package com.sun.identity.federation.services;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.services.ldap.DSConfigMgr;
import com.iplanet.services.naming.WebtopNaming;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.alliance.FSAllianceManager;
import com.sun.identity.federation.alliance.FSHostedProviderDescriptor;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSFederationTerminationNotification;
import com.sun.identity.federation.message.FSLogoutNotification;
import com.sun.identity.federation.message.FSLogoutResponse;
import com.sun.identity.federation.message.FSNameRegistrationRequest;
import com.sun.identity.federation.message.FSNameRegistrationResponse;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSAMLRequest;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler;
import com.sun.identity.federation.services.fednsso.FSSSOLECPProfileHandler;
import com.sun.identity.federation.services.logout.FSLogoutStatus;
import com.sun.identity.federation.services.logout.FSLogoutUtil;
import com.sun.identity.federation.services.logout.FSPreLogoutHandler;
import com.sun.identity.federation.services.registration.FSNameRegistrationHandler;
import com.sun.identity.federation.services.termination.FSFedTerminationHandler;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.net.URL;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.messaging.JAXMServlet;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:120091-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/FSSOAPReceiver.class */
public class FSSOAPReceiver extends JAXMServlet {
    private static MessageFactory msgFactory = null;
    private static FSSOAPService soapService = FSSOAPService.getInstance();

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            msgFactory = MessageFactory.newInstance();
        } catch (SOAPException e) {
            FSUtils.debug.error("FSSOAPReceiver:Unable to get message factory", e);
            throw new ServletException(e.getMessage());
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        FSUtils.debug.message("FSSOAPReceiver.doPost: Called");
        FSUtils.checkHTTPRequestLength(httpServletRequest);
        if (!FSServiceUtils.isLibertyEnabled()) {
            FSUtils.debug.error("FSSOAPReceiver: notLibertyEnabled");
            FSUtils.error("FSSOAPReceiver", FSUtils.bundle.getString("notLibertyEnabled"));
            httpServletResponse.sendError(500, FSUtils.bundle.getString("notLibertyEnabled"));
        } else {
            try {
                onMessage(httpServletRequest, httpServletResponse, msgFactory.createMessage(JAXMServlet.getHeaders(httpServletRequest), httpServletRequest.getInputStream()));
            } catch (SOAPException e) {
                throw new ServletException(e);
            }
        }
    }

