package com.sun.identity.saml2.profile;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.EncryptedID;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.AccountUtils;
import com.sun.identity.saml2.common.NameIDInfo;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.key.EncInfo;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.protocol.ManageNameIDRequest;
import com.sun.identity.saml2.protocol.ManageNameIDResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.security.AdminTokenAction;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPConnectionFactory;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;

/* loaded from: input_file:122983-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/profile/DoManageNameID.class */
public class DoManageNameID {
    static final String className = "DoManageNameID:";
    static SOAPConnectionFactory scf;
    static MessageFactory mf;
    static SAML2MetaManager metaManager;
    static SSOToken adminToken;
    static ProtocolFactory pf = ProtocolFactory.getInstance();
    static AssertionFactory af = AssertionFactory.getInstance();
    static KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    static LogUtil logUtil = SAML2LogManager.getLogInstance();
    static Debug debug = SAML2Utils.debug;

    private static void logError(String str, String str2, String str3) {
        debug.error(SAML2Utils.bundle.getString(str));
        logUtil.error(Level.INFO, str2, new String[]{str3}, adminToken);
    }

    public static void initiateManageNameIDRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, Map map) throws SAML2Exception {
        if (str == null) {
            logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, str);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullEntityID"));
        }
        if (str2 == null) {
            logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, str2);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
        }
        SSOToken checkSSOToken = SAML2Utils.checkSSOToken(httpServletRequest, httpServletResponse, str, map);
        String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
        String hostEntityRole = SAML2Utils.getHostEntityRole(map);
        if (checkSSOToken == null) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("initiateManageNameIDRequest: ").append("SSOToken is missing.").append("redirect to the authentication service").toString());
            }
            try {
                SAML2Utils.redirectAuthentication(httpServletRequest, httpServletResponse, realmByMetaAlias, metaManager.getEntityByMetaAlias(str), hostEntityRole);
                return;
            } catch (IOException e) {
                logError("UnableToRedirectToAuth", LogUtil.REDIRECT_TO_AUTH, null);
                throw new SAML2Exception(e.toString());
            } catch (SSOException e2) {
                logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("initiateManageNameIDRequest: ").append("Meta Alias is : ").append(str).toString());
            debug.message(new StringBuffer().append("initiateManageNameIDRequest: ").append("Remote EntityID is : ").append(str2).toString());
        }
        try {
            String parameter = SAML2Utils.getParameter(map, SAML2Constants.BINDING);
            ManageNameIDServiceElement mNIServiceElement = getMNIServiceElement(realmByMetaAlias, str2, hostEntityRole, parameter);
            if (parameter == null) {
                parameter = mNIServiceElement.getBinding();
            }
            if (parameter == null) {
                logError("UnableTofindBinding", LogUtil.METADATA_ERROR, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding"));
            }
            String str3 = null;
            if (mNIServiceElement != null) {
                str3 = mNIServiceElement.getLocation();
            }
            if (str3 == null) {
                logError("mniServiceNotFound", LogUtil.METADATA_ERROR, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("mniServiceNotFound"));
            }
            ManageNameIDRequest createTerminateRequest = createTerminateRequest(checkSSOToken, str, hostEntityRole, str2, str3);
            String parameter2 = SAML2Utils.getParameter(map, "RelayState");
            createTerminateRequest.setDestination(str3);
            saveMNIRequestInfo(httpServletRequest, httpServletResponse, map, createTerminateRequest, parameter2, hostEntityRole);
            String entityByMetaAlias = metaManager.getEntityByMetaAlias(str);
            if (parameter.equalsIgnoreCase(SAML2Constants.HTTP_REDIRECT)) {
                doMNIByHttpRedirect(createTerminateRequest.toXMLString(true, true), str3, parameter2, realmByMetaAlias, entityByMetaAlias, hostEntityRole, str2, httpServletResponse);
            } else if (parameter.equalsIgnoreCase(SAML2Constants.SOAP)) {
                signMNIRequest(createTerminateRequest, realmByMetaAlias, entityByMetaAlias, hostEntityRole, str2);
                doMNIBySOAP(createTerminateRequest.toXMLString(true, true), SAML2Utils.fillInBasicAuthInfo(hostEntityRole.equalsIgnoreCase(SAML2Constants.SP_ROLE) ? metaManager.getIDPSSOConfig(realmByMetaAlias, str2) : metaManager.getSPSSOConfig(realmByMetaAlias, str2), str3), str, hostEntityRole);
            }
        } catch (SAML2MetaException e3) {
            logError("metaDataError", LogUtil.METADATA_ERROR, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (IOException e4) {
            logError("errorCreatingMNIRequest", "CANNOT_INSTANTIATE_MNI_REQUEST", null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorCreatingMNIRequest"));
        } catch (SSOException e5) {
            logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    public static String getMNIBindingInfo(HttpServletRequest httpServletRequest, String str, String str2, String str3) throws SAML2Exception {
        String parameter = httpServletRequest.getParameter(SAML2Constants.BINDING);
        if (parameter == null) {
            try {
                ManageNameIDServiceElement mNIServiceElement = getMNIServiceElement(SAML2MetaUtils.getRealmByMetaAlias(str), str3, str2, null);
                if (mNIServiceElement != null) {
                    parameter = mNIServiceElement.getBinding();
                }
            } catch (SSOException e) {
                logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
            }
        }
        if (parameter != null) {
            return parameter;
        }
        logError("UnableTofindBinding", LogUtil.METADATA_ERROR, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding"));
    }

