package com.sun.identity.saml;

import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.dpro.session.service.SessionService;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AssertionIDReference;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.AuthorizationDecisionStatement;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectLocality;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLRequesterException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.common.XMLUtils;
import com.sun.identity.saml.plugins.ActionMapper;
import com.sun.identity.saml.plugins.AttributeMapper;
import com.sun.identity.saml.plugins.SiteAttributeMapper;
import com.sun.identity.saml.protocol.AssertionArtifact;
import com.sun.identity.saml.protocol.AttributeQuery;
import com.sun.identity.saml.protocol.AuthenticationQuery;
import com.sun.identity.saml.protocol.AuthorizationDecisionQuery;
import com.sun.identity.saml.protocol.Query;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import org.w3c.dom.Element;

/* JADX WARN: Classes with same name are omitted:
  input_file:117586-18/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager.class
 */
/* loaded from: input_file:117586-18/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager.class */
public final class AssertionManager {
    private static String defaultNameIdentifierFormat = null;
    private static AssertionManager instance = null;
    private static Map artEntryMap = null;
    private static Map idEntryMap = null;
    private static Thread cThread = null;
    static Class class$com$sun$identity$saml$AssertionManager;

    /* JADX WARN: Classes with same name are omitted:
      input_file:117586-18/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$1.class
     */
    /* renamed from: com.sun.identity.saml.AssertionManager$1, reason: invalid class name */
    /* loaded from: input_file:117586-18/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$1.class */
    class AnonymousClass1 {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:117586-18/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$ArtEntry.class
     */
    /* loaded from: input_file:117586-18/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$ArtEntry.class */
    public class ArtEntry {
        private String aID;
        private long expiretime;
        private final AssertionManager this$0;

        public ArtEntry(AssertionManager assertionManager, String str, long j) {
            this.this$0 = assertionManager;
            this.aID = null;
            this.expiretime = 0L;
            this.aID = str;
            this.expiretime = j;
        }

        public String getAssertionID() {
            return this.aID;
        }

        public long getExpireTime() {
            return this.expiretime;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:117586-18/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$CleanUpThread.class
     */
    /* loaded from: input_file:117586-18/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$CleanUpThread.class */
    private class CleanUpThread extends Thread {
        private final AssertionManager this$0;

        private CleanUpThread(AssertionManager assertionManager) {
            this.this$0 = assertionManager;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            Assertion assertion;
            long intValue = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.CLEANUP_INTERVAL_NAME)).intValue() * 1000;
            while (true) {
                long currentTimeMillis = System.currentTimeMillis();
                HashSet hashSet = new HashSet();
                for (String str : AssertionManager.artEntryMap.keySet()) {
                    ArtEntry artEntry = (ArtEntry) AssertionManager.artEntryMap.get(str);
                    if (artEntry != null && artEntry.getExpireTime() > currentTimeMillis) {
                        hashSet.add(str);
                    }
                }
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    this.this$0.deleteAssertion(null, (String) it.next());
                }
                HashSet hashSet2 = new HashSet();
                for (String str2 : AssertionManager.idEntryMap.keySet()) {
                    Entry entry = (Entry) AssertionManager.idEntryMap.get(str2);
                    if (entry != null && (assertion = entry.getAssertion()) != null && !assertion.isTimeValid()) {
                        hashSet2.add(str2);
                    }
                }
                Iterator it2 = hashSet2.iterator();
                while (it2.hasNext()) {
                    this.this$0.deleteAssertion((String) it2.next(), null);
                }
                try {
                    Thread.sleep(intValue);
                } catch (Exception e) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("CleanUpThread::run", e);
                    }
                }
            }
        }

        CleanUpThread(AssertionManager assertionManager, AnonymousClass1 anonymousClass1) {
            this(assertionManager);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:117586-18/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$Entry.class
     */
    /* loaded from: input_file:117586-18/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/saml/AssertionManager$Entry.class */
    public class Entry {
        private String destID;
        private String artString;
        private SSOToken token;
        private Assertion assertion;
        private final AssertionManager this$0;

        public Entry(AssertionManager assertionManager, Assertion assertion, String str, String str2, SSOToken sSOToken) {
            this.this$0 = assertionManager;
            this.destID = null;
            this.artString = null;
            this.token = null;
            this.assertion = null;
            this.assertion = assertion;
            this.destID = str;
            this.artString = str2;
            this.token = sSOToken;
        }

        public Assertion getAssertion() {
            return this.assertion;
        }

        public String getDestID() {
            return this.destID;
        }

        public void setDestID(String str) {
            this.destID = str;
        }

        public String getArtifactString() {
            return this.artString;
        }

        public void setArtifactString(String str) {
            this.artString = str;
        }

        public SSOToken getSSOToken() {
            return this.token;
        }
    }

    private AssertionManager() {
        idEntryMap = new HashMap();
        artEntryMap = new HashMap();
        defaultNameIdentifierFormat = SystemProperties.get("com.sun.identity.saml.nameidentifier.format");
        cThread = new CleanUpThread(this, null);
        cThread.start();
    }

    public static AssertionManager getInstance() throws SAMLException {
        Class cls;
        if (instance == null) {
            if (class$com$sun$identity$saml$AssertionManager == null) {
                cls = class$("com.sun.identity.saml.AssertionManager");
                class$com$sun$identity$saml$AssertionManager = cls;
            } else {
                cls = class$com$sun$identity$saml$AssertionManager;
            }
            synchronized (cls) {
                if (instance == null) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Constructing a new instance of AssertionManager");
                    }
                    instance = new AssertionManager();
                }
            }
        }
        return instance;
    }