    public void onMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SOAPMessage sOAPMessage) {
        Element parseSOAPMessage;
        SOAPMessage bindRegistrationResponse;
        FSUtils.debug.message("FSSOAPReceiver.onMessage: Called");
        try {
            parseSOAPMessage = soapService.parseSOAPMessage(sOAPMessage);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSOAPReceiver.onMessage: Error in processing Request: Exception occured: ").append(e.getMessage()).toString());
            httpServletResponse.setStatus(500);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            e.printStackTrace(new PrintStream(byteArrayOutputStream));
            FSUtils.debug.error(byteArrayOutputStream.toString());
            returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
        }
        if (parseSOAPMessage == null) {
            FSUtils.debug.error("FSSOAPReceiver.onMessage: Error in processing saml:Request. Invalid SOAPMessage");
            httpServletResponse.setStatus(500);
            returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
            return;
        }
        String trim = parseSOAPMessage.getTagName().trim();
        String trim2 = parseSOAPMessage.getNamespaceURI().trim();
        String trim3 = parseSOAPMessage.getLocalName().trim();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSSOAPReceiver.onMessage: tagName: ").append(trim).append(" namespaceUri: ").append(trim2).append(" localName: ").append(trim3).toString());
        }
        if (trim3.equalsIgnoreCase("Request") && trim2.equalsIgnoreCase("urn:oasis:names:tc:SAML:1.0:protocol")) {
            try {
                FSResponse handleSAMLRequest = handleSAMLRequest(httpServletRequest, httpServletResponse, new FSSAMLRequest(parseSOAPMessage), parseSOAPMessage, sOAPMessage);
                if (handleSAMLRequest == null) {
                    FSUtils.debug.error("FSSOAPReceiver.onMessage: SAML Response is null");
                    httpServletResponse.setStatus(500);
                    returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                    return;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSSOAPReceiver.onMessage: SAML Response created: ").append(handleSAMLRequest.toXMLString()).toString());
                }
                SOAPMessage bindSAMLResponse = soapService.bindSAMLResponse(handleSAMLRequest);
                if (FSServiceUtils.isSigningOn()) {
                    for (FSAssertion fSAssertion : handleSAMLRequest.getAssertion()) {
                        String id = fSAssertion.getID();
                        Document document = (Document) FSServiceUtils.createSOAPDOM(bindSAMLResponse);
                        FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
                        if (allianceInstance == null) {
                            FSUtils.debug.error("FSSOAPReceiver.onMessage: could not create alliance instance");
                            httpServletResponse.setStatus(500);
                            returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                            return;
                        }
                        String keyInfo = allianceInstance.getProvider(FSServiceUtils.getHostedProviderID(httpServletRequest)).getKeyInfo();
                        if (keyInfo == null) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("SOAPReceiver.onMessage: couldn't obtain this site's cert alias.");
                            }
                            throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
                        }
                        XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
                        int minorVersion = fSAssertion.getMinorVersion();
                        if (minorVersion == 0) {
                            xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), "id", id, false);
                        } else if (minorVersion == 2 || minorVersion == 1) {
                            xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), "AssertionID", fSAssertion.getAssertionID(), false);
                        } else if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("invalid minor version.");
                        }
                        bindSAMLResponse = FSServiceUtils.convertDOMToSOAP(document);
                    }
                }
                if (bindSAMLResponse != null) {
                    returnSOAPMessage(bindSAMLResponse, httpServletResponse);
                    return;
                }
                FSUtils.debug.error("FSSOAPReceiver.onMessage: Error in processing saml:Request");
                httpServletResponse.setStatus(500);
                returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                return;
            } catch (SAMLException e2) {
                FSUtils.debug.error("FSSOAPReceiver.onMessage: Error in processing saml:Request:", e2);
                httpServletResponse.setStatus(500);
                returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                return;
            }
        }
        if (trim3.equalsIgnoreCase(IFSConstants.SESSION_AUTHN_REQUEST_ATTR) && (trim2.equalsIgnoreCase("http://projectliberty.org/schemas/core/2002/12") || trim2.equalsIgnoreCase("urn:liberty:iff:2003-08"))) {
            try {
                FSAuthnRequest fSAuthnRequest = new FSAuthnRequest(parseSOAPMessage);
                FSSessionManager.getInstance(FSServiceUtils.getHostedProviderID(httpServletRequest)).setAuthnRequest(fSAuthnRequest.getRequestID(), fSAuthnRequest);
                handleLECPRequest(httpServletRequest, httpServletResponse, fSAuthnRequest);
                returnSOAPMessage(null, httpServletResponse);
                return;
            } catch (FSException e3) {
                FSUtils.debug.error(new StringBuffer().append("FSSOAPReceiver.onMessage: Error in processing lecp AuthnRequest:").append(e3.getMessage()).toString());
                httpServletResponse.setStatus(500);
                returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                return;
            }
        }
        if (!trim3.equalsIgnoreCase(IFSConstants.NAME_REGISTRATION_REQUEST) || (!trim2.equalsIgnoreCase("http://projectliberty.org/schemas/core/2002/12") && !trim2.equalsIgnoreCase("urn:liberty:iff:2003-08"))) {
            if (trim3.equalsIgnoreCase("FederationTerminationNotification") && (trim2.equalsIgnoreCase("http://projectliberty.org/schemas/core/2002/12") || trim2.equalsIgnoreCase("urn:liberty:iff:2003-08"))) {
                try {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("calling FSSOAPReceiver::handleTerminationRequest");
                    }
                    if (!handleTerminationRequest(parseSOAPMessage, sOAPMessage, httpServletRequest)) {
                        FSUtils.debug.message("Failed processing terminationRequest");
                        returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                        return;
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Completed sucessful processing terminationRequest");
                        }
                        returnTerminationStatus(httpServletResponse);
                        return;
                    }
                } catch (Exception e4) {
                    FSUtils.debug.error(new StringBuffer().append("Error in processing Federation Termination Request").append(e4.getMessage()).toString());
                    FSUtils.error("FSSOAPReceiver::OnMessage", IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED);
                    returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                    return;
                }
            }
            if (trim3.equalsIgnoreCase("LogoutRequest") && (trim2.equalsIgnoreCase("http://projectliberty.org/schemas/core/2002/12") || trim2.equalsIgnoreCase("urn:liberty:iff:2003-08"))) {
                try {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("calling FSSOAPReceiver::handleLogoutRequest");
                    }
                    SOAPMessage handleLogoutRequest = handleLogoutRequest(parseSOAPMessage, sOAPMessage, httpServletRequest);
                    FSLogoutNotification fSLogoutNotification = new FSLogoutNotification(parseSOAPMessage);
                    String generateID = SAMLUtils.generateID();
                    String requestID = fSLogoutNotification.getRequestID();
                    String providerId = fSLogoutNotification.getProviderId();
                    String relayState = fSLogoutNotification.getRelayState();
                    FSLogoutResponse fSLogoutResponse = handleLogoutRequest == null ? new FSLogoutResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_FAILURE)), providerId, relayState) : handleLogoutRequest.getSOAPPart().getEnvelope().getBody().hasFault() ? new FSLogoutResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_FAILURE, new StatusCode(IFSConstants.SAML_UNSUPPORTED))), providerId, relayState) : new FSLogoutResponse(generateID, requestID, new Status(new StatusCode("samlp:Success")), providerId, relayState);
                    fSLogoutResponse.setID(IFSConstants.LOGOUTID);
                    fSLogoutResponse.setMinorVersion(fSLogoutNotification.getMinorVersion());
                    SOAPMessage bindFSLogoutResponse = soapService.bindFSLogoutResponse(fSLogoutResponse);
                    if (FSServiceUtils.isSigningOn()) {
                        try {
                            FSHostedProviderDescriptor hostedProviderByMetaAlias = FSServiceUtils.getAllianceInstance().getHostedProviderByMetaAlias(FSServiceUtils.getMetaAlias(httpServletRequest));
                            int minorVersion2 = fSLogoutResponse.getMinorVersion();
                            if (minorVersion2 == 0) {
                                bindFSLogoutResponse = signLogoutResponse(bindFSLogoutResponse, "id", fSLogoutResponse.getID(), hostedProviderByMetaAlias);
                            } else if (minorVersion2 == 2) {
                                bindFSLogoutResponse = signLogoutResponse(bindFSLogoutResponse, IFSConstants.RESPONSE_ID, fSLogoutResponse.getResponseID(), hostedProviderByMetaAlias);
                            } else if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("invalid minor version.");
                            }
                        } catch (FSMsgException e5) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("LogoutResponse failed");
                            }
                            returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                            return;
                        } catch (SAMLException e6) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("LogoutResponse failed");
                            }
                            returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                            return;
                        } catch (Exception e7) {
                        }
                    }
                    returnSOAPMessage(bindFSLogoutResponse, httpServletResponse);
                    return;
                } catch (Exception e8) {
                    FSUtils.debug.error(new StringBuffer().append("Error in processing logout Request").append(e8.getMessage()).toString());
                    FSUtils.error("FSSOAPReceiver::OnMessage", IFSConstants.LOGOUT_REQUEST_PROCESSING_FAILED);
                    returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                    return;
                }
            }
            returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
            return;
        }
        boolean z = false;
        FSHostedProviderDescriptor fSHostedProviderDescriptor = null;
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSOAPReceiver.onMessage: Handling NameRegistrationRequest");
            }
            FSAllianceManager allianceInstance2 = FSServiceUtils.getAllianceInstance();
            if (allianceInstance2 == null) {
                FSUtils.debug.message("Unable to get alliance manager");
                z = true;
            } else {
                String metaAlias = FSServiceUtils.getMetaAlias(httpServletRequest);
                if (metaAlias == null || metaAlias.length() < 1) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Unable to retrieve alias, Hosted Provider. Cannot process request");
                    }
                    z = true;
                }
                try {
                    fSHostedProviderDescriptor = allianceInstance2.getHostedProviderByMetaAlias(metaAlias);
                    if (fSHostedProviderDescriptor == null) {
                        throw new FSAllianceManagementException(null);
                    }
                } catch (FSAllianceManagementException e9) {
                    FSUtils.debug.error("Unable to find Hosted Provider. Cannot process request");
                    z = true;
                }
            }
            if (z || fSHostedProviderDescriptor == null) {
                returnSOAPMessage(null, httpServletResponse);
                return;
            }
            FSNameRegistrationResponse handleRegistrationRequest = handleRegistrationRequest(parseSOAPMessage, sOAPMessage, fSHostedProviderDescriptor);
            if (handleRegistrationRequest == null) {
                FSUtils.debug.message("Error in processing Name Registration request");
                FSUtils.debug.error("Error in creating NameRegistration Response");
                httpServletResponse.setStatus(500);
                bindRegistrationResponse = soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null);
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSOAPReceiver.onMessage: Completed creating response");
                }
                bindRegistrationResponse = soapService.bindRegistrationResponse(handleRegistrationRequest);
                FSUtils.debug.message("Completed bindRegistrationResponse");
                if (bindRegistrationResponse == null) {
                    FSUtils.debug.error("Error in processing NameRegistration Response");
                    httpServletResponse.setStatus(500);
                    bindRegistrationResponse = soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null);
                } else if (FSServiceUtils.isSigningOn()) {
                    try {
                        int minorVersion3 = handleRegistrationRequest.getMinorVersion();
                        if (minorVersion3 == 0) {
                            bindRegistrationResponse = signRegistrationResponse(bindRegistrationResponse, "id", handleRegistrationRequest.getID(), fSHostedProviderDescriptor);
                        } else if (minorVersion3 == 2) {
                            bindRegistrationResponse = signRegistrationResponse(bindRegistrationResponse, IFSConstants.RESPONSE_ID, handleRegistrationRequest.getResponseID(), fSHostedProviderDescriptor);
                        } else if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("invalid minor version.");
                        }
                    } catch (FSMsgException e10) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSNameRegistrationHandler::signRegistrationResponse failed");
                        }
                        returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                        return;
                    } catch (SAMLException e11) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSNameRegistrationHandler::signRegistrationResponse failed");
                        }
                        returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
                        return;
                    }
                }
            }
            if (FSUtils.debug.messageEnabled()) {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                bindRegistrationResponse.writeTo(byteArrayOutputStream2);
                FSUtils.debug.message(new StringBuffer().append("return SOAP message:").append(byteArrayOutputStream2.toString("UTF-8")).toString());
            }
            returnSOAPMessage(bindRegistrationResponse, httpServletResponse);
            return;
        } catch (Exception e12) {
            FSUtils.debug.error(new StringBuffer().append("Error in processing Name Registration request").append(e12.getMessage()).toString());
            httpServletResponse.setStatus(500);
            returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
        }
        FSUtils.debug.error(new StringBuffer().append("FSSOAPReceiver.onMessage: Error in processing Request: Exception occured: ").append(e.getMessage()).toString());
        httpServletResponse.setStatus(500);
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        e.printStackTrace(new PrintStream(byteArrayOutputStream3));
        FSUtils.debug.error(byteArrayOutputStream3.toString());
        returnSOAPMessage(soapService.FormSOAPError(DSConfigMgr.SERVER, "cannotProcessRequest", null), httpServletResponse);
    }