    private static void signMNIRequest(ManageNameIDRequest manageNameIDRequest, String str, String str2, String str3, String str4) throws SAML2Exception {
        signMNIRequest(manageNameIDRequest, str, str2, str3, str4, false);
    }

    private static void signMNIRequest(ManageNameIDRequest manageNameIDRequest, String str, String str2, String str3, String str4, boolean z) throws SAML2Exception {
        if (!(str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantMNIRequestSigned(str, str4, SAML2Constants.SP_ROLE) : SAML2Utils.getWantMNIRequestSigned(str, str4, SAML2Constants.IDP_ROLE))) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("signMNIRequest : ").append("MNIRequest doesn't need to be signed.").toString());
                return;
            }
            return;
        }
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, str2, str3);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signMNIRequest : ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("signMNIRequest : ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("signMNIRequest : ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("signMNIRequest : ").append("remoteEntity is : ").append(str4).toString());
            debug.message(new StringBuffer().append("signMNIRequest : ").append("Cert Alias is : ").append(signingCertAlias).toString());
            debug.message(new StringBuffer().append("signMNIRequest : ").append("MNI Request before sign : ").append(manageNameIDRequest.toXMLString(true, true)).toString());
        }
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey == null) {
            logError("missingSigningCertAlias", LogUtil.METADATA_ERROR, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        manageNameIDRequest.sign(privateKey, x509Certificate);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signMNIRequest : ").append("MNI Request after sign : ").append(manageNameIDRequest.toXMLString(true, true)).toString());
        }
    }

    private static boolean verifyMNIRequest(ManageNameIDRequest manageNameIDRequest, String str, String str2, String str3, String str4, String str5) throws SAML2Exception, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifyMNIRequest : ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("verifyMNIRequest : ").append("remoteEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("verifyMNIRequest : ").append("Host Entity role is : ").append(str4).toString());
        }
        if (!SAML2Utils.getWantMNIRequestSigned(str, str3, str4)) {
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("verifyMNIRequest : ").append("MNIRequest doesn't need to be verified.").toString());
            return true;
        }
        X509Certificate verificationCert = str4.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? KeyUtil.getVerificationCert(metaManager.getSPSSODescriptor(str, str2), str2, false) : KeyUtil.getVerificationCert(metaManager.getIDPSSODescriptor(str, str2), str2, true);
        if (verificationCert == null) {
            logError("missingSigningCertAlias.", LogUtil.METADATA_ERROR, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        boolean isSignatureValid = manageNameIDRequest.isSignatureValid(verificationCert);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifyMNIRequest : ").append("Signature is : ").append(isSignatureValid).toString());
        }
        return isSignatureValid;
    }

    private static void signMNIResponse(ManageNameIDResponse manageNameIDResponse, String str, String str2, String str3, String str4) throws SAML2Exception {
        signMNIResponse(manageNameIDResponse, str, str2, str3, str4, false);
    }

    private static void signMNIResponse(ManageNameIDResponse manageNameIDResponse, String str, String str2, String str3, String str4, boolean z) throws SAML2Exception {
        if (!(str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantMNIResponseSigned(str, str4, SAML2Constants.SP_ROLE) : SAML2Utils.getWantMNIResponseSigned(str, str4, SAML2Constants.IDP_ROLE))) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("signMNIResponse : ").append("MNIResponse doesn't need to be signed.").toString());
                return;
            }
            return;
        }
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, str2, str3);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signMNIResponse : ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("signMNIResponse : ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("signMNIResponse : ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("signMNIResponse : ").append("Cert Alias is : ").append(signingCertAlias).toString());
            debug.message(new StringBuffer().append("signMNIResponse : ").append("MNI Response before sign : ").append(manageNameIDResponse.toXMLString(true, true)).toString());
        }
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey == null) {
            logError("missingSigningCertAlias", LogUtil.METADATA_ERROR, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        manageNameIDResponse.sign(privateKey, x509Certificate);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signMNIResponse : ").append("MNI Response after sign : ").append(manageNameIDResponse.toXMLString(true, true)).toString());
        }
    }

    private static boolean verifyMNIResponse(ManageNameIDResponse manageNameIDResponse, String str, String str2, String str3, String str4, String str5) throws SAML2Exception, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifyMNIResponse : ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("verifyMNIResponse : ").append("remoteEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("verifyMNIResponse : ").append("Host Entity role is : ").append(str4).toString());
        }
        if (!SAML2Utils.getWantMNIResponseSigned(str, str3, str4)) {
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("verifyMNIResponse : ").append("MNIResponse doesn't need to be verified.").toString());
            return true;
        }
        X509Certificate verificationCert = str4.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? KeyUtil.getVerificationCert(metaManager.getSPSSODescriptor(str, str2), str2, false) : KeyUtil.getVerificationCert(metaManager.getIDPSSODescriptor(str, str2), str2, true);
        if (verificationCert == null) {
            logError("missingSigningCertAlias", LogUtil.METADATA_ERROR, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        boolean isSignatureValid = manageNameIDResponse.isSignatureValid(verificationCert);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifyMNIResponse : ").append("Signature is : ").append(isSignatureValid).toString());
        }
        return isSignatureValid;
    }

