package com.sun.identity.federation.services.logout;

import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSLogoutNotification;
import com.sun.identity.federation.message.FSLogoutResponse;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.services.FSSOAPService;
import com.sun.identity.federation.services.FSSession;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.FSSessionPartner;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPBodyElement;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* JADX WARN: Classes with same name are omitted:
  input_file:117586-17/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/federation/services/logout/FSIDPSingleLogoutHandler.class
 */
/* loaded from: input_file:117586-17/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/federation/services/logout/FSIDPSingleLogoutHandler.class */
public class FSIDPSingleLogoutHandler extends FSSingleLogoutHandler {
    private String sourceProviderId = "";
    private boolean logoutStatus = true;
    private boolean isHttpRedirect = false;

    @Override // com.sun.identity.federation.services.logout.FSSingleLogoutHandler
    public FSLogoutStatus handleSingleLogout(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, FSSessionPartner fSSessionPartner, String str, String str2, boolean z) {
        FSLogoutStatus doHttpRedirect;
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler::handleSingleLogout");
        super.handleSingleLogout(httpServletResponse, httpServletRequest, fSSessionPartner, str, str2, z);
        this.remoteDescriptor = getRemoteDescriptor(this.currentProviderId);
        String profileToCommunicateLogout = getProfileToCommunicateLogout(this.currentProviderId);
        FSUtils.debug.message(new StringBuffer().append("Communicating logout with provider ").append(this.currentProviderId).append(" using profile ").append(profileToCommunicateLogout).toString());
        FSLogoutUtil.cleanSessionMapPartnerList(str, this.currentProviderId, this.hostedProviderId);
        FSUtils.debug.message("Out of cleanSessionMapPartnerList in FSIDPSingleLogoutHandler");
        new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE)) {
            FSUtils.debug.message("In redirect profile");
            doHttpRedirect = doHttpRedirect(this.currentProviderId);
        } else if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE)) {
            FSUtils.debug.message("In SOAP profile");
            doHttpRedirect = doIDPSoapProfile(this.currentProviderId);
        } else {
            if (!profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_GET_PROFILE) || this.isCurrentProviderIDPRole) {
                FSUtils.debug.message("Single Logout Profile cannot be processed. Verify profile in metadata");
                FSUtils.error("FSSingleLogoutHandler::handleSingleLogout", FSUtils.bundle.getString(IFSConstants.LOGOUT_PROFILE_NOT_SUPPORTED));
                returnLocallyAfterLogout(httpServletResponse, false);
                return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
            }
            FSUtils.debug.message("In GET profile");
            doHttpRedirect = doHttpGet(this.currentProviderId);
        }
        FSUtils.debug.message(new StringBuffer().append("Logout completed first round with status : ").append(doHttpRedirect).toString());
        if (doHttpRedirect.getStatus().equalsIgnoreCase(IFSConstants.SAML_FAILURE)) {
            returnLocallyAfterLogout(httpServletResponse, false);
        }
        return doHttpRedirect;
    }

