package com.sun.identity.saml2.profile;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.services.util.CookieUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.modules.saml2.SAML2Principal;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.SAML2Callback;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.common.AccountUtils;
import com.sun.identity.saml2.common.NameIDInfo;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.install.SAML2SetupConstants;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.protocol.Artifact;
import com.sun.identity.saml2.protocol.ArtifactResolve;
import com.sun.identity.saml2.protocol.ArtifactResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.sm.ServiceSchemaManager;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPConnection;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;

/* loaded from: input_file:122983-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/profile/SPACSUtils.class */
public class SPACSUtils {
    static SSOToken adminSSOToken;
    static LogUtil logUtil = SAML2LogManager.getLogInstance();

    private SPACSUtils() {
    }

    public static ResponseInfo getResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        ResponseInfo responseInfo;
        String method = httpServletRequest.getMethod();
        if (method.equals("GET")) {
            responseInfo = getResponseFromGet(httpServletRequest, httpServletResponse, str, str2, sAML2MetaManager);
        } else {
            if (!method.equals("POST")) {
                httpServletResponse.sendError(405, SAML2Utils.bundle.getString("notSupportedHTTPMethod"));
                throw new SAML2Exception(SAML2Utils.bundle.getString("notSupportedHTTPMethod"));
            }
            responseInfo = new ResponseInfo(getResponseFromPost(httpServletRequest, httpServletResponse), true);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponse: got response=").append(responseInfo.getResponse().toXMLString(true, true)).toString());
        }
        return responseInfo;
    }

    /* JADX WARN: Type inference failed for: r22v0, types: [java.lang.Throwable, com.sun.identity.saml2.meta.SAML2MetaException] */
    private static ResponseInfo getResponseFromGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        ResponseInfo responseInfo;
        String parameter = httpServletRequest.getParameter("resID");
        if (parameter != null && parameter.length() != 0) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromGet: resID=").append(parameter).toString());
            }
            synchronized (SPCache.responseHash) {
                responseInfo = (ResponseInfo) SPCache.responseHash.remove(parameter);
            }
            if (responseInfo != null) {
                return responseInfo;
            }
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.getResponseFromGet: couldn't find Response from resID.");
            }
            logUtil.error(Level.INFO, LogUtil.RESPONSE_NOT_FOUND_FROM_CACHE, new String[]{parameter}, adminSSOToken);
            httpServletResponse.sendError(500, SAML2Utils.bundle.getString("SSOFailed"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("SSOFailed"));
        }
        String parameter2 = httpServletRequest.getParameter(SAML2Constants.SAML_ART);
        if (parameter2 == null || parameter2.trim().length() == 0) {
            SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: Artifact string is empty.");
            logUtil.error(Level.INFO, LogUtil.MISSING_ARTIFACT, null, adminSSOToken);
            httpServletResponse.sendError(400, SAML2Utils.bundle.getString("missingArtifact"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingArtifact"));
        }
        try {
            Artifact createArtifact = ProtocolFactory.getInstance().createArtifact(parameter2.trim());
            logUtil.access(Level.INFO, LogUtil.RECEIVED_ARTIFACT, new String[]{parameter2.trim()}, adminSSOToken);
            String iDPEntityID = getIDPEntityID(createArtifact, httpServletResponse, str, sAML2MetaManager);
            try {
                IDPSSODescriptorElement iDPSSODescriptor = sAML2MetaManager.getIDPSSODescriptor(str, iDPEntityID);
                return new ResponseInfo(getResponseFromArtifact(createArtifact, getIDPArtifactResolutionServiceUrl(createArtifact.getEndpointIndex(), str, iDPEntityID, iDPSSODescriptor, httpServletResponse, sAML2MetaManager), str2, iDPEntityID, iDPSSODescriptor, httpServletResponse, str, sAML2MetaManager), false);
            } catch (SSOException e) {
                logUtil.error(Level.INFO, LogUtil.IDP_META_NOT_FOUND, new String[]{str, iDPEntityID}, adminSSOToken);
                httpServletResponse.sendError(500, e.getMessage());
                throw new SAML2Exception(e.getMessage());
            } catch (SAML2MetaException e2) {
                logUtil.error(Level.INFO, LogUtil.IDP_META_NOT_FOUND, new String[]{str, iDPEntityID}, adminSSOToken);
                httpServletResponse.sendError(500, e2.getMessage());
                throw e2;
            }
        } catch (SAML2Exception e3) {
            SAML2Utils.debug.error(new StringBuffer().append("SPACSUtils.getResponseFromGet: Unable to decode and parse artifact string:").append(parameter2).toString());
            httpServletResponse.sendError(400, SAML2Utils.bundle.getString("errorObtainArtifact"));
            throw e3;
        }
    }

