package com.sun.identity.saml2.profile;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.services.util.Base64;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.common.DateUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Attribute;
import com.sun.identity.saml2.assertion.AttributeStatement;
import com.sun.identity.saml2.assertion.AudienceRestriction;
import com.sun.identity.saml2.assertion.AuthnContext;
import com.sun.identity.saml2.assertion.AuthnStatement;
import com.sun.identity.saml2.assertion.Conditions;
import com.sun.identity.saml2.assertion.EncryptedAssertion;
import com.sun.identity.saml2.assertion.EncryptedAttribute;
import com.sun.identity.saml2.assertion.EncryptedID;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.assertion.Subject;
import com.sun.identity.saml2.assertion.SubjectConfirmation;
import com.sun.identity.saml2.assertion.SubjectConfirmationData;
import com.sun.identity.saml2.common.AccountUtils;
import com.sun.identity.saml2.common.NameIDInfo;
import com.sun.identity.saml2.common.NewBoolean;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.idpdiscovery.IDPDiscoveryConstants;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement;
import com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.key.EncInfo;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2COTManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.IDPAttributeMapper;
import com.sun.identity.saml2.plugins.IDPAuthnContextMapper;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.NameIDPolicy;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.saml2.protocol.StatusCode;
import com.sun.identity.security.AdminTokenAction;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:122984-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/profile/IDPSSOUtil.class */
public class IDPSSOUtil {
    public static SAML2MetaManager metaManager;
    public static SAML2COTManager cotManager;
    static IDPSSOTokenListener tokenListener = new IDPSSOTokenListener();
    static SSOToken adminToken;
    static LogUtil logUtil;

