package com.sun.identity.saml2.profile;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.am.util.OrderedSet;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.common.QuerySignatureUtil;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.install.SAML2SetupConstants;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.ExtensionsType;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.Extensions;
import com.sun.identity.saml2.protocol.NameIDPolicy;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.RequestedAuthnContext;
import com.sun.identity.security.AdminTokenAction;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:122983-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/profile/SPSSOFederate.class */
public class SPSSOFederate {
    static SAML2MetaManager sm;
    static SSOToken adminSSOToken;
    static LogUtil logUtil;

    public static void initiateAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, Map map) throws SAML2Exception {
        try {
            String entityByMetaAlias = sm.getEntityByMetaAlias(str);
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate : spEntityID is :").append(entityByMetaAlias).toString());
                SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate realm is :").append(realmByMetaAlias).toString());
            }
            initiateAuthnRequest(httpServletRequest, httpServletResponse, entityByMetaAlias, str2, realmByMetaAlias, map);
        } catch (SSOException e) {
            SAML2Utils.debug.error("SPSSOFederate: Invalid Admin SSOToken", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaAliasError"));
        } catch (SAML2MetaException e2) {
            SAML2Utils.debug.error("SPSSOFederate: Error retreiving spEntityID from MetaAlias", e2);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaAliasError"));
        }
    }

    public static void initiateAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, Map map) throws SAML2Exception {
        String relayStateID;
        if (str == null) {
            SAML2Utils.debug.error("SPSSOFederate:Service Provider ID   is missing.");
            logUtil.error(Level.INFO, LogUtil.INVALID_SP, new String[]{str}, adminSSOToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
        }
        if (str2 == null) {
            SAML2Utils.debug.error("SPSSOFederate: Identity Provider ID is missing .");
            logUtil.error(Level.INFO, LogUtil.INVALID_IDP, new String[]{str2}, adminSSOToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate: in initiateSSOFed");
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate: spEntityID is : ").append(str).toString());
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate: idpEntityID : ").append(str2).toString());
        }
        String realm = getRealm(str3);
        try {
            if (sm == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
            }
            SPSSOConfigElement sPSSOConfig = sm.getSPSSOConfig(realm, str);
            Map map2 = null;
            if (sPSSOConfig != null) {
                map2 = SAML2MetaUtils.getAttributes(sPSSOConfig);
            }
            SPSSODescriptorElement sPSSODescriptor = sm.getSPSSODescriptor(realm, str);
            if (sPSSODescriptor == null) {
                logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str}, adminSSOToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            List extensionsList = getExtensionsList(sm, str, realm);
            IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(realm, str2);
            if (iDPSSODescriptor == null) {
                logUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str2}, adminSSOToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            iDPSSODescriptor.isWantAuthnRequestsSigned();
            String ssourl = getSSOURL(iDPSSODescriptor.getSingleSignOnService());
            if (ssourl == null || ssourl.length() == 0) {
                logUtil.error(Level.INFO, LogUtil.SSO_NOT_FOUND, new String[]{str2}, adminSSOToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound"));
            }
            AuthnRequest createAuthnRequest = createAuthnRequest(realm, str, map, map2, extensionsList, sPSSODescriptor, ssourl);
            String xMLString = createAuthnRequest.toXMLString(true, true);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate: AuthnRequest:").append(xMLString).toString());
            }
            StringBuffer append = new StringBuffer().append(SAML2Constants.SAML_REQUEST).append(SAML2Constants.EQUAL).append(SAML2Utils.encodeForRedirect(xMLString));
            String parameter = getParameter(map, "RelayState");
            if (parameter != null && parameter.length() > 0 && (relayStateID = getRelayStateID(parameter, createAuthnRequest.getID())) != null && relayStateID.length() > 0) {
                append.append("&").append("RelayState").append(SAML2Constants.EQUAL).append(AMURLEncDec.encode(relayStateID));
            }
            StringBuffer append2 = new StringBuffer().append(ssourl).append("?");
            if ((iDPSSODescriptor == null || !iDPSSODescriptor.isWantAuthnRequestsSigned()) && (sPSSODescriptor == null || !sPSSODescriptor.isAuthnRequestsSigned())) {
                append2.append(append);
            } else {
                append2.append(signQueryString(append.toString(), getParameter(map2, SAML2Constants.SIGNING_CERT_ALIAS)));
            }
            httpServletResponse.sendRedirect(append2.toString());
            logUtil.access(Level.INFO, LogUtil.REDIRECT_TO_SP, new String[]{ssourl}, adminSSOToken);
            AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(httpServletRequest, httpServletResponse, realm, str, str2, createAuthnRequest, parameter, map);
            synchronized (SPCache.requestHash) {
                SPCache.requestHash.put(createAuthnRequest.getID(), authnRequestInfo);
            }
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("SPSSOFederate:Error retreiving metadata", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (IOException e2) {
            SAML2Utils.debug.error("SPSSOFederate: Exception :", e2);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorCreatingAuthnRequest"));
        } catch (SSOException e3) {
            SAML2Utils.debug.error("SPSSOFederate:Invalid Admin SSOToken", e3);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    private static NameIDPolicy createNameIDPolicy(String str, String str2, boolean z, SPSSODescriptorElement sPSSODescriptorElement) throws SAML2Exception {
        List nameIDFormat;
        String str3 = SAML2Constants.PERSISTENT;
        if (str2 != null && str2.length() > 0) {
            str3 = new StringBuffer().append(SAML2Constants.NAMEID_FORMAT_NAMESPACE).append(str2).toString();
            if (str3.equals(SAML2Constants.UNSPECIFIED)) {
                str3 = SAML2Constants.PERSISTENT;
            }
        }
        if (sPSSODescriptorElement != null && (nameIDFormat = sPSSODescriptorElement.getNameIDFormat()) != null && !nameIDFormat.isEmpty() && !nameIDFormat.contains(str3) && SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate: NameIDFormat not supported").append(str3).toString());
            SAML2Utils.debug.message("SPSSOFederate: Using Default : urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        }
        NameIDPolicy createNameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
        createNameIDPolicy.setSPNameQualifier(str);
        createNameIDPolicy.setAllowCreate(z);
        createNameIDPolicy.setFormat(str3);
        return createNameIDPolicy;
    }

