package com.sun.identity.saml2.common;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.services.naming.WebtopNaming;
import com.iplanet.services.util.Base64;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.server.AuthXMLHandler;
import com.sun.identity.common.DataStoreProvider;
import com.sun.identity.common.DataStoreProviderException;
import com.sun.identity.common.DataStoreProviderManager;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.AudienceRestriction;
import com.sun.identity.saml2.assertion.AuthnStatement;
import com.sun.identity.saml2.assertion.Conditions;
import com.sun.identity.saml2.assertion.EncryptedAssertion;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.assertion.Subject;
import com.sun.identity.saml2.assertion.SubjectConfirmation;
import com.sun.identity.saml2.assertion.SubjectConfirmationData;
import com.sun.identity.saml2.idpdiscovery.IDPDiscoveryConstants;
import com.sun.identity.saml2.install.SAML2SetupConstants;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2COTManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper;
import com.sun.identity.saml2.plugins.IDPAccountMapper;
import com.sun.identity.saml2.plugins.SPAccountMapper;
import com.sun.identity.saml2.plugins.SPAuthnContextMapper;
import com.sun.identity.saml2.profile.AuthnRequestInfo;
import com.sun.identity.saml2.profile.CacheCleanUpThread;
import com.sun.identity.saml2.profile.IDPCache;
import com.sun.identity.saml2.profile.SPCache;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.RequestedAuthnContext;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.saml2.protocol.StatusCode;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.security.DecodeAction;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.logging.Level;
import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeader;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPConnectionFactory;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:122983-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/common/SAML2Utils.class */
public class SAML2Utils extends SAML2SDKUtils {
    private static SSOToken adminSSOToken;
    private static Thread cThread;
    private static SAML2MetaManager saml2MetaManager;
    private static SAML2COTManager saml2CotManager;
    public static SOAPConnectionFactory scf;
    public static MessageFactory mf;
    static AssertionFactory af;
    private static SecureRandom randomGenerator;
    static LogUtil logUtil = SAML2LogManager.getLogInstance();
    private static String defaultOrg = SystemProperties.get(SAML2SetupConstants.PROP_DEFAULT_ORG);
    private static KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    private static String server_protocol = SystemProperties.get(SAML2SetupConstants.PROP_PROTOCOL);
    private static String server_host = SystemProperties.get(SAML2SetupConstants.PROP_HOSTNAME);
    private static String server_port = SystemProperties.get(SAML2SetupConstants.PROP_PORT);
    private static String localURL = new StringBuffer().append(server_protocol).append("://").append(server_host).append(":").append(server_port).toString();

    public static IdSearchControl getIdSearchControl(Map map, IdSearchOpModifier idSearchOpModifier) {
        if (map == null || map.size() == 0) {
            return null;
        }
        IdSearchControl idSearchControl = new IdSearchControl();
        idSearchControl.setRecursive(true);
        idSearchControl.setTimeOut(0);
        idSearchControl.setMaxResults(0);
        idSearchControl.setAllReturnAttributes(false);
        idSearchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
        return idSearchControl;
    }

    public static Map verifyResponse(Response response, String str, String str2, boolean z) throws SAML2Exception {
        Subject subject;
        List subjectConfirmation;
        if (response == null || str == null || str.length() == 0) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.verifyResponse:").append("response or orgName is null.").toString());
            }
            throw new SAML2Exception(bundle.getString("nullInput"));
        }
        String id = response.getID();
        AuthnRequestInfo authnRequestInfo = null;
        String inResponseTo = response.getInResponseTo();
        if (inResponseTo != null && inResponseTo.length() != 0) {
            authnRequestInfo = (AuthnRequestInfo) SPCache.requestHash.get(inResponseTo);
            if (authnRequestInfo == null) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.verifyResponse:").append("InResponseTo attribute in Response").append(" is invalid: ").append(inResponseTo).toString());
                }
                logUtil.error(Level.INFO, LogUtil.INVALID_INRESPONSETO_RESPONSE, new String[]{id}, adminSSOToken);
                throw new SAML2Exception(bundle.getString("invalidInResponseToInResponse"));
            }
        }
        String str3 = null;
        Issuer issuer = response.getIssuer();
        if (issuer != null) {
            if (!isSourceSiteValid(issuer, str, str2)) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.verifyResponse:").append("Issuer in Response is not valid.").toString());
                }
                logUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_RESPONSE, new String[]{str2, str, id}, adminSSOToken);
                throw new SAML2Exception(bundle.getString("invalidIssuerInResponse"));
            }
            str3 = issuer.getValue();
        }
        Status status = response.getStatus();
        if (status == null || !status.getStatusCode().getValue().equals("urn:oasis:names:tc:SAML:2.0:status:Success")) {
            String value = status == null ? "" : status.getStatusCode().getValue();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.verifyResponse:").append("Response's status code is not success.").append(value).toString());
            }
            String[] strArr = {id, ""};
            if (logUtil.isErrorLoggable(Level.FINE)) {
                strArr[1] = value;
            }
            logUtil.error(Level.INFO, LogUtil.WRONG_STATUS_CODE, strArr, adminSSOToken);
            throw new SAML2Exception(bundle.getString("invalidStatusCodeInResponse"));
        }
        if (saml2MetaManager == null) {
            throw new SAML2Exception(bundle.getString("nullMetaManager"));
        }
        try {
            SPSSOConfigElement sPSSOConfig = saml2MetaManager.getSPSSOConfig(str, str2);
            SPSSODescriptorElement sPSSODescriptor = saml2MetaManager.getSPSSODescriptor(str, str2);
            boolean z2 = false;
            String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(sPSSOConfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
            if (attributeValueFromSPSSOConfig != null && attributeValueFromSPSSOConfig.equals(SAML2Constants.TRUE)) {
                z2 = true;
            }
            boolean z3 = z;
            if (!z3) {
                z3 = sPSSODescriptor.isWantAssertionsSigned();
            }
            List<Assertion> assertion = response.getAssertion();
            if (z2 && assertion != null && assertion.size() != 0) {
                String[] strArr2 = {id};
                LogUtil logUtil2 = logUtil;
                Level level = Level.INFO;
                LogUtil logUtil3 = logUtil;
                logUtil2.error(level, LogUtil.ASSERTION_NOT_ENCRYPTED, strArr2, adminSSOToken);
                throw new SAML2Exception(bundle.getString("assertionNotEncrypted"));
            }
            PrivateKey privateKey = null;
            List encryptedAssertion = response.getEncryptedAssertion();
            if (encryptedAssertion != null) {
                Iterator it = encryptedAssertion.iterator();
                while (it.hasNext()) {
                    if (privateKey == null) {
                        privateKey = KeyUtil.getDecryptionKey(sPSSOConfig);
                    }
                    Assertion decrypt = ((EncryptedAssertion) it.next()).decrypt(privateKey);
                    if (assertion == null) {
                        assertion = new ArrayList();
                    }
                    assertion.add(decrypt);
                }
            }
            if (assertion == null || assertion.size() == 0) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.verifyResponse:").append("no assertion in the Response.").toString());
                }
                String[] strArr3 = {id};
                LogUtil logUtil4 = logUtil;
                Level level2 = Level.INFO;
                LogUtil logUtil5 = logUtil;
                logUtil4.error(level2, LogUtil.MISSING_ASSERTION, strArr3, adminSSOToken);
                throw new SAML2Exception(bundle.getString("missingAssertion"));
            }
            Map map = null;
            X509Certificate x509Certificate = null;
            for (Assertion assertion2 : assertion) {
                String id2 = assertion2.getID();
                Issuer issuer2 = assertion2.getIssuer();
                if (!isSourceSiteValid(issuer2, str, str2)) {
                    debug.error("assertion's source site is not valid.");
                    String[] strArr4 = {id2};
                    LogUtil logUtil6 = logUtil;
                    Level level3 = Level.INFO;
                    LogUtil logUtil7 = logUtil;
                    logUtil6.error(level3, LogUtil.INVALID_ISSUER_ASSERTION, strArr4, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("invalidIssuerInAssertion"));
                }
                if (str3 == null) {
                    str3 = issuer2.getValue();
                } else if (!str3.equals(issuer2.getValue())) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.verifyResponse:").append("Issuer in Assertion doesn't ").append("match the Issuer in Response or other ").append("Assertions in the Response.").toString());
                    }
                    String[] strArr5 = {id2};
                    LogUtil logUtil8 = logUtil;
                    Level level4 = Level.INFO;
                    LogUtil logUtil9 = logUtil;
                    logUtil8.error(level4, LogUtil.MISMATCH_ISSUER_ASSERTION, strArr5, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("mismatchIssuer"));
                }
                if (z3) {
                    if (x509Certificate == null) {
                        try {
                            x509Certificate = KeyUtil.getVerificationCert(saml2MetaManager.getIDPSSODescriptor(str, str3), str3, true);
                        } catch (SSOException e) {
                            throw new SAML2Exception(e.getMessage());
                        }
                    }
                    if (!assertion2.isSigned() || !assertion2.isSignatureValid(x509Certificate)) {
                        debug.error(new StringBuffer().append("SAML2Utils.verifyResponse:").append("Assertion is not signed or signature is not valid.").toString());
                        String[] strArr6 = {id2};
                        LogUtil logUtil10 = logUtil;
                        Level level5 = Level.INFO;
                        LogUtil logUtil11 = logUtil;
                        logUtil10.error(level5, LogUtil.INVALID_SIGNATURE_ASSERTION, strArr6, adminSSOToken);
                        throw new SAML2Exception(bundle.getString("invalidSignatureOnAssertion"));
                    }
                }
                List authnStatements = assertion2.getAuthnStatements();
                if (authnStatements != null && !authnStatements.isEmpty() && (subject = assertion2.getSubject()) != null && (subjectConfirmation = subject.getSubjectConfirmation()) != null && !subjectConfirmation.isEmpty() && isBearerSubjectConfirmation(subjectConfirmation, inResponseTo, sPSSODescriptor, sPSSOConfig, id2)) {
                    checkAudience(assertion2.getConditions(), str2, id2);
                    if (map == null) {
                        map = fillMap(authnStatements, subject, assertion2, assertion, authnRequestInfo, inResponseTo, str, str2, str3, sPSSOConfig);
                    }
                }
            }
            if (map != null) {
                return map;
            }
            debug.error("No Authentication Assertion in Response.");
            throw new SAML2Exception(bundle.getString("missingAuthnAssertion"));
        } catch (SSOException e2) {
            throw new SAML2Exception(e2.getMessage());
        }
    }