    private static Response getResponseFromArtifact(Artifact artifact, String str, String str2, String str3, IDPSSODescriptorElement iDPSSODescriptorElement, HttpServletResponse httpServletResponse, String str4, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        IDPSSOConfigElement iDPSSOConfigElement;
        try {
            ArtifactResolve createArtifactResolve = ProtocolFactory.getInstance().createArtifactResolve();
            createArtifactResolve.setID(SAML2Utils.generateID());
            createArtifactResolve.setVersion(SAML2Constants.VERSION_2_0);
            createArtifactResolve.setIssueInstant(new Date());
            createArtifactResolve.setArtifact(artifact);
            createArtifactResolve.setDestination(str);
            Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
            createIssuer.setValue(str2);
            createArtifactResolve.setIssuer(createIssuer);
            String attributeValueFromSSOConfig = SAML2Utils.getAttributeValueFromSSOConfig(str4, str3, SAML2Constants.IDP_ROLE, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
            if (attributeValueFromSSOConfig != null && attributeValueFromSSOConfig.equals(SAML2Constants.TRUE)) {
                String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(str4, str2, sAML2MetaManager, SAML2Constants.SIGNING_CERT_ALIAS);
                if (attributeValueFromSPSSOConfig == null) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
                }
                KeyProvider keyProviderInstance = KeyUtil.getKeyProviderInstance();
                if (keyProviderInstance == null) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
                }
                createArtifactResolve.sign(keyProviderInstance.getPrivateKey(attributeValueFromSPSSOConfig), keyProviderInstance.getX509Certificate(attributeValueFromSPSSOConfig));
            }
            String xMLString = createArtifactResolve.toXMLString(true, true);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromGet: ArtifactResolve=").append(xMLString).toString());
            }
            SOAPConnection createConnection = SAML2Utils.scf.createConnection();
            SOAPMessage createSOAPMessage = SAML2Utils.createSOAPMessage(xMLString);
            try {
                iDPSSOConfigElement = sAML2MetaManager.getIDPSSOConfig(str4, str3);
            } catch (SSOException e) {
                SAML2Utils.debug.error(new StringBuffer().append("SPACSUtils.getResponseFromArtifact: Unable to get entity config for ").append(str3).toString(), e);
                iDPSSOConfigElement = null;
            }
            Response responseFromSOAP = getResponseFromSOAP(createConnection.call(createSOAPMessage, SAML2Utils.fillInBasicAuthInfo(iDPSSOConfigElement, str)), createArtifactResolve, httpServletResponse, str3, iDPSSODescriptorElement, str4, str2, sAML2MetaManager);
            String[] strArr = {str2, str3, artifact.getArtifactValue(), ""};
            if (logUtil.isAccessLoggable(Level.FINE)) {
                strArr[3] = responseFromSOAP.toXMLString();
            }
            logUtil.access(Level.INFO, LogUtil.GOT_RESPONSE_FROM_ARTIFACT, strArr, adminSSOToken);
            return responseFromSOAP;
        } catch (SOAPException e2) {
            SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: couldn't get ArtifactResponse. SOAP error:", e2);
            logUtil.error(Level.INFO, LogUtil.CANNOT_GET_SOAP_RESPONSE, new String[]{str2, str}, adminSSOToken);
            httpServletResponse.sendError(500, SAML2Utils.bundle.getString("errorInSOAPCommunication"));
            throw new SAML2Exception(e2.getMessage());
        } catch (SAML2Exception e3) {
            SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: couldn't create ArtifactResolve:", e3);
            logUtil.error(Level.INFO, LogUtil.CANNOT_CREATE_ARTIFACT_RESOLVE, new String[]{str2, artifact.getArtifactValue()}, adminSSOToken);
            httpServletResponse.sendError(500, SAML2Utils.bundle.getString("errorCreateArtifactResolve"));
            throw e3;
        }
    }