    private FSNameRegistrationResponse handleRegistrationRequest(Element element, SOAPMessage sOAPMessage, FSHostedProviderDescriptor fSHostedProviderDescriptor) {
        try {
            if (FSServiceUtils.getAllianceInstance() == null) {
                FSUtils.debug.message("Unable to get alliance manager");
                return null;
            }
            if (FSServiceUtils.isSigningOn() && !verifyRegistrationSignature(element, sOAPMessage)) {
                FSUtils.debug.message("Registration Signature failed verification");
                return null;
            }
            FSUtils.debug.message("Registration Signature successfully passed");
            FSNameRegistrationRequest fSNameRegistrationRequest = new FSNameRegistrationRequest(element);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSOAPReceiver.onMessage: Completed forming request FSNameRegistrationRequest");
            }
            Set activeTrustedProviders = fSHostedProviderDescriptor.getLocalConfiguration().getActiveTrustedProviders();
            if (activeTrustedProviders == null || !activeTrustedProviders.contains(fSNameRegistrationRequest.getProviderId())) {
                FSUtils.debug.message("Remote provider not in trusted list");
                return null;
            }
            FSServiceManager fSServiceManager = FSServiceManager.getInstance();
            if (fSServiceManager != null) {
                FSNameRegistrationHandler nameRegistrationHandler = fSServiceManager.getNameRegistrationHandler(fSNameRegistrationRequest, fSHostedProviderDescriptor);
                nameRegistrationHandler.setHostedDescriptor(fSHostedProviderDescriptor);
                return nameRegistrationHandler.processRegistrationRequest(fSNameRegistrationRequest);
            }
            if (!FSUtils.debug.messageEnabled()) {
                return null;
            }
            FSUtils.debug.message("FSServiceManager instance is null. Cannot process registration request");
            return null;
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSNameRegistrationHandler.doPost.doGet: Exception occured ").append(e.getMessage()).toString());
            return null;
        }
    }