    private static boolean isBearerSubjectConfirmation(List list, String str, SPSSODescriptorElement sPSSODescriptorElement, SPSSOConfigElement sPSSOConfigElement, String str2) throws SAML2Exception {
        boolean z = false;
        Iterator it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SubjectConfirmation subjectConfirmation = (SubjectConfirmation) it.next();
            if (subjectConfirmation != null && subjectConfirmation.getMethod() != null && subjectConfirmation.getMethod().equals(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER)) {
                SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
                if (subjectConfirmationData == null) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("missing SubjectConfirmationData.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.MISSING_SUBJECT_COMFIRMATION_DATA, new String[]{str2}, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("missingSubjectConfirmationData"));
                }
                String recipient = subjectConfirmationData.getRecipient();
                if (recipient == null || recipient.length() == 0) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("missing Recipient in Assertion.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.MISSING_RECIPIENT, new String[]{str2}, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("missingRecipient"));
                }
                boolean z2 = false;
                Iterator it2 = sPSSODescriptorElement.getAssertionConsumerService().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (recipient.equals(((AssertionConsumerServiceElement) it2.next()).getLocation())) {
                        z2 = true;
                        break;
                    }
                }
                if (!z2) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("this sp is not the intended ").append("recipient.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.WRONG_RECIPIENT, new String[]{str2, recipient}, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("wrongRecipient"));
                }
                int i = 300;
                String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(sPSSOConfigElement, SAML2Constants.ASSERTION_TIME_SKEW);
                if (attributeValueFromSPSSOConfig != null && attributeValueFromSPSSOConfig.trim().length() > 0) {
                    i = Integer.parseInt(attributeValueFromSPSSOConfig);
                    if (i < 0) {
                        i = 300;
                    }
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("timeskew = ").append(i).toString());
                }
                Date notOnOrAfter = subjectConfirmationData.getNotOnOrAfter();
                if (notOnOrAfter == null || notOnOrAfter.getTime() + (i * 1000) < System.currentTimeMillis()) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("Time in SubjectConfirmationData of ").append("Assertion:").append(str2).append(" is invalid.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.INVALID_TIME_SUBJECT_CONFIRMATION_DATA, new String[]{str2}, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("invalidTimeOnSubjectConfirmationData"));
                }
                if (subjectConfirmationData.getNotBefore() != null) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("SubjectConfirmationData included ").append("NotBefore.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.CONTAINED_NOT_BEFORE, new String[]{str2}, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("containedNotBefore"));
                }
                String inResponseTo = subjectConfirmationData.getInResponseTo();
                if (inResponseTo == null || inResponseTo.length() == 0) {
                    if (str != null && str.length() != 0) {
                        if (debug.messageEnabled()) {
                            debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("Assertion doesn't contain ").append("InResponseTo, but Response does.").toString());
                        }
                        logUtil.error(Level.INFO, LogUtil.WRONG_INRESPONSETO_ASSERTION, new String[]{str2}, adminSSOToken);
                        throw new SAML2Exception(bundle.getString("wrongInResponseToInAssertion"));
                    }
                } else if (!inResponseTo.equals(str)) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.isBearerSubjectConfirmation:").append("InResponseTo in Assertion is ").append("different from the one in Response.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.WRONG_INRESPONSETO_ASSERTION, new String[]{str2}, adminSSOToken);
                    throw new SAML2Exception(bundle.getString("wrongInResponseToInAssertion"));
                }
                z = true;
            }
        }
        return z;
    }

    private static void checkAudience(Conditions conditions, String str, String str2) throws SAML2Exception {
        if (conditions == null) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.checkAudience:").append("Conditions is missing from Assertion.").toString());
            }
            logUtil.error(Level.INFO, LogUtil.MISSING_CONDITIONS, new String[]{str2}, adminSSOToken);
            throw new SAML2Exception(bundle.getString("missingConditions"));
        }
        List audienceRestrictions = conditions.getAudienceRestrictions();
        if (audienceRestrictions == null) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.checkAudience:").append("missing AudienceRestriction.").toString());
            }
            logUtil.error(Level.INFO, LogUtil.MISSING_AUDIENCE_RESTRICTION, new String[]{str2}, adminSSOToken);
            throw new SAML2Exception(bundle.getString("missingAudienceRestriction"));
        }
        Iterator it = audienceRestrictions.iterator();
        boolean z = false;
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (((AudienceRestriction) it.next()).getAudience().contains(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Utils.checkAudience:").append("This SP is not the intended audience.").toString());
        }
        logUtil.error(Level.INFO, LogUtil.WRONG_AUDIENCE, new String[]{str2}, adminSSOToken);
        throw new SAML2Exception(bundle.getString("audienceNotMatch"));
    }

