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("SOAPReceiver: could not find matching assertion");
                        }
                        try {
                            response = new Response(generateID, str, new Status(new StatusCode("samlp:Success"), e20.getMessage(), null), str2, arrayList);
                            response.setMajorVersion(request.getMajorVersion());
                            response.setMinorVersion(request.getMinorVersion());
                        } catch (SAMLException e21) {
                            SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal  error, cannot create status or  response: ").append(e21.getMessage()).toString());
                            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e21.getMessage()).toString());
                        }
                        LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
                        return response;
                    }
                }
            }
            int size3 = arrayList2.size();
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("found ").append(size3).append(" assertions.").toString());
            }
            for (int i5 = 0; i5 < size3; i5++) {
                Response validateStatements = validateStatements((Assertion) arrayList2.get(i5), respondWith, arrayList, i5, generateID, str, str2);
                if (validateStatements != null) {
                    LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(validateStatements.toString()).toString());
                    response.setMajorVersion(request.getMajorVersion());
                    response.setMinorVersion(request.getMinorVersion());
                    return validateStatements;
                }
            }
            if (contentType != 3) {
                try {
                    response = new Response(generateID, str, new Status(new StatusCode("samlp:Success"), null, null), str2, arrayList);
                    response.setMajorVersion(request.getMajorVersion());
                    response.setMinorVersion(request.getMinorVersion());
                } catch (SAMLException e22) {
                    SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e22.getMessage()).toString());
                    LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e22.getMessage()).toString());
                }
                if (LogUtils.isLoggable(Level.FINER)) {
                    LogUtils.access(Level.FINER, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
                } else {
                    LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.getResponseID()).toString());
                }
                return response;
            }
            if (arrayList.size() != list.size()) {
                try {
                    response = new Response(generateID, str, new Status(new StatusCode("samlp:Success"), SAMLUtils.bundle.getString("unequalMatch"), null), str2, arrayList);
                    response.setMajorVersion(request.getMajorVersion());
                    response.setMinorVersion(request.getMinorVersion());
                } catch (SAMLException e23) {
                    SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e23.getMessage()).toString());
                    LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e23.getMessage()).toString());
                }
                LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
                return response;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: Matching Assertion found");
            }
            try {
                response = new Response(generateID, str, new Status(new StatusCode("samlp:Success"), null, null), str2, arrayList);
                response.setMajorVersion(request.getMajorVersion());
                response.setMinorVersion(request.getMinorVersion());
            } catch (SAMLException e24) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e24.getMessage()).toString());
                LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e24.getMessage()).toString());
            }
            LogUtils.access(Level.FINE, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
            return response;
        } catch (SAMLException e25) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: Cannot instantiate AssertionManager");
            }
            try {
                response = new Response(generateID, str, new Status(new StatusCode("samlp:Responder"), e25.getMessage(), null), str2, arrayList);
                response.setMajorVersion(request.getMajorVersion());
                response.setMinorVersion(request.getMinorVersion());
            } catch (SAMLException e26) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response: ").append(e26.getMessage()).toString());
                LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e26.getMessage()).toString());
            }
            LogUtils.access(Level.INFO, new StringBuffer().append(stringBuffer2).append(response.toString()).toString());
            return response;
        }
    }

    private SOAPMessage FormSOAPError(HttpServletResponse httpServletResponse, String str, String str2, String str3) {
        SOAPMessage sOAPMessage = null;
        try {
            sOAPMessage = msgFactory.createMessage();
            SOAPEnvelope envelope = sOAPMessage.getSOAPPart().getEnvelope();
            SOAPFault addFault = envelope.getBody().addFault();
            addFault.setFaultCode(str);
            addFault.setFaultString(SAMLUtils.bundle.getString(str2));
            if (str3 != null && !str3.equals("")) {
                addFault.addDetail().addDetailEntry(envelope.createName("Problem")).addAttribute(envelope.createName("details"), SAMLUtils.bundle.getString(str3));
            }
        } catch (SOAPException e) {
            SAMLUtils.debug.error(new StringBuffer().append("FormSOAPError:").append(e.getMessage()).toString());
            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("soapFaultError")).append(": ").append(e.getMessage()).toString());
            httpServletResponse.setStatus(500);
        }
        return sOAPMessage;
    }

