package com.sun.identity.saml.common;

import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.am.util.AMPasswordUtil;
import com.iplanet.am.util.Misc;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.SessionException;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.internal.AuthPrincipal;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.saml.plugins.AccountMapper;
import com.sun.identity.saml.plugins.ActionMapper;
import com.sun.identity.saml.plugins.AttributeMapper;
import com.sun.identity.saml.plugins.DefaultAccountMapper;
import com.sun.identity.saml.plugins.DefaultActionMapper;
import com.sun.identity.saml.plugins.DefaultAttributeMapper;
import com.sun.identity.saml.plugins.PartnerAccountMapper;
import com.sun.identity.saml.plugins.PartnerSiteAttributeMapper;
import com.sun.identity.saml.plugins.SiteAttributeMapper;
import com.sun.identity.security.AdminDNAction;
import com.sun.identity.security.AdminPasswordAction;
import com.sun.identity.sm.SchemaType;
import com.sun.identity.sm.ServiceListener;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.Principal;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.mozilla.jss.CryptoManager;

/* loaded from: input_file:120091-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/common/SAMLServiceManager.class */
public class SAMLServiceManager implements ServiceListener {
    private static ServiceSchema serviceSchema = null;
    private static Map map = null;
    private static SAMLServiceManager instance = null;
    private static AMStoreConnection amConn = null;
    private static SSOToken ssoAuthSession = null;
    private static Map certdbCerts = null;
    public static boolean localFlag = false;
    private static String serverProtocol = null;
    private static String serverHost = null;
    private static String serverPort = null;
    private static String serverURL = null;
    private static boolean removeAssertion = false;

    /* loaded from: input_file:120091-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/common/SAMLServiceManager$CertEntry.class */
    public static class CertEntry {
        private String nickName;
        private Principal issuerDN;
        private BigInteger serialNumber;

        public CertEntry(String str, Principal principal, BigInteger bigInteger) {
            this.nickName = null;
            this.issuerDN = null;
            this.nickName = str;
            this.issuerDN = principal;
            this.serialNumber = bigInteger;
        }

        public String getNickName() {
            return this.nickName;
        }

        public Principal getIssuerDN() {
            return this.issuerDN;
        }

        public BigInteger getSerialNumber() {
            return this.serialNumber;
        }
    }

    /* loaded from: input_file:120091-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/common/SAMLServiceManager$SOAPEntry.class */
    public static class SOAPEntry {
        private String destID;
        private String soapRevUrl;
        private String authenType;
        private String userid;
        private String certalias;
        private AccountMapper acctMapper;
        private PartnerAccountMapper partnerAcctMapper;
        private SiteAttributeMapper _siteAttributeMapper;
        private PartnerSiteAttributeMapper _partnerSiteAttributeMapper;
        private AttributeMapper attributeMapper;
        private ActionMapper actionMapper;
        private String _issuer;
        private Set origHostSet;
        private String prefVersion;

        public SOAPEntry(String str, String str2, String str3, String str4, String str5, AccountMapper accountMapper, PartnerAccountMapper partnerAccountMapper, SiteAttributeMapper siteAttributeMapper, PartnerSiteAttributeMapper partnerSiteAttributeMapper, AttributeMapper attributeMapper, ActionMapper actionMapper, String str6, Set set, String str7) {
            this.destID = null;
            this.soapRevUrl = null;
            this.authenType = null;
            this.userid = null;
            this.certalias = null;
            this.acctMapper = null;
            this.partnerAcctMapper = null;
            this._siteAttributeMapper = null;
            this._partnerSiteAttributeMapper = null;
            this.attributeMapper = null;
            this.actionMapper = null;
            this._issuer = null;
            this.origHostSet = null;
            this.prefVersion = null;
            this.destID = str;
            this.soapRevUrl = str2;
            this.authenType = str3;
            this.userid = str4;
            this.certalias = str5;
            this.acctMapper = accountMapper;
            this.partnerAcctMapper = partnerAccountMapper;
            this._siteAttributeMapper = siteAttributeMapper;
            this._partnerSiteAttributeMapper = partnerSiteAttributeMapper;
            this.attributeMapper = attributeMapper;
            this.actionMapper = actionMapper;
            this._issuer = str6;
            this.origHostSet = set;
            this.prefVersion = str7;
        }

