package com.sun.identity.saml2.profile;

import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.AccountUtils;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.protocol.LogoutRequest;
import com.sun.identity.saml2.protocol.LogoutResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.security.AdminTokenAction;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:122984-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/profile/SPSingleLogout.class */
public class SPSingleLogout {
    static SAML2MetaManager sm;
    static SSOToken adminSSOToken;
    static LogUtil logUtil;
    static AssertionFactory af = AssertionFactory.getInstance();
    static Debug debug = SAML2Utils.debug;
    static final Status SUCCESS_STATUS = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Success", SAML2Utils.bundle.getString("requestSuccess"));
    static final Status PARTIAL_LOGOUT_STATUS = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", SAML2Utils.bundle.getString("partialLogout"));

    public static void initiateLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Map map) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message("SPSingleLogout:initiateLogoutRequest");
            debug.message(new StringBuffer().append("binding : ").append(str).toString());
            debug.message(new StringBuffer().append("paramsMap : ").append(map).toString());
        }
        String str2 = (String) map.get(SAML2Constants.SP_METAALIAS);
        try {
            SSOToken sSOToken = SAML2Utils.getSSOToken(httpServletRequest);
            if (sSOToken == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
            }
            if (str2 == null) {
                str2 = sSOToken.getProperty(SAML2Constants.SP_METAALIAS);
            }
            if (str2 == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPMetaAlias"));
            }
            map.put("metaAlias", str2);
            String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(str2));
            debug.message(new StringBuffer().append("realm : ").append(realm).toString());
            String entityByMetaAlias = sm.getEntityByMetaAlias(str2);
            if (entityByMetaAlias == null) {
                debug.error("Service Provider ID is missing");
                logUtil.error(Level.INFO, LogUtil.INVALID_SP, new String[]{entityByMetaAlias}, adminSSOToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
            }
            debug.message(new StringBuffer().append("spEntityID : ").append(entityByMetaAlias).toString());
            String obj = sSOToken.getTokenID().toString();
            try {
                String property = sSOToken.getProperty(AccountUtils.getNameIDInfoKeyAttribute());
                if (property == null) {
                    debug.error("Unable to get infoKeyString from SSOToken.");
                    throw new SAML2Exception(SAML2Utils.bundle.getString("errorInfoKeyString"));
                }
                if (sm.getSPSSODescriptor(realm, entityByMetaAlias) == null) {
                    logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{entityByMetaAlias}, adminSSOToken);
                    throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
                }
                List extensionsList = LogoutUtil.getExtensionsList(map);
                String parameter = SAML2Utils.getParameter(map, "RelayState");
                StringTokenizer stringTokenizer = new StringTokenizer(property, SAML2Constants.SECOND_DELIM);
                if (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
                    while (stringTokenizer.hasMoreTokens()) {
                        prepareForLogout(realm, obj, str2, extensionsList, str, parameter, httpServletResponse, map, stringTokenizer.nextToken());
                    }
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("tokenID : ").append(obj).toString());
                    debug.message(new StringBuffer().append("infoKeyString : ").append(property).toString());
                }
                SAML2Utils.destroySession(sSOToken);
            } catch (SSOException e) {
                debug.error("Unable to get infoKeyString from SSOToken.", e);
                throw new SAML2Exception(SAML2Utils.bundle.getString("errorInfoKeyString"));
            }
        } catch (SSOException e2) {
            debug.error("Invalid Admin SSOToken", e2);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (SAML2MetaException e3) {
            debug.error("Error retreiving metadata", e3);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    private static void prepareForLogout(String str, String str2, String str3, List list, String str4, String str5, HttpServletResponse httpServletResponse, Map map, String str6) throws SAML2Exception, SSOException {
        SPFedSession sPFedSession = null;
        List list2 = (List) SPCache.fedSessionListsByNameIDInfoKey.get(str6);
        if (list2 != null) {
            synchronized (list2) {
                ListIterator listIterator = list2.listIterator();
                while (true) {
                    if (!listIterator.hasNext()) {
                        break;
                    }
                    sPFedSession = (SPFedSession) listIterator.next();
                    if (str2.equals(sPFedSession.spTokenID)) {
                        listIterator.remove();
                        if (list2.size() == 0) {
                            SPCache.fedSessionListsByNameIDInfoKey.remove(str6);
                        }
                    } else {
                        sPFedSession = null;
                    }
                }
            }
        }
        NameIDInfoKey parse = NameIDInfoKey.parse(str6);
        if (sPFedSession == null) {
            if (debug.messageEnabled()) {
                debug.message("No session partner, just did local logout.");
                return;
            }
            return;
        }
        IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(str, parse.getRemoteEntityID());
        if (iDPSSODescriptor == null) {
            logUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{parse.getRemoteEntityID()}, adminSSOToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List singleLogoutService = iDPSSODescriptor.getSingleLogoutService();
        if (singleLogoutService == null) {
            logUtil.error(Level.INFO, LogUtil.SLO_NOT_FOUND, new String[]{parse.getRemoteEntityID()}, adminSSOToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("sloServiceListNotfound"));
        }
        IDPSSOConfigElement iDPSSOConfigElement = null;
        if (str4.equals(SAML2Constants.SOAP)) {
            iDPSSOConfigElement = sm.getIDPSSOConfig(str, parse.getRemoteEntityID());
        }
        String stringBuffer = LogoutUtil.doLogout(str3, parse.getRemoteEntityID(), singleLogoutService, list, str4, str5, sPFedSession.idpSessionIndex, sPFedSession.info.getNameID(), httpServletResponse, map, iDPSSOConfigElement).toString();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("\nSPSLO.requestIDStr = ").append(stringBuffer).append("\nbinding = ").append(str4).toString());
        }
        if (stringBuffer == null || stringBuffer.length() == 0 || !str4.equals(SAML2Constants.HTTP_REDIRECT)) {
            return;
        }
        SPCache.logoutRequestIDs.add(stringBuffer);
    }

