package com.sun.identity.saml2.profile;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.am.util.Debug;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement;
import com.sun.identity.saml2.key.EncInfo;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.protocol.Extensions;
import com.sun.identity.saml2.protocol.LogoutRequest;
import com.sun.identity.saml2.protocol.LogoutResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.saml2.protocol.StatusDetail;
import com.sun.identity.security.AdminTokenAction;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPException;
import org.w3c.dom.Element;

/* loaded from: input_file:122983-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/profile/LogoutUtil.class */
public class LogoutUtil {
    static SSOToken adminSSOToken;
    static LogUtil logUtil;
    static SAML2MetaManager metaManager;
    static KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    static Debug debug = SAML2Utils.debug;

    public static StringBuffer doLogout(String str, String str2, List list, List list2, String str3, String str4, String str5, NameID nameID, HttpServletResponse httpServletResponse, Map map, BaseConfigType baseConfigType) throws SAML2Exception, SSOException {
        StringBuffer stringBuffer = new StringBuffer();
        String entityByMetaAlias = metaManager.getEntityByMetaAlias(str);
        String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
        String hostEntityRole = SAML2Utils.getHostEntityRole(map);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("LogoutUtil.doLogout: ").append("Entering ...").append("\nrequesterEntityID=").append(entityByMetaAlias).append("\nrecipientEntityID=").append(str2).append("\nbinding=").append(str3).append("\nrelayState=").append(str4).append("\nsessionIndex=").append(str5).toString());
        }
        String generateID = SAML2Utils.generateID();
        if (generateID == null || generateID.length() == 0) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("cannotGenerateID"));
        }
        String parameter = SAML2Utils.getParameter(map, SAML2Constants.DESTINATION);
        String parameter2 = SAML2Utils.getParameter(map, SAML2Constants.CONSENT);
        Extensions createExtensions = createExtensions(list2);
        Issuer createIssuer = SAML2Utils.createIssuer(entityByMetaAlias);
        try {
            LogoutRequest createLogoutRequest = ProtocolFactory.getInstance().createLogoutRequest();
            createLogoutRequest.setID(generateID);
            createLogoutRequest.setVersion(SAML2Constants.VERSION_2_0);
            createLogoutRequest.setIssueInstant(new Date());
            setNameIDForSLORequest(createLogoutRequest, nameID, realmByMetaAlias, entityByMetaAlias, hostEntityRole, str2);
            createLogoutRequest.setDestination(parameter);
            createLogoutRequest.setConsent(parameter2);
            createLogoutRequest.setIssuer(createIssuer);
            if (createExtensions != null) {
                createLogoutRequest.setExtensions(createExtensions);
            }
            if (str5 != null) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(str5);
                createLogoutRequest.setSessionIndex(arrayList);
            }
            String sLOServiceLocation = getSLOServiceLocation(list, str3);
            if (sLOServiceLocation == null || sLOServiceLocation.length() == 0) {
                debug.error(new StringBuffer().append("LogoutUtil.doLogout: ").append("Unable to find the recipient's single logout ").append("service with the binding ").append(str3).toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloServiceNotfound"));
            }
            debug.message(new StringBuffer().append("LogoutUtil.doLogout: ").append("Recipient's single logout service location = ").append(sLOServiceLocation).toString());
            if (parameter == null || parameter.length() == 0) {
                createLogoutRequest.setDestination(sLOServiceLocation);
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("LogoutUtil.doLogout: ").append("SLO Request before signing : ").toString());
                debug.message(createLogoutRequest.toXMLString(true, true));
            }
            if (str3.equals(SAML2Constants.HTTP_REDIRECT)) {
                try {
                    doSLOByHttpRedirect(createLogoutRequest.toXMLString(true, true), sLOServiceLocation, str4, realmByMetaAlias, entityByMetaAlias, hostEntityRole, str2, httpServletResponse);
                    stringBuffer.append(generateID);
                    logUtil.access(Level.INFO, LogUtil.REDIRECT_TO_IDP, new String[]{sLOServiceLocation}, adminSSOToken);
                } catch (Exception e) {
                    debug.error("Exception :", e);
                    throw new SAML2Exception(SAML2Utils.bundle.getString("errorRedirectingLogoutRequest"));
                }
            } else if (str3.equals(SAML2Constants.SOAP)) {
                signSLORequest(createLogoutRequest, realmByMetaAlias, entityByMetaAlias, hostEntityRole, str2);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("LogoutUtil.doLogout: ").append("SLO Request after signing : ").toString());
                    debug.message(createLogoutRequest.toXMLString(true, true));
                }
                doSLOBySOAP(generateID, createLogoutRequest.toXMLString(true, true), SAML2Utils.fillInBasicAuthInfo(baseConfigType, sLOServiceLocation), realmByMetaAlias, entityByMetaAlias, hostEntityRole);
            }
            return stringBuffer;
        } catch (Exception e2) {
            debug.error(new StringBuffer().append("LogoutUtil.doLogout: ").append("Unable to create LogoutRequest : ").toString(), e2);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorCreatingLogoutRequest"));
        }
    }