    private static Issuer createIssuer(String str) throws SAML2Exception {
        Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
        createIssuer.setValue(str);
        return createIssuer;
    }

    private static AuthnRequest createAuthnRequest(String str, String str2, Map map, Map map2, List list, SPSSODescriptorElement sPSSODescriptorElement, String str3) throws SAML2Exception {
        String generateID = SAML2Utils.generateID();
        if (generateID == null || generateID.length() == 0) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("cannotGenerateID"));
        }
        String parameter = getParameter(map, SAML2Constants.DESTINATION);
        Boolean doPassive = doPassive(map, map2);
        Boolean isForceAuthN = isForceAuthN(map, map2);
        boolean isAllowCreate = isAllowCreate(map, map2);
        String parameter2 = getParameter(map, SAML2Constants.CONSENT);
        Extensions createExtensions = createExtensions(list);
        NameIDPolicy createNameIDPolicy = createNameIDPolicy(str2, getParameter(map, SAML2Constants.NAMEID_POLICY_FORMAT), isAllowCreate, sPSSODescriptorElement);
        Issuer createIssuer = createIssuer(str2);
        Integer index = getIndex(map, "AssertionConsumerServiceIndex");
        Integer index2 = getIndex(map, "AttributeConsumingServiceIndex");
        OrderedSet aCSUrl = getACSUrl(sPSSODescriptorElement, getParameter(map, SAML2Constants.BINDING));
        String str4 = (String) aCSUrl.get(0);
        String str5 = (String) aCSUrl.get(1);
        RequestedAuthnContext createReqAuthnContext = createReqAuthnContext(str, str2, map, map2);
        AuthnRequest createAuthnRequest = ProtocolFactory.getInstance().createAuthnRequest();
        if (parameter == null || parameter.length() == 0) {
            createAuthnRequest.setDestination(str3);
        } else {
            createAuthnRequest.setDestination(parameter);
        }
        createAuthnRequest.setConsent(parameter2);
        createAuthnRequest.setIsPassive(doPassive);
        createAuthnRequest.setForceAuthn(isForceAuthN);
        createAuthnRequest.setAttributeConsumingServiceIndex(index2);
        createAuthnRequest.setAssertionConsumerServiceIndex(index);
        createAuthnRequest.setAssertionConsumerServiceURL(str4);
        createAuthnRequest.setProtocolBinding(str5);
        createAuthnRequest.setIssuer(createIssuer);
        createAuthnRequest.setNameIDPolicy(createNameIDPolicy);
        createAuthnRequest.setRequestedAuthnContext(createReqAuthnContext);
        if (createExtensions != null) {
            createAuthnRequest.setExtensions(createExtensions);
        }
        createAuthnRequest.setID(generateID);
        createAuthnRequest.setVersion(SAML2Constants.VERSION_2_0);
        createAuthnRequest.setIssueInstant(new Date());
        return createAuthnRequest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSSOURL(List list) {
        String str = null;
        if (list != null && !list.isEmpty()) {
            Iterator it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SingleSignOnServiceElement singleSignOnServiceElement = (SingleSignOnServiceElement) it.next();
                if (singleSignOnServiceElement != null && singleSignOnServiceElement.getBinding() != null && singleSignOnServiceElement.getBinding().equals(SAML2Constants.HTTP_REDIRECT)) {
                    str = singleSignOnServiceElement.getLocation();
                    break;
                }
            }
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate:  SingleSignOnService URL :").append(str).toString());
        }
        return str;
    }