    public Assertion createAssertion(SSOToken sSOToken) throws SAMLException {
        return createAssertion(sSOToken, null, "urn:oasis:names:tc:SAML:1.0:cm:artifact-01");
    }

    public Assertion createAssertion(SSOToken sSOToken, List list) throws SAMLException {
        return createAssertion(sSOToken, list, "urn:oasis:names:tc:SAML:1.0:cm:artifact-01");
    }

    private Assertion createAssertion(SSOToken sSOToken, List list, String str) throws SAMLException {
        if (sSOToken != null) {
            return createAssertion(sSOToken.getTokenID().toString(), null, null, list, str);
        }
        SAMLUtils.debug.error("AssertionManager.createAssertion(id):input SSOToken is null.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }

    public AssertionArtifact createAssertionArtifact(Assertion assertion, String str) throws SAMLException {
        if (assertion == null || str == null || str.length() == 0) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(Assertion, String): null input.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
        if (map == null || !map.containsKey(str)) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact:(Assertion, String): destID not in partner list.");
            throw new SAMLException(SAMLUtils.bundle.getString("destIDNotFound"));
        }
        String generateAssertionHandle = SAMLUtils.generateAssertionHandle();
        if (generateAssertionHandle == null) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(Assertion,String): couldn't generate assertion handle.");
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
        }
        AssertionArtifact assertionArtifact = new AssertionArtifact((String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID), generateAssertionHandle);
        String assertionArtifact2 = assertionArtifact.getAssertionArtifact();
        String assertionID = assertion.getAssertionID();
        Entry entry = (Entry) idEntryMap.get(assertionID);
        if (entry == null) {
            Entry entry2 = new Entry(this, assertion, str, assertionArtifact2, null);
            int intValue = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_MAX_NUMBER_NAME)).intValue();
            if (intValue != 0 && idEntryMap.size() > intValue) {
                SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(assertion,String): reached maxNumber of assertions.");
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
            }
            try {
                synchronized (idEntryMap) {
                    idEntryMap.put(assertionID, entry2);
                }
                SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionCreated")).append(":").append(assertion.toString(true, true)).toString());
            } catch (Exception e) {
                SAMLUtils.debug.error(new StringBuffer().append("AssertionManager.createAssertionArtifact(Assertion,String): couldn't add to idEntryMap.").append(e).toString());
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
            }
        } else {
            String artifactString = entry.getArtifactString();
            if (artifactString != null && artEntryMap.containsKey(artifactString)) {
                SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(Asssertion, String): Artifact exists for the assertion.");
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
            }
            entry.setDestID(str);
            entry.setArtifactString(assertionArtifact2);
        }
        long currentTimeMillis = System.currentTimeMillis() + (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ARTIFACT_TIMEOUT_NAME)).intValue() * 1000);
        try {
            synchronized (artEntryMap) {
                artEntryMap.put(assertionArtifact2, new ArtEntry(this, assertionID, currentTimeMillis));
            }
            SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionArtifactCreated")).append(":").append(assertionArtifact2).append(" ").append(SAMLUtils.bundle.getString("forAssertion")).append(":").append(assertionID).toString());
            return assertionArtifact;
        } catch (Exception e2) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtfact(Assertion,String): couldn't add artifact to the artEntryMap", e2);
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
        }
    }

    public Set getAssertions(SSOToken sSOToken) throws SAMLException {
        if (sSOToken == null) {
            SAMLUtils.debug.error("AssertionManager.getAssertions(SSOToken): input token is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (hasTopLevelAdminRole(sSOToken)) {
            return idEntryMap.keySet();
        }
        SAMLUtils.debug.error("AssertionManager.getAssertions(SSOToken): SSOToken doesn't have the privilege.");
        throw new SAMLException(SAMLUtils.bundle.getString("noPrivilege"));
    }

    private boolean hasTopLevelAdminRole(SSOToken sSOToken) {
        try {
            AMStoreConnection aMStoreConnection = new AMStoreConnection(sSOToken);
            Set roleDNs = aMStoreConnection.getUser(sSOToken.getPrincipal().getName()).getRoleDNs();
            if (roleDNs != null && !roleDNs.isEmpty()) {
                Iterator it = roleDNs.iterator();
                while (it.hasNext()) {
                    if (aMStoreConnection.getRole((String) it.next()).getRoleType() == 1) {
                        return true;
                    }
                }
            }
            return false;
        } catch (Exception e) {
            if (!SAMLUtils.debug.messageEnabled()) {
                return false;
            }
            SAMLUtils.debug.message("AssertionManager.hasTopLevelAdminRole:Exception: ", e);
            return false;
        }
    }

    public Assertion getAssertion(String str) throws SAMLException {
        if (str != null && str.length() != 0) {
            return getAssertion(new AssertionIDReference(str), (Set) null, false);
        }
        SAMLUtils.debug.error("AssertionManager.getAssetion(String): id is null.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }

    public Set getAssertionArtifacts(SSOToken sSOToken) throws SAMLException {
        if (sSOToken == null) {
            SAMLUtils.debug.error("AssertionManager.getArtifacts(SSOToken): input token is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (hasTopLevelAdminRole(sSOToken)) {
            return artEntryMap.keySet();
        }
        SAMLUtils.debug.error("AssertionManager.getArtifacts(SSOToken): SSOToken doesn't have the privilege.");
        throw new SAMLException(SAMLUtils.bundle.getString("noPrivilege"));
    }

    public Assertion createSSOAssertion(String str, AssertionArtifact assertionArtifact, String str2) throws SAMLException {
        SiteAttributeMapper siteAttributeMapper;
        SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) ((Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls")).get(str2);
        if (sOAPEntry == null || (siteAttributeMapper = sOAPEntry.getSiteAttributeMapper()) == null) {
            SAMLUtils.debug.message("AssertionManager:SiteAttributeMapper is null");
            return createAssertion(str, assertionArtifact, str2, null, null);
        }
        try {
            return createAssertion(str, assertionArtifact, str2, siteAttributeMapper.getAttributes(SSOTokenManager.getInstance().createSSOToken(str)), null);
        } catch (SSOException e) {
            SAMLUtils.debug.error("AssertionManager.createAssertion(id): exception retrieving info from the SSOToken", e);
            return null;
        }
    }

    private Assertion createAssertion(String str, AssertionArtifact assertionArtifact, String str2, List list, String str3) throws SAMLException {
        SubjectConfirmation subjectConfirmation;
        if (str == null || str.equals("")) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createAssertion(id):null input.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        String str4 = null;
        try {
            SSOToken createSSOToken = SSOTokenManager.getInstance().createSSOToken(str);
            String authMethodURI = SAMLServiceManager.getAuthMethodURI(createSSOToken.getAuthType());
            Date stringToDate = SAMLUtils.stringToDate(createSSOToken.getProperty("authInstant"));
            String property = createSSOToken.getProperty("Organization");
            String name = createSSOToken.getPrincipal().getName();
            try {
                str4 = createSSOToken.getIPAddress().getHostAddress();
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.createAssertion(id): exception when obtaining client ip: ", e);
                }
            }
            NameIdentifier nameIdentifier = new NameIdentifier(name, property, defaultNameIdentifierFormat);
            String str5 = null;
            if (str3 != null && str3.length() > 0) {
                subjectConfirmation = new SubjectConfirmation(str3);
            } else if (assertionArtifact != null) {
                str5 = assertionArtifact.getAssertionArtifact();
                subjectConfirmation = new SubjectConfirmation("urn:oasis:names:tc:SAML:1.0:cm:artifact-01");
            } else {
                subjectConfirmation = new SubjectConfirmation("urn:oasis:names:tc:SAML:1.0:cm:bearer");
            }
            Subject subject = new Subject(nameIdentifier, subjectConfirmation);
            SubjectLocality subjectLocality = null;
            if (str4 != null && str4.length() != 0) {
                subjectLocality = new SubjectLocality(str4, null);
            }
            HashSet hashSet = new HashSet();
            hashSet.add(new AuthenticationStatement(authMethodURI, stringToDate, subject, subjectLocality, null));
            if (list != null && !list.isEmpty()) {
                hashSet.add(new AttributeStatement(subject, list));
            }
            Date date = new Date();
            Assertion assertion = new Assertion(null, (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME), date, new Conditions(new Date(date.getTime() - (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.NOTBEFORE_TIMESKEW_NAME)).intValue() * 1000)), new Date(date.getTime() + (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_TIMEOUT_NAME)).intValue() * 1000))), hashSet);
            String assertionID = assertion.getAssertionID();
            if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
                assertion.signXML();
            }
            Entry entry = new Entry(this, assertion, str2, str5, createSSOToken);
            int intValue = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_MAX_NUMBER_NAME)).intValue();
            if (intValue != 0 && idEntryMap.size() > intValue) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.createAssertion: reached maxNumber of assertions.");
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
            try {
                synchronized (idEntryMap) {
                    idEntryMap.put(assertionID, entry);
                }
                SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionCreated")).append(":").append(assertion.toString(true, true)).toString());
                if (str5 != null) {
                    long intValue2 = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ARTIFACT_TIMEOUT_NAME)).intValue() * 1000;
                    try {
                        synchronized (artEntryMap) {
                            artEntryMap.put(str5, new ArtEntry(this, assertionID, System.currentTimeMillis() + intValue2));
                        }
                        SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionArtifactCreated")).append(":").append(str5).append(" ").append(SAMLUtils.bundle.getString("forAssertion")).append(":").append(assertionID).toString());
                    } catch (Exception e2) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("AssertionManager: couldn't add artifact to the artEntryMap.", e2);
                        }
                        throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
                    }
                }
                if (createSSOToken != null) {
                    try {
                        createSSOToken.addSSOTokenListener(new AssertionSSOTokenListener(assertionID, str5));
                    } catch (SSOException e3) {
                        SAMLUtils.debug.error("AssertionManager.createAssertion(id): Couldn't add listener to token:", e3);
                    }
                }
                return assertion;
            } catch (Exception e4) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager: couldn't add to idEntryMap.", e4);
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
        } catch (Exception e5) {
            SAMLUtils.debug.error("AssertionManager.createAssertion(id): exception retrieving info from the SSOToken: ", e5);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAssertion(String str, String str2) {
        Entry entry;
        String artifactString;
        ArtEntry artEntry = null;
        if (str2 != null) {
            synchronized (artEntryMap) {
                artEntry = (ArtEntry) artEntryMap.remove(str2);
            }
            SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionArtifactRemoved")).append(":").append(str2).toString());
        }
        if (str == null) {
            if (artEntry == null || !SAMLServiceManager.getRemoveAssertion()) {
                return;
            }
            synchronized (idEntryMap) {
                idEntryMap.remove(artEntry.getAssertionID());
            }
            return;
        }
        synchronized (idEntryMap) {
            entry = (Entry) idEntryMap.remove(str);
        }
        if (entry != null) {
            SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionRemoved")).append(":").append(str).toString());
            if (str2 != null || (artifactString = entry.getArtifactString()) == null) {
                return;
            }
            synchronized (artEntryMap) {
                artEntryMap.remove(artifactString);
            }
            SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionArtifactRemoved")).append(":").append(artifactString).toString());
        }
    }