    private void continueLogout() {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler::continueLogout");
        if (!FSLogoutUtil.liveConnectionsExist(this.userDN, this.hostedProviderId)) {
            FSUtils.debug.message("Reached else part in continuelogout");
            FSUtils.debug.message("No live connections, destroy user session call destroyPrincipalSession");
            FSLogoutUtil.destroyPrincipalSession(this.userDN, this.hostedProviderId);
            if (this.response != null) {
                returnAfterCompletion();
                return;
            }
            return;
        }
        FSUtils.debug.message("More liveConnectionsExist");
        HashMap currentProvider = FSLogoutUtil.getCurrentProvider(this.userDN, this.hostedProviderId);
        if (currentProvider == null) {
            FSUtils.debug.message("GetCurrentProvider returns null HashMap Clean session and return");
            FSUtils.debug.message("No live connections, destroy user  session call destroyPrincipalSession");
            FSLogoutUtil.destroyPrincipalSession(this.userDN, this.hostedProviderId);
            if (this.response != null) {
                returnAfterCompletion();
                return;
            }
            return;
        }
        FSSessionPartner fSSessionPartner = (FSSessionPartner) currentProvider.get(IFSConstants.PARTNER_SESSION);
        this.sessionIndex = (String) currentProvider.get(IFSConstants.SESSION_INDEX);
        if (fSSessionPartner == null) {
            FSUtils.debug.message("Reached else part  currentSessionProvider is null. nothing more to broadcast");
            FSUtils.debug.message("No more providers, destroy usersession call destroyPrincipalSession");
            FSLogoutUtil.destroyPrincipalSession(this.userDN, this.hostedProviderId);
            if (this.response != null) {
                returnAfterCompletion();
                return;
            }
            return;
        }
        this.currentProviderId = fSSessionPartner.getPartner();
        this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
        this.remoteDescriptor = getRemoteDescriptor(this.currentProviderId);
        String profileToCommunicateLogout = getProfileToCommunicateLogout(this.currentProviderId);
        FSUtils.debug.message(new StringBuffer().append("Communicating logout with provider").append(this.currentProviderId).append(" using profile ").append(profileToCommunicateLogout).toString());
        FSLogoutUtil.cleanSessionMapPartnerList(this.userDN, this.currentProviderId, this.hostedProviderId);
        new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE)) {
            FSUtils.debug.message("In redirect profile");
            doHttpRedirect(this.currentProviderId);
            return;
        }
        if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE)) {
            FSUtils.debug.message("In SOAP profile");
            doIDPSoapProfile(this.currentProviderId);
        } else if (!profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_GET_PROFILE) || this.isCurrentProviderIDPRole) {
            FSUtils.debug.message("Single Logout Profile cannot be processed. Verify profile in metadata");
            FSUtils.error("FSSingleLogoutHandler::handleSingleLogout", FSUtils.bundle.getString(IFSConstants.LOGOUT_PROFILE_NOT_SUPPORTED));
        } else {
            FSUtils.debug.message("In GET profile");
            doHttpGet(this.currentProviderId);
        }
    }

    private FSLogoutStatus doHttpRedirect(String str) {
        try {
            FSUtils.debug.message("In HTTP Redirect profile");
            this.isHttpRedirect = true;
            FSLogoutNotification createSingleLogoutRequest = createSingleLogoutRequest(FSLogoutUtil.getCurrentWorkingAccount(this.userDN, str), this.sessionIndex);
            if (createSingleLogoutRequest == null) {
                FSUtils.debug.message("Logout Request is null");
                return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
            }
            createSingleLogoutRequest.setMinorVersion(getMinorVersion(str));
            FSUtils.debug.message(new StringBuffer().append("FSIDPSingleLogoutHandler::doHttpRedirect ").append(this.remoteDescriptor.getSLOServiceURL()).toString());
            String uRLEncodedQueryString = createSingleLogoutRequest.toURLEncodedQueryString();
            if (FSServiceUtils.isSigningOn()) {
                String keyInfo = this.hostedDescriptor.getKeyInfo();
                FSUtils.debug.message(new StringBuffer().append("Retrieving self certalias  : ").append(keyInfo).toString());
                if (keyInfo == null || keyInfo.equals("")) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSIDPSingleLogoutHandler:: doHttpRedirect: couldn't obtain this site's cert alias.");
                    }
                    return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
                }
                uRLEncodedQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, keyInfo);
            }
            StringBuffer stringBuffer = new StringBuffer();
            String sLOServiceURL = this.remoteDescriptor.getSLOServiceURL();
            FSUtils.debug.message(new StringBuffer().append("Encoded Redirect URL ").append(uRLEncodedQueryString).toString());
            stringBuffer.append(sLOServiceURL);
            if (sLOServiceURL.indexOf(63) == -1) {
                stringBuffer.append('?');
            } else {
                stringBuffer.append('&');
            }
            stringBuffer.append(uRLEncodedQueryString);
            FSUtils.debug.message(new StringBuffer().append("FSIDPSingleLogoutHandler::doHttpRedirect URL is ").append(stringBuffer.toString()).toString());
            this.response.sendRedirect(stringBuffer.toString());
            return new FSLogoutStatus("samlp:Success");
        } catch (FSMsgException e) {
            FSUtils.debug.error("FSIDPSingleLogoutHandler:: doHttpRedirect FSMsgException");
            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        } catch (IOException e2) {
            FSUtils.debug.error("FSIDPSingleLogoutHandler::doHttpRedirect IOException");
            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        }
    }

