package com.sun.identity.federation.services.fednsso;

import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.services.ldap.DSConfigMgr;
import com.iplanet.sso.SSOToken;
import com.sun.identity.federation.alliance.FSAllianceManagementConstants;
import com.sun.identity.federation.alliance.FSAllianceManager;
import com.sun.identity.federation.alliance.FSHostedProviderDescriptor;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSAuthnResponseEnvelope;
import com.sun.identity.federation.services.FSSOAPService;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.MimeHeader;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;

/* loaded from: input_file:115766-05/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/fednsso/FSSSOLECPProfileHandler.class */
public class FSSSOLECPProfileHandler extends FSSSOAndFedHandler {
    private FSAuthnResponseEnvelope authnResponseEnvelope;

    protected FSSSOLECPProfileHandler() {
        this.authnResponseEnvelope = null;
    }

    public FSSSOLECPProfileHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, FSProviderDescriptor fSProviderDescriptor, String str) {
        super(httpServletRequest, httpServletResponse, fSAuthnRequest, fSProviderDescriptor, str);
        this.authnResponseEnvelope = null;
    }

    public void processLECPAuthnRequest(FSAuthnRequest fSAuthnRequest) {
        processAuthnRequest(fSAuthnRequest, false);
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    public String formatLoginURL(String str, String str2) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSSSOLECPProfileHandler.formatLoginURL: Called\nloginUrl=").append(str).append("\nauthnContext=").append(str2).toString());
        }
        try {
            if (str == null) {
                FSUtils.debug.error("FSSSOLECPProfileHandler.formatLoginURL: ");
                return null;
            }
            FSHostedProviderDescriptor hostedProvider = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId);
            String sSOServiceURL = hostedProvider.getSSOServiceURL();
            StringBuffer stringBuffer = new StringBuffer(sSOServiceURL);
            if (sSOServiceURL.indexOf(63) == -1) {
                stringBuffer.append("?");
            } else {
                stringBuffer.append(SessionEncodeURL.AMPERSAND);
            }
            stringBuffer.append(IFSConstants.LECP_INDICATOR_PARAM).append("=").append(IFSConstants.LECP_INDICATOR_VALUE).append(SessionEncodeURL.AMPERSAND).append(IFSConstants.AUTHN_INDICATOR_PARAM).append("=").append("true").append(SessionEncodeURL.AMPERSAND);
            if (!str2.equals(FSAllianceManagementConstants.PASSWORD)) {
                stringBuffer.append(IFSConstants.AUTHN_CONTEXT).append("=").append(URLEncoder.encode(str2)).append(SessionEncodeURL.AMPERSAND);
            }
            stringBuffer.append(IFSConstants.PROVIDER_ID_KEY).append("=").append(URLEncoder.encode(this.hostProviderId)).append(SessionEncodeURL.AMPERSAND).append("RequestID").append("=").append(URLEncoder.encode(this.authnRequest.getRequestID()));
            hostedProvider.getLocalConfiguration();
            StringBuffer stringBuffer2 = new StringBuffer(IFSConstants.POST_LOGIN_PAGE);
            stringBuffer2.append("/").append(IFSConstants.META_ALIAS).append("/").append(this.metaAlias).append("/");
            FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.hostProviderId);
            String requestID = this.authnRequest.getRequestID();
            fSSessionManager.setRelayState(requestID, stringBuffer.toString());
            stringBuffer2.append(IFSConstants.LRURL).append("/").append(URLEncoder.encode(requestID)).append("/").append(IFSConstants.SSOKEY).append("/").append("true");
            StringBuffer stringBuffer3 = new StringBuffer(100);
            stringBuffer3.append(str);
            if (str.indexOf(63) == -1) {
                stringBuffer3.append("?");
            } else {
                stringBuffer3.append(SessionEncodeURL.AMPERSAND);
            }
            stringBuffer3.append("goto").append("=");
            if (isWMLContent(this.request)) {
                stringBuffer3.append(URLEncoder.encode(URLEncoder.encode(stringBuffer2.toString()))).append(SessionEncodeURL.AMPERSAND);
            } else {
                stringBuffer3.append(URLEncoder.encode(stringBuffer2.toString())).append(SessionEncodeURL.AMPERSAND);
            }
            Set authDomainURLList = this.localConfig.getAuthDomainURLList();
            if (authDomainURLList != null && !authDomainURLList.isEmpty()) {
                stringBuffer3.append("org").append("=").append(URLEncoder.encode((String) authDomainURLList.iterator().next())).append(SessionEncodeURL.AMPERSAND);
            }
            this.request.getSession(true).setAttribute(IFSConstants.AUTHN_CONTEXT, str2);
            int length = stringBuffer3.length() - 1;
            if (stringBuffer3.charAt(length) == '&') {
                stringBuffer3 = stringBuffer3.deleteCharAt(length);
            }
            return stringBuffer3.toString();
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOLECPProfileHandler.formatLoginURL: Exception: ").append(e.getMessage()).toString());
            return null;
        }
    }