    private static Map fillMap(List list, Subject subject, Assertion assertion, List list2, AuthnRequestInfo authnRequestInfo, String str, String str2, String str3, String str4, SPSSOConfigElement sPSSOConfigElement) throws SAML2Exception {
        AuthnStatement authnStatement = (AuthnStatement) list.get(0);
        SPAuthnContextMapper sPAuthnContextMapper = getSPAuthnContextMapper(str2, str3, getAttributeValueFromSPSSOConfig(sPSSOConfigElement, SAML2Constants.SP_AUTHCONTEXT_MAPPER));
        RequestedAuthnContext requestedAuthnContext = null;
        if (authnRequestInfo != null) {
            requestedAuthnContext = authnRequestInfo.getAuthnRequest().getRequestedAuthnContext();
        }
        int authLevel = sPAuthnContextMapper.getAuthLevel(requestedAuthnContext, authnStatement.getAuthnContext(), str2, str3, str4);
        String sessionIndex = authnStatement.getSessionIndex();
        Date sessionNotOnOrAfter = authnStatement.getSessionNotOnOrAfter();
        HashMap hashMap = new HashMap();
        hashMap.put("Subject", subject);
        hashMap.put(SAML2Constants.POST_ASSERTION, assertion);
        hashMap.put(SAML2Constants.ASSERTIONS, list2);
        String[] strArr = {assertion.getID(), "", ""};
        if (logUtil.isAccessLoggable(Level.FINE)) {
            strArr[1] = subject.toXMLString();
        }
        if (sessionIndex != null && sessionIndex.length() != 0) {
            strArr[2] = sessionIndex;
            hashMap.put("SessionIndex", sessionIndex);
        }
        if (authLevel >= 0) {
            hashMap.put(SAML2Constants.AUTH_LEVEL, new Integer(authLevel));
        }
        if (sessionNotOnOrAfter != null) {
            long time = (sessionNotOnOrAfter.getTime() - System.currentTimeMillis()) / 60000;
            if (time > 0) {
                hashMap.put(SAML2Constants.MAX_SESSION_TIME, new Long(time));
            }
        }
        if (str != null && str.length() != 0) {
            hashMap.put(SAML2Constants.IN_RESPONSE_TO, str);
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.fillMap: Found valid authentication assertion.");
        }
        LogUtil logUtil2 = logUtil;
        Level level = Level.INFO;
        LogUtil logUtil3 = logUtil;
        logUtil2.access(level, LogUtil.FOUND_AUTHN_ASSERTION, strArr, adminSSOToken);
        return hashMap;
    }

    public static String getAttributeValueFromSPSSOConfig(SPSSOConfigElement sPSSOConfigElement, String str) {
        String str2 = null;
        if (sPSSOConfigElement == null) {
            return null;
        }
        List list = (List) SAML2MetaUtils.getAttributes(sPSSOConfigElement).get(str);
        if (list != null && list.size() != 0) {
            str2 = ((String) list.iterator().next()).trim();
        }
        return str2;
    }

    public static List getStrAssertions(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                Assertion assertion = (Assertion) it.next();
                try {
                    arrayList.add(assertion.toXMLString(true, true));
                } catch (SAML2Exception e) {
                    debug.error(new StringBuffer().append("Invalid assertion: ").append(assertion).toString());
                }
            }
        }
        return arrayList;
    }

    public static boolean isPersistentNameID(NameID nameID) {
        boolean z = false;
        if (nameID == null) {
            return false;
        }
        String format = nameID.getFormat();
        if (format != null && (format.equalsIgnoreCase(SAML2Constants.PERSISTENT) || format.equalsIgnoreCase(SAML2Constants.UNSPECIFIED))) {
            z = true;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Utils:isPersistent : ").append(z).toString());
        }
        return z;
    }

    /* JADX WARN: Type inference failed for: r9v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public static boolean isFedInfoExists(String str, String str2, String str3, NameID nameID) {
        boolean z = false;
        if (str == null || str2 == null || str3 == null || nameID == null) {
            return false;
        }
        try {
            NameIDInfo accountFederation = AccountUtils.getAccountFederation(str, str2, str3);
            if (accountFederation != null) {
                if (accountFederation.getNameIDValue().equals(nameID.getValue())) {
                    z = true;
                }
            }
        } catch (SAML2Exception e) {
            debug.error(new StringBuffer().append("Failed to get DataStoreProvider ").append(e.toString()).toString());
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils:isFedInfoExists:Stack : ", (Throwable) e);
            }
        } catch (Exception e2) {
            debug.message("SAML2Utils:isFedInfoExists: Exception : ", e2);
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Utils:isFedInfoExists : ").append(z).toString());
        }
        return z;
    }

    public static boolean isSourceSiteValid(Issuer issuer, String str, String str2) {
        boolean z = false;
        if (issuer != null) {
            try {
                String trim = issuer.getValue().trim();
                if (trim != null && trim.length() != 0) {
                    z = saml2MetaManager.isTrustedProvider(str, str2, trim);
                }
            } catch (Exception e) {
                debug.error("SAML2Utils.isSourceSiteValid: Exception : ", e);
                return false;
            }
        }
        return z;
    }

    public static DataStoreProvider getDataStoreProvider() throws SAML2Exception {
        try {
            return DataStoreProviderManager.getInstance().getDataStoreProvider(SAML2Constants.SAML2);
        } catch (DataStoreProviderException e) {
            debug.error("SAML2Utils.getDataStoreProvider: DataStoreProviderException : ", e);
            throw new SAML2Exception((Throwable) e);
        }
    }

    public static String encodeForRedirect(String str) {
        int length = str.length();
        try {
            byte[] bytes = str.getBytes(SAML2Constants.DEFAULT_ENCODING);
            byte[] bArr = new byte[length];
            Deflater deflater = new Deflater(-1, true);
            deflater.setInput(bytes);
            deflater.finish();
            int deflate = deflater.deflate(bArr);
            deflater.end();
            byte[] bArr2 = new byte[deflate];
            System.arraycopy(bArr, 0, bArr2, 0, deflate);
            String encode = AMURLEncDec.encode(Base64.encode(bArr2));
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("encodeForRedirect").append("out string length : ").append(encode.length()).toString());
                debug.message(new StringBuffer().append("encodeForRedirect").append("out string is ===>").append(encode).append("<===").toString());
            }
            return encode;
        } catch (UnsupportedEncodingException e) {
            debug.error("SAML2Utils.encodeForRedirect: cannot get byte array: ", e);
            return null;
        }
    }

    public static String decodeFromRedirect(String str) {
        if (str == null || str.length() == 0) {
            debug.error("SAML2Utils.decodeFromRedirect: input is null.");
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Utils.decodeFromRedirect: input string length : ").append(str.length()).toString());
            debug.message(new StringBuffer().append("SAML2Utils.decodeFromRedirect: input string is ===>").append(str).append("<===").toString());
        }
        byte[] decode = Base64.decode(removeNewLineChars(str));
        if (decode == null || decode.length == 0) {
            debug.error("SAML2Utils.decodeFromRedirect: base 64 decoded result is null");
            return null;
        }
        Inflater inflater = new Inflater(true);
        inflater.setInput(decode);
        byte[] bArr = new byte[2048];
        try {
            int inflate = inflater.inflate(bArr);
            inflater.end();
            try {
                String str2 = new String(bArr, 0, inflate, SAML2Constants.DEFAULT_ENCODING);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.decodeFromRedirect: Return value: \n").append(str2).toString());
                }
                return str2;
            } catch (UnsupportedEncodingException e) {
                debug.error("SAML2Utils.decodeFromRedirect: cannot convert byte array to string.", e);
                return null;
            }
        } catch (DataFormatException e2) {
            debug.error("SAML2Utils.decodeFromRedirect: cannot inflate SAMLRequest: ", e2);
            return null;
        }
    }