    protected void returnAfterCompletion() {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler:: returnAfterCompletion");
        try {
            FSReturnSessionManager fSReturnSessionManager = FSReturnSessionManager.getInstance(this.hostedProviderId);
            HashMap hashMap = new HashMap();
            if (fSReturnSessionManager != null) {
                hashMap = fSReturnSessionManager.getUserProviderInfo(this.userDN);
            }
            if (hashMap == null) {
                FSUtils.debug.message("no source provider. return to local status page");
                returnLocallyAfterLogout(this.response, true);
                return;
            }
            String str = (String) hashMap.get("Provider");
            String str2 = (String) hashMap.get("RELAYSTATE");
            String str3 = (String) hashMap.get(IFSConstants.LOGOUT_STATUS);
            String str4 = (String) hashMap.get(IFSConstants.RESPONSE_TO);
            fSReturnSessionManager.removeUserProviderInfo(this.userDN);
            FSUtils.debug.message(new StringBuffer().append("Deleted ").append(str).append(" from return list").toString());
            FSUtils.debug.message(new StringBuffer().append("Getting provider ").append(str).append(" IDP Return URL = ").toString());
            String sLOServiceReturnURL = this.allianceInst.getProvider(str).getSLOServiceReturnURL();
            if (sLOServiceReturnURL != null) {
                FSUtils.debug.message(sLOServiceReturnURL);
                FSLogoutResponse fSLogoutResponse = new FSLogoutResponse();
                fSLogoutResponse.setResponseTo(str4);
                fSLogoutResponse.setRelayState(str2);
                fSLogoutResponse.setProviderId(this.hostedProviderId);
                fSLogoutResponse.setStatus(str3);
                fSLogoutResponse.setID(IFSConstants.LOGOUTID);
                fSLogoutResponse.setMinorVersion(getMinorVersion(str));
                String uRLEncodedQueryString = fSLogoutResponse.toURLEncodedQueryString();
                if (FSServiceUtils.isSigningOn()) {
                    String keyInfo = this.hostedDescriptor.getKeyInfo();
                    if (keyInfo == null || keyInfo.equals("")) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: signSAMLRequest:couldn't obtain this site's cert alias.");
                        }
                        throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
                    }
                    uRLEncodedQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, keyInfo);
                }
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(sLOServiceReturnURL);
                if (sLOServiceReturnURL.indexOf(63) == -1) {
                    stringBuffer.append('?');
                } else {
                    stringBuffer.append('&');
                }
                stringBuffer.append(uRLEncodedQueryString);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("Response to be sent : ").append(stringBuffer.toString()).toString());
                }
                this.response.sendRedirect(stringBuffer.toString());
            }
        } catch (FSAllianceManagementException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Unable to get LRURL. No location to redirect. processing completed");
            }
            FSUtils.error("FSSingleLogoutHandler::returnAfterCompletion", FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED));
        } catch (IOException e2) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Unable to get LRURL. No location to redirect. processing completed");
            }
            FSUtils.error("FSSingleLogoutHandler::returnAfterCompletion", FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED));
        } catch (Exception e3) {
            FSUtils.error("FSSingleLogoutHandler::returnAfterCompletion", FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED));
        }
    }

    public void returnLocallyAfterLogout(HttpServletResponse httpServletResponse, boolean z) {
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("Entered  returnLocallyAfterLogout with isSuccess set to ").append(z).toString());
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(FSSingleLogoutHandler.LOGOUT_DONE_URL);
            stringBuffer.append(FSSingleLogoutHandler.LOGOUT_DONE_URL.indexOf(63) < 0 ? '?' : '&');
            stringBuffer.append(IFSConstants.LOGOUT_STATUS);
            stringBuffer.append('=');
            if (z) {
                stringBuffer.append(IFSConstants.LOGOUT_SUCCESS);
            } else {
                stringBuffer.append(IFSConstants.LOGOUT_FAILURE);
            }
            httpServletResponse.sendRedirect(stringBuffer.toString());
        } catch (IOException e) {
            FSUtils.debug.message(new StringBuffer().append("IOException in  returnLocallyAfterLogout ").append(e.getMessage()).toString());
        }
    }

    private FSLogoutStatus doHttpGet(String str) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("doHttpGet - Entered");
        }
        return this.isWMLAgent ? doWMLGet(str) : doHTMLGet(str);
    }

