package com.sun.identity.federation.services.fednsso;

import com.iplanet.am.util.XMLUtils;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.alliance.FSAllianceManager;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSRequest;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.message.common.IDPProvidedNameIdentifier;
import com.sun.identity.federation.services.FSSOAPService;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:115766-05/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/fednsso/FSBrowserArtifactConsumerHandler.class */
public class FSBrowserArtifactConsumerHandler extends FSAssertionArtifactHandler {
    private FSRequest samlRequest;

    protected FSBrowserArtifactConsumerHandler() {
        this.samlRequest = null;
    }

    public FSBrowserArtifactConsumerHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSProviderDescriptor fSProviderDescriptor, boolean z, String str) {
        super(httpServletRequest, httpServletResponse, fSProviderDescriptor, z, str);
        this.samlRequest = null;
    }

    public FSBrowserArtifactConsumerHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSProviderDescriptor fSProviderDescriptor, String str, FSRequest fSRequest) {
        super(httpServletRequest, httpServletResponse, fSProviderDescriptor, false, str);
        this.samlRequest = null;
        this.samlRequest = fSRequest;
        if (fSProviderDescriptor.getMinorVersion() == 2) {
            this.samlRequest.setMinorVersion(1);
        } else {
            this.samlRequest.setMinorVersion(0);
        }
    }

    @Override // com.sun.identity.federation.services.fednsso.FSAssertionArtifactHandler
    public void processSAMLRequest() {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLRequest: Called");
        }
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(this.request), null, null, this.request, FSServiceUtils.getBaseURL(this.request));
        try {
            FSSOAPService fSSOAPService = FSSOAPService.getInstance();
            this.samlRequest.setID(this.samlRequest.getRequestID());
            SOAPMessage bindSAMLRequest = fSSOAPService.bindSAMLRequest(this.samlRequest);
            if (FSServiceUtils.isSigningOn()) {
                Document document = (Document) FSServiceUtils.createSOAPDOM(bindSAMLRequest);
                FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
                if (allianceInstance == null) {
                    FSUtils.debug.error("FSBrowserArtifactConsumerHandler.processSAMLRequest: could not create alliance instance");
                    FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                    return;
                }
                String keyInfo = allianceInstance.getProvider(this.hostProviderId).getKeyInfo();
                if (keyInfo == null) {
                    FSUtils.debug.error("FSBrowserArtifactConsumerHandler.processSAMLRequest: couldn't obtain this site's cert alias.");
                    FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                    return;
                }
                FSUtils.debug.message(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLRequest: certAlias: ").append(keyInfo).toString());
                XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
                String id = this.samlRequest.getID();
                int minorVersion = this.samlRequest.getMinorVersion();
                if (minorVersion == 0) {
                    xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), "id", id, false);
                } else if (minorVersion == 1) {
                    xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), "RequestID", this.samlRequest.getRequestID(), false);
                } else if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("invalid minor version.");
                }
                bindSAMLRequest = FSServiceUtils.convertDOMToSOAP(document);
            }
            SOAPMessage doSyncCall = fSSOAPService.doSyncCall(this.response, bindSAMLRequest, this.idpDescriptor, false);
            if (doSyncCall == null) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLRequest: ").append(FSUtils.bundle.getString("invalidSOAPResponse")).append(" Response SOAPMessage is null").toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("noReplyfromSOAPReceiver"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                return;
            }
            Element parseSOAPMessage = fSSOAPService.parseSOAPMessage(doSyncCall);
            if (parseSOAPMessage != null && parseSOAPMessage.getTagName().trim().equalsIgnoreCase("soap_env:Fault")) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLRequest: ").append(FSUtils.bundle.getString("invalidSOAPResponse")).append(" SOAPFault occured").toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidSOAPResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
            } else {
                if (parseSOAPMessage == null || !parseSOAPMessage.getLocalName().trim().equalsIgnoreCase(AuthXMLTags.RESPONSE)) {
                    FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLRequest: ").append(FSUtils.bundle.getString("invalidSOAPResponse")).append(" SOAP response does not contain samlp:Response").toString());
                    FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidSOAPResponse"));
                    FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                    return;
                }
                FSResponse fSResponse = new FSResponse(parseSOAPMessage);
                if (fSResponse != null) {
                    processSAMLResponse(fSResponse);
                    return;
                }
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLRequest: ").append(FSUtils.bundle.getString("invalidSOAPResponse")).append(" Could not create SAML Response").toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidSOAPResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
            }
        } catch (Exception e) {
            StringWriter stringWriter = new StringWriter();
            e.printStackTrace(new PrintWriter(stringWriter));
            FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLRequest: Exception occured: ").append(e.getMessage()).append("\n").append(stringWriter.getBuffer().toString()).toString());
            FSUtils.error("FSBrowserArtifactConsumerHandler", e.getMessage());
            try {
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
            } catch (Exception e2) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLRequest: IOException occured: ").append(e2.getMessage()).toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", e2.getMessage());
            }
        }
    }