    public static void doSSOFederate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthnRequest authnRequest, String str, String str2, String str3, String str4) throws SAML2Exception {
        String str5 = null;
        if (authnRequest != null) {
            str5 = authnRequest.toXMLString();
        }
        logUtil.access(Level.INFO, LogUtil.RECEIVED_AUTHN_REQUEST, new String[]{str, str2, str5}, adminToken);
        try {
            if (metaManager == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("Unable to get meta manager.").toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
            }
            String entityByMetaAlias = metaManager.getEntityByMetaAlias(str2);
            if (entityByMetaAlias == null || entityByMetaAlias.trim().length() == 0) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("Unable to get IDP Entity ID from meta.").toString());
                logUtil.error(Level.INFO, LogUtil.INVALID_IDP, new String[]{entityByMetaAlias}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str2);
            if (authnRequest == null) {
                Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
                createIssuer.setValue(str);
                if (!SAML2Utils.isSourceSiteValid(createIssuer, realmByMetaAlias, entityByMetaAlias)) {
                    if (SAML2Utils.debug.warningEnabled()) {
                        SAML2Utils.debug.warning(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("The remote provider is not valid.").toString());
                    }
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidReceiver"));
                }
            }
            SSOToken sSOToken = SAML2Utils.getSSOToken(httpServletRequest);
            if (authnRequest == null && sSOToken == null) {
                try {
                    redirectAuthentication(httpServletRequest, httpServletResponse, authnRequest, null, realmByMetaAlias, entityByMetaAlias);
                    return;
                } catch (IOException e) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("Unable to redirect to authentication.").toString(), e);
                    try {
                        httpServletResponse.sendError(500, SAML2Utils.bundle.getString("UnableToRedirectToAuth"));
                        return;
                    } catch (IOException e2) {
                        SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("I/O error").toString(), e2);
                        return;
                    }
                }
            }
            StringBuffer stringBuffer = new StringBuffer();
            String aCSurl = getACSurl(str, realmByMetaAlias, authnRequest, httpServletRequest, stringBuffer);
            String stringBuffer2 = stringBuffer.toString();
            if (aCSurl == null || aCSurl.trim().length() == 0) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("no ACS URL found.").toString());
                logUtil.error(Level.INFO, LogUtil.NO_ACS_URL, new String[]{str2}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindACSURL"));
            }
            if (stringBuffer2 == null || stringBuffer2.trim().length() == 0) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("no return binding found.").toString());
                logUtil.error(Level.INFO, LogUtil.NO_RETURN_BINDING, new String[]{str2}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding"));
            }
            Response response = getResponse(sSOToken, authnRequest, str, entityByMetaAlias, realmByMetaAlias, str3, aCSurl);
            if (response == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("response is null").toString());
                String string = SAML2Utils.bundle.getString("UnableToCreateAssertion");
                if (authnRequest == null) {
                    throw new SAML2Exception(string);
                }
                response = getErrorResponse(authnRequest, "urn:oasis:names:tc:SAML:2.0:status:Responder", string, entityByMetaAlias);
            } else {
                try {
                    sSOToken.setProperty(SAML2Constants.IDP_META_ALIAS, str2);
                } catch (SSOException e3) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("error setting idpMetaAlias into the SSOToken: ").toString(), e3);
                }
            }
            if (response == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("error response is null").toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("UnableToCreateErrorResponse"));
            }
            if (setCOTCookie(httpServletRequest, httpServletResponse, stringBuffer2, str, entityByMetaAlias, str2, realmByMetaAlias, str4, aCSurl, response)) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("Redirected to set COT cookie.").toString());
                }
            } else {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("Doesn't set COT cookie.").toString());
                }
                sendResponse(httpServletResponse, stringBuffer2, str, entityByMetaAlias, str2, realmByMetaAlias, str4, aCSurl, response);
            }
        } catch (SAML2MetaException e4) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("Unable to get IDP Entity ID from meta.").toString());
            logUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str2}, adminToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (SSOException e5) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.doSSOFederate: ").append("invalid or expired sso token").toString(), e5);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    private static boolean setCOTCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5, String str6, String str7, Response response) {
        String writerURL = getWriterURL(str5, str3, str2);
        if (writerURL == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList(8);
        arrayList.add(0, str);
        arrayList.add(1, str2);
        arrayList.add(2, str3);
        arrayList.add(3, str4);
        arrayList.add(4, str5);
        arrayList.add(5, str6);
        arrayList.add(6, str7);
        arrayList.add(7, response);
        String generateIDWithServerID = SAML2Utils.generateIDWithServerID();
        IDPCache.responseCache.put(generateIDWithServerID, arrayList);
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).append(httpServletRequest.getRequestURI()).append("?").append(SAML2Constants.RES_INFO_ID).append(SAML2Constants.EQUAL).append(generateIDWithServerID);
        String encode = AMURLEncDec.encode(stringBuffer.toString());
        StringBuffer stringBuffer2 = new StringBuffer(200);
        stringBuffer2.append(writerURL);
        if (writerURL.indexOf("?") > 0) {
            stringBuffer2.append("&");
        } else {
            stringBuffer2.append("?");
        }
        stringBuffer2.append(IDPDiscoveryConstants.SAML2_COOKIE_NAME).append(SAML2Constants.EQUAL).append(str3).append("&").append("RelayState").append(SAML2Constants.EQUAL).append(encode);
        String stringBuffer3 = stringBuffer2.toString();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.setCOTCookie: ").append("Writer redirect URL: ").append(stringBuffer3).toString());
        }
        try {
            httpServletResponse.sendRedirect(stringBuffer3);
            return true;
        } catch (IOException e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.setCOTCookie: ").append("Unable to send redirect: ").toString(), e);
            return false;
        }
    }

    public static void sendResponse(HttpServletResponse httpServletResponse, String str) throws SAML2Exception {
        ArrayList arrayList = (ArrayList) IDPCache.responseCache.remove(str);
        if (arrayList == null || arrayList.size() != 8) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponse: ").append("unable to get response information from cache.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("UnableToGetResponseInfoFromCache"));
        }
        sendResponse(httpServletResponse, (String) arrayList.get(0), (String) arrayList.get(1), (String) arrayList.get(2), (String) arrayList.get(3), (String) arrayList.get(4), (String) arrayList.get(5), (String) arrayList.get(6), (Response) arrayList.get(7));
    }

    public static void sendResponse(HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5, String str6, String str7, Response response) throws SAML2Exception {
        if (!str.equals(SAML2Constants.HTTP_POST)) {
            if (str.equals(SAML2Constants.HTTP_ARTIFACT)) {
                sendResponseArtifact(httpServletResponse, str3, str5, str7, str6, response);
                return;
            } else {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponse: ").append("unsupported return binding.").toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("UnSupportedReturnBinding"));
            }
        }
        signAndEncryptResponseComponents(str5, str2, str3, response, true);
        String xMLString = response.toXMLString(true, true);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.sendResponse: ").append("SAML Response content :\n").append(xMLString).toString());
        }
        String encode = Base64.encode(xMLString.getBytes(), 76);
        logUtil.access(Level.INFO, LogUtil.POST_RESPONSE, new String[]{str2, str4, xMLString}, adminToken);
        try {
            postToTarget(httpServletResponse, SAML2Constants.SAML_RESPONSE, encode, "RelayState", str6, str7);
        } catch (Exception e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponse: ").append("postToTarget failed.").toString(), e);
            logUtil.error(Level.INFO, LogUtil.POST_TO_TARGET_FAILED, new String[]{str7}, adminToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("postToTargetFailed"));
        }
    }