    /* JADX WARN: Type inference failed for: r12v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    private static String getIDPEntityID(Artifact artifact, HttpServletResponse httpServletResponse, String str, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        String sourceID = artifact.getSourceID();
        r11 = null;
        try {
            for (String str2 : sAML2MetaManager.getAllRemoteIdentityProviderEntities(str)) {
                if (sourceID.equals(SAML2Utils.generateSourceID(str2))) {
                    break;
                }
                str2 = null;
            }
            if (str2 != null) {
                return str2;
            }
            SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: Unable to find the IDP based on the SourceID in the artifact");
            logUtil.error(Level.INFO, LogUtil.IDP_NOT_FOUND, new String[]{artifact.getArtifactValue(), str}, adminSSOToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("cannotFindIDP"));
        } catch (SAML2Exception e) {
            logUtil.error(Level.INFO, LogUtil.IDP_NOT_FOUND, new String[]{artifact.getArtifactValue(), str}, adminSSOToken);
            httpServletResponse.sendError(500, e.getMessage());
            throw e;
        } catch (SSOException e2) {
            logUtil.error(Level.INFO, LogUtil.IDP_NOT_FOUND, new String[]{artifact.getArtifactValue(), str}, adminSSOToken);
            httpServletResponse.sendError(500, e2.getMessage());
            throw new SAML2Exception(e2.getMessage());
        }
    }

    private static String getIDPArtifactResolutionServiceUrl(int i, String str, String str2, IDPSSODescriptorElement iDPSSODescriptorElement, HttpServletResponse httpServletResponse, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        List artifactResolutionService = iDPSSODescriptorElement.getArtifactResolutionService();
        String str3 = null;
        String str4 = null;
        String str5 = null;
        for (int i2 = 0; i2 < artifactResolutionService.size(); i2++) {
            ArtifactResolutionServiceElement artifactResolutionServiceElement = (ArtifactResolutionServiceElement) artifactResolutionService.get(i2);
            str3 = artifactResolutionServiceElement.getLocation();
            int index = artifactResolutionServiceElement.getIndex();
            boolean isIsDefault = artifactResolutionServiceElement.isIsDefault();
            if (index == i) {
                break;
            }
            if (isIsDefault) {
                str4 = str3;
            }
            if (i2 == 0) {
                str5 = str3;
            }
            str3 = null;
        }
        if (str3 == null || str3.length() == 0) {
            str3 = str4;
            if (str3 == null || str3.length() == 0) {
                str3 = str5;
                if (str3 == null || str3.length() == 0) {
                    SAML2Utils.debug.error(new StringBuffer().append("SPACSUtils: Unable to get the location of artifact resolution service for ").append(str2).toString());
                    logUtil.error(Level.INFO, LogUtil.ARTIFACT_RESOLUTION_URL_NOT_FOUND, new String[]{str2}, adminSSOToken);
                    httpServletResponse.sendError(500, SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
                }
            }
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils: IDP artifact resolution service url =").append(str3).toString());
        }
        return str3;
    }