    private static void doSLOByHttpRedirect(String str, String str2, String str3, String str4, String str5, String str6, String str7, HttpServletResponse httpServletResponse) throws SAML2Exception, IOException {
        StringBuffer append = new StringBuffer().append(SAML2Constants.SAML_REQUEST).append(SAML2Constants.EQUAL).append(SAML2Utils.encodeForRedirect(str));
        if (str3 != null && str3.length() > 0 && str3.getBytes(SAML2Constants.DEFAULT_ENCODING).length <= 80) {
            append.append("&").append("RelayState").append(SAML2Constants.EQUAL).append(AMURLEncDec.encode(str3));
        }
        boolean wantLogoutRequestSigned = str6.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantLogoutRequestSigned(str4, str7, SAML2Constants.SP_ROLE) : SAML2Utils.getWantLogoutRequestSigned(str4, str7, SAML2Constants.IDP_ROLE);
        String stringBuffer = append.toString();
        if (wantLogoutRequestSigned) {
            stringBuffer = SAML2Utils.signQueryString(stringBuffer, str4, str5, str6);
        }
        String stringBuffer2 = new StringBuffer().append(str2).append("?").append(stringBuffer).toString();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("doSLOByHttpRedirect: ").append("LogoutRequestXMLString : ").append(str).toString());
            debug.message(new StringBuffer().append("doSLOByHttpRedirect: ").append("LogoutRedirectURL : ").append(str2).toString());
        }
        httpServletResponse.sendRedirect(stringBuffer2);
    }

    private static void doSLOBySOAP(String str, String str2, String str3, String str4, String str5, String str6) throws SAML2Exception, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("LogoutUtil.doSLOBySOAP : SLORequestXML: ").append(str2).append("\nSOAPURL : ").append(str3).toString());
        }
        try {
            LogoutResponse createLogoutResponse = ProtocolFactory.getInstance().createLogoutResponse(SAML2Utils.getSamlpElement(SAML2Utils.sendSOAPMessage(str2, str3), "LogoutResponse"));
            if (createLogoutResponse == null) {
                debug.error("LogoutUtil.doSLOBySoap : null response");
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullLogoutResponse"));
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("LogoutUtil.doSLOBySOAP : LogoutResponse without SOAP envelope:\n").append(createLogoutResponse.toXMLString()).toString());
            }
            SAML2Utils.verifyResponseIssuer(str4, str5, createLogoutResponse.getIssuer(), createLogoutResponse.getInResponseTo());
            verifySLOResponse(createLogoutResponse, str4, createLogoutResponse.getIssuer().getValue(), str5, str6);
            boolean checkSLOResponse = checkSLOResponse(createLogoutResponse, str, str4, str5, str6);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Request success : ").append(checkSLOResponse).toString());
            }
            if (!checkSLOResponse) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloFailed"));
            }
        } catch (SOAPException e) {
            debug.error("Unable to send SOAPMessage to IDP ", e);
            throw new SAML2Exception(e.getMessage());
        }
    }