        public String getSourceID() {
            return this.destID;
        }

        public String getSOAPUrl() {
            return this.soapRevUrl;
        }

        public String getAuthType() {
            return this.authenType;
        }

        public String getUser() {
            return this.userid;
        }

        public String getCertAlias() {
            return this.certalias;
        }

        public String getVersion() {
            return this.prefVersion;
        }

        public AccountMapper getAccountMapper() {
            return this.acctMapper;
        }

        public PartnerAccountMapper getPartnerAccountMapper() {
            return this.partnerAcctMapper;
        }

        public SiteAttributeMapper getSiteAttributeMapper() {
            SAMLUtils.debug.message("getSiteAttributeMapper() called");
            if (this._siteAttributeMapper == null) {
                SAMLUtils.debug.message("siteMapper is null");
            }
            return this._siteAttributeMapper;
        }

        public PartnerSiteAttributeMapper getPartnerSiteAttributeMapper() {
            SAMLUtils.debug.message("getPartnerSiteAttributeMapper() called");
            if (this._partnerSiteAttributeMapper == null) {
                SAMLUtils.debug.message("partnerSiteMapper is null");
            }
            return this._partnerSiteAttributeMapper;
        }

        public AttributeMapper getAttributeMapper() {
            return this.attributeMapper;
        }

        public ActionMapper getActionMapper() {
            return this.actionMapper;
        }

        public String getIssuer() {
            return this._issuer;
        }

        public Set getHostSet() {
            if (this.origHostSet == null) {
                return this.origHostSet;
            }
            HashSet hashSet = new HashSet();
            for (String str : this.origHostSet) {
                try {
                    for (InetAddress inetAddress : InetAddress.getAllByName(str)) {
                        hashSet.add(inetAddress.getHostAddress());
                    }
                } catch (Exception e) {
                    if (SAMLUtils.debug.warningEnabled()) {
                        SAMLUtils.debug.warning("SAML Service Manager: getHostSet: possible wrong hostname in the host list.");
                    }
                }
                hashSet.add(str);
            }
            return hashSet;
        }
    }

    /* loaded from: input_file:120091-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/common/SAMLServiceManager$SiteEntry.class */
    public static class SiteEntry {
        private String hostname;
        private int portnumber;
        private String sid;
        private String saml;
        private String post;
        private String prefVersion;

        public SiteEntry(String str, int i, String str2, String str3, String str4, String str5) {
            this.hostname = null;
            this.portnumber = -1;
            this.sid = null;
            this.saml = null;
            this.post = null;
            this.prefVersion = null;
            this.hostname = str;
            this.portnumber = i;
            this.sid = str2;
            this.saml = str3;
            this.post = str4;
            this.prefVersion = str5;
        }

        public String getSAMLUrl() {
            return this.saml;
        }

        public String getPOSTUrl() {
            return this.post;
        }

        public String getHostName() {
            return this.hostname;
        }

        public int getPort() {
            return this.portnumber;
        }

        public String getSourceID() {
            return this.sid;
        }

        public String getVersion() {
            return this.prefVersion;
        }
    }

    private SAMLServiceManager() {
    }

    private static void init() {
        SAMLUtils.debug.message("SAMLServiceManager.init: Constructing a new instance of SAMLServiceManager");
        instance = new SAMLServiceManager();
        try {
            SSOToken sSOToken = getSSOToken();
            ServiceSchemaManager serviceSchemaManager = new ServiceSchemaManager(sSOToken, SAMLConstants.SAML_SERVICE_NAME, "1.0");
            serviceSchema = serviceSchemaManager.getGlobalSchema();
            setValues();
            serviceSchemaManager.addListener(instance);
            amConn = new AMStoreConnection(sSOToken);
            serverProtocol = SystemProperties.get("com.iplanet.am.localserver.protocol");
            serverHost = SystemProperties.get("com.iplanet.am.localserver.host");
            serverPort = SystemProperties.get("com.iplanet.am.localserver.port");
            serverURL = new StringBuffer().append(serverProtocol).append(ISAuthConstants.URL_SEPARATOR).append(serverHost).append(":").append(serverPort).toString();
            String str = SystemProperties.get(SAMLConstants.REMOVE_ASSERTION_NAME);
            if (str != null && !str.equals("")) {
                removeAssertion = Boolean.valueOf(str).booleanValue();
            }
        } catch (Exception e) {
            SAMLUtils.debug.error("SAMLServiceListener.init: Exception:", e);
        }
    }

    public static boolean getRemoveAssertion() {
        if (instance == null) {
            init();
        }
        return removeAssertion;
    }