    private Assertion getAssertion(AssertionArtifact assertionArtifact, Set set, boolean z) throws SAMLException {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(new StringBuffer().append("getAssertion(arti): destID set= ").append(set).toString());
        }
        String assertionArtifact2 = assertionArtifact.getAssertionArtifact();
        String serverURL = SAMLUtils.getServerURL(assertionArtifact.getAssertionHandle());
        if (serverURL != null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("AssertionManager.getAssertion(art, destid: calling another server in lb site:").append(serverURL).toString());
            }
            return new AssertionManagerClient(SAMLUtils.getFullServiceURL(serverURL)).getAssertion(assertionArtifact, set);
        }
        try {
            ArtEntry artEntry = (ArtEntry) artEntryMap.get(assertionArtifact2);
            if (artEntry == null) {
                throw new SAMLException();
            }
            String assertionID = artEntry.getAssertionID();
            if (assertionID == null) {
                throw new SAMLException();
            }
            if (System.currentTimeMillis() > artEntry.getExpireTime()) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): artifact timed out.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("artifactTimedOut"));
            }
            try {
                Entry entry = (Entry) idEntryMap.get(assertionID);
                if (entry == null) {
                    throw new SAMLException();
                }
                if (z) {
                    String destID = entry.getDestID();
                    if (destID == null) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no destID found corresponding to artifact.");
                        }
                        throw new SAMLException(SAMLUtils.bundle.getString("noDestIDMatchingArtifact"));
                    }
                    if (set == null || !set.contains(destID)) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): destinationID doesn't match.");
                        }
                        throw new SAMLException(SAMLUtils.bundle.getString("destIDNotMatch"));
                    }
                }
                Assertion assertion = entry.getAssertion();
                if (assertion == null) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no Assertion found corresponding to aID.");
                    }
                    throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
                }
                synchronized (artEntryMap) {
                    artEntryMap.remove(assertionArtifact2);
                }
                SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionArtifactVerified")).append(":").append(assertionArtifact2).toString());
                if (SAMLServiceManager.getRemoveAssertion()) {
                    synchronized (idEntryMap) {
                        idEntryMap.remove(assertionID);
                    }
                }
                if (assertion.isTimeValid()) {
                    return assertion;
                }
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("AssertionManager: assertion ").append(assertionID).append(" is expired.").toString());
                }
                throw new SAMLException(SAMLUtils.bundle.getString("assertionTimeNotValid"));
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no Entry found corresponding to artifact.", e);
                }
                throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
            }
        } catch (Exception e2) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no AssertionID found corresponding to artifact.", e2);
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
    }

    public Assertion getAssertion(AssertionArtifact assertionArtifact, String str) throws SAMLException {
        if (assertionArtifact == null || str == null || str.equals("")) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager: input is null.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        return getAssertion(assertionArtifact, (Set) hashSet, true);
    }

    public Assertion getAssertion(AssertionArtifact assertionArtifact, Set set) throws SAMLException {
        if (assertionArtifact != null && set != null && !set.isEmpty()) {
            return getAssertion(assertionArtifact, set, true);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager: input is null.");
        }
        throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Assertion getAssertion(AssertionArtifact assertionArtifact) throws SAMLException {
        if (assertionArtifact != null) {
            return getAssertion(assertionArtifact, (Set) null, false);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager: input is null.");
        }
        throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
    }

    public Assertion getAssertion(Query query, String str) throws SAMLException {
        Assertion attributeAssertion;
        if (query == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion: input query is null.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        int queryType = query.getQueryType();
        if (queryType == 0) {
            attributeAssertion = getAuthenticationAssertion((AuthenticationQuery) query, str);
        } else if (queryType == 1) {
            attributeAssertion = getAuthorizationDecisionAssertion((AuthorizationDecisionQuery) query, str);
        } else {
            if (queryType != 2) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(new StringBuffer().append("AssertionManager.getAssertion: this type of query is not supported:").append(queryType).toString());
                }
                throw new SAMLRequesterException(SAMLUtils.bundle.getString("queryNotSupported"));
            }
            attributeAssertion = getAttributeAssertion((AttributeQuery) query, str);
        }
        return attributeAssertion;
    }