    private boolean handleTerminationRequest(Element element, SOAPMessage sOAPMessage, HttpServletRequest httpServletRequest) {
        try {
            if (FSServiceUtils.isSigningOn() && !verifyTerminationSignature(element, sOAPMessage)) {
                FSUtils.debug.message("Termination Signature failed verification");
                return false;
            }
            FSUtils.debug.message("Termination Signature successfully verified");
            String metaAlias = FSServiceUtils.getMetaAlias(httpServletRequest);
            if (metaAlias == null || metaAlias.length() < 1) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("Unable to retrieve alias, Hosted Provider. Cannot process request");
                return false;
            }
            FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
            if (allianceInstance == null) {
                FSUtils.debug.message("Unable to get alliance manager");
                return false;
            }
            try {
                FSHostedProviderDescriptor hostedProviderByMetaAlias = allianceInstance.getHostedProviderByMetaAlias(metaAlias);
                if (hostedProviderByMetaAlias == null) {
                    throw new FSAllianceManagementException(null);
                }
                FSFederationTerminationNotification fSFederationTerminationNotification = new FSFederationTerminationNotification(element);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Completed forming request FSFederationTerminationNotification");
                }
                Set activeTrustedProviders = hostedProviderByMetaAlias.getLocalConfiguration().getActiveTrustedProviders();
                if (activeTrustedProviders == null || !activeTrustedProviders.contains(fSFederationTerminationNotification.getProviderId())) {
                    FSUtils.debug.message("Remote provider not in trusted list");
                    return false;
                }
                FSServiceManager fSServiceManager = FSServiceManager.getInstance();
                if (fSServiceManager == null) {
                    if (!FSUtils.debug.messageEnabled()) {
                        return false;
                    }
                    FSUtils.debug.message("FSServiceManager instance is null. Cannot process termination request");
                    return false;
                }
                FSFedTerminationHandler fedTerminationHandler = fSServiceManager.getFedTerminationHandler(fSFederationTerminationNotification, hostedProviderByMetaAlias);
                if (fedTerminationHandler != null) {
                    fedTerminationHandler.setHostedDescriptor(hostedProviderByMetaAlias);
                    return fedTerminationHandler.processTerminationRequest(fSFederationTerminationNotification);
                }
                FSUtils.debug.message("Unable to get Termination Handler");
                return false;
            } catch (FSAllianceManagementException e) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("Unable to find Hosted Provider. Cannot process request");
                return false;
            }
        } catch (Exception e2) {
            FSUtils.debug.error(new StringBuffer().append("FSSOAPService::handleTerminationRequest failed ").append(e2.getMessage()).toString());
            return false;
        }
    }