    public static String getServerProtocol() {
        if (instance == null) {
            init();
        }
        return serverProtocol;
    }

    public static String getServerHost() {
        if (instance == null) {
            init();
        }
        return serverHost;
    }

    public static String getServerPort() {
        if (instance == null) {
            init();
        }
        return serverPort;
    }

    public static String getServerURL() {
        if (instance == null) {
            init();
        }
        return serverURL;
    }

    protected static synchronized SSOToken getSSOToken() throws SSOException, SessionException {
        if (ssoAuthSession == null) {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            String str = (String) AccessController.doPrivileged(new AdminDNAction());
            try {
                ssoAuthSession = sSOTokenManager.createSSOToken(new AuthPrincipal(str), (String) AccessController.doPrivileged(new AdminPasswordAction()));
            } catch (SSOException e) {
                SAMLUtils.debug.error("SAMLServiceManager:getSSOToken(): SSOException : ", e);
                throw new SessionException(e.getMessage());
            }
        }
        return ssoAuthSession;
    }

    private static synchronized void setValues() {
        HashMap hashMap;
        String decodedSourceIDString;
        Set set;
        String generateSourceID;
        if (serviceSchema == null) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put(SAMLConstants.ARTIFACT_TIMEOUT_NAME, new Integer(120));
            hashMap2.put(SAMLConstants.ASSERTION_TIMEOUT_NAME, new Integer(60));
            hashMap2.put("iplanet-am-saml-artifact-name", "SAMLart");
            hashMap2.put(SAMLConstants.TARGET_SPECIFIER, "TARGET");
            hashMap2.put(SAMLConstants.ASSERTION_MAX_NUMBER_NAME, new Integer(0));
            hashMap2.put(SAMLConstants.CLEANUP_INTERVAL_NAME, new Integer(180));
            hashMap2.put(SAMLConstants.SIGN_REQUEST, Boolean.valueOf("false"));
            hashMap2.put(SAMLConstants.SIGN_RESPONSE, Boolean.valueOf("false"));
            hashMap2.put(SAMLConstants.SIGN_ASSERTION, Boolean.valueOf("false"));
            map = hashMap2;
            return;
        }
        try {
            hashMap = new HashMap();
            Map attributeDefaults = serviceSchema.getAttributeDefaults();
            Set set2 = (Set) attributeDefaults.get(SAMLConstants.NOTBEFORE_TIMESKEW_NAME);
            int i = 300;
            if (set2.size() == 1) {
                i = Integer.parseInt((String) set2.iterator().next());
                if (i <= 0) {
                    SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: invalid not before time skew period value=").append(i).append(", using default.").toString());
                }
            }
            hashMap.put(SAMLConstants.NOTBEFORE_TIMESKEW_NAME, new Integer(i));
            Set set3 = (Set) attributeDefaults.get(SAMLConstants.ARTIFACT_TIMEOUT_NAME);
            int i2 = 120;
            if (set3.size() == 1) {
                i2 = Integer.parseInt((String) set3.iterator().next());
                if (i2 <= 0) {
                    SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: invalid artifact timeout value=").append(i2).append(", using default.").toString());
                    i2 = 120;
                }
            }
            hashMap.put(SAMLConstants.ARTIFACT_TIMEOUT_NAME, new Integer(i2));
            Set set4 = (Set) attributeDefaults.get(SAMLConstants.ASSERTION_TIMEOUT_NAME);
            int i3 = 60;
            if (set4.size() == 1) {
                i3 = Integer.parseInt((String) set4.iterator().next());
                if (i3 <= 0) {
                    SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: invalid assertion timeout value=").append(i3).append(", using default.").toString());
                    i3 = 60;
                }
            }
            hashMap.put(SAMLConstants.ASSERTION_TIMEOUT_NAME, new Integer(i3));
            Set set5 = (Set) attributeDefaults.get(SAMLConstants.ASSERTION_MAX_NUMBER_NAME);
            int i4 = 0;
            if (set5.size() == 1) {
                i4 = Integer.parseInt((String) set5.iterator().next());
                if (i4 < 0) {
                    SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: invalid assertion max number value=").append(i4).append(", using default.").toString());
                    i4 = 0;
                }
            }
            hashMap.put(SAMLConstants.ASSERTION_MAX_NUMBER_NAME, new Integer(i4));
            Set set6 = (Set) attributeDefaults.get(SAMLConstants.CLEANUP_INTERVAL_NAME);
            int i5 = 180;
            if (set6.size() == 1) {
                i5 = Integer.parseInt((String) set6.iterator().next());
                if (i5 <= 0) {
                    SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: invalid cleanup interval value=").append(i5).append(", using default.").toString());
                    i5 = 180;
                }
            }
            hashMap.put(SAMLConstants.CLEANUP_INTERVAL_NAME, new Integer(i5));
            hashMap.put("iplanet-am-saml-artifact-name", Misc.getMapAttr(attributeDefaults, "iplanet-am-saml-artifact-name", "SAMLart"));
            Set<String> set7 = (Set) attributeDefaults.get(SAMLConstants.POST_TO_TARGET_URLS);
            if (set7 == null || set7.size() == 0) {
                SAMLUtils.debug.message("SAMLServiceManager: No POST to targets found");
            } else {
                Set synchronizedSet = Collections.synchronizedSet(new HashSet());
                r26 = null;
                for (String str : set7) {
                    try {
                        URL url = new URL(str);
                        synchronizedSet.add(new StringBuffer(url.getHost().toLowerCase()).append(":").append(String.valueOf(url.getPort())).append("/").append(url.getPath()).toString());
                    } catch (MalformedURLException e) {
                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: Malformed Url in the POST to target list, skipping entry:").append(str).toString());
                    }
                }
                if (synchronizedSet.size() > 0) {
                    hashMap.put(SAMLConstants.POST_TO_TARGET_URLS, synchronizedSet);
                } else {
                    SAMLUtils.debug.error("SAMLServiceManager: All POST to target URLs malformed");
                }
            }