    public static Response getResponse(SSOToken sSOToken, AuthnRequest authnRequest, String str, String str2, String str3, String str4, String str5) throws SAML2Exception {
        StatusCode createStatusCode;
        Response createResponse = ProtocolFactory.getInstance().createResponse();
        ArrayList arrayList = new ArrayList();
        Assertion assertion = getAssertion(sSOToken, authnRequest, str, str2, str3, str4, str5);
        if (assertion == null) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getResponse: ").append("Unable to get Assertion.").toString());
            return null;
        }
        arrayList.add(assertion);
        createResponse.setAssertion(arrayList);
        createResponse.setID(SAML2Utils.generateID());
        if (authnRequest != null) {
            createResponse.setInResponseTo(authnRequest.getID());
        }
        createResponse.setVersion(SAML2Constants.VERSION_2_0);
        createResponse.setIssueInstant(new Date());
        Status createStatus = ProtocolFactory.getInstance().createStatus();
        if (createStatus == null || (createStatusCode = ProtocolFactory.getInstance().createStatusCode()) == null) {
            return null;
        }
        createStatusCode.setValue("urn:oasis:names:tc:SAML:2.0:status:Success");
        createStatus.setStatusCode(createStatusCode);
        createResponse.setStatus(createStatus);
        Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
        createIssuer.setValue(str2);
        createResponse.setIssuer(createIssuer);
        createResponse.setDestination(str5);
        return createResponse;
    }

    public static Response getErrorResponse(AuthnRequest authnRequest, String str, String str2, String str3) throws SAML2Exception {
        Response createResponse = ProtocolFactory.getInstance().createResponse();
        Status createStatus = ProtocolFactory.getInstance().createStatus();
        StatusCode createStatusCode = ProtocolFactory.getInstance().createStatusCode();
        createStatusCode.setValue(str);
        createStatus.setStatusCode(createStatusCode);
        createStatus.setStatusMessage(str2);
        createResponse.setStatus(createStatus);
        String generateID = SAML2Utils.generateID();
        if (generateID == null) {
            SAML2Utils.debug.error("Unable to generate response ID.");
            return null;
        }
        createResponse.setID(generateID);
        if (authnRequest != null) {
            createResponse.setInResponseTo(authnRequest.getID());
        }
        createResponse.setVersion(SAML2Constants.VERSION_2_0);
        createResponse.setIssueInstant(new Date());
        Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
        createIssuer.setValue(str3);
        createResponse.setIssuer(createIssuer);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getErrorResponse: ").append("Error Response is : ").append(createResponse.toXMLString()).toString());
        }
        return createResponse;
    }