    private Assertion getAttributeAssertion(AttributeQuery attributeQuery, String str) throws SAMLException {
        AttributeMapper attributeMapper;
        if (attributeQuery == null) {
            return null;
        }
        if (str == null || str.length() == 0) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: missing destID.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingDestID"));
        }
        Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
        if (map == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: empty partner URL list.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("emptyPartnerURLList"));
        }
        SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(str);
        if (sOAPEntry == null || (attributeMapper = sOAPEntry.getAttributeMapper()) == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: couldn't obtain AttributeMapper.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("errorObtainAttributeMapper"));
        }
        Subject subject = attributeQuery.getSubject();
        String sSOTokenID = attributeMapper.getSSOTokenID(attributeQuery);
        SSOToken sSOToken = null;
        String str2 = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
        if (sSOTokenID != null) {
            try {
                sSOToken = SSOTokenManager.getInstance().createSSOToken(sSOTokenID);
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: invalid SSO token:", e);
                }
                throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
            }
        } else {
            Assertion sSOAssertion = attributeMapper.getSSOAssertion(attributeQuery);
            if (sSOAssertion == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: couldn't find SSOAssertion in query.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("noSSOAssertion"));
            }
            if (!sSOAssertion.isSignatureValid()) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: SSOAssertion is signature invalid.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("assertionSignatureNotValid"));
            }
            if (!sSOAssertion.isTimeValid()) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: SSOAssertion is time invalid.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("assertionTimeNotValid"));
            }
            Iterator it = sSOAssertion.getStatement().iterator();
            Subject subject2 = null;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Statement statement = (Statement) it.next();
                if (statement.getStatementType() == 1) {
                    subject2 = ((AuthenticationStatement) statement).getSubject();
                    break;
                }
            }
            if (subject2 == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: missing AuthenticationStatement in SSOAssertion.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("noAuthNStatement"));
            }
            String issuer = sSOAssertion.getIssuer();
            String assertionID = sSOAssertion.getAssertionID();
            if (str2 != null && str2.equals(issuer) && SAMLUtils.getServerURL(assertionID) == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttrAssertion:this server is the issuer.");
                }
                Entry entry = (Entry) idEntryMap.get(assertionID);
                if (entry != null) {
                    sSOToken = entry.getSSOToken();
                    if (sSOToken != null) {
                        verifySSOTokenAndNI(sSOToken, subject2.getNameIdentifier());
                    }
                }
            } else {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttrAssertion:this server is not the issuer.");
                }
                sSOToken = checkAssertionAndCreateSSOToken(sSOAssertion, null, subject2);
            }
        }
        List attributes = attributeMapper.getAttributes(attributeQuery, str, sSOToken);
        if (attributes == null || attributes.size() == 0) {
            return null;
        }
        int intValue = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_MAX_NUMBER_NAME)).intValue();
        if (intValue != 0 && idEntryMap.size() > intValue) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertionreached max number of assertions.");
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new AttributeStatement(subject, attributes));
        Date date = new Date();
        Assertion assertion = new Assertion(null, str2, date, new Conditions(new Date(date.getTime() - (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.NOTBEFORE_TIMESKEW_NAME)).intValue() * 1000)), new Date(date.getTime() + (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_TIMEOUT_NAME)).intValue() * 1000))), hashSet);
        if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
            assertion.signXML();
        }
        String assertionID2 = assertion.getAssertionID();
        Entry entry2 = new Entry(this, assertion, str, null, null);
        try {
            synchronized (idEntryMap) {
                idEntryMap.put(assertionID2, entry2);
            }
        } catch (Exception e2) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion couldn't add assertion to the idEntryMap.", e2);
            }
        }
        SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionCreated")).append(":").append(assertion.toString(true, true)).toString());
        return assertion;
    }