            String stringBuffer = new StringBuffer().append(SystemProperties.get("com.iplanet.am.localserver.protocol")).append(ISAuthConstants.URL_SEPARATOR).append(SystemProperties.get("com.iplanet.am.localserver.host")).append(":").append(SystemProperties.get("com.iplanet.am.localserver.port")).toString();
            HashMap hashMap3 = new HashMap();
            HashMap hashMap4 = new HashMap();
            HashMap hashMap5 = new HashMap();
            Set set8 = (Set) attributeDefaults.get(SAMLConstants.SITE_ID_ISSUER_NAME_LIST);
            if (set8.size() == 0) {
                SAMLUtils.debug.error("SAMLServiceManager: No Site ID or Issuer Name in the SAML service config.");
            } else {
                Iterator it = set8.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String str2 = (String) it.next();
                    String str3 = null;
                    String str4 = null;
                    String str5 = null;
                    StringTokenizer stringTokenizer = new StringTokenizer(str2, "|");
                    while (true) {
                        if (!stringTokenizer.hasMoreElements()) {
                            break;
                        }
                        String nextToken = stringTokenizer.nextToken();
                        int indexOf = nextToken.indexOf("=");
                        if (indexOf == -1) {
                            SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: wrong format: ").append(nextToken).toString());
                            break;
                        }
                        int i6 = indexOf + 1;
                        if (i6 >= nextToken.length()) {
                            SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: wrong format: ").append(nextToken).toString());
                            break;
                        }
                        String substring = nextToken.substring(0, indexOf);
                        if (substring.equalsIgnoreCase(SAMLConstants.INSTANCEID)) {
                            str3 = nextToken.substring(i6);
                        } else if (substring.equalsIgnoreCase(SAMLConstants.SITEID)) {
                            str4 = nextToken.substring(i6);
                        } else if (substring.equalsIgnoreCase(SAMLConstants.ISSUERNAME)) {
                            str5 = nextToken.substring(i6);
                        } else {
                            SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: wrong format: ").append(nextToken).toString());
                        }
                    }
                    if (str3 == null) {
                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager: missing instanceID:").append(str2).toString());
                        break;
                    }
                    boolean equalsIgnoreCase = str3.equalsIgnoreCase(stringBuffer);
                    if (str4 != null && (decodedSourceIDString = SAMLUtils.getDecodedSourceIDString(str4)) != null) {
                        hashMap3.put(str3, decodedSourceIDString);
                        hashMap5.put(decodedSourceIDString, str3);
                        if (equalsIgnoreCase) {
                            hashMap.put(SAMLConstants.SITE_ID, decodedSourceIDString);
                        }
                    }
                    if (str5 != null) {
                        hashMap4.put(str3, str5);
                        if (equalsIgnoreCase) {
                            hashMap.put(SAMLConstants.ISSUER_NAME, str5);
                        }
                    }
                }
            }
            if (!hashMap3.containsKey(stringBuffer) && (generateSourceID = SAMLSiteID.generateSourceID(stringBuffer)) != null) {
                String decodedSourceIDString2 = SAMLUtils.getDecodedSourceIDString(generateSourceID);
                if (decodedSourceIDString2 != null) {
                    hashMap3.put(stringBuffer, decodedSourceIDString2);
                    hashMap5.put(decodedSourceIDString2, stringBuffer);
                    hashMap.put(SAMLConstants.SITE_ID, decodedSourceIDString2);
                } else {
                    SAMLUtils.debug.error("Missing Site ID.");
                }
            }
            if (!hashMap4.containsKey(stringBuffer)) {
                hashMap4.put(stringBuffer, stringBuffer);
                hashMap.put(SAMLConstants.ISSUER_NAME, stringBuffer);
            }
            hashMap.put(SAMLConstants.SITE_ID_LIST, hashMap3);
            hashMap.put(SAMLConstants.INSTANCE_LIST, hashMap5);
            hashMap.put(SAMLConstants.ISSUER_NAME_LIST, hashMap4);
            hashMap.put(SAMLConstants.SIGN_REQUEST, Boolean.valueOf(Misc.getMapAttr(attributeDefaults, SAMLConstants.SIGN_REQUEST, "false")));
            hashMap.put(SAMLConstants.SIGN_RESPONSE, Boolean.valueOf(Misc.getMapAttr(attributeDefaults, SAMLConstants.SIGN_RESPONSE, "false")));
            hashMap.put(SAMLConstants.SIGN_ASSERTION, Boolean.valueOf(Misc.getMapAttr(attributeDefaults, SAMLConstants.SIGN_ASSERTION, "false")));
            hashMap.put(SAMLConstants.TARGET_SPECIFIER, Misc.getMapAttr(attributeDefaults, SAMLConstants.TARGET_SPECIFIER, "TARGET"));
            Collections.synchronizedSet(new HashSet());
            set = (Set) attributeDefaults.get("iplanet-am-saml-partner-urls");
        } catch (Exception e2) {
            SAMLUtils.debug.error("SAMLServiceManager.setValues: Exception:", e2);
            return;
        }
        if (set.size() != 0) {
            Set synchronizedSet2 = Collections.synchronizedSet(new HashSet());
            Map synchronizedMap = Collections.synchronizedMap(new HashMap());
            for (Object obj : set.toArray()) {
                String str6 = null;
                String str7 = null;
                String str8 = null;
                String str9 = null;
                int i7 = -1;
                String str10 = null;
                String str11 = null;
                String str12 = null;
                String str13 = null;
                String str14 = null;
                String str15 = null;
                AccountMapper accountMapper = null;
                PartnerAccountMapper partnerAccountMapper = null;
                SiteAttributeMapper siteAttributeMapper = null;
                PartnerSiteAttributeMapper partnerSiteAttributeMapper = null;
                AttributeMapper attributeMapper = null;
                ActionMapper actionMapper = null;
                String str16 = null;
                HashSet hashSet = null;
                String str17 = (String) obj;