    public static String removeNewLineChars(String str) {
        String str2;
        if (str == null || str.length() <= 0 || str.indexOf(10) == -1) {
            str2 = str;
        } else {
            char[] charArray = str.toCharArray();
            StringBuffer stringBuffer = new StringBuffer(charArray.length);
            for (char c : charArray) {
                if (c != '\n') {
                    stringBuffer.append(c);
                }
            }
            str2 = stringBuffer.toString();
        }
        return str2;
    }

    public static SAML2MetaManager getSAML2MetaManager() {
        return saml2MetaManager;
    }

    public static String getRealm(String str) {
        if (str == null || str.length() == 0) {
            str = SystemProperties.get(SAML2SetupConstants.PROP_DEFAULT_ORG, "/");
        }
        return str;
    }

    public static String getRealm(Map map) {
        String parameter = getParameter(map, SAML2Constants.REALM);
        if (parameter == null || parameter.length() == 0) {
            parameter = SystemProperties.get(SAML2SetupConstants.PROP_DEFAULT_ORG, "/");
        }
        return parameter;
    }

    public static String getParameter(Map map, String str) {
        String str2;
        String str3 = null;
        if (map != null && !map.isEmpty() && (str2 = (String) map.get(str)) != null) {
            str3 = str2;
        }
        return str3;
    }

    public static SSOToken getSSOToken(HttpServletRequest httpServletRequest) {
        SSOToken sSOToken;
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            sSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            if (!sSOTokenManager.isValidToken(sSOToken)) {
                sSOToken = null;
            }
        } catch (SSOException e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getSSOToken: no valid SSO token");
            }
            sSOToken = null;
        }
        return sSOToken;
    }

    public static boolean destroySession(HttpServletRequest httpServletRequest) {
        return destroySession(getSSOToken(httpServletRequest));
    }

    public static boolean destroySession(SSOToken sSOToken) {
        if (sSOToken != null) {
            try {
                SSOTokenManager.getInstance().destroyToken(sSOToken);
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.destroySession: Local session is destroyed.");
                }
            } catch (Exception e) {
                debug.error("SAML2Utils.destroySession: ", e);
                return false;
            }
        }
        return true;
    }

    public static Map getParamsMap(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        String relayState = getRelayState(httpServletRequest);
        if (relayState != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(relayState);
            hashMap.put("RelayState", arrayList);
        }
        String parameter = httpServletRequest.getParameter(SAML2Constants.ISPASSIVE);
        if (parameter != null) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(parameter);
            hashMap.put(SAML2Constants.ISPASSIVE, arrayList2);
        }
        String parameter2 = httpServletRequest.getParameter(SAML2Constants.FORCEAUTHN);
        if (parameter2 != null) {
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(parameter2);
            hashMap.put(SAML2Constants.FORCEAUTHN, arrayList3);
        }
        String parameter3 = httpServletRequest.getParameter(SAML2Constants.ALLOWCREATE);
        if (parameter3 != null) {
            ArrayList arrayList4 = new ArrayList();
            arrayList4.add(parameter3);
            hashMap.put(SAML2Constants.ALLOWCREATE, arrayList4);
        }
        String parameter4 = httpServletRequest.getParameter(SAML2Constants.CONSENT);
        if (parameter4 != null) {
            ArrayList arrayList5 = new ArrayList();
            arrayList5.add(parameter4);
            hashMap.put(SAML2Constants.CONSENT, arrayList5);
        }
        String parameter5 = httpServletRequest.getParameter(SAML2Constants.DESTINATION);
        if (parameter5 != null) {
            ArrayList arrayList6 = new ArrayList();
            arrayList6.add(parameter5);
            hashMap.put(SAML2Constants.DESTINATION, arrayList6);
        }
        String parameter6 = httpServletRequest.getParameter(SAML2Constants.NAMEID_POLICY_FORMAT);
        if (parameter6 != null) {
            ArrayList arrayList7 = new ArrayList();
            arrayList7.add(parameter6);
            hashMap.put(SAML2Constants.NAMEID_POLICY_FORMAT, arrayList7);
        }
        String parameter7 = httpServletRequest.getParameter(SAML2Constants.BINDING);
        if (parameter7 != null) {
            ArrayList arrayList8 = new ArrayList();
            arrayList8.add(parameter7);
            hashMap.put(SAML2Constants.BINDING, arrayList8);
        }
        String parameter8 = httpServletRequest.getParameter("AssertionConsumerServiceIndex");
        if (parameter8 != null) {
            ArrayList arrayList9 = new ArrayList();
            arrayList9.add(parameter8);
            hashMap.put("AssertionConsumerServiceIndex", arrayList9);
        }
        String parameter9 = httpServletRequest.getParameter("AttributeConsumingServiceIndex");
        if (parameter9 != null) {
            ArrayList arrayList10 = new ArrayList();
            arrayList10.add(parameter9);
            hashMap.put("AttributeConsumingServiceIndex", arrayList10);
        }
        String parameter10 = httpServletRequest.getParameter(SAML2Constants.SP_AUTHCONTEXT_COMPARISON);
        if (parameter10 != null) {
            ArrayList arrayList11 = new ArrayList();
            arrayList11.add(parameter10);
            hashMap.put(SAML2Constants.SP_AUTHCONTEXT_COMPARISON, arrayList11);
        }
        String parameter11 = httpServletRequest.getParameter(SAML2Constants.AUTH_CONTEXT_DECL_REF);
        if (parameter11 != null && parameter11.length() > 0) {
            hashMap.put(SAML2Constants.AUTH_CONTEXT_DECL_REF, getAuthContextList(parameter11));
        }
        String parameter12 = httpServletRequest.getParameter(SAML2Constants.AUTH_CONTEXT_CLASS_REF);
        if (parameter12 != null) {
            hashMap.put(SAML2Constants.AUTH_CONTEXT_CLASS_REF, getAuthContextList(parameter12));
        }
        String parameter13 = httpServletRequest.getParameter(SAML2Constants.AUTH_LEVEL);
        if (parameter13 != null && parameter13.length() > 0) {
            ArrayList arrayList12 = new ArrayList();
            arrayList12.add(parameter13);
            hashMap.put(SAML2Constants.AUTH_LEVEL, arrayList12);
        }
        return hashMap;
    }

    private static List getAuthContextList(String str) {
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
        while (stringTokenizer.hasMoreTokens()) {
            arrayList.add(stringTokenizer.nextToken());
        }
        return arrayList;
    }

    public static String generateSourceID(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            char[] charArray = str.toCharArray();
            byte[] bArr = new byte[charArray.length];
            for (int i = 0; i < charArray.length; i++) {
                bArr[i] = (byte) charArray[i];
            }
            messageDigest.update(bArr);
            return byteArrayToString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            debug.error("SAML2Utils.generateSourceID: ", e);
            return null;
        }
    }

    public static String getRemoteServiceURL(String str) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Utils.getRemoteServiceURL: id = ").append(str).toString());
        }
        if (str == null || str.length() < 2) {
            return null;
        }
        String substring = str.substring(str.length() - 2);
        try {
            if (substring.equals(WebtopNaming.getServerID(server_protocol, server_host, server_port))) {
                return null;
            }
            return WebtopNaming.getServerFromID(substring);
        } catch (Exception e) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("SAML2Utils.getRemoteServiceURL:", e);
            return null;
        }
    }