    private static void saveMNIRequestInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map, ManageNameIDRequest manageNameIDRequest, String str, String str2) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("saveMNIRequestInfo: ").append("hostEntityRole : ").append(str2).toString());
        }
        ManageNameIDRequest manageNameIDRequest2 = manageNameIDRequest;
        if (manageNameIDRequest.getEncryptedID() != null) {
            manageNameIDRequest2 = pf.createManageNameIDRequest(manageNameIDRequest.toXMLString(true, true));
            manageNameIDRequest.setNameID(null);
        }
        ManageNameIDRequestInfo manageNameIDRequestInfo = new ManageNameIDRequestInfo(httpServletRequest, httpServletResponse, manageNameIDRequest2, str, map);
        map.put(SAML2Constants.SSOTOKEN, SAML2Utils.getSSOToken(httpServletRequest));
        if (str2.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            SPCache.mniRequestHash.put(manageNameIDRequest.getID(), manageNameIDRequestInfo);
        } else {
            IDPCache.mniRequestHash.put(manageNameIDRequest.getID(), manageNameIDRequestInfo);
        }
    }

    public static void processHttpRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) throws SAML2Exception, SSOException, ServletException {
        SAMLUtils.checkHTTPContentLength(httpServletRequest);
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        if (metaAliasByUri == null) {
            logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAliasByUri);
            throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
        }
        ManageNameIDRequest mNIRequest = getMNIRequest(httpServletRequest);
        String value = mNIRequest.getIssuer().getValue();
        if (value == null) {
            logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, value);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
        }
        String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri);
        String entityByMetaAlias = metaManager.getEntityByMetaAlias(metaAliasByUri);
        String hostEntityRole = SAML2Utils.getHostEntityRole(map);
        if (SAML2Utils.getWantMNIRequestSigned(realmByMetaAlias, entityByMetaAlias, hostEntityRole) && !SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realmByMetaAlias, hostEntityRole, value)) {
            logError("invalidSignInRequest", LogUtil.MNI_REQUEST_INVALID_SIGNATURE, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
        }
        String parameter = httpServletRequest.getParameter("RelayState");
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processHttpRequest: ").append("Meta Alias is : ").append(metaAliasByUri).toString());
            debug.message(new StringBuffer().append("processHttpRequest: ").append("Remote EntityID is : ").append(value).toString());
            debug.message(new StringBuffer().append("processHttpRequest: ").append("Host Entity role is : ").append(hostEntityRole).toString());
            debug.message(new StringBuffer().append("processHttpRequest: ").append("Relay state is : ").append(parameter).toString());
        }
        try {
            String responseLocation = getMNIServiceElement(realmByMetaAlias, value, hostEntityRole, SAML2Constants.HTTP_REDIRECT).getResponseLocation();
            sendMNIResponse(httpServletResponse, processManageNameIDRequest(mNIRequest, metaAliasByUri, value, map, responseLocation), responseLocation, parameter, realmByMetaAlias, entityByMetaAlias, hostEntityRole, value);
        } catch (SSOException e) {
            logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        } catch (SAML2MetaException e2) {
            logError("metaDataError", LogUtil.METADATA_ERROR, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static void processSOAPRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) throws SAML2Exception, IOException, SOAPException, SSOException, ServletException {
        String requestURI = httpServletRequest.getRequestURI();
        String hostEntityRole = SAML2Utils.getHostEntityRole(map);
        SAMLUtils.checkHTTPContentLength(httpServletRequest);
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(requestURI);
        if (metaAliasByUri == null) {
            logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAliasByUri);
            throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
        }
        ManageNameIDRequest mNIRequest = getMNIRequest(SAML2Utils.getSOAPMessage(httpServletRequest));
        String value = mNIRequest.getIssuer().getValue();
        if (value == null) {
            logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, metaAliasByUri);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
        }
        String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri);
        String entityByMetaAlias = metaManager.getEntityByMetaAlias(metaAliasByUri);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processSOAPRequest: ").append("Meta Alias is : ").append(metaAliasByUri).toString());
            debug.message(new StringBuffer().append("processSOAPRequest: ").append("Host EntityID is : ").append(entityByMetaAlias).toString());
            debug.message(new StringBuffer().append("processSOAPRequest: ").append("Remote EntityID is : ").append(value).toString());
        }
        if (!verifyMNIRequest(mNIRequest, realmByMetaAlias, value, entityByMetaAlias, hostEntityRole, mNIRequest.getDestination())) {
            logError("invalidSignInRequest", LogUtil.MNI_REQUEST_INVALID_SIGNATURE, metaAliasByUri);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
        }
        ManageNameIDResponse processManageNameIDRequest = processManageNameIDRequest(mNIRequest, metaAliasByUri, value, map, null);
        signMNIResponse(processManageNameIDRequest, realmByMetaAlias, entityByMetaAlias, hostEntityRole, value);
        SOAPMessage createSOAPMessage = SAML2Utils.createSOAPMessage(processManageNameIDRequest.toXMLString(true, true));
        if (createSOAPMessage == null) {
            logError("errorObtainResponse", "CANNOT_INSTANTIATE_MNI_RESPONSE", null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorObtainResponse"));
        }
        if (createSOAPMessage.saveRequired()) {
            createSOAPMessage.saveChanges();
        }
        httpServletResponse.setStatus(200);
        SAML2Utils.putHeaders(createSOAPMessage.getMimeHeaders(), httpServletResponse);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        createSOAPMessage.writeTo(outputStream);
        outputStream.flush();
    }