                if (str17.toUpperCase().indexOf("SOURCEID") == -1) {
                    SAMLUtils.debug.error(new StringBuffer().append("Ignore this trusted site since SourceID is absent:").append(str17).toString());
                } else {
                    StringTokenizer stringTokenizer2 = new StringTokenizer(str17, "|");
                    while (true) {
                        if (!stringTokenizer2.hasMoreElements()) {
                            break;
                        }
                        String nextToken2 = stringTokenizer2.nextToken();
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message(new StringBuffer().append("SAML Service Manager: PartnerUrl List:").append(nextToken2).toString());
                        }
                        int indexOf2 = nextToken2.indexOf("=");
                        if (indexOf2 == -1) {
                            SAMLUtils.debug.error(new StringBuffer().append("SAML Service Manager: illegal format of PartnerUrl:").append(nextToken2).toString());
                            break;
                        }
                        int i8 = indexOf2 + 1;
                        if (i8 >= nextToken2.length()) {
                            break;
                        }
                        String substring2 = nextToken2.substring(0, indexOf2);
                        if (substring2.equalsIgnoreCase("SOURCEID")) {
                            str10 = SAMLUtils.getDecodedSourceIDString(nextToken2.substring(i8));
                        } else if (substring2.equalsIgnoreCase("TARGET")) {
                            str6 = nextToken2.substring(i8);
                        } else if (substring2.equalsIgnoreCase(SAMLConstants.SAMLURL)) {
                            str7 = nextToken2.substring(i8).trim();
                        } else if (substring2.equalsIgnoreCase(SAMLConstants.POSTURL)) {
                            str8 = nextToken2.substring(i8).trim();
                        } else if (substring2.equalsIgnoreCase("SOAPURL")) {
                            str11 = nextToken2.substring(i8).trim();
                        } else if (substring2.equalsIgnoreCase("AUTHTYPE")) {
                            str12 = nextToken2.substring(i8);
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message(new StringBuffer().append("authtype =").append(str12).toString());
                            }
                        } else {
                            if (!substring2.equalsIgnoreCase("USER")) {
                                if (substring2.equalsIgnoreCase("ACCOUNTMAPPER")) {
                                    try {
                                        try {
                                            accountMapper = (AccountMapper) Class.forName(nextToken2.substring(i8)).newInstance();
                                        } catch (InstantiationException e3) {
                                            SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e3).toString());
                                        }
                                    } catch (ClassNotFoundException e4) {
                                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e4).toString());
                                    } catch (IllegalAccessException e5) {
                                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e5).toString());
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.PARTNERACCOUNTMAPPER)) {
                                    try {
                                        try {
                                            partnerAccountMapper = (PartnerAccountMapper) Class.forName(nextToken2.substring(i8)).newInstance();
                                        } catch (IllegalAccessException e6) {
                                            SAMLUtils.debug.error("SAMLServiceManager:", e6);
                                        }
                                    } catch (ClassNotFoundException e7) {
                                        SAMLUtils.debug.error("SAMLServiceManager:", e7);
                                    } catch (InstantiationException e8) {
                                        SAMLUtils.debug.error("SAMLServiceManager:", e8);
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.CERTALIAS)) {
                                    str14 = nextToken2.substring(i8);
                                    if (SAMLUtils.debug.messageEnabled()) {
                                        SAMLUtils.debug.message(new StringBuffer().append("certAlias =").append(str14).toString());
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.SITEATTRIBUTEMAPPER)) {
                                    try {
                                        try {
                                            siteAttributeMapper = (SiteAttributeMapper) Class.forName(nextToken2.substring(i8)).newInstance();
                                        } catch (InstantiationException e9) {
                                            SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e9).toString());
                                        }
                                    } catch (ClassNotFoundException e10) {
                                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e10).toString());
                                    } catch (IllegalAccessException e11) {
                                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e11).toString());
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.PARTNERSITEATTRIBUTEMAPPER)) {
                                    try {
                                        try {
                                            partnerSiteAttributeMapper = (PartnerSiteAttributeMapper) Class.forName(nextToken2.substring(i8)).newInstance();
                                        } catch (IllegalAccessException e12) {
                                            SAMLUtils.debug.error("SAMLServiceManager:", e12);
                                        }
                                    } catch (ClassNotFoundException e13) {
                                        SAMLUtils.debug.error("SAMLServiceManager:", e13);
                                    } catch (InstantiationException e14) {
                                        SAMLUtils.debug.error("SAMLServiceManager:", e14);
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.ATTRIBUTEMAPPER)) {
                                    try {