    private static Boolean getAttrValueFromMap(Map map, String str) {
        String parameter;
        Boolean bool = null;
        if (map != null && map.size() > 0 && (parameter = getParameter(map, str)) != null && (parameter.equals(SAML2Constants.TRUE) || parameter.equals(SAML2Constants.FALSE))) {
            bool = new Boolean(parameter);
        }
        return bool;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x007a, code lost:
    
        r8 = r0.getLocation();
        r6 = r0.getBinding();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.iplanet.am.util.OrderedSet getACSUrl(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement r4, java.lang.String r5) {
        /*
            Method dump skipped, instructions count: 285
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.saml2.profile.SPSSOFederate.getACSUrl(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement, java.lang.String):com.iplanet.am.util.OrderedSet");
    }

    private static String getRealm(String str) {
        if (str == null || str.length() == 0) {
            str = SystemProperties.get(SAML2SetupConstants.PROP_DEFAULT_ORG, "/");
        }
        return str;
    }

    private static Boolean doPassive(Map map, Map map2) {
        Boolean bool = Boolean.FALSE;
        String parameter = getParameter(map, SAML2Constants.ISPASSIVE);
        Boolean attrValueFromMap = (parameter == null || !(parameter.equals(SAML2Constants.TRUE) || parameter.equals(SAML2Constants.FALSE))) ? getAttrValueFromMap(map2, SAML2Constants.ISPASSIVE) : new Boolean(parameter);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate: isPassive : ").append(attrValueFromMap).toString());
        }
        return attrValueFromMap == null ? Boolean.FALSE : attrValueFromMap;
    }

    private static Boolean isForceAuthN(Map map, Map map2) {
        Boolean bool = Boolean.FALSE;
        String parameter = getParameter(map, SAML2Constants.FORCEAUTHN);
        Boolean attrValueFromMap = (parameter == null || !(parameter.equals(SAML2Constants.TRUE) || parameter.equals(SAML2Constants.FALSE))) ? getAttrValueFromMap(map2, SAML2Constants.FORCEAUTHN) : new Boolean(parameter);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate:ForceAuthn: ").append(parameter).toString());
        }
        return attrValueFromMap == null ? Boolean.FALSE : attrValueFromMap;
    }