    private static Assertion getAssertion(SSOToken sSOToken, AuthnRequest authnRequest, String str, String str2, String str3, String str4, String str5) throws SAML2Exception {
        IDPSession iDPSession;
        Assertion createAssertion = AssertionFactory.getInstance().createAssertion();
        createAssertion.setID(SAML2Utils.generateID());
        createAssertion.setVersion(SAML2Constants.VERSION_2_0);
        createAssertion.setIssueInstant(new Date());
        Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
        createIssuer.setValue(str2);
        createAssertion.setIssuer(createIssuer);
        ArrayList arrayList = new ArrayList();
        NewBoolean newBoolean = new NewBoolean();
        AuthnStatement authnStatement = getAuthnStatement(sSOToken, newBoolean, authnRequest, str2, str3);
        if (authnStatement == null) {
            return null;
        }
        String sessionIndex = authnStatement.getSessionIndex();
        if (newBoolean.getValue()) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAssertion: ").append("This is a new IDP session with sessionIndex=").append(sessionIndex).append(", and TokenID=").append(sSOToken.getTokenID().toString()).toString());
            }
            iDPSession = new IDPSession(sSOToken);
            IDPCache.idpSessionsByIndices.put(sessionIndex, iDPSession);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAssertion: ").append("a new IDP session has been saved in cache, ").append("with sessionIndex=").append(sessionIndex).toString());
            }
            try {
                sSOToken.addSSOTokenListener(tokenListener);
            } catch (SSOException e) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getAssertion: ").append("Unable to add sso token listener.").toString());
            }
        } else {
            iDPSession = (IDPSession) IDPCache.idpSessionsByIndices.get(sessionIndex);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAssertion: ").append("This is an existing IDP session with sessionIndex=").append(sessionIndex).append(", and TokenID=").append(iDPSession.getSSOToken().getTokenID().toString()).toString());
            }
        }
        arrayList.add(authnStatement);
        AttributeStatement attributeStatement = getAttributeStatement(sSOToken, str2, str, str3);
        if (attributeStatement != null) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(attributeStatement);
            createAssertion.setAttributeStatements(arrayList2);
        }
        int i = 600;
        String attributeValueFromIDPSSOConfig = getAttributeValueFromIDPSSOConfig(str3, str2, SAML2Constants.ASSERTION_EFFECTIVE_TIME_ATTRIBUTE);
        if (attributeValueFromIDPSSOConfig != null) {
            try {
                i = Integer.parseInt(attributeValueFromIDPSSOConfig);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAssertion: ").append("got effective time from config:").append(i).toString());
                }
            } catch (NumberFormatException e2) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getAssertion: ").append("Failed to get assertion effective time from ").append("IDP SSO config: ").toString(), e2);
                i = 600;
            }
        }
        NewBoolean newBoolean2 = new NewBoolean();
        Subject subject = getSubject(sSOToken, authnRequest, str5, str4, newBoolean2, str3, str2, str, i);
        String value = authnRequest != null ? authnRequest.getIssuer().getValue() : str;
        NameIDandSPpair nameIDandSPpair = new NameIDandSPpair(subject.getNameID(), value);
        synchronized (IDPCache.idpSessionsByIndices) {
            List nameIDandSPpairs = iDPSession.getNameIDandSPpairs();
            if (newBoolean2.getValue()) {
                nameIDandSPpairs.add(nameIDandSPpair);
            } else {
                String value2 = authnRequest != null ? authnRequest.getIssuer().getValue() : value;
                int size = nameIDandSPpairs.size();
                NameIDandSPpair nameIDandSPpair2 = null;
                for (int i2 = 0; i2 < size; i2++) {
                    nameIDandSPpair2 = (NameIDandSPpair) nameIDandSPpairs.get(i2);
                    if (nameIDandSPpair2.getSPEntityID().equals(value2)) {
                        break;
                    }
                    nameIDandSPpair2 = null;
                }
                if (nameIDandSPpair2 == null) {
                    nameIDandSPpairs.add(nameIDandSPpair);
                }
            }
        }
        createAssertion.setAuthnStatements(arrayList);
        createAssertion.setSubject(subject);
        createAssertion.setConditions(getConditions(str, i));
        return createAssertion;
    }

    private static AuthnStatement getAuthnStatement(SSOToken sSOToken, NewBoolean newBoolean, AuthnRequest authnRequest, String str, String str2) throws SAML2Exception {
        AuthnStatement createAuthnStatement = AssertionFactory.getInstance().createAuthnStatement();
        try {
            Date stringToDate = DateUtils.stringToDate(sSOToken.getProperty("authInstant"));
            try {
                sSOToken.getIPAddress().getHostAddress();
            } catch (Exception e) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAuthnStatement: ").append("exception when obtaining client ip: ").toString(), e);
                }
            }
            createAuthnStatement.setAuthnInstant(stringToDate);
            AuthnContext authnContext = getIDPAuthnContextMapper(str2, str).getIDPAuthnContextInfo(authnRequest, str, str2).getAuthnContext();
            createAuthnStatement.setAuthnContext(authnContext);
            String sessionIndex = getSessionIndex(sSOToken);
            if (sessionIndex == null) {
                sessionIndex = SAML2Utils.generateIDWithServerID();
                try {
                    sSOToken.setProperty(SAML2Constants.IDP_SESSION_INDEX, sessionIndex);
                    newBoolean.setValue(true);
                } catch (SSOException e2) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getAuthnStatement: ").append("error setting session index into the SSOToken: ").toString(), e2);
                    throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingAuthnStatement"));
                }
            } else {
                newBoolean.setValue(false);
            }
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAuthnStatement: ").append("SessionIndex (in AuthnStatement) =").append(sessionIndex).toString());
            }
            HashSet hashSet = (HashSet) IDPCache.authnContextCache.get(sessionIndex);
            if (hashSet == null || hashSet.isEmpty()) {
                hashSet = new HashSet();
            }
            hashSet.add(authnContext);
            IDPCache.authnContextCache.put(sessionIndex, hashSet);
            createAuthnStatement.setSessionIndex(sessionIndex);
            return createAuthnStatement;
        } catch (Exception e3) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getAuthnStatement: ").append("exception retrieving info from the SSOToken: ").toString(), e3);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingAuthnStatement"));
        }
    }