    private FSLogoutStatus doWMLGet(String str) {
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("In WML based response");
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(this.hostedDescriptor.getSLOServiceURL());
            if (stringBuffer.toString().indexOf(63) == -1) {
                stringBuffer.append('?');
            } else {
                stringBuffer.append('&');
            }
            stringBuffer.append("logoutSource=logoutGet");
            FSUtils.debug.message(new StringBuffer().append("Submit action : ").append(stringBuffer.toString()).toString());
            this.response.setContentType(IFSConstants.WML_HEADER_VALUE);
            PrintWriter writer = this.response.getWriter();
            writer.println("<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1");
            writer.println("//EN\" \"http://www.wapforum.org/DTD/wml_1.1.xml\">");
            writer.println("<wml>");
            writer.println("<card id=\"redirect\" title=\"Log Out\">");
            writer.println("<onenterforward>");
            writer.println(new StringBuffer().append("<go method=\"post\" href=\"").append(stringBuffer.toString()).append("\">").toString());
            FSUtils.debug.message("Calling getLogoutGETProviders");
            HashMap logoutGETProviders = FSLogoutUtil.getLogoutGETProviders(this.userDN, str, this.sessionIndex, this.hostedProviderId);
            Vector vector = (Vector) logoutGETProviders.get("Provider");
            FSUtils.debug.message("Calling cleanSessionMapProviders");
            FSLogoutUtil.cleanSessionMapProviders(this.userDN, vector, this.hostedProviderId);
            FSUtils.debug.message("Calling getMultiLogoutRequest");
            String multiLogoutRequest = getMultiLogoutRequest(logoutGETProviders);
            FSUtils.debug.message(new StringBuffer().append("Image Statements : ").append(multiLogoutRequest).toString());
            writer.println(multiLogoutRequest);
            writer.println("</go>");
            writer.println("</onenterforward>");
            writer.println("<onenterbackward>");
            writer.println("<prev/>");
            writer.println("</onenterbackward>");
            writer.println("<onenterbackward>");
            writer.println("<p>");
            writer.println("logout initiated ...");
            writer.println("</p>");
            writer.println("</card>");
            writer.println("</wml>");
            writer.close();
            return new FSLogoutStatus("samlp:Success");
        } catch (IOException e) {
            FSUtils.debug.error("Error in performing HTTP GET for WML agent");
            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        }
    }

    private FSLogoutStatus doHTMLGet(String str) {
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("In HTML based response");
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(this.hostedDescriptor.getSLOServiceURL());
            if (stringBuffer.toString().indexOf(63) == -1) {
                stringBuffer.append('?');
            } else {
                stringBuffer.append('&');
            }
            stringBuffer.append("logoutSource=logoutGet");
            FSUtils.debug.message(new StringBuffer().append("Submit action : ").append(stringBuffer.toString()).toString());
            PrintWriter writer = this.response.getWriter();
            this.response.setContentType("text/html");
            writer.println("<HTML>");
            writer.println("<HEAD>");
            writer.println("<TITLE>Logout in progress</TITLE></HEAD>");
            writer.println("<BODY Onload=\"document.forms[0].submit()\">");
            writer.println("<p><b> Logout in progress ...");
            writer.println("If you have JavaScript disabled, please press the Continue button.");
            writer.println("Otherwise, please wait.</p>");
            writer.println(new StringBuffer().append("<FORM METHOD=\"POST\" ACTION=\"").append(stringBuffer.toString()).append("\">").toString());
            writer.println("<P>");
            FSUtils.debug.message("Calling getLogoutGETProviders");
            HashMap logoutGETProviders = FSLogoutUtil.getLogoutGETProviders(this.userDN, str, this.sessionIndex, this.hostedProviderId);
            Vector vector = (Vector) logoutGETProviders.get("Provider");
            FSUtils.debug.message("Calling cleanSessionMapProviders");
            FSLogoutUtil.cleanSessionMapProviders(this.userDN, vector, this.hostedProviderId);
            FSUtils.debug.message("Calling getMultiLogoutRequest");
            String multiLogoutRequest = getMultiLogoutRequest(logoutGETProviders);
            FSUtils.debug.message(new StringBuffer().append("Image Statements : ").append(multiLogoutRequest).toString());
            writer.println(multiLogoutRequest);
            writer.println("<P><BR>");
            writer.println("<input type=\"submit\" name=\"Continue\" ");
            writer.println("value=\"Continue logout\"/>");
            writer.println("</FORM></BODY></HTML>");
            writer.close();
            return new FSLogoutStatus("samlp:Success");
        } catch (IOException e) {
            FSUtils.debug.error("Error in performing HTTP GET for regular agent");
            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        }
    }