    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r17v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r21v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    private static Response getResponseFromSOAP(SOAPMessage sOAPMessage, ArtifactResolve artifactResolve, HttpServletResponse httpServletResponse, String str, IDPSSODescriptorElement iDPSSODescriptorElement, String str2, String str3, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        try {
            try {
                ArtifactResponse createArtifactResponse = ProtocolFactory.getInstance().createArtifactResponse(SAML2Utils.getSamlpElement(sOAPMessage, SAML2SDKUtils.ARTIFACT_RESPONSE));
                if (createArtifactResponse == null) {
                    logUtil.error(Level.INFO, LogUtil.MISSING_ARTIFACT_RESPONSE, new String[]{str}, adminSSOToken);
                    httpServletResponse.sendError(500, SAML2Utils.bundle.getString("missingArtifactResponse"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("missingArtifactResponse"));
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromSOAP:").append("Received ArtifactResponse:").append(createArtifactResponse.toXMLString(true, true)).toString());
                }
                String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(str2, str3, sAML2MetaManager, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
                if (attributeValueFromSPSSOConfig != null && attributeValueFromSPSSOConfig.equals(SAML2Constants.TRUE)) {
                    X509Certificate verificationCert = KeyUtil.getVerificationCert(iDPSSODescriptorElement, str, true);
                    if (!createArtifactResponse.isSigned() || !createArtifactResponse.isSignatureValid(verificationCert)) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromSOAP:").append("ArtifactResponse's signature is invalid.").toString());
                        }
                        logUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_SIGNATURE, new String[]{str}, adminSSOToken);
                        httpServletResponse.sendError(500, SAML2Utils.bundle.getString("invalidSignature"));
                        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignature"));
                    }
                }
                String inResponseTo = createArtifactResponse.getInResponseTo();
                if (inResponseTo == null || !inResponseTo.equals(artifactResolve.getID())) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromSOAP:").append("ArtifactResponse's InResponseTo is invalid.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_INRESPONSETO, new String[]{str}, adminSSOToken);
                    httpServletResponse.sendError(500, SAML2Utils.bundle.getString("invalidInResponseTo"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseTo"));
                }
                Issuer issuer = createArtifactResponse.getIssuer();
                if (issuer == null || !issuer.getValue().equals(str)) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromSOAP:").append("ArtifactResponse's Issuer is invalid.").toString());
                    }
                    logUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_ISSUER, new String[]{str}, adminSSOToken);
                    httpServletResponse.sendError(500, SAML2Utils.bundle.getString("invalidIssuer"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidIssuer"));
                }
                Status status = createArtifactResponse.getStatus();
                if (status != null && status.getStatusCode().getValue().equals("urn:oasis:names:tc:SAML:2.0:status:Success")) {
                    try {
                        return ProtocolFactory.getInstance().createResponse(createArtifactResponse.getAny());
                    } catch (SAML2Exception e) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromSOAP:").append("couldn't instantiate Response:").toString(), (Throwable) e);
                        }
                        logUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_RESPONSE_ARTIFACT, new String[]{str}, adminSSOToken);
                        httpServletResponse.sendError(500, e.getMessage());
                        throw e;
                    }
                }
                String value = status == null ? "" : status.getStatusCode().getValue();
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromSOAP:").append("ArtifactResponse's status code is not success.").append(value).toString());
                }
                String[] strArr = {str, ""};
                if (logUtil.isErrorLoggable(Level.FINE)) {
                    strArr[1] = value;
                }
                logUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_STATUS_CODE, strArr, adminSSOToken);
                httpServletResponse.sendError(500, SAML2Utils.bundle.getString("invalidStatusCode"));
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidStatusCode"));
            } catch (SAML2Exception e2) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.getResponseFromSOAP:").append("Couldn't create ").append("ArtifactResponse:").toString(), (Throwable) e2);
                }
                logUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_ARTIFACT_RESPONSE, new String[]{str}, adminSSOToken);
                httpServletResponse.sendError(500, e2.getMessage());
                throw e2;
            }
        } catch (SAML2Exception e3) {
            logUtil.error(Level.INFO, LogUtil.SOAP_ERROR, new String[]{str}, adminSSOToken);
            httpServletResponse.sendError(500, e3.getMessage());
            throw e3;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:15:0x0118
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private static com.sun.identity.saml2.protocol.Response getResponseFromPost(javax.servlet.http.HttpServletRequest r6, javax.servlet.http.HttpServletResponse r7) throws com.sun.identity.saml2.common.SAML2Exception, java.io.IOException {
        /*
            Method dump skipped, instructions count: 335
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.saml2.profile.SPACSUtils.getResponseFromPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse):com.sun.identity.saml2.protocol.Response");
    }