                                        attributeMapper = (AttributeMapper) Class.forName(nextToken2.substring(i8)).newInstance();
                                    } catch (Exception e15) {
                                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e15).toString());
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.ACTIONMAPPER)) {
                                    try {
                                        actionMapper = (ActionMapper) Class.forName(nextToken2.substring(i8)).newInstance();
                                    } catch (Exception e16) {
                                        SAMLUtils.debug.error(new StringBuffer().append("SAMLServiceManager:").append(e16).toString());
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.ISSUER)) {
                                    str16 = nextToken2.substring(i8).trim();
                                    if (SAMLUtils.debug.messageEnabled()) {
                                        SAMLUtils.debug.message(new StringBuffer().append("issuer = ").append(str16).toString());
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.HOST_LIST)) {
                                    hashSet = new HashSet();
                                    HashSet hashSet2 = new HashSet();
                                    StringTokenizer stringTokenizer3 = new StringTokenizer(nextToken2.substring(i8), ",");
                                    while (stringTokenizer3.hasMoreTokens()) {
                                        String trim = stringTokenizer3.nextToken().trim();
                                        try {
                                            for (InetAddress inetAddress : InetAddress.getAllByName(trim)) {
                                                hashSet2.add(inetAddress.getHostAddress());
                                            }
                                        } catch (Exception e17) {
                                            if (SAMLUtils.debug.warningEnabled()) {
                                                SAMLUtils.debug.warning("SAML Service Manager: possible wrong hostname in the host list.");
                                            }
                                        }
                                        hashSet2.add(trim);
                                        hashSet.add(trim);
                                    }
                                    if (SAMLUtils.debug.messageEnabled()) {
                                        SAMLUtils.debug.message(new StringBuffer().append("hostSet = ").append(hashSet2).toString());
                                    }
                                } else if (substring2.equalsIgnoreCase(SAMLConstants.VERSION)) {
                                    str15 = nextToken2.substring(i8);
                                }
                                SAMLUtils.debug.error("SAMLServiceManager.setValues: Exception:", e2);
                                return;
                            }
                            str13 = nextToken2.substring(i8);
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message(new StringBuffer().append("user = ").append(str13).toString());
                            }
                        }
                    }
                    if (str12 == null) {
                        str12 = "NOAUTH";
                    }
                    if (accountMapper == null) {
                        accountMapper = new DefaultAccountMapper();
                    }
                    if (attributeMapper == null) {
                        attributeMapper = new DefaultAttributeMapper();
                    }
                    if (actionMapper == null) {
                        actionMapper = new DefaultActionMapper();
                    }
                    if (str15 == null || str15.equals("")) {
                        try {
                            str15 = SystemProperties.get(SAMLConstants.SAML_PROTOCOL_VERSION).trim();
                        } catch (Exception e18) {
                            str15 = "1.0";
                        }
                    }
                    if (str10 == null || str10.equals("")) {
                        SAMLUtils.debug.error(new StringBuffer().append("Ignore this trusted site since SourceID is misconfigured:").append(str17).toString());
                    } else {
                        if (str6 == null || str6.equals("") || ((str7 == null || str7.equals("")) && (str8 == null || str8.equals("")))) {
                            SAMLUtils.debug.warning(new StringBuffer().append("Either target or both SAMLUrl and POSTUrl are misconfigured:").append(str17).toString());
                        }
                        if (str6 != null && !str6.equals("")) {
                            StringTokenizer stringTokenizer4 = new StringTokenizer(str6, ",");
                            while (stringTokenizer4.hasMoreElements()) {
                                String nextToken3 = stringTokenizer4.nextToken();
                                if (SAMLUtils.debug.messageEnabled()) {
                                    SAMLUtils.debug.message(new StringBuffer().append("SAML ServiceManager:target= ").append(nextToken3).toString());
                                }
                                StringTokenizer stringTokenizer5 = new StringTokenizer(nextToken3, ":");
                                if (stringTokenizer5.countTokens() == 2) {
                                    str9 = stringTokenizer5.nextToken().trim();
                                    i7 = Integer.parseInt(stringTokenizer5.nextToken().trim());
                                } else {
                                    str9 = nextToken3;
                                    i7 = -1;
                                }
                            }
                            synchronizedSet2.add(new SiteEntry(str9, i7, str10, str7, str8, str15));
                        }
                        synchronizedMap.put(str10, new SOAPEntry(str10, str11, str12, str13, str14, accountMapper, partnerAccountMapper, siteAttributeMapper, partnerSiteAttributeMapper, attributeMapper, actionMapper, str16, hashSet, str15));
                    }
                }
            }
            hashMap.put(SAMLConstants.TRUSTED_SERVER_LIST, synchronizedSet2);
            hashMap.put("iplanet-am-saml-partner-urls", synchronizedMap);
        } else if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLServiceManager: No entryin partner url config!");
        }
        map = hashMap;
    }