    public static boolean processManageNameIDResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) throws SAML2Exception {
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        if (metaAliasByUri == null) {
            logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
        }
        String hostEntityRole = SAML2Utils.getHostEntityRole(map);
        String parameter = httpServletRequest.getParameter("RelayState");
        String decodeFromRedirect = SAML2Utils.decodeFromRedirect(httpServletRequest.getParameter(SAML2Constants.SAML_RESPONSE));
        if (decodeFromRedirect == null) {
            logError("nullDecodedStrFromSamlResponse", LogUtil.CANNOT_DECODE_RESPONSE, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processManageNameIDResponse: ").append("Meta Alias is : ").append(metaAliasByUri).toString());
            debug.message(new StringBuffer().append("processManageNameIDResponse: ").append("Host role is : ").append(hostEntityRole).toString());
            debug.message(new StringBuffer().append("processManageNameIDResponse: ").append("Relay state is : ").append(parameter).toString());
            debug.message(new StringBuffer().append("processManageNameIDResponse: ").append("MNI Response : ").append(decodeFromRedirect).toString());
        }
        try {
            ManageNameIDResponse createManageNameIDResponse = pf.createManageNameIDResponse(decodeFromRedirect);
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri);
            String entityByMetaAlias = metaManager.getEntityByMetaAlias(metaAliasByUri);
            String value = createManageNameIDResponse.getIssuer().getValue();
            SAML2Utils.verifyResponseIssuer(realmByMetaAlias, entityByMetaAlias, createManageNameIDResponse.getIssuer(), createManageNameIDResponse.getInResponseTo());
            if (SAML2Utils.getWantMNIResponseSigned(realmByMetaAlias, entityByMetaAlias, hostEntityRole) && !SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realmByMetaAlias, hostEntityRole, value)) {
                logError("invalidSignInResponse", LogUtil.MNI_RESPONSE_INVALID_SIGNATURE, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
            }
            boolean checkMNIResponse = checkMNIResponse(createManageNameIDResponse, metaAliasByUri, hostEntityRole);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("processManageNameIDResponse: ").append("Request success : ").append(checkMNIResponse).toString());
            }
            return checkMNIResponse;
        } catch (SSOException e) {
            logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    private static ManageNameIDResponse processManageNameIDRequest(ManageNameIDRequest manageNameIDRequest, String str, String str2, Map map, String str3) {
        Status status = null;
        ManageNameIDResponse manageNameIDResponse = null;
        String str4 = null;
        String str5 = null;
        try {
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            str4 = metaManager.getEntityByMetaAlias(str);
            String hostEntityRole = SAML2Utils.getHostEntityRole(map);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("processManageNameIDRequest: ").append("Host EntityID is : ").append(str4).toString());
                debug.message(new StringBuffer().append("processManageNameIDRequest: ").append("Host role is : ").append(hostEntityRole).toString());
                debug.message(new StringBuffer().append("processManageNameIDRequest: ").append("Realm  is : ").append(realmByMetaAlias).toString());
            }
            SAML2Utils.verifyRequestIssuer(realmByMetaAlias, str4, manageNameIDRequest.getIssuer(), manageNameIDRequest.getID());
            if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
                str5 = SAML2Utils.getIDPAccountMapper(realmByMetaAlias, str4).getIdentity(manageNameIDRequest, str4, realmByMetaAlias);
            } else if (hostEntityRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
                str5 = SAML2Utils.getSPAccountMapper(realmByMetaAlias, str4).getIdentity(manageNameIDRequest, str4, realmByMetaAlias);
            }
            if (manageNameIDRequest.getTerminate()) {
                if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
                    removeIDPFedSession(str2);
                } else {
                    NameID nameIDFromMNIRequest = getNameIDFromMNIRequest(manageNameIDRequest, realmByMetaAlias, str4, hostEntityRole);
                    removeSPFedSession(new NameIDInfoKey(nameIDFromMNIRequest.getValue(), nameIDFromMNIRequest.getSPNameQualifier(), nameIDFromMNIRequest.getNameQualifier()).toValueString());
                }
                if (removeFedAccount(str5, str4, str2)) {
                    status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Success", SAML2Utils.bundle.getString("requestSuccess"));
                }
            } else {
                status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", SAML2Utils.bundle.getString("unsupportedRequest"));
            }
        } catch (Exception e) {
            status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", e.toString());
        }
        try {
            String generateID = SAML2Utils.generateID();
            if (generateID == null) {
                debug.error(SAML2Utils.bundle.getString("failedToGenResponseID"));
            }
            manageNameIDResponse = pf.createManageNameIDResponse();
            manageNameIDResponse.setStatus(status);
            manageNameIDResponse.setID(generateID);
            manageNameIDResponse.setInResponseTo(manageNameIDRequest.getID());
            manageNameIDResponse.setVersion(SAML2Constants.VERSION_2_0);
            manageNameIDResponse.setIssueInstant(new Date());
            manageNameIDResponse.setIssuer(SAML2Utils.createIssuer(str4));
            if (str3 != null && str3.length() != 0) {
                manageNameIDResponse.setDestination(str3);
            }
        } catch (SAML2Exception e2) {
            debug.error("Error : ", e2);
        }
        return manageNameIDResponse;
    }