    private String getMultiLogoutRequest(HashMap hashMap) {
        Vector vector;
        HashMap hashMap2;
        StringBuffer stringBuffer;
        try {
            vector = (Vector) hashMap.get("Provider");
            hashMap2 = (HashMap) hashMap.get(IFSConstants.SESSION_INDEX);
            stringBuffer = new StringBuffer();
        } catch (FSAllianceManagementException e) {
            FSUtils.debug.error(new StringBuffer().append("FSIDPSingleLogoutHandler::getMultiLogoutRequest  FSAllianceManagementException").append(e.getMessage()).toString());
        } catch (FSMsgException e2) {
            FSUtils.debug.error(new StringBuffer().append("FSIDPSingleLogoutHandler::getMultiLogoutRequest FSMsgException").append(e2.getMessage()).toString());
        }
        if (vector == null) {
            FSUtils.debug.error("Returning null from getMultiLogoutRequest");
            return null;
        }
        for (int i = 0; i < vector.size(); i++) {
            String str = (String) vector.elementAt(i);
            FSLogoutNotification createSingleLogoutRequest = createSingleLogoutRequest(FSLogoutUtil.getCurrentWorkingAccount(this.userDN, str), (String) hashMap2.get(str));
            createSingleLogoutRequest.setMinorVersion(getMinorVersion(str));
            String uRLEncodedQueryString = createSingleLogoutRequest.toURLEncodedQueryString();
            String keyInfo = this.hostedDescriptor.getKeyInfo();
            FSUtils.debug.message(new StringBuffer().append("certalias  : ").append(keyInfo).toString());
            if (keyInfo != null && !keyInfo.equals("")) {
                String signAndReturnQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, keyInfo);
                StringBuffer stringBuffer2 = new StringBuffer();
                String sLOServiceURL = this.allianceInst.getProvider(str).getSLOServiceURL();
                stringBuffer2.append(sLOServiceURL);
                if (sLOServiceURL.indexOf(63) == -1) {
                    stringBuffer2.append('?');
                } else {
                    stringBuffer2.append('&');
                }
                stringBuffer2.append(signAndReturnQueryString);
                FSUtils.debug.message(new StringBuffer().append("FSIDPSingleLogoutHandler::doHttpRedirect URL is ").append(stringBuffer2.toString()).toString());
                stringBuffer.append("<IMG SRC=\"").append(stringBuffer2.toString()).append("\" </IMG>");
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIDPSingleLogoutHandler getMultiLogoutRequest: couldn't obtain this site's cert alias.");
            }
        }
        return stringBuffer.toString();
    }

    private FSLogoutStatus doIDPSoapProfile(String str) {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler::doIDPSoapProfile");
        FSLogoutStatus doSoapProfile = doSoapProfile(str);
        if (doSoapProfile.getStatus().equalsIgnoreCase("samlp:Success")) {
            FSUtils.debug.message("SOAP first round went fine.  Calling continue logout");
        } else {
            FSUtils.debug.message("SOAP first round false. No continue logout");
            this.logoutStatus = false;
        }
        if (!this.isHttpRedirect) {
            continueLogout();
        }
        return !this.logoutStatus ? new FSLogoutStatus(IFSConstants.SAML_FAILURE) : doSoapProfile;
    }