    private Assertion getAuthenticationAssertion(AuthenticationQuery authenticationQuery, String str) throws SAMLException {
        if (authenticationQuery == null) {
            return null;
        }
        Subject subject = authenticationQuery.getSubject();
        SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmation();
        if (subjectConfirmation == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: missing SubjectConfirmation.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingSubjectConfirmation"));
        }
        if (!SAMLUtils.isCorrectConfirmationMethod(subjectConfirmation)) {
            throw new SAMLException(SAMLUtils.bundle.getString("wrongConfirmationMethodValue"));
        }
        Element subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
        if (subjectConfirmationData == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: missing SubjectConfirmationData in the Subject.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingSubjectConfirmationData"));
        }
        String str2 = null;
        try {
            SSOToken createSSOToken = SSOTokenManager.getInstance().createSSOToken(XMLUtils.getElementString(subjectConfirmationData));
            String authMethodURI = SAMLServiceManager.getAuthMethodURI(createSSOToken.getAuthType());
            Date stringToDate = SAMLUtils.stringToDate(createSSOToken.getProperty("authInstant"));
            String property = createSSOToken.getProperty("Organization");
            String name = createSSOToken.getPrincipal().getName();
            try {
                str2 = createSSOToken.getIPAddress().getHostAddress();
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: exception when getting client ip:", e);
                }
            }
            NameIdentifier nameIdentifier = subject.getNameIdentifier();
            if (nameIdentifier != null) {
                String name2 = nameIdentifier.getName();
                String nameQualifier = nameIdentifier.getNameQualifier();
                if ((name2 != null && !name2.equalsIgnoreCase(name)) || (nameQualifier != null && !nameQualifier.equalsIgnoreCase(property))) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: NameIdentifier is different from info in SubjectConfirmation");
                    }
                    throw new SAMLException(SAMLUtils.bundle.getString("wrongNameIdentifier"));
                }
            }
            String authenticationMethod = authenticationQuery.getAuthenticationMethod();
            if (authenticationMethod != null && authenticationMethod.length() != 0 && !authenticationMethod.equalsIgnoreCase(authMethodURI)) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: couldn't form an assertion matching the AuthenticationMethod in the query.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("authenticationMethodInQueryNotMatch"));
            }
            SubjectLocality subjectLocality = null;
            if (str2 != null && str2.length() != 0) {
                subjectLocality = new SubjectLocality(str2, null);
            }
            AuthenticationStatement authenticationStatement = new AuthenticationStatement(authMethodURI, stringToDate, subject, subjectLocality, null);
            Date date = new Date();
            Conditions conditions = new Conditions(new Date(date.getTime() - (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.NOTBEFORE_TIMESKEW_NAME)).intValue() * 1000)), new Date(date.getTime() + (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_TIMEOUT_NAME)).intValue() * 1000)));
            String str3 = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
            HashSet hashSet = new HashSet();
            hashSet.add(authenticationStatement);
            Assertion assertion = new Assertion(null, str3, date, conditions, hashSet);
            if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
                assertion.signXML();
            }
            String assertionID = assertion.getAssertionID();
            Entry entry = new Entry(this, assertion, str, null, createSSOToken);
            int intValue = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_MAX_NUMBER_NAME)).intValue();
            if (intValue != 0 && idEntryMap.size() > intValue) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: reached max number of assertions.");
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
            try {
                synchronized (idEntryMap) {
                    idEntryMap.put(assertionID, entry);
                }
                SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionCreated")).append(":").append(assertion.toString(true, true)).toString());
                try {
                    createSSOToken.addSSOTokenListener(new AssertionSSOTokenListener(assertionID));
                } catch (SSOException e2) {
                    SAMLUtils.debug.error("AssertionManager.getAuthNAssertion: Couldn't add listener to token:", e2);
                }
                return assertion;
            } catch (Exception e3) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: couldn't add assertion to the idEntryMap.", e3);
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
        } catch (Exception e4) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: exception retrieving info from the SSOToken:", e4);
            }
            throw new SAMLException(SAMLUtils.bundle.getString("wrongSubjectConfirmationData"));
        }
    }

    private Assertion getAuthorizationDecisionAssertion(AuthorizationDecisionQuery authorizationDecisionQuery, String str) throws SAMLException {
        return getAuthorizationDecisionAssertion(authorizationDecisionQuery, str, true);
    }

    private Assertion getAuthorizationDecisionAssertion(AuthorizationDecisionQuery authorizationDecisionQuery, String str, boolean z) throws SAMLException {
        ActionMapper actionMapper;
        if (authorizationDecisionQuery == null) {
            return null;
        }
        if (str == null || str.length() == 0) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: missing destID.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingDestID"));
        }
        Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
        if (map == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: empty partnerURL list.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("emptyPartnerURLList"));
        }
        SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(str);
        if (sOAPEntry == null || (actionMapper = sOAPEntry.getActionMapper()) == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: couldn't obtain ActionMapper.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("errorObtainActionMapper"));
        }
        Subject subject = authorizationDecisionQuery.getSubject();
        NameIdentifier nameIdentifier = subject.getNameIdentifier();
        SSOToken sSOToken = null;
        boolean z2 = true;
        String sSOTokenID = actionMapper.getSSOTokenID(authorizationDecisionQuery);
        if (sSOTokenID != null) {
            try {
                sSOToken = SSOTokenManager.getInstance().createSSOToken(sSOTokenID);
                verifySSOTokenAndNI(sSOToken, nameIdentifier);
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: invalid SSO token:", e);
                }
                throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
            }
        } else {
            Assertion sSOAssertion = actionMapper.getSSOAssertion(authorizationDecisionQuery, str);
            if (sSOAssertion != null) {
                Map verifyAssertionAndGetSSOToken = verifyAssertionAndGetSSOToken(subject, sSOAssertion);
                sSOToken = (SSOToken) verifyAssertionAndGetSSOToken.get("true");
                if (sSOToken == null) {
                    z2 = false;
                    sSOToken = (SSOToken) verifyAssertionAndGetSSOToken.get("false");
                }
            }
        }
        if (sSOToken != null) {
            return getAuthorizationDecisionAssertion(authorizationDecisionQuery, str, true, sSOToken, z2, actionMapper.getAuthorizationDecisions(authorizationDecisionQuery, sSOToken, str));
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: Couldn't obtain ssotoken.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v41, types: [com.sun.identity.saml.assertion.Statement] */
    private Map verifyAssertionAndGetSSOToken(Subject subject, Assertion assertion) throws SAMLException {
        SSOToken sSOToken;
        if (subject == null || assertion == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: null input.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
        }
        if (!assertion.isSignatureValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: SSOAssertion is signature invalid.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("assertionSignatureNotValid"));
        }
        if (!assertion.isTimeValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: SSOAssertion is time invalid.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("assertionTimeNotValid"));
        }
        HashMap hashMap = new HashMap();
        String str = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
        String issuer = assertion.getIssuer();
        String assertionID = assertion.getAssertionID();
        if (str != null && str.equals(issuer) && SAMLUtils.getServerURL(assertionID) == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion:this server is the issuer.");
            }
            Entry entry = (Entry) idEntryMap.get(assertionID);
            if (entry == null || (sSOToken = entry.getSSOToken()) == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: either not an AuthN assertion or token is not for this subject.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
            }
            verifySSOTokenAndNI(sSOToken, subject.getNameIdentifier());
            hashMap.put("true", sSOToken);
            return hashMap;
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.getAuthZAssertion:this server is not the issuer.");
        }
        Iterator it = assertion.getStatement().iterator();
        AuthenticationStatement authenticationStatement = null;
        AuthenticationStatement authenticationStatement2 = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            authenticationStatement = (Statement) it.next();
            if (authenticationStatement.getStatementType() == 1) {
                authenticationStatement2 = authenticationStatement;
                break;
            }
        }
        if (authenticationStatement2 != null) {
            hashMap.put("false", checkAssertionAndCreateSSOToken(assertion, authenticationStatement, subject));
            return hashMap;
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken:  missing AuthenticationStatement in SSOAssertion.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("noAuthNStatement"));
    }