    private static AttributeStatement getAttributeStatement(SSOToken sSOToken, String str, String str2, String str3) throws SAML2Exception {
        List attributes = getIDPAttributeMapper(str3, str).getAttributes(sSOToken, str, str2, str3);
        if (attributes == null || attributes.isEmpty()) {
            return null;
        }
        AttributeStatement createAttributeStatement = AssertionFactory.getInstance().createAttributeStatement();
        createAttributeStatement.setAttribute(attributes);
        return createAttributeStatement;
    }

    static IDPAttributeMapper getIDPAttributeMapper(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromIDPSSOConfig = getAttributeValueFromIDPSSOConfig(str, str2, SAML2Constants.IDP_ATTRIBUTE_MAPPER);
            if (attributeValueFromIDPSSOConfig == null) {
                attributeValueFromIDPSSOConfig = SAML2Constants.DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS;
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getIDPAttributeMapper: ").append("use ").append(SAML2Constants.DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS).toString());
                }
            }
            IDPAttributeMapper iDPAttributeMapper = (IDPAttributeMapper) IDPCache.idpAttributeMapperCache.get(attributeValueFromIDPSSOConfig);
            if (iDPAttributeMapper == null) {
                iDPAttributeMapper = (IDPAttributeMapper) Class.forName(attributeValueFromIDPSSOConfig).newInstance();
                IDPCache.idpAttributeMapperCache.put(attributeValueFromIDPSSOConfig, iDPAttributeMapper);
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getIDPAttributeMapper: ").append("got the IDPAttributeMapper from cache").toString());
            }
            return iDPAttributeMapper;
        } catch (Exception e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getIDPAttributeMapper: ").append("Unable to get IDP Attribute Mapper.").toString(), e);
            throw new SAML2Exception(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static IDPAuthnContextMapper getIDPAuthnContextMapper(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromIDPSSOConfig = getAttributeValueFromIDPSSOConfig(str, str2, SAML2Constants.IDP_AUTHNCONTEXT_MAPPER_CLASS);
            if (attributeValueFromIDPSSOConfig == null) {
                attributeValueFromIDPSSOConfig = SAML2Constants.DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS;
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getIDPAuthnContextMapper: ").append("use ").append(SAML2Constants.DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS).toString());
                }
            }
            IDPAuthnContextMapper iDPAuthnContextMapper = (IDPAuthnContextMapper) IDPCache.idpAuthnContextMapperCache.get(attributeValueFromIDPSSOConfig);
            if (iDPAuthnContextMapper == null) {
                iDPAuthnContextMapper = (IDPAuthnContextMapper) Class.forName(attributeValueFromIDPSSOConfig).newInstance();
                IDPCache.idpAuthnContextMapperCache.put(attributeValueFromIDPSSOConfig, iDPAuthnContextMapper);
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getIDPAuthnContextMapper: ").append("got the IDPAuthnContextMapper from cache").toString());
            }
            return iDPAuthnContextMapper;
        } catch (Exception e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getIDPAuthnContextMapper: ").append("Unable to get IDP AuthnContext Mapper.").toString(), e);
            throw new SAML2Exception(e);
        }
    }