    private FSLogoutStatus doSoapProfile(String str) {
        FSUtils.debug.message("Entered IDP's doSoapProfile");
        try {
            FSLogoutNotification createSingleLogoutRequest = createSingleLogoutRequest(FSLogoutUtil.getCurrentWorkingAccount(this.userDN, str), this.sessionIndex);
            createSingleLogoutRequest.setMinorVersion(getMinorVersion(str));
            if (createSingleLogoutRequest != null) {
                FSSOAPService fSSOAPService = FSSOAPService.getInstance();
                if (fSSOAPService != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Signing suceeded. To call bindLogoutRequest");
                    }
                    createSingleLogoutRequest.setID(IFSConstants.LOGOUTID);
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("logout request before sign: ").append(createSingleLogoutRequest.toXMLString(true, true)).toString());
                    }
                    SOAPMessage bindLogoutRequest = fSSOAPService.bindLogoutRequest(createSingleLogoutRequest);
                    if (bindLogoutRequest != null) {
                        try {
                            if (FSServiceUtils.isSigningOn()) {
                                bindLogoutRequest = signLogoutRequest(bindLogoutRequest, createSingleLogoutRequest.getID());
                            }
                            SOAPMessage sendLogoutMessage = fSSOAPService.sendLogoutMessage(bindLogoutRequest, this.remoteDescriptor.getSOAPEndPoint());
                            if (sendLogoutMessage != null) {
                                Element parseSOAPMessage = fSSOAPService.parseSOAPMessage(sendLogoutMessage);
                                if (FSServiceUtils.isSigningOn() && !verifyResponseSignature(sendLogoutMessage)) {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("Response signature verification failed");
                                        FSUtils.debug.message("Name registration failed in doRemoteRegistration");
                                    }
                                    returnLocallyAfterLogout(this.response, false);
                                    return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
                                }
                                StatusCode statusCode = new FSLogoutResponse(parseSOAPMessage).getStatus().getStatusCode();
                                StatusCode statusCode2 = statusCode.getStatusCode();
                                String value = statusCode.getValue();
                                if (value.equalsIgnoreCase("samlp:Success")) {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("FSIDPSingleLogoutHandler:  doSoapProfile returning success");
                                    }
                                    return new FSLogoutStatus("samlp:Success");
                                }
                                if (value.equalsIgnoreCase(IFSConstants.SAML_FAILURE) && statusCode2 == null) {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("FSIDPSingleLogoutHandler:  doSoapProfile returning failure");
                                    }
                                    return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
                                }
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("FSIDPSingleLogoutHandler:  doSoapProfile in unsupported profile");
                                }
                                return doHttpRedirect(this.currentProviderId);
                            }
                        } catch (Exception e) {
                            FSUtils.debug.error(new StringBuffer().append("FSSOAPException in doSOAPProfile Cannot send request").append(e.getMessage()).toString());
                            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
                        }
                    }
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Unable to bindLogoutRequest.");
                    FSUtils.debug.message("Current Provider cannot be processed");
                }
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Unable to create logout request Current Provider cannot be processed");
            }
        } catch (Exception e2) {
            FSUtils.debug.error(new StringBuffer().append("In IOException of doSOAPProfile : ").append(e2.getMessage()).toString());
        }
        return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
    }

    private FSLogoutNotification createSingleLogoutRequest(FSAccountFedInfo fSAccountFedInfo, String str) {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler:: createSingleLogoutRequest");
        FSLogoutNotification fSLogoutNotification = new FSLogoutNotification();
        if (fSLogoutNotification == null) {
            return null;
        }
        NameIdentifier remoteNameIdentifier = fSAccountFedInfo.getRemoteNameIdentifier();
        if (remoteNameIdentifier == null) {
            remoteNameIdentifier = fSAccountFedInfo.getLocalNameIdentifier();
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("Hosted Provider Id : ").append(this.hostedProviderId).toString());
        }
        fSLogoutNotification.setProviderId(this.hostedProviderId);
        fSLogoutNotification.setNameIdentifier(remoteNameIdentifier);
        FSUtils.debug.message(new StringBuffer().append("Session index is ").append(str).toString());
        if (str != null) {
            fSLogoutNotification.setSessionIndex(str);
        }
        return fSLogoutNotification;
    }