    private static boolean isAllowCreate(Map map, Map map2) {
        boolean z = true;
        String parameter = getParameter(map, SAML2Constants.ALLOWCREATE);
        if (parameter == null || !(parameter.equals(SAML2Constants.TRUE) || parameter.equals(SAML2Constants.FALSE))) {
            Boolean attrValueFromMap = getAttrValueFromMap(map2, SAML2Constants.ALLOWCREATE);
            if (attrValueFromMap != null) {
                z = attrValueFromMap.booleanValue();
            }
        } else {
            z = new Boolean(parameter).booleanValue();
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate:AllowCreate:").append(z).toString());
        }
        return z;
    }

    private static Integer getIndex(Map map, String str) {
        Integer num = null;
        String parameter = getParameter(map, str);
        if (parameter != null && parameter.length() > 0) {
            num = new Integer(parameter);
        }
        return num;
    }

    private static String getParameter(Map map, String str) {
        List list;
        String str2 = null;
        if (map != null && !map.isEmpty() && (list = (List) map.get(str)) != null && !list.isEmpty()) {
            str2 = (String) list.iterator().next();
        }
        return str2;
    }

    private static List getExtensionsList(SAML2MetaManager sAML2MetaManager, String str, String str2) {
        ExtensionsType extensions;
        List list = null;
        try {
            EntityDescriptorElement entityDescriptor = sAML2MetaManager.getEntityDescriptor(str2, str);
            if (entityDescriptor != null && (extensions = entityDescriptor.getExtensions()) != null) {
                list = extensions.getAny();
            }
        } catch (SAML2Exception e) {
            SAML2Utils.debug.error("SPSSOFederate:Error retrieving EntityDescriptor");
        } catch (SSOException e2) {
            SAML2Utils.debug.error("SPSSOFederate:Invalid Admin Token");
        }
        return list;
    }

    private static Extensions createExtensions(List list) throws SAML2Exception {
        Extensions extensions = null;
        if (list != null && !list.isEmpty()) {
            extensions = ProtocolFactory.getInstance().createExtensions();
            extensions.setAny(list);
        }
        return extensions;
    }

    private static String getRelayStateID(String str, String str2) {
        String str3 = null;
        if (SPCache.relayStateHash != null && SPCache.relayStateHash.containsValue(str)) {
            Enumeration keys = SPCache.relayStateHash.keys();
            while (keys.hasMoreElements()) {
                str3 = (String) keys.nextElement();
                String str4 = (String) SPCache.relayStateHash.get(str3);
                if (str4 != null && str4.equals(str)) {
                    break;
                }
            }
        }
        if (str3 == null) {
            str3 = str2;
            SPCache.relayStateHash.put(str3, str);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate: RelayStateHash : ").append(SPCache.relayStateHash).toString());
        }
        return str3;
    }

    private static RequestedAuthnContext createReqAuthnContext(String str, String str2, Map map, Map map2) {
        List list;
        RequestedAuthnContext requestedAuthnContext = null;
        String str3 = null;
        if (map2 != null && !map2.isEmpty() && (list = (List) map2.get(SAML2Constants.SP_AUTHCONTEXT_MAPPER)) != null && list.size() != 0) {
            str3 = ((String) list.iterator().next()).trim();
        }
        try {
            requestedAuthnContext = SAML2Utils.getSPAuthnContextMapper(str, str2, str3).getRequestedAuthnContext(str, str2, map);
        } catch (SAML2Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPSSOFederate:Error creating RequestedAuthnContext", e);
            }
        }
        return requestedAuthnContext;
    }

    private static String signQueryString(String str, String str2) throws SAML2Exception {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate:queryString:").append(str).toString());
            SAML2Utils.debug.message(new StringBuffer().append("SPSSOFederate: certAlias :").append(str2).toString());
        }
        return QuerySignatureUtil.sign(str, KeyUtil.getKeyProviderInstance().getPrivateKey(str2));
    }

    static {
        sm = null;
        adminSSOToken = null;
        logUtil = null;
        adminSSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        try {
            sm = new SAML2MetaManager(adminSSOToken);
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("SPSSOFederate: Error retreiving metadata", e);
        } catch (SSOException e2) {
            SAML2Utils.debug.error("SPSSOFederate: Invalid SSOToken", e2);
        }
        logUtil = SAML2LogManager.getLogInstance();
    }
}