    private void verifySSOTokenAndNI(SSOToken sSOToken, NameIdentifier nameIdentifier) throws SAMLException {
        try {
            String name = sSOToken.getPrincipal().getName();
            String property = sSOToken.getProperty("Organization");
            if (nameIdentifier == null) {
                return;
            }
            String name2 = nameIdentifier.getName();
            String nameQualifier = nameIdentifier.getNameQualifier();
            if ((name2 == null || name2.equalsIgnoreCase(name)) && (nameQualifier == null || nameQualifier.equalsIgnoreCase(property))) {
                return;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifySSOTokenAndNI: NameIdentifier is different from info in token.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("wrongNameIdentifier"));
        } catch (Exception e) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifySSOTokenAndNI: SSOToken is not valid.", e);
            }
            throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
        }
    }

    private SSOToken checkAssertionAndCreateSSOToken(Assertion assertion, AuthenticationStatement authenticationStatement, Subject subject) throws SAMLException {
        SAMLServiceManager.SOAPEntry sourceSite = SAMLUtils.getSourceSite(assertion.getIssuer());
        if (sourceSite == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.checkAssertionAndCreateSSOToken: issuer is not on the partnerURL list.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
        }
        if (authenticationStatement == null || (subject != null && subject.equals(authenticationStatement.getSubject()))) {
            return createTempSSOToken(subject, sourceSite);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.verifyAndGetSSOToken: wrong subject in evidence.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
    }

    private SSOToken createTempSSOToken(Subject subject, SAMLServiceManager.SOAPEntry sOAPEntry) throws SAMLException {
        Map user = sOAPEntry.getAccountMapper().getUser(subject, sOAPEntry.getSourceID());
        String str = (String) user.get("org");
        String str2 = (String) user.get("name");
        if (str == null || str2 == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createTempSSOToken: couldn't map the subject to a local user.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("cannotMapSubject"));
        }
        SessionService sessionService = SessionService.getSessionService();
        if (sessionService == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createTempSSOToken: fail to get SessionService");
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
        }
        InternalSession newInternalSession = sessionService.newInternalSession(str, null);
        if (newInternalSession == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createTempSSOToken: fail to create internal session");
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
        }
        newInternalSession.setType(0);
        newInternalSession.setClientID(str2);
        newInternalSession.setClientDomain(str);
        newInternalSession.putProperty("Principal", str2);
        newInternalSession.setMaxSessionTime(1L);
        newInternalSession.setMaxIdleTime(1L);
        if (!newInternalSession.activate(str2)) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createTempSSOToken: fail to create internal session");
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
        }
        try {
            return SSOTokenManager.getInstance().createSSOToken(newInternalSession.getID().toString());
        } catch (Exception e) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManger.createTempSSOToken: Couldn't retrieve the ssotoken.", e);
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
        }
    }