    public static void processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SAML2Exception, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("samlResponse : ").append(str).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("relayState : ").append(str2).toString());
        }
        String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
        if (decodeFromRedirect == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
        }
        LogoutResponse createLogoutResponse = ProtocolFactory.getInstance().createLogoutResponse(decodeFromRedirect);
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        String value = createLogoutResponse.getIssuer().getValue();
        SAML2Utils.verifyResponseIssuer(realm, entityByMetaAlias, createLogoutResponse.getIssuer(), createLogoutResponse.getInResponseTo());
        boolean wantLogoutResponseSigned = SAML2Utils.getWantLogoutResponseSigned(realm, entityByMetaAlias, SAML2Constants.SP_ROLE);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("metaAlias : ").append(metaAliasByUri).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("realm : ").append(realm).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("idpEntityID : ").append(value).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("spEntityID : ").append(entityByMetaAlias).toString());
        }
        if (wantLogoutResponseSigned) {
            if (!SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.SP_ROLE, value)) {
                debug.error("Invalid signature in SLO Response.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
            }
            if (!SAML2Utils.verifyDestination(createLogoutResponse.getDestination(), getSLOResponseLocationOrLocation(sm.getSPSSODescriptor(realm, entityByMetaAlias)))) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        String inResponseTo = createLogoutResponse.getInResponseTo();
        if (inResponseTo == null || inResponseTo.length() == 0) {
            if (debug.messageEnabled()) {
                debug.message("LogoutResponse inResponseTo is null");
            }
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullInResponseToFromSamlResponse"));
        }
        if (!SPCache.logoutRequestIDs.remove(inResponseTo)) {
            if (debug.messageEnabled()) {
                debug.message("LogoutResponse inResponseTo does not match LogoutRequest ID.");
            }
            throw new SAML2Exception(SAML2Utils.bundle.getString("LogoutRequestIDandInResponseToDoNotMatch"));
        }
        if (debug.messageEnabled()) {
            debug.message("LogoutResponse inResponseTo matches LogoutRequest ID.");
        }
        if (str2 == null || str2.length() == 0) {
            return;
        }
        try {
            httpServletResponse.sendRedirect(str2);
        } catch (IOException e) {
            debug.message(new StringBuffer().append("Exception when redirecting to ").append(str2).toString(), e);
        }
    }