    private boolean isWMLContent(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Accept");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSLECPHandler.isWMLContent:acceptStr=").append(header).toString());
        }
        if (header == null || header.toLowerCase().indexOf(IFSConstants.WML_HEADER_VALUE) == -1) {
            return false;
        }
        FSUtils.debug.message("FSLECPHandler.isWMLContent() :: true");
        return true;
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    protected void sendAuthnResponse(FSAuthnResponse fSAuthnResponse) {
        fSAuthnResponse.setProviderId(this.hostProviderId);
        FSAuthnResponseEnvelope fSAuthnResponseEnvelope = new FSAuthnResponseEnvelope(fSAuthnResponse);
        fSAuthnResponseEnvelope.setAssertionConsumerServiceURL(this.spDescriptor.getAssertionConsumerServiceURL());
        FSSOAPService fSSOAPService = FSSOAPService.getInstance();
        SOAPMessage bindAuthnResponseEnvelope = fSSOAPService.bindAuthnResponseEnvelope(fSAuthnResponseEnvelope);
        this.response.setHeader(IFSConstants.LECP_HEADER_NAME, this.request.getHeader(IFSConstants.LECP_HEADER_NAME));
        this.response.setContentType(IFSConstants.LECP_RESP_CONTENT_TYPE_HEADER);
        if (FSServiceUtils.isSigningOn()) {
            try {
                for (FSAssertion fSAssertion : fSAuthnResponse.getAssertion()) {
                    String id = fSAssertion.getID();
                    Document document = (Document) FSServiceUtils.createSOAPDOM(bindAuthnResponseEnvelope);
                    FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
                    if (allianceInstance == null) {
                        FSUtils.debug.error("FSSSOLECPProfileHandler.sendAuthnResponse: could not create alliance instance");
                        this.response.setStatus(500);
                        returnSOAPMessage(fSSOAPService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), this.response);
                        return;
                    }
                    String keyInfo = allianceInstance.getProvider(FSServiceUtils.getHostedProviderID(this.request)).getKeyInfo();
                    if (keyInfo == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOLECPProfileHandler.sendAuthnResponse: couldn't obtain this site's cert alias.");
                        }
                        this.response.setStatus(500);
                        returnSOAPMessage(fSSOAPService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), this.response);
                    }
                    XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
                    int minorVersion = fSAssertion.getMinorVersion();
                    if (minorVersion == 0) {
                        xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), "id", id, false);
                    } else if (minorVersion == 2 || minorVersion == 1) {
                        xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), "AssertionID", fSAssertion.getAssertionID(), false);
                    } else if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("invalid minor version.");
                    }
                    bindAuthnResponseEnvelope = FSServiceUtils.convertDOMToSOAP(document);
                }
            } catch (Exception e) {
                this.response.setStatus(500);
                returnSOAPMessage(fSSOAPService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), this.response);
            }
        }
        returnSOAPMessage(bindAuthnResponseEnvelope, this.response);
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    protected boolean doSingleSignOn(SSOToken sSOToken, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        sendAuthnResponse(createAuthnResponse(sSOToken, str, nameIdentifier, nameIdentifier2));
        return true;
    }

    private void returnSOAPMessage(SOAPMessage sOAPMessage, HttpServletResponse httpServletResponse) {
        try {
            if (sOAPMessage == null) {
                httpServletResponse.flushBuffer();
                return;
            }
            httpServletResponse.setHeader(IFSConstants.LECP_HEADER_NAME, this.request.getHeader(IFSConstants.LECP_HEADER_NAME));
            httpServletResponse.setContentType(IFSConstants.LECP_RESP_CONTENT_TYPE_HEADER);
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            sOAPMessage.writeTo(outputStream);
            outputStream.flush();
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSOAPReceiver.returnSOAPMessage: Exception::").append(e.getMessage()).toString());
        }
    }

    private static void putHeaders(MimeHeaders mimeHeaders, HttpServletResponse httpServletResponse) {
        Iterator allHeaders = mimeHeaders.getAllHeaders();
        while (allHeaders.hasNext()) {
            MimeHeader mimeHeader = (MimeHeader) allHeaders.next();
            String[] header = mimeHeaders.getHeader(mimeHeader.getName());
            if (header.length == 1) {
                httpServletResponse.setHeader(mimeHeader.getName(), mimeHeader.getValue());
            } else {
                StringBuffer stringBuffer = new StringBuffer();
                int i = 0;
                while (i < header.length) {
                    if (i != 0) {
                        stringBuffer.append(',');
                    }
                    int i2 = i;
                    i++;
                    stringBuffer.append(header[i2]);
                }
                httpServletResponse.setHeader(mimeHeader.getName(), stringBuffer.toString());
            }
        }
    }
}