    private SOAPMessage handleLogoutRequest(Element element, SOAPMessage sOAPMessage, HttpServletRequest httpServletRequest) {
        try {
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSOAPService::handleLogoutRequest failed ").append(e.getMessage()).toString());
            return null;
        }
        if (FSServiceUtils.isSigningOn() && !verifyLogoutSignature(element, sOAPMessage)) {
            FSUtils.debug.message("Logout Signature failed verification");
            return null;
        }
        FSUtils.debug.message("Logout Signature successfully verified");
        String metaAlias = FSServiceUtils.getMetaAlias(httpServletRequest);
        if (metaAlias == null || metaAlias.length() < 1) {
            FSUtils.debug.message("Unable to retrieve alias, Hosted Provider Cannot process logout request");
            return null;
        }
        FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
        if (allianceInstance == null) {
            FSUtils.debug.error("Unable to get alliance manager ");
            FSUtils.debug.error("Cannot process logout request");
            return null;
        }
        try {
            FSHostedProviderDescriptor hostedProviderByMetaAlias = allianceInstance.getHostedProviderByMetaAlias(metaAlias);
            if (hostedProviderByMetaAlias == null) {
                throw new FSAllianceManagementException(null);
            }
            FSLogoutNotification fSLogoutNotification = new FSLogoutNotification(element);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: Completed forming request FSLogoutNotification");
            }
            Set activeTrustedProviders = hostedProviderByMetaAlias.getLocalConfiguration().getActiveTrustedProviders();
            if (activeTrustedProviders == null || !activeTrustedProviders.contains(fSLogoutNotification.getProviderId())) {
                FSUtils.debug.message("Remote provider not in trusted list");
                return null;
            }
            new FSLogoutUtil();
            String userDN = FSLogoutUtil.getUserDN(fSLogoutNotification, hostedProviderByMetaAlias.getProviderID());
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSOAPReceiver:handleLogoutRequest found userDN = ").append(userDN).toString());
            }
            if (!isUserExists(userDN, hostedProviderByMetaAlias.getProviderID())) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequestUser does not exist locally. Finding remotely");
                }
                Vector platformServerList = WebtopNaming.getPlatformServerList();
                if (platformServerList == null) {
                    if (!FSUtils.debug.messageEnabled()) {
                        return null;
                    }
                    FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequestplatformList is null");
                    return null;
                }
                Iterator it = platformServerList.iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    new StringBuffer(str).append(SystemProperties.get("com.iplanet.am.services.deploymentDescriptor"));
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("FSSOAPReceiver:handleLogoutRequestremoteServerURL = ").append(str).append(" and self serverUrl =").append(FSServiceUtils.getBaseURL()).toString());
                    }
                    if (!FSServiceUtils.getBaseURL().equalsIgnoreCase(str.toString()) && new FSAssertionManagerClient(hostedProviderByMetaAlias.getProviderID(), getFullServiceURL(str)).isUserExists(userDN, hostedProviderByMetaAlias.getProviderID())) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message(new StringBuffer().append("FSSOAPReceiver:handleLogoutRequestuser found here  = ").append(str).toString());
                        }
                        StringBuffer stringBuffer = new StringBuffer();
                        stringBuffer.append(str.toString());
                        stringBuffer.append("/amserver");
                        stringBuffer.append(IFSConstants.SOAP_END_POINT_VALUE);
                        stringBuffer.append("/");
                        stringBuffer.append(IFSConstants.META_ALIAS);
                        stringBuffer.append("/");
                        stringBuffer.append(metaAlias);
                        FSSOAPService fSSOAPService = FSSOAPService.getInstance();
                        SOAPMessage sOAPMessage2 = null;
                        if (fSSOAPService == null) {
                            return null;
                        }
                        try {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message(new StringBuffer().append("Forwarding logout request to ").append(stringBuffer.toString()).toString());
                            }
                            sOAPMessage2 = fSSOAPService.sendLogoutMessage(sOAPMessage, stringBuffer.toString());
                            return sOAPMessage2;
                        } catch (SOAPException e2) {
                            FSUtils.debug.error(new StringBuffer().append("FSSOAPException in doSOAPProfile Cannot send request").append(e2.getMessage()).toString());
                            return sOAPMessage2;
                        }
                    }
                }
            }
            FSServiceManager fSServiceManager = FSServiceManager.getInstance();
            if (fSServiceManager == null) {
                FSUtils.debug.message("FSServiceManager instance is null. Cannot process termination request");
                return null;
            }
            FSPreLogoutHandler preLogoutHandler = fSServiceManager.getPreLogoutHandler();
            if (preLogoutHandler == null) {
                FSUtils.debug.error("Unable to get PreLogoutHandler");
                FSUtils.debug.error("Cannot process request");
                return null;
            }
            preLogoutHandler.setHostedDescriptor(hostedProviderByMetaAlias);
            FSLogoutStatus processSingleLogoutRequest = preLogoutHandler.processSingleLogoutRequest(fSLogoutNotification);
            if (processSingleLogoutRequest.getStatus().equalsIgnoreCase("samlp:Success")) {
                return MessageFactory.newInstance().createMessage();
            }
            if (processSingleLogoutRequest.getStatus().equalsIgnoreCase(IFSConstants.SAML_UNSUPPORTED)) {
                return soapService.getLogoutSOAPFault();
            }
            return null;
        } catch (FSAllianceManagementException e3) {
            FSUtils.debug.error("Unable to find Hosted Provider. Cannot process logout request");
            return null;
        }
        FSUtils.debug.error(new StringBuffer().append("FSSOAPService::handleLogoutRequest failed ").append(e.getMessage()).toString());
        return null;
    }