    public static synchronized Object getAttribute(String str) {
        if (instance == null) {
            init();
        }
        return map.get(str);
    }

    public static synchronized Map getSAMLUser(String str) {
        HashMap hashMap = new HashMap();
        try {
            AMUser user = amConn.getUser(str);
            HashSet hashSet = new HashSet();
            ServiceSchema schema = new ServiceSchemaManager(SAMLConstants.SAML_SERVICE_NAME, getSSOToken()).getSchema(SchemaType.USER);
            if (schema != null) {
                hashSet.addAll(schema.getAttributeSchemaNames());
            }
            Map attributes = user.getAttributes(hashSet);
            String mapAttr = Misc.getMapAttr(attributes, "iplanet-am-saml-user");
            String mapAttr2 = Misc.getMapAttr(attributes, "iplanet-am-saml-password");
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("SAMLServiceManager:getSAMLUserID: The user id on partner site is ").append(mapAttr).append("\n").append("The password is ").append(mapAttr2).toString());
            }
            String decrypt = AMPasswordUtil.decrypt(mapAttr2);
            hashMap.put("iplanet-am-saml-user", mapAttr);
            hashMap.put("iplanet-am-saml-password", decrypt);
        } catch (Exception e) {
            SAMLUtils.debug.error("SAMLServiceManager:getSAMLUser", e);
        }
        return hashMap;
    }