    private static void sendMNIResponse(HttpServletResponse httpServletResponse, ManageNameIDResponse manageNameIDResponse, String str, String str2, String str3, String str4, String str5, String str6) throws SAML2Exception {
        try {
            String xMLString = manageNameIDResponse.toXMLString(true, true);
            StringBuffer append = new StringBuffer().append(SAML2Constants.SAML_RESPONSE).append(SAML2Constants.EQUAL).append(SAML2Utils.encodeForRedirect(xMLString));
            if (str2 != null && str2.length() > 0 && str2.getBytes(SAML2Constants.DEFAULT_ENCODING).length <= 80) {
                append.append("&").append("RelayState").append(SAML2Constants.EQUAL).append(AMURLEncDec.encode(str2));
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("sendMNIResponse: ").append("MNI Response is : ").append(xMLString).toString());
                debug.message(new StringBuffer().append("sendMNIResponse: ").append("Relay State is : ").append(str2).toString());
            }
            manageNameIDResponse.setDestination(str);
            boolean wantMNIResponseSigned = str5.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantMNIResponseSigned(str3, str6, SAML2Constants.SP_ROLE) : SAML2Utils.getWantMNIResponseSigned(str3, str6, SAML2Constants.IDP_ROLE);
            String stringBuffer = append.toString();
            if (wantMNIResponseSigned) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("sendMNIResponse: ").append("QueryString has need to be signed.").toString());
                }
                stringBuffer = SAML2Utils.signQueryString(stringBuffer, str3, str4, str5);
            }
            String stringBuffer2 = new StringBuffer().append(str).append("?").append(stringBuffer).toString();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("sendMNIResponse: ").append("redirectURL is : ").append(stringBuffer2).toString());
            }
            httpServletResponse.sendRedirect(stringBuffer2);
        } catch (IOException e) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Exception when redirecting to ").append(str2).toString(), e);
            }
        }
    }

    private static ManageNameIDRequest createTerminateRequest(SSOToken sSOToken, String str, String str2, String str3, String str4) throws SAML2Exception, SSOException {
        try {
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            String entityByMetaAlias = metaManager.getEntityByMetaAlias(str);
            String name = SAML2Utils.isFM() ? sSOToken.getPrincipal().getName() : sSOToken.getProperty("sun.am.UniversalIdentifier");
            NameID nameID = getNameID(name, entityByMetaAlias, str3);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("createTerminateRequest: ").append("MetaAlias : ").append(str).toString());
                debug.message(new StringBuffer().append("createTerminateRequest: ").append("Host EntityID : ").append(entityByMetaAlias).toString());
                debug.message(new StringBuffer().append("createTerminateRequest: ").append("User ID : ").append(name).toString());
                debug.message(new StringBuffer().append("createTerminateRequest: ").append("NameID : ").append(nameID.toXMLString()).toString());
            }
            ManageNameIDRequest createManageNameIDRequest = pf.createManageNameIDRequest();
            createManageNameIDRequest.setID(SAML2Utils.generateID());
            createManageNameIDRequest.setVersion(SAML2Constants.VERSION_2_0);
            createManageNameIDRequest.setDestination(str4);
            createManageNameIDRequest.setIssuer(SAML2Utils.createIssuer(entityByMetaAlias));
            createManageNameIDRequest.setIssueInstant(new Date());
            setNameIDForMNIRequest(createManageNameIDRequest, nameID, realmByMetaAlias, entityByMetaAlias, str2, str3);
            createManageNameIDRequest.setTerminate(true);
            return createManageNameIDRequest;
        } catch (SSOException e) {
            logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    private static ManageNameIDRequest getMNIRequest(HttpServletRequest httpServletRequest) throws SAML2Exception {
        String parameter = httpServletRequest.getParameter(SAML2Constants.SAML_REQUEST);
        if (parameter == null) {
            logError("nullManageIDRequest", "CANNOT_INSTANTIATE_MNI_REQUEST", parameter);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullManageIDRequest"));
        }
        String decodeFromRedirect = SAML2Utils.decodeFromRedirect(parameter);
        if (decodeFromRedirect != null) {
            return pf.createManageNameIDRequest(decodeFromRedirect);
        }
        logError("nullDecodedStrFromSamlRequest", LogUtil.CANNOT_DECODE_REQUEST, parameter);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlRequest"));
    }

    private static ManageNameIDRequest getMNIRequest(SOAPMessage sOAPMessage) throws SAML2Exception {
        return pf.createManageNameIDRequest(SAML2Utils.getSamlpElement(sOAPMessage, SAML2SDKUtils.MANAGE_NAMEID_REQUEST));
    }