    public static AuthContext processResponse(HttpServletResponse httpServletResponse, SSOToken sSOToken, ResponseInfo responseInfo, String str, String str2, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        try {
            AuthContext authContext = sSOToken != null ? new AuthContext(sSOToken) : new AuthContext(str);
            AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
            String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(str, str2, sAML2MetaManager, SAML2Constants.AUTH_MODULE_NAME);
            if (attributeValueFromSPSSOConfig == null || attributeValueFromSPSSOConfig.length() == 0) {
                attributeValueFromSPSSOConfig = "SAML2";
            }
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils.processResponse: Obtained AuthContext with auth module name=").append(attributeValueFromSPSSOConfig).toString());
            }
            authContext.login(indexType, attributeValueFromSPSSOConfig);
            while (authContext.hasMoreRequirements()) {
                Callback[] requirements = authContext.getRequirements();
                if (requirements != null) {
                    try {
                        processCallbacks(requirements, responseInfo, str2);
                        authContext.submitRequirements(requirements);
                    } catch (Exception e) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("SPACSUtils.processResponse: Login failed!!:", e);
                        }
                        httpServletResponse.sendError(500, e.getMessage());
                        throw new SAML2Exception(e.getMessage());
                    }
                }
            }
            return authContext;
        } catch (AuthLoginException e2) {
            e2.printStackTrace();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.processResponse: Login failed!!:", e2);
            }
            httpServletResponse.sendError(500, e2.getMessage());
            throw new SAML2Exception(e2.getMessage());
        }
    }

    private static void processCallbacks(Callback[] callbackArr, ResponseInfo responseInfo, String str) throws UnsupportedCallbackException {
        SAML2Utils.debug.message("SPACSUtils: begin processCallbacks()");
        SAML2Utils.debug.message(new StringBuffer().append("callbacks.length=").append(callbackArr.length).toString());
        for (int i = 0; i < callbackArr.length; i++) {
            try {
                if (callbackArr[i] instanceof SAML2Callback) {
                    SAML2Utils.debug.message("SPACSUtils:Got SAML2Callback");
                    SAML2Callback sAML2Callback = (SAML2Callback) callbackArr[i];
                    if (responseInfo != null) {
                        sAML2Callback.setSamlResponse(responseInfo.getResponse());
                        sAML2Callback.setIsPOSTBinding(responseInfo.getIsPOSTBinding());
                    } else {
                        SAML2Utils.debug.error("SPACSUtils.processCallbacks: Invalid input to SAML2Callback");
                    }
                } else if (callbackArr[i] instanceof NameCallback) {
                    SAML2Utils.debug.message("SPACSUtils: Got NameCallback");
                    ((NameCallback) callbackArr[i]).setName(str);
                }
            } catch (Exception e) {
                throw new UnsupportedCallbackException(callbackArr[i], new StringBuffer().append("Callback exception: ").append(e).toString());
            }
        }
    }

    private static void setCookieInHttpResponse(SSOToken sSOToken, HttpServletResponse httpServletResponse) {
        try {
            Set set = (Set) new ServiceSchemaManager("iPlanetAMPlatformService", sSOToken).getGlobalSchema().getAttributeDefaults().get("iplanet-am-platform-cookie-domains");
            String obj = sSOToken.getTokenID().toString();
            SAML2Utils.debug.message(new StringBuffer().append("setCookieInHttpResponse: value=").append(obj).toString());
            String str = SystemProperties.get("com.iplanet.am.cookie.name");
            if (set.size() == 0) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.setCookieInHttpResponse: cookie domain is null");
                }
                httpServletResponse.addCookie(CookieUtils.newCookie(str, obj, "/"));
            } else {
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    httpServletResponse.addCookie(CookieUtils.newCookie(str, obj, "/", (String) it.next()));
                }
            }
        } catch (Exception e) {
            SAML2Utils.debug.message(new StringBuffer().append("setCookieInHttpResponse : ").append(e).toString());
        }
    }