    private Assertion getAuthorizationDecisionAssertion(AuthorizationDecisionQuery authorizationDecisionQuery, String str, boolean z, SSOToken sSOToken, boolean z2, Map map) throws SAMLException {
        int i;
        if (map == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: actionMap from ActionMapper is null.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("nullAuthZDecision"));
        }
        List list = (List) map.get(ActionMapper.PERMIT);
        List list2 = list;
        if (list != null) {
            i = 1;
        } else {
            List list3 = (List) map.get(ActionMapper.DENY);
            list2 = list3;
            if (list3 != null) {
                i = 2;
            } else {
                list2 = (List) map.get(ActionMapper.INDETERMINATE);
                if (list2 == null) {
                    list2 = authorizationDecisionQuery.getAction();
                }
                i = 3;
            }
        }
        AuthorizationDecisionStatement authorizationDecisionStatement = new AuthorizationDecisionStatement(authorizationDecisionQuery.getSubject(), authorizationDecisionQuery.getResource(), i, list2, authorizationDecisionQuery.getEvidence());
        Date date = new Date();
        Conditions conditions = new Conditions(new Date(date.getTime() - (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.NOTBEFORE_TIMESKEW_NAME)).intValue() * 1000)), new Date(date.getTime() + (((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_TIMEOUT_NAME)).intValue() * 1000)));
        String str2 = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
        HashSet hashSet = new HashSet();
        hashSet.add(authorizationDecisionStatement);
        Assertion assertion = new Assertion(null, str2, date, conditions, hashSet);
        if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
            assertion.signXML();
        }
        String assertionID = assertion.getAssertionID();
        if (z) {
            if (z2) {
                try {
                    sSOToken.addSSOTokenListener(new AssertionSSOTokenListener(assertionID));
                } catch (SSOException e) {
                    SAMLUtils.debug.error("AssertionManager.getAuthNAssertion: Couldn't get listener to token:", e);
                }
            }
            Entry entry = new Entry(this, assertion, str, null, null);
            int intValue = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_MAX_NUMBER_NAME)).intValue();
            if (intValue != 0 && idEntryMap.size() > intValue) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: reached max number of assertions.");
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
            try {
                synchronized (idEntryMap) {
                    idEntryMap.put(assertionID, entry);
                }
                SAMLUtils.access(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("assertionCreated")).append(":").append(assertion.toString(true, true)).toString());
            } catch (Exception e2) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: couldn't add assertion to the idAssertionMap.", e2);
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
        }
        return assertion;
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference) throws SAMLException {
        return getAssertion(assertionIDReference, (Set) null, false);
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference, SSOToken sSOToken) throws SAMLException {
        if (sSOToken == null) {
            SAMLUtils.debug.error("AssertionManager.getAssertion(idRef, token): input token is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (hasTopLevelAdminRole(sSOToken)) {
            return getAssertion(assertionIDReference, (Set) null, true);
        }
        SAMLUtils.debug.error("AssertionManager.getAssertion(idRef, token): SSOToken doesn't have the privilege.");
        throw new SAMLException(SAMLUtils.bundle.getString("noPrivilege"));
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference, String str) throws SAMLException {
        if (str == null) {
            return getAssertion(assertionIDReference, (Set) null, false);
        }
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        return getAssertion(assertionIDReference, (Set) hashSet, false);
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference, Set set) throws SAMLException {
        return getAssertion(assertionIDReference, set, false);
    }

    private Assertion getAssertion(AssertionIDReference assertionIDReference, Set set, boolean z) throws SAMLException {
        String destID;
        String serverURL;
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(new StringBuffer().append("getAssertion(idRef): destID set=").append(set).toString());
        }
        if (assertionIDReference == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionIDRef): null AssertionID.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        String assertionIDReference2 = assertionIDReference.getAssertionIDReference();
        if (!z && (serverURL = SAMLUtils.getServerURL(assertionIDReference2)) != null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("AssertionManager.getAssertion(idRef): calling another server in lb site:").append(serverURL).toString());
            }
            return new AssertionManagerClient(SAMLUtils.getFullServiceURL(serverURL)).getAssertion(assertionIDReference, set);
        }
        Entry entry = (Entry) idEntryMap.get(assertionIDReference2);
        if (entry == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionIDRef): no matching assertion found in idEntryMap.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        Assertion assertion = entry.getAssertion();
        if (assertion == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionIDRef): no matching assertion found.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        if (!z && (destID = entry.getDestID()) != null && (set == null || !set.contains(destID))) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionID): destID doesn't match.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("destIDNotMatch"));
        }
        if (assertion.isTimeValid()) {
            return assertion;
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(new StringBuffer().append("AssertionManager: assertion ").append(assertionIDReference2).append(" is expired.").toString());
        }
        throw new SAMLException("assertionTimeNotValid");
    }

    public AssertionArtifact createAssertionArtifact(String str, String str2) throws SAMLException {
        if (str == null || str2 == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager: null input for method createAssertionArtifact.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
        if (map == null || !map.containsKey(str2)) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact:(String, String): destID not in partner list.");
            throw new SAMLException(SAMLUtils.bundle.getString("destIDNotFound"));
        }
        String generateAssertionHandle = SAMLUtils.generateAssertionHandle();
        if (generateAssertionHandle == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createAssertionArtifact: couldn't generate assertion handle.");
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
        }
        AssertionArtifact assertionArtifact = new AssertionArtifact((String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID), generateAssertionHandle);
        createSSOAssertion(str, assertionArtifact, str2);
        return assertionArtifact;
    }

    public int isAllowed(AuthorizationDecisionQuery authorizationDecisionQuery, String str) {
        if (authorizationDecisionQuery == null) {
            SAMLUtils.debug.error("AssertionManager.isAllowed: null input.");
            return 3;
        }
        try {
            Assertion authorizationDecisionAssertion = getAuthorizationDecisionAssertion(authorizationDecisionQuery, str, false);
            if (authorizationDecisionAssertion == null) {
                return 3;
            }
            Set<Statement> statement = authorizationDecisionAssertion.getStatement();
            if (statement == null || statement.isEmpty()) {
                SAMLUtils.debug.error("AssertionManager.isAllowed: no statements in assertion.");
                return 3;
            }
            for (Statement statement2 : statement) {
                if (statement2.getStatementType() == 2) {
                    return ((AuthorizationDecisionStatement) statement2).getDecision();
                }
            }
            SAMLUtils.debug.error("AssertionManager.isAllowed: no authZstatement in assertion.");
            return 3;
        } catch (SAMLException e) {
            SAMLUtils.debug.error("AssertionManager.isAllowed: exception thrown when trying to get an assertion from authZQuery. ", e);
            return 3;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