    private static void doMNIByHttpRedirect(String str, String str2, String str3, String str4, String str5, String str6, String str7, HttpServletResponse httpServletResponse) throws SAML2Exception, IOException {
        StringBuffer append = new StringBuffer().append(SAML2Constants.SAML_REQUEST).append(SAML2Constants.EQUAL).append(SAML2Utils.encodeForRedirect(str));
        if (str3 != null && str3.length() > 0 && str3.getBytes(SAML2Constants.DEFAULT_ENCODING).length <= 80) {
            append.append("&").append("RelayState").append(SAML2Constants.EQUAL).append(AMURLEncDec.encode(str3));
        }
        boolean wantMNIRequestSigned = str6.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantMNIRequestSigned(str4, str7, SAML2Constants.SP_ROLE) : SAML2Utils.getWantMNIRequestSigned(str4, str7, SAML2Constants.IDP_ROLE);
        String stringBuffer = append.toString();
        if (wantMNIRequestSigned) {
            stringBuffer = SAML2Utils.signQueryString(stringBuffer, str4, str5, str6);
        }
        String stringBuffer2 = new StringBuffer().append(str2).append("?").append(stringBuffer).toString();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("doMNIByHttpRedirect: ").append("MNIRequestXMLString : ").append(str).toString());
            debug.message(new StringBuffer().append("doMNIByHttpRedirect: ").append("MNIRedirectURL : ").append(str2).toString());
        }
        httpServletResponse.sendRedirect(stringBuffer2);
    }

    private static boolean doMNIBySOAP(String str, String str2, String str3, String str4) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("doMNIBySOAP: ").append("MNIRequestXMLString : ").append(str).toString());
            debug.message(new StringBuffer().append("doMNIBySOAP: ").append("MNIRedirectURL : ").append(str2).toString());
        }
        try {
            ManageNameIDResponse createManageNameIDResponse = pf.createManageNameIDResponse(SAML2Utils.getSamlpElement(SAML2Utils.sendSOAPMessage(str, str2), SAML2SDKUtils.MANAGE_NAMEID_RESPONSE));
            if (debug.messageEnabled() && createManageNameIDResponse != null) {
                debug.message(new StringBuffer().append("doMNIBySOAP: ").append("ManageNameIDResponse without ").append("SOAP envelope:\n").append(createManageNameIDResponse.toXMLString()).toString());
            }
            try {
                String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str3);
                String entityByMetaAlias = metaManager.getEntityByMetaAlias(str3);
                String value = createManageNameIDResponse.getIssuer().getValue();
                SAML2Utils.verifyResponseIssuer(realmByMetaAlias, entityByMetaAlias, createManageNameIDResponse.getIssuer(), createManageNameIDResponse.getInResponseTo());
                if (!verifyMNIResponse(createManageNameIDResponse, realmByMetaAlias, value, entityByMetaAlias, str4, createManageNameIDResponse.getDestination())) {
                    logError("invalidSignInResponse", "CANNOT_INSTANTIATE_MNI_RESPONSE", null);
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
                }
                boolean checkMNIResponse = checkMNIResponse(createManageNameIDResponse, str3, str4);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("doMNIBySOAP: ").append("Request success : ").append(checkMNIResponse).toString());
                }
                return checkMNIResponse;
            } catch (SSOException e) {
                debug.error(SAML2Utils.bundle.getString("invalidSSOToken"), e);
                throw new SAML2Exception(e.toString());
            }
        } catch (SOAPException e2) {
            debug.error(SAML2Utils.bundle.getString("invalidSOAPMessge"), e2);
            return false;
        }
    }

    private static boolean checkMNIResponse(ManageNameIDResponse manageNameIDResponse, String str, String str2) throws SAML2Exception, SSOException {
        String value = manageNameIDResponse.getIssuer().getValue();
        String inResponseTo = manageNameIDResponse.getInResponseTo();
        String entityByMetaAlias = metaManager.getEntityByMetaAlias(str);
        ManageNameIDRequestInfo mNIRequestInfo = getMNIRequestInfo(inResponseTo, str2);
        if (mNIRequestInfo == null) {
            logError("invalidInResponseToInResponse", LogUtil.INVALID_MNI_RESPONSE, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToInResponse"));
        }
        if (!manageNameIDResponse.getStatus().getStatusCode().getValue().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:status:Success")) {
            logError("mniFailed", LogUtil.INVALID_MNI_RESPONSE, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("mniFailed"));
        }
        SSOToken sSOToken = mNIRequestInfo.getSSOToken();
        if (sSOToken == null) {
            logError("nullSSOToken", LogUtil.INVALID_SSOTOKEN, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
        }
        String name = SAML2Utils.isFM() ? sSOToken.getPrincipal().getName() : sSOToken.getProperty("sun.am.UniversalIdentifier");
        if (str2.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            String valueString = new NameIDInfoKey(mNIRequestInfo.getManageNameIDRequest().getNameID().getValue(), entityByMetaAlias, value).toValueString();
            removeSPFedSession(valueString);
            removeInfoKeyFromToken(sSOToken, valueString);
        } else {
            removeIDPFedSession(value);
        }
        return removeFedAccount(name, entityByMetaAlias, value);
    }