    private SOAPMessage FormMessageResponse(HttpServletResponse httpServletResponse, Response response) {
        MimeHeaders mimeHeaders = new MimeHeaders();
        mimeHeaders.addHeader("Content-Type", "text/xml");
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append("<").append("soap-env").append(":Envelope").append(" ").append("xmlns:").append("soap-env").append("=\"").append("http://schemas.xmlsoap.org/soap/envelope/").append("\">").append("\n");
        stringBuffer.append("<").append("soap-env").append(":Body>").append("\n");
        StringBuffer stringBuffer2 = new StringBuffer(100);
        stringBuffer2.append("</").append("soap-env").append(":Body>").append("\n");
        stringBuffer2.append("</").append("soap-env").append(":Envelope>").append("\n");
        try {
            StringBuffer stringBuffer3 = new StringBuffer(300);
            stringBuffer3.append((Object) stringBuffer).append(response.toString()).append((Object) stringBuffer2);
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("response created is: ").append(stringBuffer3.toString()).toString());
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(stringBuffer3.toString().getBytes("UTF-8"));
            return msgFactory.createMessage(mimeHeaders, new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        } catch (Exception e) {
            SAMLUtils.debug.error(new StringBuffer().append("could not build response:").append(e.getMessage()).toString());
            httpServletResponse.setStatus(500);
            return FormSOAPError(httpServletResponse, DSConfigMgr.SERVER, "cannotBuildResponse", "cannotVerifyIdentity");
        }
    }

    private Response validateStatements(Assertion assertion, List list, List list2, int i, String str, String str2, String str3) {
        Set statement = assertion.getStatement();
        int size = statement.size();
        Response response = null;
        if (statement.isEmpty() || size == 0) {
            SAMLUtils.debug.error("SOAPReceiver: Assertion found does not have any statements in it");
            try {
                response = new Response(str, str2, new Status(new StatusCode("samlp:Responder"), SAMLUtils.bundle.getString("missingStatement"), null), str3, list2);
            } catch (SAMLException e) {
                SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error, cannot create status or response:").append(e.getMessage()).toString());
                LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e.getMessage()).toString());
            }
            return response;
        }
        boolean z = false;
        if (list.size() == 0) {
            list2.add(i, assertion);
        } else {
            z = !checkAgainstRespondWith(list, statement);
            if (!z) {
                list2.add(i, assertion);
            }
        }
        if (!z) {
            return null;
        }
        SAMLUtils.debug.error("SOAPReceiver: Assertion does not  meet respondWith criteria in the received Request");
        try {
            return new Response(str, str2, new Status(new StatusCode("samlp:Success"), SAMLUtils.bundle.getString("mismatchRespondWith"), null), str3, list2);
        } catch (SAMLException e2) {
            SAMLUtils.debug.error(new StringBuffer().append("SOAPReceiver:Fatal error,  cannot create status or response:").append(e2.getMessage()).toString());
            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e2.getMessage()).toString());
            return null;
        }
    }