    @Override // com.sun.identity.sm.ServiceListener
    public void schemaChanged(String str, String str2) {
        SAMLUtils.debug.message("SAMLServiceManager: schemaChanged.");
        setValues();
    }

    @Override // com.sun.identity.sm.ServiceListener
    public void globalConfigChanged(String str, String str2, String str3, String str4, int i) {
        SAMLUtils.debug.message("SAMLServiceManager: globalConfigChanged.");
        setValues();
    }

    @Override // com.sun.identity.sm.ServiceListener
    public void organizationConfigChanged(String str, String str2, String str3, String str4, String str5, int i) {
        SAMLUtils.debug.message("SAMLServiceManager: orgConfigChanged.");
        setValues();
    }

    public static String getAuthMethodURI(String str) {
        if (str == null) {
            return null;
        }
        if (str.equalsIgnoreCase("Cert")) {
            return "urn:ietf:rfc:2246";
        }
        if (str.equalsIgnoreCase(SAMLConstants.AUTH_METHOD_KERBEROS)) {
            return SAMLConstants.AUTH_METHOD_KERBEROS_URI;
        }
        if (SAMLConstants.passwordAuthMethods.contains(str.toLowerCase())) {
            return SAMLConstants.AUTH_METHOD_PASSWORD_URI;
        }
        if (SAMLConstants.tokenAuthMethods.contains(str.toLowerCase())) {
            return SAMLConstants.AUTH_METHOD_HARDWARE_TOKEN_URI;
        }
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append(SAMLConstants.AUTH_METHOD_URI_PREFIX).append(str);
        return stringBuffer.toString();
    }

    public static CertEntry getMatchingCertEntry(X509Certificate x509Certificate) {
        String trim = x509Certificate.getIssuerDN().getName().trim();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (certdbCerts == null) {
            synchronized (new Object()) {
                if (certdbCerts == null) {
                    certdbCerts = Collections.synchronizedMap(new HashMap());
                }
            }
        } else {
            Iterator it = certdbCerts.entrySet().iterator();
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("found ").append(certdbCerts.entrySet().size()).append(" certdb certs").toString());
            }
            while (it.hasNext()) {
                CertEntry certEntry = (CertEntry) ((Map.Entry) it.next()).getValue();
                if (trim.equals(certEntry.getIssuerDN().getName()) && serialNumber.equals(certEntry.getSerialNumber())) {
                    return certEntry;
                }
            }
        }
        SAMLUtils.debug.message("start loading certs from certdb");
        try {
            org.mozilla.jss.crypto.X509Certificate[] permCerts = CryptoManager.getInstance().getPermCerts();
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message(new StringBuffer().append("read ").append(permCerts.length).append(" certdb certs").toString());
                SAMLUtils.debug.message(new StringBuffer().append("inCert Issuer:").append(trim).toString());
                SAMLUtils.debug.message(new StringBuffer().append("inCert SN:").append(serialNumber).toString());
            }
            for (org.mozilla.jss.crypto.X509Certificate x509Certificate2 : permCerts) {
                CertEntry certEntry2 = new CertEntry(x509Certificate2.getNickname(), x509Certificate2.getIssuerDN(), x509Certificate2.getSerialNumber());
                X509Certificate x509Certificate3 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate2.getEncoded()));
                certdbCerts.put(x509Certificate2.getNickname(), certEntry2);
                if (trim.equals(x509Certificate3.getIssuerDN().getName().trim()) && serialNumber.compareTo(certEntry2.getSerialNumber()) == 0) {
                    SAMLUtils.debug.message("found match..");
                    return certEntry2;
                }
            }
            return null;
        } catch (Exception e) {
            SAMLUtils.debug.error("SAMLSOAPReceiver:Exception", e);
            return null;
        } catch (CryptoManager.NotInitializedException e2) {
            SAMLUtils.debug.error("SAMLSOAPReceiver:Error retrieving certificate from certdb", e2);
            return null;
        }
    }
}