    private static Subject getSubject(SSOToken sSOToken, AuthnRequest authnRequest, String str, String str2, NewBoolean newBoolean, String str3, String str4, String str5, int i) throws SAML2Exception {
        String str6;
        Subject createSubject = AssertionFactory.getInstance().createSubject();
        try {
            String name = SAML2Utils.isFM() ? sSOToken.getPrincipal().getName() : sSOToken.getProperty("sun.am.UniversalIdentifier");
            boolean z = true;
            String str7 = null;
            if (authnRequest != null) {
                NameIDPolicy nameIDPolicy = authnRequest.getNameIDPolicy();
                if (nameIDPolicy != null) {
                    str7 = nameIDPolicy.getSPNameQualifier();
                    z = nameIDPolicy.isAllowCreate();
                }
                if (str7 == null) {
                    str7 = authnRequest.getIssuer().getValue();
                }
                str6 = authnRequest.getIssuer().getValue();
            } else {
                str7 = str5;
                str6 = str5;
            }
            if (str2 == null || str2.trim().length() == 0) {
                str2 = SAML2Constants.PERSISTENT;
            } else {
                if (!str2.startsWith(SAML2Constants.NAMEID_FORMAT_NAMESPACE)) {
                    str2 = new StringBuffer().append(SAML2Constants.NAMEID_FORMAT_NAMESPACE).append(str2).toString();
                }
                if (!str2.equals(SAML2Constants.PERSISTENT) && !str2.equals(SAML2Constants.NAMEID_TRANSIENT_FORMAT) && !str2.equals(SAML2Constants.X509_SUBJECT_NAME)) {
                    str2 = SAML2Constants.PERSISTENT;
                }
            }
            NameID nameID = null;
            boolean equals = str2.equals(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
            if (!equals) {
                nameID = SAML2Utils.getIDPAccountMapper(str3, str4).getNameID(sSOToken, str4, str6);
            }
            if (nameID == null) {
                String createNameIdentifier = (str2 == null || !str2.equals(SAML2Constants.X509_SUBJECT_NAME)) ? SAML2Utils.createNameIdentifier() : name;
                nameID = AssertionFactory.getInstance().createNameID();
                nameID.setValue(createNameIdentifier);
                nameID.setFormat(str2);
                nameID.setNameQualifier(str4);
                nameID.setSPNameQualifier(str7);
                nameID.setSPProvidedID(null);
                if (!equals && z) {
                    AccountUtils.setAccountFederation(new NameIDInfo(str4, str6, nameID, SAML2Constants.IDP_ROLE, false), name);
                }
                newBoolean.setValue(true);
            } else {
                newBoolean.setValue(false);
            }
            createSubject.setNameID(nameID);
            String str8 = null;
            if (authnRequest != null) {
                str8 = authnRequest.getID();
            }
            SubjectConfirmation subjectConfirmation = getSubjectConfirmation(str8, str, i);
            if (subjectConfirmation == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getSubject: ").append("Unable to get subject confirmation").toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("noSubjectConfirmation"));
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(subjectConfirmation);
            createSubject.setSubjectConfirmation(arrayList);
            return createSubject;
        } catch (SSOException e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getSubject: ").append("Unable to get principal name from SSOToken.").toString(), e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    private static SubjectConfirmation getSubjectConfirmation(String str, String str2, int i) throws SAML2Exception {
        SubjectConfirmation createSubjectConfirmation = AssertionFactory.getInstance().createSubjectConfirmation();
        createSubjectConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
        SubjectConfirmationData createSubjectConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData();
        createSubjectConfirmationData.setRecipient(str2);
        if (str != null) {
            createSubjectConfirmationData.setInResponseTo(str);
        }
        Date date = new Date();
        date.setTime(date.getTime() + (i * 1000));
        createSubjectConfirmationData.setNotOnOrAfter(date);
        createSubjectConfirmation.setSubjectConfirmationData(createSubjectConfirmationData);
        return createSubjectConfirmation;
    }

    private static Conditions getConditions(String str, int i) throws SAML2Exception {
        Conditions createConditions = AssertionFactory.getInstance().createConditions();
        Date date = new Date();
        date.setTime(date.getTime() + (i * 1000));
        createConditions.setNotOnOrAfter(date);
        createConditions.setNotBefore(new Date());
        ArrayList arrayList = new ArrayList();
        AudienceRestriction audienceRestriction = getAudienceRestriction(str);
        if (audienceRestriction == null) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getConditions: ").append("Unable to get Audience Restriction").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("noAudienceRestriction"));
        }
        arrayList.add(audienceRestriction);
        createConditions.setAudienceRestrictions(arrayList);
        return createConditions;
    }

    private static AudienceRestriction getAudienceRestriction(String str) throws SAML2Exception {
        AudienceRestriction createAudienceRestriction = AssertionFactory.getInstance().createAudienceRestriction();
        if (str != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(str);
            createAudienceRestriction.setAudience(arrayList);
        }
        return createAudienceRestriction;
    }