    private boolean parseRespondWith(List list) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            int indexOf = str.indexOf(":");
            if (indexOf == -1 || indexOf == 0) {
                return false;
            }
            if (!str.endsWith(":AuthenticationStatement") && !str.endsWith(":AuthorizationDecisionStatement") && !str.endsWith(":AttributeStatement")) {
                return false;
            }
        }
        return true;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to find switch 'out' block (already processed)
        	at jadx.core.dex.visitors.regions.RegionMaker.calcSwitchOut(RegionMaker.java:923)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:797)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:740)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeEndlessLoop(RegionMaker.java:411)
        	at jadx.core.dex.visitors.regions.RegionMaker.processLoop(RegionMaker.java:201)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:135)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processLoop(RegionMaker.java:263)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:135)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:52)
        */
    private boolean checkAgainstRespondWith(java.util.List r5, java.util.Set r6) {
        /*
            r4 = this;
            r0 = 0
            r7 = r0
            r0 = r6
            java.util.Iterator r0 = r0.iterator()
            r8 = r0
            goto Lda
        Ld:
            r0 = 0
            r7 = r0
            r0 = r8
            java.lang.Object r0 = r0.next()
            com.sun.identity.saml.assertion.Statement r0 = (com.sun.identity.saml.assertion.Statement) r0
            r9 = r0
            r0 = r5
            java.util.Iterator r0 = r0.iterator()
            r10 = r0
            goto Lc1
        L26:
            r0 = r10
            java.lang.Object r0 = r0.next()
            java.lang.String r0 = (java.lang.String) r0
            r11 = r0
            com.iplanet.am.util.Debug r0 = com.sun.identity.saml.common.SAMLUtils.debug
            java.lang.StringBuffer r1 = new java.lang.StringBuffer
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "matching respondWith element:"
            java.lang.StringBuffer r1 = r1.append(r2)
            r2 = r11
            java.lang.StringBuffer r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.message(r1)
            r0 = r9
            int r0 = r0.getStatementType()
            switch(r0) {
                case 1: goto L6c;
                case 2: goto L84;
                case 3: goto L9c;
                default: goto Lb1;
            }
        L6c:
            r0 = r11
            java.lang.String r1 = ":AuthenticationStatement"
            boolean r0 = r0.endsWith(r1)
            if (r0 == 0) goto Lb1
            com.iplanet.am.util.Debug r0 = com.sun.identity.saml.common.SAMLUtils.debug
            java.lang.String r1 = "matching auth st"
            r0.message(r1)
            r0 = 1
            r7 = r0
            goto Lb1
        L84:
            r0 = r11
            java.lang.String r1 = ":AuthorizationDecisionStatement"
            boolean r0 = r0.endsWith(r1)
            if (r0 == 0) goto Lb1
            com.iplanet.am.util.Debug r0 = com.sun.identity.saml.common.SAMLUtils.debug
            java.lang.String r1 = "matching authz st"
            r0.message(r1)
            r0 = 1
            r7 = r0
            goto Lb1
        L9c:
            r0 = r11
            java.lang.String r1 = ":AttributeStatement"
            boolean r0 = r0.endsWith(r1)
            if (r0 == 0) goto Lb1
            com.iplanet.am.util.Debug r0 = com.sun.identity.saml.common.SAMLUtils.debug
            java.lang.String r1 = "matching attrib st"
            r0.message(r1)
            r0 = 1
            r7 = r0
        Lb1:
            r0 = r7
            if (r0 == 0) goto Lc1
            com.iplanet.am.util.Debug r0 = com.sun.identity.saml.common.SAMLUtils.debug
            java.lang.String r1 = "match found"
            r0.message(r1)
            goto Lcb
        Lc1:
            r0 = r10
            boolean r0 = r0.hasNext()
            if (r0 != 0) goto L26
        Lcb:
            r0 = r7
            if (r0 != 0) goto Lda
            com.iplanet.am.util.Debug r0 = com.sun.identity.saml.common.SAMLUtils.debug
            java.lang.String r1 = "mismatch found"
            r0.message(r1)
            r0 = 0
            return r0
        Lda:
            r0 = r8
            boolean r0 = r0.hasNext()
            if (r0 != 0) goto Ld
            r0 = 1
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.saml.servlet.SAMLSOAPReceiver.checkAgainstRespondWith(java.util.List, java.util.Set):boolean");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set checkCaller(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        String str = null;
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(new StringBuffer().append("caller's IP:").append(remoteAddr).toString());
        }
        X509Certificate[] x509CertificateArr = null;
        try {
            x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        } catch (Exception e) {
            SAMLUtils.debug.error("SAMLSOAPReceiver: Exception", e);
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            str = remoteAddr;
        } else {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("SAMLSOAPReceiver: got all certs from HttpServletRequest =").append(x509CertificateArr.length).toString());
            }
            SAMLServiceManager.CertEntry matchingCertEntry = SAMLServiceManager.getMatchingCertEntry(x509CertificateArr[0]);
            if (matchingCertEntry != null) {
                str = matchingCertEntry.getNickName();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("Found matching nickname:").append(str).toString());
                }
            }
        }
        Set partnerSourceID = getPartnerSourceID(str);
        if (partnerSourceID == null || partnerSourceID.isEmpty()) {
            return null;
        }
        return partnerSourceID;
    }

    private static Set getPartnerSourceID(String str) {
        Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
        if (map == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (Map.Entry entry : map.entrySet()) {
            Set hostSet = ((SAMLServiceManager.SOAPEntry) entry.getValue()).getHostSet();
            if (hostSet != null && hostSet.contains(str)) {
                hashSet.add((String) entry.getKey());
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("getPartnerSourceID: found a matching sid=").append(Base64.encode(SAMLUtils.stringToByteArray((String) entry.getKey()))).toString());
                }
            }
        }
        return hashSet;
    }

    private boolean isThisSiteID(String str) {
        return ((String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID)).equals(str);
    }
}