    private static ManageNameIDRequestInfo getMNIRequestInfo(String str, String str2) {
        ManageNameIDRequestInfo manageNameIDRequestInfo = null;
        if (str2.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            manageNameIDRequestInfo = (ManageNameIDRequestInfo) SPCache.mniRequestHash.remove(str);
        } else if (str2.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            manageNameIDRequestInfo = (ManageNameIDRequestInfo) IDPCache.mniRequestHash.remove(str);
        }
        return manageNameIDRequestInfo;
    }

    private static boolean removeFedAccount(String str, String str2, String str3) throws SAML2Exception {
        return AccountUtils.removeAccountFederation(AccountUtils.getAccountFederation(str, str2, str3), str);
    }

    private static ManageNameIDServiceElement getMNIServiceElement(String str, String str2, String str3, String str4) throws SAML2MetaException, SSOException, SAML2Exception {
        ManageNameIDServiceElement sPManageNameIDConfig;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getMNIServiceElement: ").append("Realm : ").append(str).toString());
            debug.message(new StringBuffer().append("getMNIServiceElement: ").append("Entity ID : ").append(str2).toString());
            debug.message(new StringBuffer().append("getMNIServiceElement: ").append("Host Entity Role : ").append(str3).toString());
        }
        if (str3.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            sPManageNameIDConfig = getIDPManageNameIDConfig(str, str2, str4);
        } else {
            if (!str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
                logError("nullHostEntityRole", LogUtil.MISSING_ENTITY_ROLE, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullHostEntityRole"));
            }
            sPManageNameIDConfig = getSPManageNameIDConfig(str, str2, str4);
        }
        return sPManageNameIDConfig;
    }

    private static NameID getNameID(String str, String str2, String str3) throws SAML2Exception {
        NameIDInfo accountFederation = AccountUtils.getAccountFederation(str, str2, str3);
        if (accountFederation == null) {
            debug.error(SAML2Utils.bundle.getString("nullNameID"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameID"));
        }
        NameID nameID = accountFederation.getNameID();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getNameID: ").append("Returned NameID for ").append(str).append(":").toString());
            debug.message(nameID.toXMLString());
        }
        return nameID;
    }

    private static void setNameIDForMNIRequest(ManageNameIDRequest manageNameIDRequest, NameID nameID, String str, String str2, String str3, String str4) throws SAML2Exception, SSOException {
        KeyDescriptorType keyDescriptor;
        EncInfo encInfo;
        if (!(str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantNameIDEncrypted(str, str4, SAML2Constants.SP_ROLE) : SAML2Utils.getWantNameIDEncrypted(str, str4, SAML2Constants.IDP_ROLE))) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("setNameIDForMNIRequest: ").append("NamID doesn't need to be encrypted.").toString());
            }
            manageNameIDRequest.setNameID(nameID);
            return;
        }
        if (str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str, str4);
            keyDescriptor = KeyUtil.getKeyDescriptor(sPSSODescriptor, "encryption");
            encInfo = KeyUtil.getEncInfo(sPSSODescriptor, str4, false);
        } else {
            IDPSSODescriptorElement iDPSSODescriptor = metaManager.getIDPSSODescriptor(str, str4);
            keyDescriptor = KeyUtil.getKeyDescriptor(iDPSSODescriptor, "encryption");
            encInfo = KeyUtil.getEncInfo(iDPSSODescriptor, str4, true);
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("setNameIDForMNIRequest: ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("setNameIDForMNIRequest: ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("setNameIDForMNIRequest: ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("setNameIDForMNIRequest: ").append("remoteEntity is : ").append(str4).toString());
        }
        if (encInfo == null) {
            logError("UnableToFindEncryptKeyInfo", LogUtil.METADATA_ERROR, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("UnableToFindEncryptKeyInfo"));
        }
        EncryptedID encrypt = nameID.encrypt(KeyUtil.getCert(keyDescriptor).getPublicKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), str4);
        manageNameIDRequest.setNameID(nameID);
        manageNameIDRequest.setEncryptedID(encrypt);
    }

    private static NameID getNameIDFromMNIRequest(ManageNameIDRequest manageNameIDRequest, String str, String str2, String str3) throws SAML2Exception {
        if (!SAML2Utils.getWantNameIDEncrypted(str, str2, str3)) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("getNameIDFromMNIRequest: ").append("NamID doesn't need to be decrypted.").toString());
            }
            return manageNameIDRequest.getNameID();
        }
        String encryptionCertAlias = SAML2Utils.getEncryptionCertAlias(str, str2, str3);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getNameIDFromMNIRequest: ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("getNameIDFromMNIRequest: ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("getNameIDFromMNIRequest: ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("getNameIDFromMNIRequest: ").append("Cert Alias is : ").append(encryptionCertAlias).toString());
        }
        return manageNameIDRequest.getEncryptedID().decrypt(keyProvider.getPrivateKey(encryptionCertAlias));
    }