    private FSResponse handleSAMLRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSSAMLRequest fSSAMLRequest, Element element, SOAPMessage sOAPMessage) {
        FSUtils.debug.message("FSSOAPReceiver.handleSAMLRequest: Called");
        try {
            String hostedProviderID = FSServiceUtils.getHostedProviderID(httpServletRequest);
            if (hostedProviderID == null) {
                hostedProviderID = FSServiceUtils.getAllianceInstance().getHostedProviderByMetaAlias(FSServiceUtils.getMetaAlias(httpServletRequest)).getProviderID();
            }
            FSSSOBrowserArtifactProfileHandler fSSSOBrowserArtifactProfileHandler = (FSSSOBrowserArtifactProfileHandler) FSServiceManager.getInstance().getBrowserArtifactSSOAndFedHandler(httpServletRequest, httpServletResponse, fSSAMLRequest);
            fSSSOBrowserArtifactProfileHandler.setSOAPMessage(sOAPMessage);
            fSSSOBrowserArtifactProfileHandler.setSAMLRequestElement(element);
            fSSSOBrowserArtifactProfileHandler.setHostProviderId(hostedProviderID);
            return fSSSOBrowserArtifactProfileHandler.processSAMLRequest(fSSAMLRequest);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedService.onMessage: Exception occured ").append(e.getMessage()).toString());
            return null;
        }
    }