    private void processSAMLResponse(FSResponse fSResponse) {
        int i;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLResponse: Called");
        }
        String baseURL = FSServiceUtils.getBaseURL(this.request);
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(this.request), null, null, this.request, baseURL);
        try {
            if (fSResponse == null) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: null input ").append(FSUtils.bundle.getString("missingResponse")).toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("missingResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                return;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: Received ").append(fSResponse.toXMLString()).toString());
            }
            if (!verifyResponseStatus(fSResponse)) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: verify Status failed ").append(FSUtils.bundle.getString("invalidResponse")).toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                return;
            }
            List assertion = fSResponse.getAssertion();
            if (assertion == null || assertion.size() <= 0) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse").append(FSUtils.bundle.getString("invalidResponse")).append(": No assertion found inside the AuthnResponse").toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                return;
            }
            FSAssertion fSAssertion = (FSAssertion) assertion.iterator().next();
            FSAuthnRequest inResponseToRequest = getInResponseToRequest(fSAssertion.getInResponseTo());
            if (inResponseToRequest == null) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: ").append(FSUtils.bundle.getString("invalidResponse")).append(": Assertion does not correspond to any AuthnRequest").toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
                return;
            }
            this.authnRequest = inResponseToRequest;
            this.relayState = this.authnRequest.getRelayState();
            this.doFederate = this.authnRequest.getFederate();
            String commonLoginPageURL2 = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(this.request), this.authnRequest.getRelayState(), null, this.request, baseURL);
            FSProviderDescriptor provider = getProvider(fSAssertion.getInResponseTo());
            if (provider == null || !provider.getProviderID().equals(this.idpDescriptor.getProviderID())) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: ").append(FSUtils.bundle.getString("invalidAssertion")).append(": Assertion does not correspond to any IDP").toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidAssertion"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL2);
                return;
            }
            FSSubject fSSubject = (FSSubject) validateAssertions(assertion);
            if (fSSubject == null) {
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: validateAssertions failed: ").append(FSUtils.bundle.getString("invalidAssertion")).toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidAssertion"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL2);
                return;
            }
            if (this.doFederate) {
                IDPProvidedNameIdentifier iDPProvidedNameIdentifier = fSSubject.getIDPProvidedNameIdentifier();
                if (iDPProvidedNameIdentifier == null) {
                    FSUtils.debug.error("FSBrowserArtifactConsumerHandler.processSAMLResponse: Single Sign-On failed. NameIdentifier of the subject is null: ");
                    FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("SingleSignOnFailed"));
                    throw new FSException("NameIdentifier of the subject is null");
                }
                if (doAccountFederation(iDPProvidedNameIdentifier)) {
                    FSSessionManager.getInstance(this.hostProviderId).removeAuthnRequest(fSAssertion.getInResponseTo());
                    return;
                }
                FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: ").append(FSUtils.bundle.getString("AccountFederationFailed")).toString());
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("AccountFederationFailed"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL2);
                return;
            }
            FSSessionManager.getInstance(this.hostProviderId).removeAuthnRequest(fSAssertion.getInResponseTo());
            IDPProvidedNameIdentifier iDPProvidedNameIdentifier2 = fSSubject.getIDPProvidedNameIdentifier();
            NameIdentifier nameIdentifier = fSSubject.getNameIdentifier();
            if (iDPProvidedNameIdentifier2 == null || nameIdentifier == null) {
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL2);
                return;
            }
            String name = iDPProvidedNameIdentifier2.getName();
            String name2 = nameIdentifier.getName();
            if (name == null || name2 == null) {
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("invalidResponse"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL2);
                return;
            }
            if (name.equals(name2)) {
                nameIdentifier = iDPProvidedNameIdentifier2;
                i = 1;
            } else {
                i = 0;
            }
            if (nameIdentifier == null) {
                FSUtils.debug.error("FSBrowserArtifactConsumerHandler.processSAMLResponse: SingleSignOnFailed");
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("SingleSignOnFailed"));
                throw new FSException("NameIdentifier of the subject is null");
            }
            String associatedOrgDN = this.localConfig.getAssociatedOrgDN();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: oh=").append(nameIdentifier.getName()).append(" sd=").append(nameIdentifier.getNameQualifier()).toString());
            }
            if (doSingleSignOn(nameIdentifier, i, associatedOrgDN)) {
                return;
            }
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler.processSAMLResponse: SingleSignOnFailed");
            FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("SingleSignOnFailed"));
            FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL2);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.processSAMLResponse: Exception occured: ").append(e.getMessage()).toString());
            FSUtils.error("FSBrowserArtifactConsumerHandler", e.getMessage());
        }
    }