    private static void setAttrMapInSSOToken(Map map, SSOToken sSOToken) throws SSOException {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            Set set = (Set) entry.getValue();
            if (set != null && !set.isEmpty()) {
                String convertToString = convertToString(set);
                sSOToken.setProperty(str, convertToString);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("setAttrMapInSSOToken:AttrMap:").append(str).append(" , ").append(convertToString).toString());
                }
            }
        }
    }

    private static String convertToString(Set set) {
        if (set == null) {
            return null;
        }
        if (set.isEmpty()) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer(50);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            stringBuffer.append(escapeSeparator((String) it.next())).append('|');
        }
        return stringBuffer.substring(0, stringBuffer.length() - 1);
    }

    private static String escapeSeparator(String str) {
        if (str == null || str.equals("") || str.indexOf(SAML2Constants.DELIMITER) == -1) {
            return str;
        }
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if ('|' == charAt) {
                stringBuffer.append(SAML2Constants.ESCAPE_DELIMITER);
            } else {
                stringBuffer.append(charAt);
            }
        }
        return stringBuffer.toString();
    }

    public static void handleSuccessSSO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthContext authContext, String str) {
        List list;
        try {
            SAML2Utils.debug.message("in handleSuccessSSO");
            SSOToken sSOToken = authContext.getSSOToken();
            setCookieInHttpResponse(sSOToken, httpServletResponse);
            sSOToken.setProperty(SAML2Constants.SP_METAALIAS, str);
            SAML2Principal sAML2Principal = (SAML2Principal) authContext.getSubject().getPrincipals().iterator().next();
            setAttrMapInSSOToken(sAML2Principal.getAttrMap(), sSOToken);
            String sessionIndex = sAML2Principal.getSessionIndex();
            NameIDInfo nameIDInfo = sAML2Principal.getNameIDInfo();
            if (sAML2Principal.getWriteFedInfo()) {
                String name = SAML2Utils.isFM() ? sSOToken.getPrincipal().getName() : sSOToken.getProperty("sun.am.UniversalIdentifier");
                AccountUtils.setAccountFederation(nameIDInfo, name);
                String[] strArr = {name, ""};
                if (logUtil.isAccessLoggable(Level.FINE)) {
                    strArr[1] = nameIDInfo.toValueString();
                }
                logUtil.access(Level.INFO, LogUtil.FED_INFO_WRITTEN, strArr, adminSSOToken);
            }
            String valueString = new NameIDInfoKey(nameIDInfo.getNameIDValue(), nameIDInfo.getHostEntityID(), nameIDInfo.getRemoteEntityID()).toValueString();
            String nameIDInfoKeyAttribute = AccountUtils.getNameIDInfoKeyAttribute();
            String property = sSOToken.getProperty(nameIDInfoKeyAttribute);
            if (property == null || property.length() == 0) {
                sSOToken.setProperty(nameIDInfoKeyAttribute, valueString);
            } else if (property.indexOf(valueString) == -1) {
                sSOToken.setProperty(nameIDInfoKeyAttribute, new StringBuffer().append(property).append(SAML2Constants.SECOND_DELIM).append(valueString).toString());
            }
            String obj = sSOToken.getTokenID().toString();
            List list2 = (List) SPCache.fedSessionListsByNameIDInfoKey.get(valueString);
            if (list2 == null) {
                synchronized (SPCache.fedSessionListsByNameIDInfoKey) {
                    list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(valueString);
                    if (list == null) {
                        list = new ArrayList();
                    }
                }
                synchronized (list) {
                    list.add(new SPFedSession(sessionIndex, obj, nameIDInfo));
                    SPCache.fedSessionListsByNameIDInfoKey.put(valueString, list);
                }
                try {
                    sSOToken.addSSOTokenListener(new SPSSOTokenListener(valueString, obj));
                } catch (SSOException e) {
                    SAML2Utils.debug.error("SPACSUtils.handleSuccessSSO: Unable to add sso token listener.");
                }
            }
            synchronized (list2) {
                Iterator it = list2.iterator();
                boolean z = false;
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    SPFedSession sPFedSession = (SPFedSession) it.next();
                    if (sPFedSession.idpSessionIndex.equals(sessionIndex)) {
                        sPFedSession.spTokenID = obj;
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    list2.add(new SPFedSession(sessionIndex, obj, nameIDInfo));
                    SPCache.fedSessionListsByNameIDInfoKey.put(valueString, list2);
                }
            }
            sSOToken.addSSOTokenListener(new SPSSOTokenListener(valueString, obj));
        } catch (Exception e2) {
            SAML2Utils.debug.error("SPACSUtils.handleSuccessSSO: ", e2);
        }
    }