    private void handleLECPRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest) {
        FSUtils.debug.message("FSSOAPReceiver.handleLECPRequest: Called");
        try {
            String hostedProviderID = FSServiceUtils.getHostedProviderID(httpServletRequest);
            FSSSOLECPProfileHandler lECPProfileHandler = FSServiceManager.getInstance().getLECPProfileHandler(httpServletRequest, httpServletResponse, fSAuthnRequest);
            lECPProfileHandler.setHostProviderId(hostedProviderID);
            lECPProfileHandler.processLECPAuthnRequest(fSAuthnRequest);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedService.onMessage: Exception occured ").append(e.getMessage()).toString());
        }
    }

    protected boolean verifyRegistrationSignature(Element element, SOAPMessage sOAPMessage) {
        FSUtils.debug.message("Name Registration.verifyRegistrationSignature: Called");
        try {
            FSNameRegistrationRequest fSNameRegistrationRequest = new FSNameRegistrationRequest(element);
            FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
            if (allianceInstance == null) {
                FSUtils.debug.message("Unable to get alliance manager");
                return false;
            }
            String keyInfo = allianceInstance.getProvider(fSNameRegistrationRequest.getProviderId()).getKeyInfo();
            if (keyInfo == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Registration.verifyRegistrationSignature: couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("NameRegistration.verifyRegistrationSignature: Provider's certAlias is found: ").append(keyInfo).toString());
                FSUtils.debug.message(new StringBuffer().append("Request : ").append(fSNameRegistrationRequest.toXMLString(true, true)).toString());
            }
            return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), keyInfo);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("NameRegistration.verifyRegistrationSignature: Exception occured while verifying signature:").append(e.getMessage()).toString());
            return false;
        }
    }

    protected boolean verifyTerminationSignature(Element element, SOAPMessage sOAPMessage) {
        FSUtils.debug.message("Federation Termination.verifyTerminationSignature: Called");
        try {
            FSFederationTerminationNotification fSFederationTerminationNotification = new FSFederationTerminationNotification(element);
            FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
            if (allianceInstance == null) {
                FSUtils.debug.message("Unable to get alliance manager");
                return false;
            }
            String keyInfo = allianceInstance.getProvider(fSFederationTerminationNotification.getProviderId()).getKeyInfo();
            if (keyInfo == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Federation Termination.verifyTerminationSignature: couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("Federation Termination.verifyTerminationSignature: Provider's certAlias is found: ").append(keyInfo).toString());
                FSUtils.debug.message(new StringBuffer().append("Federation Termination.verifyTerminationSignature: xmlString to be verified: ").append(XMLUtils.print(element)).toString());
            }
            return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), keyInfo);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("Federation Termination.verifyTerminationSignature: Exception occured while verifying signature:").append(e.getMessage()).toString());
            return false;
        }
    }