    private static boolean checkSLOResponse(LogoutResponse logoutResponse, String str, String str2, String str3, String str4) throws SAML2Exception {
        boolean z;
        String value = logoutResponse.getStatus().getStatusCode().getValue();
        if (!value.equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:status:Success")) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("LogoutUtil.doSLOBySOAP : return code : ").append(value).toString());
            }
            z = false;
        } else {
            if (!logoutResponse.getInResponseTo().equals(str)) {
                debug.error("LogoutUtil.doSLOBySOAP LogoutResponse inResponseTo does not match Request ID.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("inResponseToNoMatch"));
            }
            if (debug.messageEnabled()) {
                debug.message("LogoutUtil.doSLOBySOAP LogoutResponse inResponseTo matches LogoutRequest ID");
            }
            z = true;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LogoutResponse forwardToRemoteServer(LogoutRequest logoutRequest, String str) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("LogoutUtil.forwardToRemoteServer: remoteLogoutURL = ").append(str).toString());
        }
        try {
            return ProtocolFactory.getInstance().createLogoutResponse(SAML2Utils.getSamlpElement(SAML2Utils.sendSOAPMessage(logoutRequest.toXMLString(true, true), str), "LogoutResponse"));
        } catch (Exception e) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("LogoutUtil.forwardToRemoteServer:", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List getSessionIndex(LogoutResponse logoutResponse) {
        List any;
        StatusDetail statusDetail = logoutResponse.getStatus().getStatusDetail();
        if (statusDetail == null || (any = statusDetail.getAny()) == null || any.isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = any.iterator();
        while (it.hasNext()) {
            Element documentElement = XMLUtils.toDOMDocument((String) it.next(), debug).getDocumentElement();
            if ("SessionIndex".equals(documentElement.getLocalName())) {
                arrayList.add(XMLUtils.getElementString(documentElement));
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setSessionIndex(Status status, List list) {
        try {
            StatusDetail createStatusDetail = ProtocolFactory.getInstance().createStatusDetail();
            status.setStatusDetail(createStatusDetail);
            if (list != null && !list.isEmpty()) {
                ArrayList arrayList = new ArrayList();
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    arrayList.add(ProtocolFactory.getInstance().createSessionIndex((String) it.next()).toXMLString(true, true));
                }
                createStatusDetail.setAny(arrayList);
            }
        } catch (SAML2Exception e) {
            debug.error("LogoutUtil.setSessionIndex: ", e);
        }
    }

    public static String getSLOServiceLocation(List list, String str) {
        int size = list.size();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("LogoutUtil.getSLOserviceLocation: ").append("Number of single logout services = ").append(size).toString());
        }
        String str2 = null;
        String str3 = null;
        int i = 0;
        while (true) {
            if (i >= size) {
                break;
            }
            SingleLogoutServiceElement singleLogoutServiceElement = (SingleLogoutServiceElement) list.get(i);
            if (singleLogoutServiceElement != null) {
                str3 = singleLogoutServiceElement.getBinding();
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("LogoutUtil.getSLOserviceLocation: ").append("Single logout service binding = ").append(str3).toString());
            }
            if (str3 == null || !str3.equals(str)) {
                i++;
            } else {
                str2 = singleLogoutServiceElement.getLocation();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("LogoutUtil.getSLOserviceLocation: ").append("Found the single logout service ").append("with the desired binding").toString());
                }
            }
        }
        return str2;
    }

    public static String getSLOResponseServiceLocation(List list, String str) {
        int size = list.size();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("LogoutUtil.getSLOResponseServiceLocation: ").append("Number of single logout services = ").append(size).toString());
        }
        String str2 = null;
        String str3 = null;
        int i = 0;
        while (true) {
            if (i >= size) {
                break;
            }
            SingleLogoutServiceElement singleLogoutServiceElement = (SingleLogoutServiceElement) list.get(i);
            if (singleLogoutServiceElement != null) {
                str3 = singleLogoutServiceElement.getBinding();
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("LogoutUtil.getSLOResponseServiceLocation: ").append("Single logout service binding = ").append(str3).toString());
            }
            if (str3 == null || !str3.equals(str)) {
                i++;
            } else {
                str2 = singleLogoutServiceElement.getResponseLocation();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("LogoutUtil.getSLOResponseServiceLocation: ").append("Found the single logout service ").append("with the desired binding").toString());
                }
            }
        }
        return str2;
    }

    private static Extensions createExtensions(List list) throws SAML2Exception {
        Extensions extensions = null;
        if (list != null && !list.isEmpty()) {
            extensions = ProtocolFactory.getInstance().createExtensions();
            extensions.setAny(list);
        }
        return extensions;
    }