    @Override // com.sun.identity.federation.services.fednsso.FSAssertionArtifactHandler
    protected void redirectToResource(String str) throws FSException {
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(this.request), this.authnRequest.getRelayState(), null, this.request, FSServiceUtils.getBaseURL(this.request));
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSBrowserArtifactConsumerHandler.redirectToResource: Called");
            }
            if (str == null) {
                FSUtils.debug.error("FSBrowserArtifactConsumerHandler.redirectToResource: Resource URL is null");
                FSUtils.error("FSBrowserArtifactConsumerHandler", FSUtils.bundle.getString("nullInputParameter"));
                FSUtils.forwardRequest(this.request, this.response, commonLoginPageURL);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSBrowserArtifactConsumerHandler.redirectToResource: User's Authentication Assertion verified redirecting to Resource:").append(str).toString());
            }
            this.response.setContentType("text/html");
            this.response.sendRedirect(str);
        } catch (IOException e) {
            throw new FSException(e.getMessage());
        }
    }

    @Override // com.sun.identity.federation.services.fednsso.FSAssertionArtifactHandler
    protected FSAuthnRequest getInResponseToRequest(String str) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
        }
        this.authnRequest = FSSessionManager.getInstance(this.hostProviderId).getAuthnRequest(str);
        return this.authnRequest;
    }

    @Override // com.sun.identity.federation.services.fednsso.FSAssertionArtifactHandler
    protected FSProviderDescriptor getProvider(String str) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getProvider: Called");
        }
        return FSSessionManager.getInstance(this.hostProviderId).getProviderDescriptor(str);
    }

    protected FSRequest signSAMLRequest(FSRequest fSRequest) throws SAMLException {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.signSAMLRequest: Called");
        }
        if (fSRequest.isSigned()) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSBrowserArtifactConsumerHandler.signSAMLRequest: the request is already signed.");
            }
            throw new SAMLException(FSUtils.bundle.getString("alreadySigned"));
        }
        try {
            String keyInfo = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId).getKeyInfo();
            if (keyInfo == null || keyInfo.equals("")) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSBrowserArtifactConsumerHandler.signSAMLRequest: couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSBrowserArtifactConsumerHandler.signSAMLRequest: Provider's certAlias is found: ").append(keyInfo).toString());
            }
            XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSBrowserArtifactConsumerHandler.signSAMLRequest: XMLString to be signed: ").append(fSRequest.toString(true, true)).toString());
            }
            fSRequest.setSignature(XMLUtils.toDOMDocument(xMLSignatureManager.signXML(fSRequest.toString(true, true), keyInfo), FSUtils.debug).getDocumentElement());
            return fSRequest;
        } catch (FSAllianceManagementException e) {
            FSUtils.debug.error(new StringBuffer().append("FSBrowserArtifactConsumerHandler.signSAMLRequest: FSAllianceManagementException occured while obtaining certAlias: ").append(e.getMessage()).toString());
            throw new SAMLResponderException(e.getMessage());
        }
    }
}