    public static List getRemoteServiceURLs(HttpServletRequest httpServletRequest) {
        String stringBuffer = new StringBuffer().append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).toString();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Utils.getRemoteServiceURLs: requestURL = ").append(stringBuffer).toString());
        }
        Vector vector = null;
        try {
            vector = WebtopNaming.getPlatformServerList();
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getRemoteServiceURLs:", e);
            }
        }
        if (vector == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (!str.equalsIgnoreCase(stringBuffer) && !str.equalsIgnoreCase(localURL)) {
                arrayList.add(str);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Utils.getRemoteServiceURLs: remoteServiceURLs = ").append(arrayList).toString());
        }
        return arrayList;
    }

    public static String generateIDWithServerID() {
        if (random == null) {
            return null;
        }
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        return embedServerID(new StringBuffer().append("s2").append(byteArrayToHexString(bArr)).toString());
    }

    public static String generateMessageHandleWithServerID() {
        if (random == null) {
            return null;
        }
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        return embedServerID(byteArrayToString(bArr));
    }

    private static String embedServerID(String str) {
        try {
            String serverID = WebtopNaming.getServerID(server_protocol, server_host, server_port);
            if (serverID != null && serverID.length() == 2) {
                str = new StringBuffer().append(str.substring(0, str.length() - 2)).append(serverID).toString();
            } else if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.appendServerID: invalid server id = ").append(serverID).toString());
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.appendServerID:", e);
            }
        }
        return str;
    }

    public static SOAPMessage createSOAPMessage(String str) throws SOAPException, SAML2Exception {
        try {
            MimeHeaders mimeHeaders = new MimeHeaders();
            mimeHeaders.addHeader("Content-Type", "text/xml");
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.createSOAPMessage: xmlstr = ").append(str).toString());
            }
            StringBuffer stringBuffer = new StringBuffer(500);
            stringBuffer.append(SAML2Constants.START_TAG).append("soap-env").append(":Envelope").append(" ").append("xmlns:").append("soap-env").append("=\"").append("http://schemas.xmlsoap.org/soap/envelope/").append("\">").append(SAML2Constants.START_TAG).append("soap-env").append(":Body>").append(str).append("</").append("soap-env").append(":Body>").append("</").append("soap-env").append(":Envelope>").append(SAML2Constants.NEWLINE);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.createSOAPMessage: soap message = ").append(stringBuffer.toString()).toString());
            }
            return mf.createMessage(mimeHeaders, new ByteArrayInputStream(stringBuffer.toString().getBytes(SAML2Constants.DEFAULT_ENCODING)));
        } catch (IOException e) {
            debug.error("SAML2Utils.createSOAPMessage: IOE", e);
            throw new SAML2Exception(e.getMessage());
        }
    }

    public static Element getSOAPBody(SOAPMessage sOAPMessage) throws SAML2Exception {
        debug.message("SAML2Utils.getSOAPBody : start");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            sOAPMessage.writeTo(byteArrayOutputStream);
            Document dOMDocument = XMLUtils.toDOMDocument(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), debug);
            Element documentElement = dOMDocument.getDocumentElement();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("LogoutUtil.getSOAPBody : soap body =\n").append(XMLUtils.print(documentElement)).toString());
            }
            String localName = dOMDocument.getDocumentElement().getLocalName();
            if (localName == null || localName.length() == 0) {
                debug.error("SAML2Utils.getSOAPBody : no local name");
                throw new SAML2Exception(bundle.getString("missingLocalName"));
            }
            if (!localName.equals("Envelope") || !"http://schemas.xmlsoap.org/soap/envelope/".equals(documentElement.getNamespaceURI())) {
                debug.error("SAML2Utils.getSOAPBody : either root element is not Envelope or invalid name space or prefix");
                throw new SAML2Exception(bundle.getString("invalidSOAPElement"));
            }
            NodeList childNodes = documentElement.getChildNodes();
            int length = childNodes.getLength();
            if (length <= 0) {
                debug.error("SAML2Utils.getSOAPBody: no msg body");
                throw new SAML2Exception(bundle.getString("missingSOAPBody"));
            }
            for (int i = 0; i < length; i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() != 1) {
                    debug.message(new StringBuffer().append("SAML2Utils.getSOAPBody: ").append(item).toString());
                } else {
                    String localName2 = item.getLocalName();
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("SAML2Utils.getSOAPBody: local name= ").append(localName2).toString());
                    }
                    if (localName2.equals("Body") && "http://schemas.xmlsoap.org/soap/envelope/".equals(item.getNamespaceURI())) {
                        return (Element) item;
                    }
                }
            }
            throw new SAML2Exception(bundle.getString("missingSOAPBody"));
        } catch (IOException e) {
            debug.error("SAML2Utils.getSOAPBody : writeTo IO", e);
            throw new SAML2Exception(e.getMessage());
        } catch (SOAPException e2) {
            debug.error("SAML2Utils.getSOAPBody : writeTo SOAP", e2);
            throw new SAML2Exception(e2.getMessage());
        }
    }

    public static MimeHeaders getHeaders(HttpServletRequest httpServletRequest) {
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        MimeHeaders mimeHeaders = new MimeHeaders();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            String header = httpServletRequest.getHeader(str);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Util.getHeaders: Header name=").append(str).append(", value=").append(header).toString());
            }
            StringTokenizer stringTokenizer = new StringTokenizer(header, ",");
            while (stringTokenizer.hasMoreTokens()) {
                mimeHeaders.addHeader(str, stringTokenizer.nextToken().trim());
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Util.getHeaders: Header=").append(mimeHeaders.toString()).toString());
        }
        return mimeHeaders;
    }

    public static void putHeaders(MimeHeaders mimeHeaders, HttpServletResponse httpServletResponse) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("SAML2Util.putHeaders: Header=").append(mimeHeaders.toString()).toString());
        }
        Iterator allHeaders = mimeHeaders.getAllHeaders();
        while (allHeaders.hasNext()) {
            MimeHeader mimeHeader = (MimeHeader) allHeaders.next();
            String[] header = mimeHeaders.getHeader(mimeHeader.getName());
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Util.putHeaders: Header name=").append(mimeHeader.getName()).append(", value=").append(header).toString());
            }
            if (header.length == 1) {
                httpServletResponse.setHeader(mimeHeader.getName(), mimeHeader.getValue());
            } else {
                StringBuffer stringBuffer = new StringBuffer();
                int i = 0;
                while (i < header.length) {
                    if (i != 0) {
                        stringBuffer.append(',');
                    }
                    int i2 = i;
                    i++;
                    stringBuffer.append(header[i2]);
                }
                httpServletResponse.setHeader(mimeHeader.getName(), stringBuffer.toString());
            }
        }
    }

    public static Status generateStatus(String str, String str2) {
        Status status = null;
        try {
            status = ProtocolFactory.getInstance().createStatus();
            StatusCode createStatusCode = ProtocolFactory.getInstance().createStatusCode();
            createStatusCode.setValue(str);
            status.setStatusCode(createStatusCode);
            if (str2 != null && str2.length() != 0) {
                status.setStatusMessage(str2);
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Util.geberateStatus : ").append(status.toXMLString()).toString());
            }
        } catch (SAML2Exception e) {
            debug.error("Exeption : ", e);
        }
        return status;
    }