    public static LogoutResponse generateResponse(Status status, String str, Issuer issuer, String str2, String str3, String str4) {
        if (status == null) {
            status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Success", SAML2Utils.bundle.getString("requestSuccess"));
        }
        LogoutResponse createLogoutResponse = ProtocolFactory.getInstance().createLogoutResponse();
        String generateID = SAMLUtils.generateID();
        try {
            createLogoutResponse.setStatus(status);
            createLogoutResponse.setID(generateID);
            createLogoutResponse.setInResponseTo(str);
            createLogoutResponse.setVersion(SAML2Constants.VERSION_2_0);
            createLogoutResponse.setIssueInstant(new Date());
            createLogoutResponse.setIssuer(issuer);
        } catch (SAML2Exception e) {
            debug.error("Error in generating LogoutResponse.", e);
        }
        return createLogoutResponse;
    }

    public static void signSLORequest(LogoutRequest logoutRequest, String str, String str2, String str3, String str4) throws SAML2Exception {
        signSLORequest(logoutRequest, str, str2, str3, str4, false);
    }

    static void signSLORequest(LogoutRequest logoutRequest, String str, String str2, String str3, String str4, boolean z) throws SAML2Exception {
        if (!(str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantLogoutRequestSigned(str, str4, SAML2Constants.SP_ROLE) : SAML2Utils.getWantLogoutRequestSigned(str, str4, SAML2Constants.IDP_ROLE))) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("signSLORequest : ").append("SLORequest doesn't need to be signed.").toString());
                return;
            }
            return;
        }
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, str2, str3);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signSLORequest : ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("signSLORequest : ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("signSLORequest : ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("signSLORequest : ").append("Cert Alias is : ").append(signingCertAlias).toString());
            debug.message(new StringBuffer().append("signSLORequest : ").append("SLO Request before sign : ").append(logoutRequest.toXMLString(true, true)).toString());
        }
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey == null) {
            debug.error("Incorrect configuration for Signing Certificate.");
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        logoutRequest.sign(privateKey, x509Certificate);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signSLORequest : ").append("SLO Request after sign : ").append(logoutRequest.toXMLString(true, true)).toString());
        }
    }

    public static boolean verifySLORequest(LogoutRequest logoutRequest, String str, String str2, String str3, String str4) throws SAML2Exception, SSOException {
        if (!SAML2Utils.getWantLogoutRequestSigned(str, str3, str4)) {
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("verifySLORequest : ").append("SLORequest doesn't need to be verified.").toString());
            return true;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifySLORequest : ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("verifySLORequest : ").append("remoteEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("verifySLORequest : ").append("Host Entity role is : ").append(str4).toString());
        }
        X509Certificate verificationCert = str4.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? KeyUtil.getVerificationCert(metaManager.getSPSSODescriptor(str, str2), str2, false) : KeyUtil.getVerificationCert(metaManager.getIDPSSODescriptor(str, str2), str2, true);
        if (verificationCert == null) {
            debug.error("Incorrect configuration for Signing Certificate.");
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        boolean isSignatureValid = logoutRequest.isSignatureValid(verificationCert);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifySLORequest : ").append("Signature is : ").append(isSignatureValid).toString());
        }
        return isSignatureValid;
    }

    public static void signSLOResponse(LogoutResponse logoutResponse, String str, String str2, String str3, String str4) throws SAML2Exception {
        signSLOResponse(logoutResponse, str, str2, str3, str4, false);
    }

    static void signSLOResponse(LogoutResponse logoutResponse, String str, String str2, String str3, String str4, boolean z) throws SAML2Exception {
        if (!(str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantLogoutRequestSigned(str, str4, SAML2Constants.SP_ROLE) : SAML2Utils.getWantLogoutRequestSigned(str, str4, SAML2Constants.IDP_ROLE))) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("signSLOResponse : ").append("SLOResponse doesn't need to be signed.").toString());
                return;
            }
            return;
        }
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, str2, str3);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("signSLOResponse : ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("signSLOResponse : ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("signSLOResponse : ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("signSLOResponse : ").append("Cert Alias is : ").append(signingCertAlias).toString());
        }
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey != null) {
            logoutResponse.sign(privateKey, x509Certificate);
        } else {
            debug.error("Incorrect configuration for Signing Certificate.");
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static boolean verifySLOResponse(LogoutResponse logoutResponse, String str, String str2, String str3, String str4) throws SAML2Exception, SSOException {
        if (!SAML2Utils.getWantLogoutResponseSigned(str, str3, str4)) {
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("verifySLOResponse : ").append("SLOResponse doesn't need to be verified.").toString());
            return true;
        }
        X509Certificate verificationCert = str4.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? KeyUtil.getVerificationCert(metaManager.getSPSSODescriptor(str, str2), str2, false) : KeyUtil.getVerificationCert(metaManager.getIDPSSODescriptor(str, str2), str2, true);
        if (verificationCert == null) {
            debug.error("Incorrect configuration for Signing Certificate.");
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        boolean isSignatureValid = logoutResponse.isSignatureValid(verificationCert);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("verifySLOResponse : ").append("Signature is : ").append(isSignatureValid).toString());
        }
        return isSignatureValid;
    }