    public static void processLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SAML2Exception, SSOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("samlRequest : ").append(str).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("relayState : ").append(str2).toString());
        }
        String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
        if (decodeFromRedirect == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlRequest"));
        }
        LogoutRequest createLogoutRequest = ProtocolFactory.getInstance().createLogoutRequest(decodeFromRedirect);
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        String value = createLogoutRequest.getIssuer().getValue();
        boolean wantLogoutRequestSigned = SAML2Utils.getWantLogoutRequestSigned(realm, entityByMetaAlias, SAML2Constants.SP_ROLE);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("metaAlias : ").append(metaAliasByUri).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("realm : ").append(realm).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("idpEntityID : ").append(value).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("spEntityID : ").append(entityByMetaAlias).toString());
        }
        if (wantLogoutRequestSigned) {
            if (!SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.SP_ROLE, value)) {
                debug.error("Invalid signature in SLO Request.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
            }
            if (!SAML2Utils.verifyDestination(createLogoutRequest.getDestination(), getSLOResponseLocationOrLocation(sm.getSPSSODescriptor(realm, entityByMetaAlias)))) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        try {
            IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(realm, value);
            if (iDPSSODescriptor == null) {
                logUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{value}, adminSSOToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            List singleLogoutService = iDPSSODescriptor.getSingleLogoutService();
            if (singleLogoutService == null) {
                logUtil.error(Level.INFO, LogUtil.SLO_NOT_FOUND, new String[]{value}, adminSSOToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloServiceListNotfound"));
            }
            String sLOResponseServiceLocation = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
            if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                sLOResponseServiceLocation = LogoutUtil.getSLOServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
                if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                    debug.error("Unable to find the IDP's single logout response service with the HTTP-Redirect binding");
                    throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SP's single logout response service location = ").append(sLOResponseServiceLocation).toString());
                }
            } else if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("IDP's single logout response service location = ").append(sLOResponseServiceLocation).toString());
            }
            LogoutResponse processLogoutRequest = processLogoutRequest(createLogoutRequest, entityByMetaAlias, realm, null, false);
            processLogoutRequest.setDestination(sLOResponseServiceLocation);
            LogoutUtil.sendSLOResponse(httpServletResponse, processLogoutRequest, sLOResponseServiceLocation, str2, realm, entityByMetaAlias, SAML2Constants.SP_ROLE, value);
        } catch (SSOException e) {
            debug.error("SSO error : ", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v140, types: [java.util.List] */
    /* JADX WARN: Type inference failed for: r17v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public static LogoutResponse processLogoutRequest(LogoutRequest logoutRequest, String str, String str2, HttpServletRequest httpServletRequest, boolean z) {
        NameID nameID = null;
        Status status = null;
        Issuer issuer = null;
        String value = logoutRequest.getIssuer().getValue();
        try {
            SAML2Utils.verifyRequestIssuer(str2, str, logoutRequest.getIssuer(), logoutRequest.getID());
            issuer = SAML2Utils.createIssuer(str);
            List sessionIndex = logoutRequest.getSessionIndex();
            int i = 0;
            if (sessionIndex != null) {
                i = sessionIndex.size();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("processLogoutRequest : Number of session indices in the logout request is ").append(i).toString());
                }
            }
            nameID = LogoutUtil.getNameIDFromSLORequest(logoutRequest, str2, str, SAML2Constants.SP_ROLE);
            if (nameID == null) {
                debug.error("processLogoutRequest : LogoutRequest does not contain Name ID");
                status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", SAML2Utils.bundle.getString("missing_name_identifier"));
            } else {
                String valueString = new NameIDInfoKey(nameID.getValue(), nameID.getSPNameQualifier(), nameID.getNameQualifier()).toValueString();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("processLogoutRequest : infokey=").append(valueString).toString());
                }
                List list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(valueString);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("processLogoutRequest : SPFedsessions=").append(list).toString());
                }
                boolean z2 = false;
                List list2 = null;
                if (z) {
                    list2 = SAML2Utils.getRemoteServiceURLs(httpServletRequest);
                    z2 = (list2 == null || list2.isEmpty()) ? false : true;
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("processLogoutRequest : isLBReq = ").append(z).append(", foundPeer = ").append(z2).toString());
                }
                if (list != null && !list.isEmpty()) {
                    SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                    if (i == 0) {
                        ArrayList arrayList = new ArrayList();
                        synchronized (list) {
                            ListIterator listIterator = list.listIterator();
                            while (listIterator.hasNext()) {
                                arrayList.add(((SPFedSession) listIterator.next()).spTokenID);
                                listIterator.remove();
                            }
                        }
                        ListIterator listIterator2 = arrayList.listIterator();
                        while (listIterator2.hasNext()) {
                            String str3 = (String) listIterator2.next();
                            try {
                                SSOToken createSSOToken = sSOTokenManager.createSSOToken(str3);
                                if (debug.messageEnabled()) {
                                    debug.message(new StringBuffer().append("processLogoutRequest : destroy token ").append(str3).toString());
                                }
                                SAML2Utils.destroySession(createSSOToken);
                            } catch (SSOException e) {
                                debug.error(new StringBuffer().append("processLogoutRequest : Could not create SSOToken from token ID = ").append(str3).toString());
                            }
                        }
                        if (z2) {
                            boolean z3 = false;
                            Iterator it = list2.iterator();
                            while (it.hasNext()) {