    public static Element getSamlpElement(SOAPMessage sOAPMessage, String str) throws SAML2Exception {
        NodeList childNodes = getSOAPBody(sOAPMessage).getChildNodes();
        int length = childNodes.getLength();
        if (length <= 0) {
            debug.error("SAML2Utils.getSamlpElement: empty body");
            throw new SAML2Exception(bundle.getString("missingBody"));
        }
        Element element = null;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                String localName = item.getLocalName();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.getSamlpElement: node=").append(localName).append(", nsURI=").append(item.getNamespaceURI()).toString());
                }
                if (!localName.equals("Fault")) {
                    if (localName.equals(str) && SAML2Constants.PROTOCOL_NAMESPACE.equals(item.getNamespaceURI())) {
                        element = (Element) item;
                        break;
                    }
                } else {
                    throw new SAML2Exception(bundle.getString("soapFaultInSOAPResponse"));
                }
            }
            i++;
        }
        if (element == null) {
            throw new SAML2Exception(new StringBuffer().append(bundle.getString("elementNotFound")).append(str).toString());
        }
        return element;
    }

    public static SOAPMessage createSOAPFault(String str, String str2, String str3) {
        SOAPMessage sOAPMessage = null;
        try {
            sOAPMessage = mf.createMessage();
            SOAPEnvelope envelope = sOAPMessage.getSOAPPart().getEnvelope();
            SOAPFault addFault = envelope.getBody().addFault();
            addFault.setFaultCode(str);
            addFault.setFaultString(bundle.getString(str2));
            if (str3 != null && str3.length() != 0) {
                addFault.addDetail().addDetailEntry(envelope.createName("Problem")).addAttribute(envelope.createName("details"), bundle.getString(str3));
            }
        } catch (SOAPException e) {
            debug.error("createSOAPFault:", e);
        }
        return sOAPMessage;
    }

    public static SOAPMessage getSOAPMessage(HttpServletRequest httpServletRequest) throws IOException, SOAPException {
        return mf.createMessage(getHeaders(httpServletRequest), httpServletRequest.getInputStream());
    }

    public static SOAPMessage sendSOAPMessage(String str, String str2) throws SOAPException, SAML2Exception {
        return scf.createConnection().call(createSOAPMessage(str), str2);
    }

    public static String getEncryptionCertAlias(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getEncryptionCertAlias : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getEncryptionCertAlias : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getEncryptionCertAlias : ").append("entityRole - ").append(str3).toString());
        }
        return getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.ENCRYPTION_CERT_ALIAS);
    }

    public static String getSigningCertAlias(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getSigningCertAlias : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getSigningCertAlias : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getSigningCertAlias : ").append("entityRole - ").append(str3).toString());
        }
        return getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.SIGNING_CERT_ALIAS);
    }

    public static boolean getWantAssertionEncrypted(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantAssertionEncrypted : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantAssertionEncrypted : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantAssertionEncrypted : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantAttributeEncrypted(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantAttributeEncrypted : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantAttributeEncrypted : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantAttributeEncrypted : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ATTRIBUTE_ENCRYPTED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantNameIDEncrypted(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantNameIDEncrypted : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantNameIDEncrypted : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantNameIDEncrypted : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_NAMEID_ENCRYPTED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantArtifactResolveSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantArtifactResolveSigned : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantArtifactResolveSigned : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantArtifactResolveSigned : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantArtifactResponseSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantArtifactResponseSigned : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantArtifactResponseSigned : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantArtifactResponseSigned : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantLogoutRequestSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantLogoutRequestSigned : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantLogoutRequestSigned : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantLogoutRequestSigned : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_LOGOUT_REQUEST_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantLogoutResponseSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantLogoutResponseSigned : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantLogoutResponseSigned : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantLogoutResponseSigned : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_LOGOUT_RESPONSE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantMNIRequestSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantMNIRequestSigned : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantMNIRequestSigned : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantMNIRequestSigned : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_MNI_REQUEST_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static boolean getWantMNIResponseSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getWantMNIResponseSigned : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getWantMNIResponseSigned : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getWantMNIResponseSigned : ").append("entityRole - ").append(str3).toString());
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_MNI_RESPONSE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = SAML2Constants.FALSE;
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase(SAML2Constants.TRUE);
    }

    public static String getAttributeValueFromSSOConfig(String str, String str2, String str3, String str4) {
        Map attributes;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getAttributeValueFromSSOConfig : ").append("realm - ").append(str).toString());
            debug.message(new StringBuffer().append("getAttributeValueFromSSOConfig : ").append("hostEntityId - ").append(str2).toString());
            debug.message(new StringBuffer().append("getAttributeValueFromSSOConfig : ").append("entityRole - ").append(str3).toString());
            debug.message(new StringBuffer().append("getAttributeValueFromSSOConfig : ").append("attrName - ").append(str4).toString());
        }
        String str5 = null;
        try {
            if (str3.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
                SPSSOConfigElement sPSSOConfig = saml2MetaManager.getSPSSOConfig(str, str2);
                if (sPSSOConfig == null) {
                    return null;
                }
                attributes = SAML2MetaUtils.getAttributes(sPSSOConfig);
            } else {
                IDPSSOConfigElement iDPSSOConfig = saml2MetaManager.getIDPSSOConfig(str, str2);
                if (iDPSSOConfig == null) {
                    return null;
                }
                attributes = SAML2MetaUtils.getAttributes(iDPSSOConfig);
            }
        } catch (SAML2MetaException e) {
            debug.message("get SSOConfig failed:", e);
        } catch (SSOException e2) {
            debug.message("invalid or expired SSO token:", e2);
        }
        if (attributes == null) {
            return null;
        }
        List list = (List) attributes.get(str4);
        if (list != null && list.size() != 0) {
            str5 = (String) list.get(0);
        }
        return str5;
    }

    public static String getHostEntityRole(Map map) throws SAML2Exception {
        String parameter = getParameter(map, SAML2Constants.ROLE);
        if (parameter.equalsIgnoreCase(SAML2Constants.SP_ROLE) || parameter.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            return parameter;
        }
        throw new SAML2Exception(bundle.getString("unknownHostEntityRole"));
    }

    public static void redirectAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws IOException {
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.AUTH_URL);
        if (attributeValueFromSSOConfig == null) {
            String requestURI = httpServletRequest.getRequestURI();
            String str4 = requestURI;
            int indexOf = requestURI.indexOf("/", requestURI.indexOf("/") + 1);
            if (indexOf != -1) {
                str4 = requestURI.substring(0, indexOf);
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).append(str4).append("/UI/Login?realm=").append(str);
            attributeValueFromSSOConfig = stringBuffer.toString();
        }
        String stringBuffer2 = new StringBuffer().append(attributeValueFromSSOConfig.indexOf("?") == -1 ? new StringBuffer().append(attributeValueFromSSOConfig).append("?goto=").toString() : new StringBuffer().append(attributeValueFromSSOConfig).append("&goto=").toString()).append(AMURLEncDec.encode(new StringBuffer().append(httpServletRequest.getRequestURL().toString()).append("?").append(httpServletRequest.getQueryString()).toString())).toString();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("redirectAuthentication: ").append("New URL for authentication: ").append(stringBuffer2).toString());
        }
        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, stringBuffer2);
    }

    public static Issuer createIssuer(String str) throws SAML2Exception {
        Issuer createIssuer = af.createIssuer();
        createIssuer.setValue(str);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("createIssuer: ").append("Issuer : ").append(createIssuer.toXMLString()).toString());
        }
        return createIssuer;
    }