    static void setNameIDForSLORequest(LogoutRequest logoutRequest, NameID nameID, String str, String str2, String str3, String str4) throws SAML2Exception, SSOException {
        KeyDescriptorType keyDescriptor;
        EncInfo encInfo;
        if (!(str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantNameIDEncrypted(str, str4, SAML2Constants.SP_ROLE) : SAML2Utils.getWantNameIDEncrypted(str, str4, SAML2Constants.IDP_ROLE))) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("setNameIDForSLORequest: ").append("NamID doesn't need to be encrypted.").toString());
            }
            logoutRequest.setNameID(nameID);
            return;
        }
        if (str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str, str4);
            keyDescriptor = KeyUtil.getKeyDescriptor(sPSSODescriptor, "encryption");
            encInfo = KeyUtil.getEncInfo(sPSSODescriptor, str4, false);
        } else {
            IDPSSODescriptorElement iDPSSODescriptor = metaManager.getIDPSSODescriptor(str, str4);
            keyDescriptor = KeyUtil.getKeyDescriptor(iDPSSODescriptor, "encryption");
            encInfo = KeyUtil.getEncInfo(iDPSSODescriptor, str4, true);
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("setNameIDForSLORequest: ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("setNameIDForSLORequest: ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("setNameIDForSLORequest: ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("setNameIDForSLORequest: ").append("remoteEntity is : ").append(str4).toString());
        }
        if (encInfo == null) {
            debug.error("NO meta data for encrypt Info.");
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        logoutRequest.setEncryptedID(nameID.encrypt(KeyUtil.getCert(keyDescriptor).getPublicKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), str4));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NameID getNameIDFromSLORequest(LogoutRequest logoutRequest, String str, String str2, String str3) throws SAML2Exception {
        if (!SAML2Utils.getWantNameIDEncrypted(str, str2, str3)) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("getNameIDFromSLORequest: ").append("NamID doesn't need to be decrypted.").toString());
            }
            return logoutRequest.getNameID();
        }
        String encryptionCertAlias = SAML2Utils.getEncryptionCertAlias(str, str2, str3);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getNameIDFromSLORequest: ").append("realm is : ").append(str).toString());
            debug.message(new StringBuffer().append("getNameIDFromSLORequest: ").append("hostEntity is : ").append(str2).toString());
            debug.message(new StringBuffer().append("getNameIDFromSLORequest: ").append("Host Entity role is : ").append(str3).toString());
            debug.message(new StringBuffer().append("getNameIDFromSLORequest: ").append("Cert Alias is : ").append(encryptionCertAlias).toString());
        }
        return logoutRequest.getEncryptedID().decrypt(keyProvider.getPrivateKey(encryptionCertAlias));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void sendSLOResponse(HttpServletResponse httpServletResponse, LogoutResponse logoutResponse, String str, String str2, String str3, String str4, String str5, String str6) throws SAML2Exception {
        try {
            StringBuffer append = new StringBuffer().append(SAML2Constants.SAML_RESPONSE).append(SAML2Constants.EQUAL).append(SAML2Utils.encodeForRedirect(logoutResponse.toXMLString(true, true)));
            if (str2 != null && str2.length() > 0 && str2.getBytes(SAML2Constants.DEFAULT_ENCODING).length <= 80) {
                append.append("&").append("RelayState").append(SAML2Constants.EQUAL).append(AMURLEncDec.encode(str2));
            }
            boolean wantLogoutResponseSigned = str5.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? SAML2Utils.getWantLogoutResponseSigned(str3, str6, SAML2Constants.SP_ROLE) : SAML2Utils.getWantLogoutResponseSigned(str3, str6, SAML2Constants.IDP_ROLE);
            String stringBuffer = append.toString();
            if (wantLogoutResponseSigned) {
                stringBuffer = SAML2Utils.signQueryString(stringBuffer, str3, str4, str5);
            }
            String stringBuffer2 = new StringBuffer().append(str).append("?").append(stringBuffer).toString();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("redirectURL :").append(stringBuffer2).toString());
            }
            httpServletResponse.sendRedirect(stringBuffer2);
            logUtil.access(Level.INFO, LogUtil.REDIRECT_TO_SP, new String[]{str}, adminSSOToken);
        } catch (Exception e) {
            debug.error("Exception :", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorRedirectingLogoutResponse"));
        }
    }