                                LogoutResponse forwardToRemoteServer = LogoutUtil.forwardToRemoteServer(logoutRequest, new StringBuffer().append((String) it.next()).append(httpServletRequest.getRequestURI()).append(httpServletRequest.getQueryString() == null ? "?" : "&").append("isLBReq=false").toString());
                                if (!isSuccess(forwardToRemoteServer) && !isNameNotFound(forwardToRemoteServer)) {
                                    z3 = true;
                                }
                            }
                            status = z3 ? PARTIAL_LOGOUT_STATUS : SUCCESS_STATUS;
                        }
                    } else {
                        ArrayList arrayList2 = new ArrayList();
                        for (int i2 = 0; i2 < i; i2++) {
                            String str4 = (String) sessionIndex.get(i2);
                            String str5 = null;
                            synchronized (list) {
                                ListIterator listIterator3 = list.listIterator();
                                while (true) {
                                    if (!listIterator3.hasNext()) {
                                        break;
                                    }
                                    SPFedSession sPFedSession = (SPFedSession) listIterator3.next();
                                    if (str4.equals(sPFedSession.idpSessionIndex)) {
                                        if (debug.messageEnabled()) {
                                            debug.message(new StringBuffer().append("processLogoutRequest :  found si + ").append(str4).toString());
                                        }
                                        str5 = sPFedSession.spTokenID;
                                        listIterator3.remove();
                                    }
                                }
                            }
                            if (str5 != null) {
                                try {
                                    SSOToken createSSOToken2 = sSOTokenManager.createSSOToken(str5);
                                    if (debug.messageEnabled()) {
                                        debug.message(new StringBuffer().append("processLogoutRequest : destroy token (2) ").append(str5).toString());
                                    }
                                    SAML2Utils.destroySession(createSSOToken2);
                                } catch (SSOException e2) {
                                    debug.error(new StringBuffer().append("processLogoutRequest : Could not create SSOToken from token ID = ").append(str5).toString());
                                }
                            } else {
                                arrayList2.add(str4);
                            }
                        }
                        if (z) {
                            if (!z2 || arrayList2.isEmpty()) {
                                status = SUCCESS_STATUS;
                            } else {
                                boolean z4 = false;
                                LogoutRequest copyAndMakeMutable = copyAndMakeMutable(logoutRequest);
                                Iterator it2 = list2.iterator();
                                while (it2.hasNext()) {
                                    copyAndMakeMutable.setSessionIndex(arrayList2);
                                    LogoutResponse forwardToRemoteServer2 = LogoutUtil.forwardToRemoteServer(copyAndMakeMutable, new StringBuffer().append((String) it2.next()).append(httpServletRequest.getRequestURI()).append(httpServletRequest.getQueryString() == null ? "?" : "&").append("isLBReq=false").toString());
                                    if (!isNameNotFound(forwardToRemoteServer2)) {
                                        if (isSuccess(forwardToRemoteServer2)) {
                                            arrayList2 = LogoutUtil.getSessionIndex(forwardToRemoteServer2);
                                        } else {
                                            z4 = true;
                                        }
                                    }
                                    if (debug.messageEnabled()) {
                                        debug.message(new StringBuffer().append("processLogoutRequest : siNotFound = ").append(arrayList2).toString());
                                    }
                                    if (arrayList2 == null || arrayList2.isEmpty()) {
                                        z4 = false;
                                        break;
                                    }
                                }
                                status = (z4 || !(arrayList2 == null || arrayList2.isEmpty())) ? PARTIAL_LOGOUT_STATUS : SUCCESS_STATUS;
                            }
                        } else if (arrayList2.isEmpty()) {
                            status = SUCCESS_STATUS;
                        } else {
                            status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Success", SAML2Utils.bundle.getString("requestSuccess"));
                            LogoutUtil.setSessionIndex(status, arrayList2);
                        }
                    }
                } else if (z2) {
                    boolean z5 = false;
                    LogoutRequest copyAndMakeMutable2 = copyAndMakeMutable(logoutRequest);
                    Iterator it3 = list2.iterator();
                    while (it3.hasNext()) {
                        LogoutResponse forwardToRemoteServer3 = LogoutUtil.forwardToRemoteServer(copyAndMakeMutable2, new StringBuffer().append((String) it3.next()).append(httpServletRequest.getRequestURI()).append(httpServletRequest.getQueryString() == null ? "?" : "&").append("isLBReq=false").toString());
                        if (!isNameNotFound(forwardToRemoteServer3)) {
                            if (!isSuccess(forwardToRemoteServer3)) {
                                z5 = true;
                            } else if (i > 0) {
                                sessionIndex = LogoutUtil.getSessionIndex(forwardToRemoteServer3);
                                if (sessionIndex == null || sessionIndex.isEmpty()) {
                                    z5 = false;
                                    break;
                                }
                                copyAndMakeMutable2.setSessionIndex(sessionIndex);
                            } else {
                                continue;
                            }
                        }
                    }
                    status = (z5 || (sessionIndex != null && sessionIndex.size() > 0)) ? PARTIAL_LOGOUT_STATUS : SUCCESS_STATUS;
                } else {
                    debug.error("processLogoutRequest : invalid Name ID received");
                    status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", SAML2Utils.bundle.getString("invalid_name_identifier"));
                }
            }
        } catch (SSOException e3) {
            debug.error("processLogoutRequest: Could not obtain SSOTokenManager.");
            status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", e3.toString());
        } catch (SAML2Exception e4) {
            debug.error("processLogoutRequest: failed to create response", (Throwable) e4);
            status = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", e4.toString());
        }
        if (str == null) {
            nameID.getSPNameQualifier();
        }
        return LogoutUtil.generateResponse(status, logoutRequest.getID(), issuer, str2, SAML2Constants.SP_ROLE, value);
    }