    protected boolean verifyLogoutSignature(Element element, SOAPMessage sOAPMessage) {
        FSUtils.debug.message("FSSOAPReceiver::verifyLogoutSignature: Called");
        try {
            FSLogoutNotification fSLogoutNotification = new FSLogoutNotification(element);
            FSUtils.debug.message("Completed forming request FSLogoutNotification");
            FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
            if (allianceInstance == null) {
                FSUtils.debug.message("Unable to get alliance manager");
                return false;
            }
            String keyInfo = allianceInstance.getProvider(fSLogoutNotification.getProviderId()).getKeyInfo();
            if (keyInfo == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSOAPReceiver.verifyLogoutSignature: couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            FSUtils.debug.message(new StringBuffer().append("FSSOAPReceiver::verifyLogoutSignature : Provider's certAlias is found : ").append(keyInfo).toString());
            FSUtils.debug.message(new StringBuffer().append("FSSOAPReceiver::verifyLogoutSignature: xmlString to be verified: ").append(XMLUtils.print(element)).toString());
            return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), keyInfo);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSOPAReceiver::verifyLogoutSignature  Exception occured while verifying signature:").append(e.getMessage()).toString());
            return false;
        }
    }

    protected SOAPMessage signRegistrationResponse(SOAPMessage sOAPMessage, String str, String str2, FSHostedProviderDescriptor fSHostedProviderDescriptor) throws SAMLException, FSMsgException {
        FSUtils.debug.message("Entered FSNameRegistrationHandler::signRegistrationResponse");
        String keyInfo = fSHostedProviderDescriptor.getKeyInfo();
        if (keyInfo == null || keyInfo.equals("")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::signRegistrationResponse: couldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
        }
        FSUtils.debug.message(new StringBuffer().append("FSNameRegistrationHandler::RegistrationResponse:Provider's certAlias is found: ").append(keyInfo).toString());
        XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
        Document document = (Document) FSServiceUtils.createSOAPDOM(sOAPMessage);
        xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), str, str2, false, "//*[local-name()='ProviderID']");
        return FSServiceUtils.convertDOMToSOAP(document);
    }

    protected SOAPMessage signLogoutResponse(SOAPMessage sOAPMessage, String str, String str2, FSHostedProviderDescriptor fSHostedProviderDescriptor) throws SAMLException, FSMsgException {
        FSUtils.debug.message("SOAPReceiver::Entered signLogoutResponse::");
        String keyInfo = fSHostedProviderDescriptor.getKeyInfo();
        if (keyInfo == null || keyInfo.equals("")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("signLogoutResponse::signRegistrationResponse: couldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
        }
        FSUtils.debug.message(new StringBuffer().append("signLogoutResponse::Provider's certAlias is found: ").append(keyInfo).toString());
        XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
        Document document = (Document) FSServiceUtils.createSOAPDOM(sOAPMessage);
        xMLSignatureManager.signXML(document, keyInfo, SAMLUtils.bundle.getString("xmlsigalgorithm"), str, str2, false, "//*[local-name()='ProviderID']");
        return FSServiceUtils.convertDOMToSOAP(document);
    }

    private void returnSOAPMessage(SOAPMessage sOAPMessage, HttpServletResponse httpServletResponse) {
        try {
            if (sOAPMessage == null) {
                httpServletResponse.flushBuffer();
                return;
            }
            JAXMServlet.putHeaders(sOAPMessage.getMimeHeaders(), httpServletResponse);
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            sOAPMessage.writeTo(outputStream);
            outputStream.flush();
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSOAPReceiver.returnSOAPMessage: Exception::").append(e.getMessage()).toString());
        }
    }

    private void returnTerminationStatus(HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.setStatus(204);
            httpServletResponse.flushBuffer();
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSOAPReceiver.returnFedTerminationStatus: Exception::").append(e.getMessage()).toString());
        }
    }

    private boolean isUserExists(String str, String str2) {
        try {
            FSSessionManager fSSessionManager = FSSessionManager.getInstance(str2);
            synchronized (fSSessionManager) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("About to call getSessionList");
                }
                if (fSSessionManager.getSessionList(str) == null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("AMC:isUserExists:List is empty");
                    }
                    return false;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("AMC:isUserExists: List is not emptyUser found: ").append(str).toString());
                }
                return true;
            }
        } catch (Exception e) {
            return false;
        }
    }

    private String getFullServiceURL(String str) {
        String str2 = null;
        try {
            URL url = new URL(str);
            str2 = WebtopNaming.getServiceURL("fsassertionmanager", url.getProtocol(), url.getHost(), Integer.toString(url.getPort())).toString();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("AssertionManager.getFullServiceURL:full remote URL is: ").append(str2).toString());
            }
        } catch (Exception e) {
            if (FSUtils.debug.warningEnabled()) {
                FSUtils.debug.warning("AssertionManager.getFullServiceURL:Exception:", e);
            }
        }
        return str2;
    }
}