    public static String getSLOBindingInfo(HttpServletRequest httpServletRequest, String str, String str2, String str3) throws SAML2Exception {
        String parameter = httpServletRequest.getParameter(SAML2Constants.BINDING);
        if (parameter == null) {
            try {
                SingleLogoutServiceElement sLOServiceElement = getSLOServiceElement(SAML2MetaUtils.getRealmByMetaAlias(str), str3, str2, null);
                if (sLOServiceElement != null) {
                    parameter = sLOServiceElement.getBinding();
                }
            } catch (SSOException e) {
                debug.error("Invalid SSOToken", e);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
        }
        if (parameter != null) {
            return parameter;
        }
        debug.error("Incorrect configuration for SingleLogout Service.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }

    private static SingleLogoutServiceElement getSLOServiceElement(String str, String str2, String str3, String str4) throws SAML2MetaException, SSOException, SAML2Exception {
        SingleLogoutServiceElement sPSLOConfig;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getSLOServiceElement: ").append("Realm : ").append(str).toString());
            debug.message(new StringBuffer().append("getSLOServiceElement: ").append("Entity ID : ").append(str2).toString());
            debug.message(new StringBuffer().append("getSLOServiceElement: ").append("Host Entity Role : ").append(str3).toString());
        }
        if (str3.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            sPSLOConfig = getIDPSLOConfig(str, str2, str4);
        } else {
            if (!str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
                debug.error("Hosted Entity role is missing .");
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
            }
            sPSLOConfig = getSPSLOConfig(str, str2, str4);
        }
        return sPSLOConfig;
    }

    public static SingleLogoutServiceElement getIDPSLOConfig(String str, String str2, String str3) throws SAML2MetaException, SSOException {
        r7 = null;
        IDPSSODescriptorElement iDPSSODescriptor = metaManager.getIDPSSODescriptor(str, str2);
        if (iDPSSODescriptor == null) {
            debug.error("Identity Provider SSO config is missing.");
            return null;
        }
        List<SingleLogoutServiceElement> singleLogoutService = iDPSSODescriptor.getSingleLogoutService();
        if (singleLogoutService != null && !singleLogoutService.isEmpty()) {
            if (str3 == null) {
                return (SingleLogoutServiceElement) singleLogoutService.get(0);
            }
            for (SingleLogoutServiceElement singleLogoutServiceElement : singleLogoutService) {
                if (str3.equalsIgnoreCase(singleLogoutServiceElement.getBinding())) {
                    break;
                }
            }
        }
        return singleLogoutServiceElement;
    }

    public static SingleLogoutServiceElement getSPSLOConfig(String str, String str2, String str3) throws SAML2MetaException, SSOException {
        r7 = null;
        SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str, str2);
        if (sPSSODescriptor == null) {
            return null;
        }
        List<SingleLogoutServiceElement> singleLogoutService = sPSSODescriptor.getSingleLogoutService();
        if (singleLogoutService != null && !singleLogoutService.isEmpty()) {
            if (str3 == null) {
                return (SingleLogoutServiceElement) singleLogoutService.get(0);
            }
            for (SingleLogoutServiceElement singleLogoutServiceElement : singleLogoutService) {
                if (str3.equalsIgnoreCase(singleLogoutServiceElement.getBinding())) {
                    break;
                }
            }
        }
        return singleLogoutServiceElement;
    }

    public static List getExtensionsList(Map map) {
        return null;
    }

    static {
        adminSSOToken = null;
        logUtil = null;
        metaManager = null;
        adminSSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        metaManager = SAML2Utils.getSAML2MetaManager();
        logUtil = SAML2LogManager.getLogInstance();
    }
}