    static boolean isSuccess(LogoutResponse logoutResponse) {
        return logoutResponse.getStatus().getStatusCode().getValue().equals("urn:oasis:names:tc:SAML:2.0:status:Success");
    }

    static boolean isNameNotFound(LogoutResponse logoutResponse) {
        Status status = logoutResponse.getStatus();
        String statusMessage = status.getStatusMessage();
        return status.getStatusCode().getValue().equals("urn:oasis:names:tc:SAML:2.0:status:Responder") && statusMessage != null && statusMessage.equals(SAML2Utils.bundle.getString("invalid_name_identifier"));
    }

    private static LogoutRequest copyAndMakeMutable(LogoutRequest logoutRequest) {
        LogoutRequest createLogoutRequest = ProtocolFactory.getInstance().createLogoutRequest();
        try {
            createLogoutRequest.setNotOnOrAfter(logoutRequest.getNotOnOrAfter());
            createLogoutRequest.setReason(logoutRequest.getReason());
            createLogoutRequest.setEncryptedID(logoutRequest.getEncryptedID());
            createLogoutRequest.setNameID(logoutRequest.getNameID());
            createLogoutRequest.setBaseID(logoutRequest.getBaseID());
            createLogoutRequest.setSessionIndex(logoutRequest.getSessionIndex());
            createLogoutRequest.setIssuer(logoutRequest.getIssuer());
            createLogoutRequest.setExtensions(logoutRequest.getExtensions());
            createLogoutRequest.setID(logoutRequest.getID());
            createLogoutRequest.setVersion(logoutRequest.getVersion());
            createLogoutRequest.setIssueInstant(logoutRequest.getIssueInstant());
            createLogoutRequest.setDestination(logoutRequest.getDestination());
            createLogoutRequest.setConsent(logoutRequest.getConsent());
        } catch (SAML2Exception e) {
            debug.error("SPLogoutUtil.copyAndMakeMutable:", e);
        }
        return createLogoutRequest;
    }

    private static String getSLOResponseLocationOrLocation(SPSSODescriptorElement sPSSODescriptorElement) {
        List singleLogoutService;
        String str = null;
        if (sPSSODescriptorElement != null && (singleLogoutService = sPSSODescriptorElement.getSingleLogoutService()) != null && !singleLogoutService.isEmpty()) {
            str = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
            if (str == null || str.length() == 0) {
                str = LogoutUtil.getSLOServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
            }
        }
        return str;
    }

    static {
        sm = null;
        adminSSOToken = null;
        logUtil = null;
        adminSSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        try {
            sm = new SAML2MetaManager(adminSSOToken);
        } catch (SAML2MetaException e) {
            debug.error("Error retreiving metadata", e);
        } catch (SSOException e2) {
            debug.error("Invalid SSOToken", e2);
        }
        logUtil = SAML2LogManager.getLogInstance();
    }
}