    public static String fillInBasicAuthInfo(BaseConfigType baseConfigType, String str) {
        if (baseConfigType == null) {
            return str;
        }
        Map attributes = SAML2MetaUtils.getAttributes(baseConfigType);
        List list = (List) attributes.get(SAML2Constants.BASIC_AUTH_ON);
        if (list == null || list.isEmpty()) {
            return str;
        }
        String str2 = (String) list.get(0);
        if (str2 == null) {
            return str;
        }
        String trim = str2.trim();
        if (trim.length() == 0 || !trim.equalsIgnoreCase(SAML2Constants.TRUE)) {
            return str;
        }
        List list2 = (List) attributes.get(SAML2Constants.BASIC_AUTH_USER);
        if (list2 == null || list2.isEmpty()) {
            return str;
        }
        String str3 = (String) list2.get(0);
        if (str3 == null) {
            return str;
        }
        String trim2 = str3.trim();
        if (trim2.length() == 0) {
            return str;
        }
        List list3 = (List) attributes.get(SAML2Constants.BASIC_AUTH_PASSWD);
        String str4 = null;
        if (list3 != null && !list3.isEmpty()) {
            str4 = (String) list3.get(0);
        }
        if (str4 == null) {
            str4 = "";
        }
        String str5 = (String) AccessController.doPrivileged((PrivilegedAction) new DecodeAction(str4));
        int indexOf = str.indexOf("//");
        return new StringBuffer().append(str.substring(0, indexOf + 2)).append(trim2).append(":").append(str5).append("@").append(str.substring(indexOf + 2)).toString();
    }

    public static String signQueryString(String str, String str2, String str3, String str4) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signQueryString : ").append("queryString :").append(str).toString());
        }
        String signingCertAlias = getSigningCertAlias(str2, str3, str4);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signQueryString : ").append("realm is : ").append(str2).toString());
            debug.message(new StringBuffer().append("signQueryString : ").append("hostEntity is : ").append(str3).toString());
            debug.message(new StringBuffer().append("signQueryString : ").append("Host Entity role is : ").append(str4).toString());
            debug.message(new StringBuffer().append("signQueryString : ").append("Signing Cert Alias is : ").append(signingCertAlias).toString());
        }
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        if (privateKey != null) {
            return QuerySignatureUtil.sign(str, privateKey);
        }
        debug.error("Incorrect configuration for Signing Certificate.");
        throw new SAML2Exception(bundle.getString("metaDataError"));
    }

    public static boolean verifyQueryString(String str, String str2, String str3, String str4) throws SAML2Exception, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifyQueryString : ").append("queryString :").append(str).toString());
        }
        X509Certificate verificationCert = str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? KeyUtil.getVerificationCert(saml2MetaManager.getSPSSODescriptor(str2, str4), str4, false) : KeyUtil.getVerificationCert(saml2MetaManager.getIDPSSODescriptor(str2, str4), str4, true);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifyQueryString : ").append("realm is : ").append(str2).toString());
            debug.message(new StringBuffer().append("verifyQueryString : ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("verifyQueryString : ").append("remoteEntity is : ").append(str4).toString());
        }
        if (verificationCert != null) {
            return QuerySignatureUtil.verify(str, verificationCert);
        }
        debug.error("Incorrect configuration for Signing Certificate.");
        throw new SAML2Exception(bundle.getString("metaDataError"));
    }

    public static SSOToken checkSSOToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Map map) throws SAML2Exception {
        SSOToken sSOToken = getSSOToken(httpServletRequest);
        String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
        String hostEntityRole = getHostEntityRole(map);
        if (sSOToken == null) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("checkSSOToken : ").append("SSOToken is missing.").append("redirect to the authentication service").toString());
            }
            try {
                redirectAuthentication(httpServletRequest, httpServletResponse, realmByMetaAlias, saml2MetaManager.getEntityByMetaAlias(str), hostEntityRole);
            } catch (SSOException e) {
                debug.error("Invalid SSOToken", e);
                throw new SAML2Exception(bundle.getString("metaDataError"));
            } catch (IOException e2) {
                debug.error("Unable to redirect to authentication.");
                throw new SAML2Exception(e2.toString());
            }
        }
        return sSOToken;
    }

    public static String createNameIdentifier() {
        String str = null;
        try {
            byte[] bArr = new byte[21];
            randomGenerator.nextBytes(bArr);
            if (bArr == null) {
                debug.error("NameIdentifierImpl.createNameIdentifier:Could not generate random handle");
            } else {
                new Base64();
                str = Base64.encode(bArr);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("createNameIdentifier String: ").append(str).toString());
                }
            }
        } catch (Exception e) {
            debug.message(new StringBuffer().append("createNameIdentifier: Exception during proccessing request ").append(e.getMessage()).toString());
        }
        return str;
    }

    public static SPAuthnContextMapper getSPAuthnContextMapper(String str, String str2, String str3) {
        SPAuthnContextMapper sPAuthnContextMapper = (SPAuthnContextMapper) SPCache.authCtxObjHash.get(new StringBuffer().append(str2).append("|").append(str).toString());
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("AuthContext Class Name is :").append(str3).toString());
        }
        if (sPAuthnContextMapper == null && str3 != null && str3.length() != 0) {
            try {
                sPAuthnContextMapper = (SPAuthnContextMapper) Class.forName(str3).newInstance();
                SPCache.authCtxObjHash.put(new StringBuffer().append(str2).append("|").append(str).toString(), sPAuthnContextMapper);
            } catch (ClassNotFoundException e) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils: Mapper not configured using Default AuthnContext Mapper");
                }
            } catch (IllegalAccessException e2) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils: illegalaccess");
                    debug.message("SAML2Utils:Error :  using Default AuthnContext Mapper");
                }
            } catch (InstantiationException e3) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils: Instantiation ");
                    debug.message("SAML2Utils:Error instantiating :  using Default AuthnContext Mapper");
                }
            } catch (Exception e4) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils:Error :  using Default AuthnContext Mapper");
                }
            }
        }
        if (sPAuthnContextMapper == null) {
            sPAuthnContextMapper = new DefaultSPAuthnContextMapper();
            SPCache.authCtxObjHash.put(new StringBuffer().append(str2).append("|").append(str).toString(), sPAuthnContextMapper);
        }
        return sPAuthnContextMapper;
    }

    public static boolean verifyRequestIssuer(String str, String str2, Issuer issuer, String str3) throws SAML2Exception {
        boolean isSourceSiteValid = isSourceSiteValid(issuer, str, str2);
        if (isSourceSiteValid) {
            return isSourceSiteValid;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils Issuer in Request is not valid.");
        }
        logUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_REQUEST, new String[]{str2, str, str3}, adminSSOToken);
        throw new SAML2Exception(bundle.getString("invalidIssuerInRequest"));
    }

    public static boolean verifyResponseIssuer(String str, String str2, Issuer issuer, String str3) throws SAML2Exception {
        boolean isSourceSiteValid = isSourceSiteValid(issuer, str, str2);
        if (isSourceSiteValid) {
            return isSourceSiteValid;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils Issuer in Response is not valid.");
        }
        logUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_RESPONSE, new String[]{str2, str, str3}, adminSSOToken);
        throw new SAML2Exception(bundle.getString("invalidIssuerInResponse"));
    }

    public static String getReaderURL(String str) {
        String str2 = null;
        try {
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            String entityByMetaAlias = saml2MetaManager.getEntityByMetaAlias(str);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils:getReaderURL metaAlias is :").append(str).toString());
                debug.message(new StringBuffer().append("SAML2Utils:getReaderURL:Realm is :").append(realmByMetaAlias).toString());
                debug.message(new StringBuffer().append("SAML2Utils:getReaderURL:spEntityID is :").append(entityByMetaAlias).toString());
            }
            SPSSOConfigElement sPSSOConfig = saml2MetaManager.getSPSSOConfig(realmByMetaAlias, entityByMetaAlias);
            if (sPSSOConfig != null) {
                str2 = saml2CotManager.getCircleOfTrust(realmByMetaAlias, (String) ((List) SAML2MetaUtils.getAttributes(sPSSOConfig).get(SAML2Constants.COT_LIST)).iterator().next()).getReaderServiceURL();
            }
        } catch (SAML2Exception e) {
            if (debug.messageEnabled()) {
                debug.message("Error getting reader URL : ", e);
            }
        } catch (SSOException e2) {
            if (debug.messageEnabled()) {
                debug.message("Error getting ssotoken : ", e2);
            }
        } catch (Exception e3) {
            if (debug.messageEnabled()) {
                debug.message("Error getting reader URL : ", e3);
            }
        }
        return str2;
    }