    public FSLogoutStatus processSingleLogoutRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, FSLogoutNotification fSLogoutNotification, FSSessionPartner fSSessionPartner, String str, String str2, String str3, boolean z, String str4, String str5) {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler:: processSingleLogoutRequest - HTTP");
        super.processSingleLogoutRequest(httpServletResponse, httpServletRequest, fSLogoutNotification, fSSessionPartner, str, str3, z, str4, str5);
        if (fSLogoutNotification == null) {
            FSUtils.error("FSSingleLogoutHandler::processSingleLogoutRequest", FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_IMPROPER));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Request not proper. Cannot proceed with single logout");
            }
            returnAfterCompletion();
            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        }
        FSUtils.debug.message("FSLogoutNotification formed really well");
        String providerId = fSLogoutNotification.getProviderId();
        FSReturnSessionManager fSReturnSessionManager = FSReturnSessionManager.getInstance(this.hostedProviderId);
        if (fSReturnSessionManager != null) {
            FSUtils.debug.message(new StringBuffer().append("Added ").append(providerId).append(" top return list").toString());
            fSReturnSessionManager.setUserProviderInfo(str, providerId, str5, str4, fSLogoutNotification.getRequestID());
        } else {
            FSUtils.debug.message("Cannot get FSReturnSessionManager");
        }
        if (fSSessionPartner == null) {
            FSUtils.debug.message("currentSessionProvider is null. destroy and return");
            FSLogoutUtil.destroyPrincipalSession(str, this.hostedProviderId);
            returnAfterCompletion();
            return new FSLogoutStatus("samlp:Success");
        }
        String partner = fSSessionPartner.getPartner();
        this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
        this.remoteDescriptor = getRemoteDescriptor(partner);
        FSLogoutUtil.cleanSessionMapPartnerList(str, partner, this.hostedProviderId);
        String profileToCommunicateLogout = getProfileToCommunicateLogout(partner);
        FSUtils.debug.message(new StringBuffer().append("Communicate with provider ").append(partner).append(" using profile ").append(profileToCommunicateLogout).toString());
        FSLogoutStatus fSLogoutStatus = new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE)) {
            FSUtils.debug.message("In redirect profile");
            fSLogoutStatus = doHttpRedirect(partner);
        } else if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE)) {
            FSUtils.debug.message("In SOAP profile");
            fSLogoutStatus = doIDPSoapProfile(partner);
        } else if (!profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_GET_PROFILE) || this.isCurrentProviderIDPRole) {
            FSUtils.debug.error("Single Logout Profile cannot be processed. Verify profile in metadata");
            FSUtils.error("FSSingleLogoutHandler::handleSingleLogout", FSUtils.bundle.getString(IFSConstants.LOGOUT_PROFILE_NOT_SUPPORTED));
            returnAfterCompletion();
            new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        } else {
            FSUtils.debug.message("In GET profile");
            fSLogoutStatus = doHttpGet(partner);
        }
        FSUtils.debug.message(new StringBuffer().append("Logout completed first round with status : ").append(fSLogoutStatus).toString());
        return fSLogoutStatus;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSLogoutStatus processSingleLogoutRequest(FSLogoutNotification fSLogoutNotification, FSSessionPartner fSSessionPartner, String str, String str2, String str3, boolean z, String str4) {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler:: processSingleLogoutRequest - SOAP");
        super.processSingleLogoutRequest(fSLogoutNotification, fSSessionPartner, str, str3, z, str4);
        if (fSLogoutNotification == null) {
            FSUtils.error("FSSingleLogoutHandler::processSingleLogoutRequest", FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_IMPROPER));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Request not proper Cannot proceed federation termination");
            }
            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        }
        FSUtils.debug.message("FSLogoutNotification formed really well");
        fSLogoutNotification.getProviderId();
        if (fSSessionPartner == null) {
            FSUtils.debug.message("currentSessionProvider is null. destroy and return");
            FSLogoutUtil.destroyPrincipalSession(str, this.hostedProviderId);
            return new FSLogoutStatus("samlp:Success");
        }
        if (needToUseHttpProfile(str)) {
            return new FSLogoutStatus(IFSConstants.SAML_UNSUPPORTED);
        }
        String partner = fSSessionPartner.getPartner();
        this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
        this.remoteDescriptor = getRemoteDescriptor(partner);
        FSLogoutUtil.cleanSessionMapPartnerList(str, partner, this.hostedProviderId);
        String profileToCommunicateLogout = getProfileToCommunicateLogout(partner);
        FSUtils.debug.message(new StringBuffer().append("Communicate with provider ").append(partner).append(" using profile ").append(profileToCommunicateLogout).toString());
        new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        if (!profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) && !profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE)) {
            FSUtils.debug.message("Single Logout Profile cannot  be processed. Verify profile in metadata");
            FSUtils.error("FSSingleLogoutHandler::handleSingleLogout", FSUtils.bundle.getString(IFSConstants.LOGOUT_PROFILE_NOT_SUPPORTED));
            return new FSLogoutStatus(IFSConstants.SAML_FAILURE);
        }
        FSUtils.debug.message("In SOAP profile");
        FSLogoutStatus doIDPSoapProfile = doIDPSoapProfile(partner);
        FSUtils.debug.message(new StringBuffer().append("Logout completed first round with status : ").append(doIDPSoapProfile).toString());
        return doIDPSoapProfile;
    }