    public static ManageNameIDServiceElement getIDPManageNameIDConfig(String str, String str2, String str3) throws SAML2MetaException, SSOException {
        r7 = null;
        IDPSSODescriptorElement iDPSSODescriptor = metaManager.getIDPSSODescriptor(str, str2);
        if (iDPSSODescriptor == null) {
            debug.error(SAML2Utils.bundle.getString("noIDPEntry"));
            return null;
        }
        List<ManageNameIDServiceElement> manageNameIDService = iDPSSODescriptor.getManageNameIDService();
        if (manageNameIDService != null && !manageNameIDService.isEmpty()) {
            if (str3 == null) {
                return (ManageNameIDServiceElement) manageNameIDService.get(0);
            }
            for (ManageNameIDServiceElement manageNameIDServiceElement : manageNameIDService) {
                if (str3.equalsIgnoreCase(manageNameIDServiceElement.getBinding())) {
                    break;
                }
            }
        }
        return manageNameIDServiceElement;
    }

    public static ManageNameIDServiceElement getSPManageNameIDConfig(String str, String str2, String str3) throws SAML2MetaException, SSOException {
        r7 = null;
        SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str, str2);
        if (sPSSODescriptor == null) {
            return null;
        }
        List<ManageNameIDServiceElement> manageNameIDService = sPSSODescriptor.getManageNameIDService();
        if (manageNameIDService != null && !manageNameIDService.isEmpty()) {
            if (str3 == null) {
                return (ManageNameIDServiceElement) manageNameIDService.get(0);
            }
            for (ManageNameIDServiceElement manageNameIDServiceElement : manageNameIDService) {
                if (str3.equalsIgnoreCase(manageNameIDServiceElement.getBinding())) {
                    break;
                }
            }
        }
        return manageNameIDServiceElement;
    }

    private static void removeSPFedSession(String str) throws SSOException {
        if (SPCache.fedSessionListsByNameIDInfoKey != null) {
            SPCache.fedSessionListsByNameIDInfoKey.remove(str);
        } else if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("removeSPFedSession ").append("SPCache.fedSessionListsByNameIDInfoKey is null.").toString());
        }
    }

    private static void removeIDPFedSession(String str) throws SSOException {
        List nameIDandSPpairs;
        if (IDPCache.idpSessionsByIndices == null) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("removeIDPFedSession ").append("IDPCache.idpSessionsByIndices is null.").toString());
                return;
            }
            return;
        }
        Enumeration keys = IDPCache.idpSessionsByIndices.keys();
        if (keys == null) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("removeIDPFedSession ").append("IDPCache.idpSessionsByIndices return null.").toString());
                return;
            }
            return;
        }
        while (keys.hasMoreElements()) {
            IDPSession iDPSession = (IDPSession) IDPCache.idpSessionsByIndices.get((String) keys.nextElement());
            if (iDPSession != null && (nameIDandSPpairs = iDPSession.getNameIDandSPpairs()) != null) {
                ListIterator listIterator = nameIDandSPpairs.listIterator();
                while (true) {
                    if (!listIterator.hasNext()) {
                        break;
                    } else if (((NameIDandSPpair) listIterator.next()).getSPEntityID().equalsIgnoreCase(str)) {
                        listIterator.remove();
                        break;
                    }
                }
            }
        }
    }

    private static void removeInfoKeyFromToken(SSOToken sSOToken, String str) throws SSOException {
        String property = sSOToken.getProperty(AccountUtils.getNameIDInfoKeyAttribute());
        if (property == null) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("removeInfoKeyFromToken ").append("InfoKeyString from ssotoken is null.").toString());
                return;
            }
            return;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("removeInfoKeyFromToken ").append("InfoKeyString from ssotoken : ").append(property).toString());
            debug.message(new StringBuffer().append("removeInfoKeyFromToken ").append("InfoKey need to delete : ").append(str).toString());
        }
        StringTokenizer stringTokenizer = new StringTokenizer(property, SAML2Constants.SECOND_DELIM);
        StringBuffer stringBuffer = new StringBuffer();
        if (stringTokenizer == null || !stringTokenizer.hasMoreTokens()) {
            debug.message(new StringBuffer().append("removeInfoKeyFromToken ").append("No InfoKey to remove.").toString());
            return;
        }
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            debug.message(new StringBuffer().append("removeInfoKeyFromToken ").append("InfoKey from ssotoken : ").append(nextToken).toString());
            if (!str.equals(nextToken)) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(SAML2Constants.SECOND_DELIM);
                }
                stringBuffer.append(nextToken);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("removeInfoKeyFromToken ").append("New InfoKey to SSOToken : ").append(stringBuffer.toString()).toString());
        }
        sSOToken.setProperty(AccountUtils.getNameIDInfoKeyAttribute(), stringBuffer.toString());
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("removeInfoKeyFromToken ").append("New InfoKey from SSOToken : ").append(sSOToken.getProperty(AccountUtils.getNameIDInfoKeyAttribute())).toString());
        }
    }

    static {
        scf = null;
        mf = null;
        metaManager = null;
        adminToken = null;
        try {
            scf = SOAPConnectionFactory.newInstance();
            mf = MessageFactory.newInstance();
            adminToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
            metaManager = new SAML2MetaManager(adminToken);
        } catch (SOAPException e) {
            debug.error(SAML2Utils.bundle.getString("errorSOAPFactory"), e);
        } catch (SSOException e2) {
            debug.error(SAML2Utils.bundle.getString("invalidSSOToken"), e2);
        } catch (SAML2MetaException e3) {
            debug.error(SAML2Utils.bundle.getString("errorMetaManager"), e3);
        }
    }
}