    public static String getACSurl(String str, String str2, AuthnRequest authnRequest, HttpServletRequest httpServletRequest, StringBuffer stringBuffer) throws SAML2Exception {
        String parameter;
        String str3 = null;
        if (authnRequest != null) {
            str3 = authnRequest.getAssertionConsumerServiceURL();
            parameter = authnRequest.getProtocolBinding();
        } else {
            parameter = httpServletRequest.getParameter(SAML2Constants.BINDING);
        }
        if (parameter != null && !parameter.startsWith(SAML2Constants.BINDING_PREFIX)) {
            parameter = new StringBuffer().append(SAML2Constants.BINDING_PREFIX).append(parameter).toString();
        }
        if (str3 == null || str3.length() == 0) {
            StringBuffer stringBuffer2 = new StringBuffer();
            if (parameter == null || parameter.trim().length() == 0) {
                int i = 0;
                if (authnRequest != null) {
                    i = authnRequest.getAssertionConsumerServiceIndex().intValue();
                    if (i < 0 || i > 65535) {
                        i = 0;
                    }
                }
                str3 = getACSurlFromMetaByIndex(str, str2, i, stringBuffer2);
            } else {
                str3 = getACSurlFromMetaByBinding(str, str2, parameter, stringBuffer2);
            }
            parameter = stringBuffer2.toString();
        }
        stringBuffer.append(parameter);
        return str3;
    }

    public static String getACSurlFromMetaByBinding(String str, String str2, String str3, StringBuffer stringBuffer) throws SAML2Exception {
        if (metaManager == null) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByBinding: ").append("Unable to get meta manager.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        try {
            SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str2, str);
            if (sPSSODescriptor == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByBinding: ").append("Unable to get SP SSO Descriptor from meta.").toString());
                logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            List assertionConsumerService = sPSSODescriptor.getAssertionConsumerService();
            String str4 = null;
            String str5 = null;
            String str6 = null;
            String str7 = null;
            String str8 = null;
            String str9 = null;
            int i = 0;
            while (true) {
                if (i >= assertionConsumerService.size()) {
                    break;
                }
                AssertionConsumerServiceElement assertionConsumerServiceElement = (AssertionConsumerServiceElement) assertionConsumerService.get(i);
                str5 = assertionConsumerServiceElement.getBinding();
                if (str5.equals(str3)) {
                    str4 = assertionConsumerServiceElement.getLocation();
                    break;
                }
                if (assertionConsumerServiceElement.isIsDefault()) {
                    str6 = assertionConsumerServiceElement.getLocation();
                    str7 = assertionConsumerServiceElement.getBinding();
                }
                if (i == 0) {
                    str8 = assertionConsumerServiceElement.getLocation();
                    str9 = assertionConsumerServiceElement.getBinding();
                }
                i++;
            }
            if (str4 == null || str4.length() == 0) {
                str4 = str6;
                if (str4 == null || str4.length() == 0) {
                    str4 = str8;
                    if (str4 == null || str4.length() == 0) {
                        SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByBinding: ").append("Unable to get valid Assertion ").append("Consumer Service URL").toString());
                        return null;
                    }
                    stringBuffer.append(str9);
                } else {
                    stringBuffer.append(str7);
                }
            } else {
                stringBuffer.append(str5);
            }
            return str4;
        } catch (SSOException e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByBinding: ").append("invalid sso token.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        } catch (SAML2MetaException e2) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByBinding: ").append("Unable to get SP SSO Descriptor from meta.").toString());
            logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str}, adminToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static String getACSurlFromMetaByIndex(String str, String str2, int i, StringBuffer stringBuffer) throws SAML2Exception {
        if (metaManager == null) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByIndex: ").append("Unable to get meta manager.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        try {
            SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str2, str);
            if (sPSSODescriptor == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByIndex: ").append("Unable to get SP SSO Descriptor from meta.").toString());
                logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            List assertionConsumerService = sPSSODescriptor.getAssertionConsumerService();
            String str3 = null;
            String str4 = null;
            String str5 = null;
            String str6 = null;
            String str7 = null;
            String str8 = null;
            int i2 = 0;
            while (true) {
                if (i2 >= assertionConsumerService.size()) {
                    break;
                }
                AssertionConsumerServiceElement assertionConsumerServiceElement = (AssertionConsumerServiceElement) assertionConsumerService.get(i2);
                int index = assertionConsumerServiceElement.getIndex();
                str4 = assertionConsumerServiceElement.getBinding();
                if (index == i) {
                    str3 = assertionConsumerServiceElement.getLocation();
                    str4 = assertionConsumerServiceElement.getBinding();
                    break;
                }
                if (assertionConsumerServiceElement.isIsDefault()) {
                    str5 = assertionConsumerServiceElement.getLocation();
                    str6 = assertionConsumerServiceElement.getBinding();
                }
                if (i2 == 0) {
                    str7 = assertionConsumerServiceElement.getLocation();
                    str8 = assertionConsumerServiceElement.getBinding();
                }
                i2++;
            }
            if (str3 == null || str3.length() == 0) {
                str3 = str5;
                if (str3 == null || str3.length() == 0) {
                    str3 = str7;
                    if (str3 == null || str3.length() == 0) {
                        SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByIndex: ").append("Unable to get valid Assertion ").append("Consumer Service URL").toString());
                        return null;
                    }
                    stringBuffer.append(str8);
                } else {
                    stringBuffer.append(str6);
                }
            } else {
                stringBuffer.append(str4);
            }
            return str3;
        } catch (SSOException e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByIndex: ").append("invalid sso token.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        } catch (SAML2MetaException e2) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getACSurlFromMetaByIndex: ").append("Unable to get SP SSO Descriptor from meta.").toString());
            logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str}, adminToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static void postToTarget(HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5) throws IOException {
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<HTML>");
        writer.println("<HEAD>\n");
        writer.println("<TITLE>Access rights validated</TITLE>\n");
        writer.println("</HEAD>\n");
        writer.println("<BODY Onload=\"document.forms[0].submit()\">");
        writer.println(new StringBuffer().append("<FORM METHOD=\"POST\" ACTION=\"").append(str5).append("\">").toString());
        writer.println(new StringBuffer().append("<INPUT TYPE=\"HIDDEN\" NAME=\"").append(str).append("\" ").append("VALUE=\"").append(str2).append("\">").toString());
        if (str4 != null && str4.length() != 0) {
            writer.println(new StringBuffer().append("<INPUT TYPE=\"HIDDEN\" NAME=\"").append(str3).append("\" ").append("VALUE=\"").append(str4).append("\">").toString());
        }
        writer.println("</FORM></BODY></HTML>");
        writer.close();
    }