    public static String getRelayState(String str, String str2, String str3, SAML2MetaManager sAML2MetaManager) {
        String str4 = null;
        if (str != null && str.trim().length() != 0) {
            str4 = (String) SPCache.relayStateHash.get(str);
            if (str4 == null || str4.trim().length() == 0) {
                str4 = str;
            }
        }
        if (str4 == null || str4.trim().length() == 0) {
            str4 = getAttributeValueFromSPSSOConfig(str2, str3, sAML2MetaManager, SAML2Constants.DEFAULT_RELAY_STATE);
        }
        return str4;
    }

    public static String getIntermediateURL(String str, String str2, SAML2MetaManager sAML2MetaManager) {
        return getAttributeValueFromSPSSOConfig(str, str2, sAML2MetaManager, SAML2Constants.INTERMEDIATE_URL);
    }

    public static String prepareForLocalLogin(String str, String str2, SAML2MetaManager sAML2MetaManager, ResponseInfo responseInfo, String str3) {
        String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(str, str2, sAML2MetaManager, SAML2Constants.LOCAL_AUTH_URL);
        if (attributeValueFromSPSSOConfig == null || attributeValueFromSPSSOConfig.length() == 0) {
            try {
                int indexOf = str3.indexOf("Consumer/metaAlias");
                if (indexOf != -1) {
                    attributeValueFromSPSSOConfig = new StringBuffer().append(str3.substring(0, indexOf)).append("UI/Login?org=").append(str).toString();
                }
            } catch (IndexOutOfBoundsException e) {
                attributeValueFromSPSSOConfig = null;
            }
            if (attributeValueFromSPSSOConfig == null || attributeValueFromSPSSOConfig.length() == 0) {
                attributeValueFromSPSSOConfig = new StringBuffer().append(SystemProperties.get(SAML2SetupConstants.PROP_PROTOCOL)).append("://").append(SystemProperties.get(SAML2SetupConstants.PROP_HOSTNAME)).append(SystemProperties.get(SAML2SetupConstants.PROP_PORT)).append("/UI/Login?org=").append(str).toString();
            }
        }
        synchronized (SPCache.responseHash) {
            SPCache.responseHash.put(responseInfo.getResponse().getID(), responseInfo);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("SPACSUtils:prepareForLocalLogin: localLoginUrl = ").append(attributeValueFromSPSSOConfig).toString());
        }
        return attributeValueFromSPSSOConfig;
    }

    private static String getAttributeValueFromSPSSOConfig(String str, String str2, SAML2MetaManager sAML2MetaManager, String str3) {
        SPSSOConfigElement sPSSOConfig;
        String str4 = null;
        try {
            sPSSOConfig = sAML2MetaManager.getSPSSOConfig(str, str2);
        } catch (SAML2MetaException e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.getAttributeValueFromSPSSOConfig:", e);
            }
            str4 = null;
        } catch (SSOException e2) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.getAttributeValueFromSPSSOConfig:", e2);
            }
            str4 = null;
        }
        if (sPSSOConfig == null) {
            return null;
        }
        List list = (List) SAML2MetaUtils.getAttributes(sPSSOConfig).get(str3);
        if (list != null && list.size() != 0) {
            str4 = ((String) list.iterator().next()).trim();
        }
        return str4;
    }

    static {
        adminSSOToken = null;
        adminSSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
    }
}