    public static String getBaseURL(HttpServletRequest httpServletRequest) {
        String scheme = httpServletRequest.getScheme();
        String header = httpServletRequest.getHeader("Host");
        if (header == null) {
            header = new StringBuffer().append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).toString();
        }
        String stringBuffer = new StringBuffer().append(scheme).append("://").append(header).append("/").toString();
        String stringBuffer2 = httpServletRequest.getRequestURL().toString();
        String substring = scheme.equals("http") ? stringBuffer2.substring(8) : stringBuffer2.substring(9);
        String substring2 = substring.substring(substring.indexOf("/") + 1);
        if (substring2 != null && substring2.length() != 0) {
            stringBuffer = new StringBuffer().append(stringBuffer).append(substring2).toString();
        }
        return stringBuffer;
    }

    public static String getPreferredIDP(HttpServletRequest httpServletRequest) {
        String str;
        String parameter = httpServletRequest.getParameter(IDPDiscoveryConstants.SAML2_COOKIE_NAME);
        String str2 = null;
        if (parameter != null && parameter.length() > 0) {
            StringTokenizer stringTokenizer = new StringTokenizer(parameter.trim(), " ");
            String str3 = null;
            while (true) {
                str = str3;
                if (stringTokenizer.hasMoreTokens()) {
                    str3 = stringTokenizer.nextToken();
                } else {
                    try {
                        break;
                    } catch (Exception e) {
                        debug.message("Error decoding : ", e);
                    }
                }
            }
            str2 = new String(Base64.decode(str));
        }
        return str2;
    }

    public static String getRedirectURL(String str, String str2, HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str).append("?RelayState=");
        StringBuffer append = new StringBuffer().append(getBaseURL(httpServletRequest));
        if (append.toString().indexOf("?") == -1) {
            append.append("?");
        } else {
            append.append("&");
        }
        append.append("requestID=").append(str2);
        stringBuffer.append(AMURLEncDec.encode(append.toString()));
        return stringBuffer.toString();
    }

    public static IDPAccountMapper getIDPAccountMapper(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, SAML2Constants.IDP_ROLE, SAML2Constants.IDP_ACCOUNT_MAPPER);
            if (attributeValueFromSSOConfig == null) {
                attributeValueFromSSOConfig = SAML2Constants.DEFAULT_IDP_ACCOUNT_MAPPER_CLASS;
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.getIDPAccountMapper: ").append("use ").append(SAML2Constants.DEFAULT_IDP_ACCOUNT_MAPPER_CLASS).toString());
                }
            }
            IDPAccountMapper iDPAccountMapper = (IDPAccountMapper) IDPCache.idpAccountMapperCache.get(attributeValueFromSSOConfig);
            if (iDPAccountMapper == null) {
                iDPAccountMapper = (IDPAccountMapper) Class.forName(attributeValueFromSSOConfig).newInstance();
                IDPCache.idpAccountMapperCache.put(attributeValueFromSSOConfig, iDPAccountMapper);
            } else if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.getIDPAccountMapper: ").append("got the IDPAccountMapper from cache").toString());
            }
            return iDPAccountMapper;
        } catch (Exception e) {
            debug.error(new StringBuffer().append("SAML2Utils.getIDPAccountMapper: ").append("Unable to get IDP Account Mapper.").toString(), e);
            throw new SAML2Exception(e);
        }
    }

    public static SPAccountMapper getSPAccountMapper(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.SP_ACCOUNT_MAPPER);
            if (attributeValueFromSSOConfig == null) {
                attributeValueFromSSOConfig = SAML2Constants.DEFAULT_SP_ACCOUNT_MAPPER_CLASS;
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SAML2Utils.getSPAccountMapper: ").append("use ").append(SAML2Constants.DEFAULT_SP_ACCOUNT_MAPPER_CLASS).toString());
                }
            }
            SPAccountMapper sPAccountMapper = (SPAccountMapper) SPCache.spAccountMapperCache.get(attributeValueFromSSOConfig);
            if (sPAccountMapper == null) {
                sPAccountMapper = (SPAccountMapper) Class.forName(attributeValueFromSSOConfig).newInstance();
                SPCache.spAccountMapperCache.put(attributeValueFromSSOConfig, sPAccountMapper);
            } else if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SAML2Utils.getSPAccountMapper: ").append("got the SPAccountMapper from cache").toString());
            }
            return sPAccountMapper;
        } catch (Exception e) {
            debug.error(new StringBuffer().append("SAML2Utils.getSPAccountMapper: ").append("Unable to get SP Account Mapper.").toString(), e);
            throw new SAML2Exception(e);
        }
    }

    public static String getRelayState(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("RelayState");
        if (parameter == null || parameter.length() == 0) {
            String parameter2 = httpServletRequest.getParameter(SAML2Constants.RELAY_STATE_ALIAS);
            if (parameter2 != null && parameter2.length() > 0) {
                StringTokenizer stringTokenizer = new StringTokenizer(parameter2, "|");
                while (stringTokenizer.hasMoreTokens()) {
                    parameter = httpServletRequest.getParameter(stringTokenizer.nextToken());
                    if (parameter != null && parameter.length() > 0) {
                        break;
                    }
                }
            }
            if (parameter == null) {
                parameter = httpServletRequest.getParameter(SAML2Constants.GOTO);
            }
        }
        return parameter;
    }

    public static boolean verifyDestination(String str, String str2) {
        return (str2 == null || str2.length() == 0 || str == null || str.length() == 0 || !str2.equalsIgnoreCase(str)) ? false : true;
    }

    static {
        adminSSOToken = null;
        cThread = null;
        saml2MetaManager = null;
        saml2CotManager = null;
        scf = null;
        try {
            scf = SOAPConnectionFactory.newInstance();
        } catch (SOAPException e) {
            debug.error("Unable to obtain SOAPConnectionFactory.", e);
        }
        mf = null;
        try {
            mf = MessageFactory.newInstance();
        } catch (SOAPException e2) {
            debug.error("SAML2Utils: Unable to create SOAP MessageFactory", e2);
        }
        adminSSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        try {
            saml2MetaManager = new SAML2MetaManager(adminSSOToken);
        } catch (SAML2MetaException e3) {
            debug.error("Error retreiving metadata", e3);
        } catch (SSOException e4) {
            debug.error("Invalid SSOToken", e4);
        }
        if (AuthContext.localAuthServiceID == null) {
            debug.message("SAML2Utils : Initialize AuthXMLHandler");
            new AuthXMLHandler();
        }
        try {
            saml2CotManager = new SAML2COTManager(adminSSOToken);
        } catch (SAML2MetaException e5) {
            debug.error("Error retreiving COT ", e5);
        } catch (SSOException e6) {
            debug.error("Invalid SSOToken", e6);
        }
        if (WebtopNaming.isServerMode()) {
            cThread = new CacheCleanUpThread();
            cThread.start();
        }
        af = AssertionFactory.getInstance();
        randomGenerator = new SecureRandom();
    }
}