    protected boolean needToUseHttpProfile(String str) {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler::needToUseHttpProfile");
        try {
            List sessionList = FSSessionManager.getInstance(this.hostedProviderId).getSessionList(str);
            if (!sessionList.isEmpty()) {
                Iterator it = sessionList.iterator();
                while (it.hasNext()) {
                    List sessionPartners = ((FSSession) it.next()).getSessionPartners();
                    if (!sessionPartners.isEmpty()) {
                        Iterator it2 = sessionPartners.iterator();
                        while (it2.hasNext()) {
                            String sLOProtocolProfile = this.allianceInst.getProvider(((FSSessionPartner) it2.next()).getPartner()).getSLOProtocolProfile();
                            if (sLOProtocolProfile.equals(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE) || sLOProtocolProfile.equals(IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE) || sLOProtocolProfile.equals(IFSConstants.LOGOUT_IDP_GET_PROFILE)) {
                                FSUtils.debug.message("Returning true from needToUseHttpProfile");
                                return true;
                            }
                        }
                    }
                }
            }
            return false;
        } catch (FSAllianceManagementException e) {
            FSUtils.debug.error(new StringBuffer().append("needToUseHttpProfile - FSAllianceManagementException").append(e.getMessage()).toString());
            return false;
        }
    }

    protected SOAPMessage signLogoutRequest(SOAPMessage sOAPMessage, String str) throws SAMLException, FSMsgException {
        FSUtils.debug.message("Entered FSIDPSingleLogoutHandler::signLogoutRequest");
        String keyInfo = this.hostedDescriptor.getKeyInfo();
        if (keyInfo == null || keyInfo.equals("")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIDPFedTerminationHandler:: signLogoutRequest: couldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
        }
        FSUtils.debug.message(new StringBuffer().append("FSIDPSingleLogoutHandler::signLogoutRequest Provider's certAlias is found: ").append(keyInfo).toString());
        XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
        Document document = (Document) FSServiceUtils.createSOAPDOM(sOAPMessage);
        xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), str, "//*[local-name()='ProviderID']");
        return FSServiceUtils.convertDOMToSOAP(document);
    }

    private boolean responseHasFault(SOAPMessage sOAPMessage) {
        try {
            FSUtils.debug.message("Entered responseHasFault");
            Iterator childElements = sOAPMessage.getSOAPPart().getEnvelope().getBody().getChildElements();
            while (childElements.hasNext()) {
                SOAPBodyElement sOAPBodyElement = (SOAPBodyElement) childElements.next();
                if (sOAPBodyElement.getElementName().getLocalName().equalsIgnoreCase("fault")) {
                    Iterator childElements2 = sOAPBodyElement.getChildElements();
                    SOAPElement sOAPElement = (SOAPElement) childElements2.next();
                    if (sOAPElement.getElementName().getLocalName().equalsIgnoreCase("faultcode") && sOAPElement.getValue().equalsIgnoreCase("server")) {
                        sOAPBodyElement.getChildElements();
                        SOAPElement sOAPElement2 = (SOAPElement) childElements2.next();
                        if (sOAPElement2.getElementName().getLocalName().equalsIgnoreCase("faultstring") && sOAPElement2.getValue().equalsIgnoreCase("Cannot Execute Single LogOut using web service")) {
                            FSUtils.debug.message("Found proper SOAP fault");
                            return true;
                        }
                    }
                }
            }
            return false;
        } catch (SOAPException e) {
            FSUtils.debug.error(new StringBuffer().append("In SOAPException of responseHasFault : ").append(e.getMessage()).toString());
            return false;
        }
    }

    protected boolean verifyResponseSignature(SOAPMessage sOAPMessage) {
        FSUtils.debug.message("Entered FSLogoutResponse::verifyResponseSignature");
        try {
            String keyInfo = this.remoteDescriptor.getKeyInfo();
            if (keyInfo != null) {
                FSUtils.debug.message(new StringBuffer().append("FSLogoutResponse.verifyResponseSignature: Provider's certAlias is found: ").append(keyInfo).toString());
                return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), keyInfo);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Logout.verifyResponseSignaturecouldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
        } catch (SAMLException e) {
            FSUtils.debug.error(new StringBuffer().append("Error in verifying response ").append(e.getMessage()).toString());
            return false;
        }
    }

    private int getMinorVersion(String str) {
        return 0;
    }
}