    public static void sendResponseArtifact(HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, Response response) throws SAML2Exception {
        try {
            IDPSSODescriptorElement iDPSSODescriptor = metaManager.getIDPSSODescriptor(str2, str);
            if (iDPSSODescriptor == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("Unable to get IDP SSO Descriptor from meta.").toString());
                logUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            ArtifactResolutionServiceElement artifactResolutionServiceElement = (ArtifactResolutionServiceElement) iDPSSODescriptor.getArtifactResolutionService().get(0);
            if (artifactResolutionServiceElement == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("Unable to get ArtifactResolutionServiceElement from meta.").toString());
                logUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            try {
                String artifactValue = ProtocolFactory.getInstance().createArtifact(null, artifactResolutionServiceElement.getIndex(), SAML2Utils.generateSourceID(str), SAML2Utils.generateMessageHandleWithServerID()).getArtifactValue();
                String stringBuffer = new StringBuffer().append(str3).append("?SAMLart=").append(AMURLEncDec.encode(artifactValue)).toString();
                if (str4 != null && str4.trim().length() != 0) {
                    stringBuffer = new StringBuffer().append(stringBuffer).append("&RelayState=").append(AMURLEncDec.encode(str4)).toString();
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("Redirect URL = ").append(stringBuffer).toString());
                }
                try {
                    IDPCache.responsesByArtifacts.put(artifactValue, response);
                    logUtil.access(Level.INFO, LogUtil.SEND_ARTIFACT, new String[]{str, str2, stringBuffer}, adminToken);
                    httpServletResponse.sendRedirect(stringBuffer);
                } catch (IOException e) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("Unable to send redirect: ").toString(), e);
                }
            } catch (SAML2Exception e2) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("Unable to create artifact: ").toString(), e2);
                logUtil.error(Level.INFO, LogUtil.CANNOT_CREATE_ARTIFACT, new String[]{str}, adminToken);
                try {
                    httpServletResponse.sendError(500, SAML2Utils.bundle.getString("errorCreateArtifact"));
                } catch (IOException e3) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("I/O rrror").toString(), e3);
                }
            }
        } catch (SAML2MetaException e4) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("Unable to get IDP SSO Descriptor from meta.").toString());
            logUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str}, adminToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (SSOException e5) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.sendResponseArtifact: ").append("invalid sso token.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    public static String getSessionIndex(SSOToken sSOToken) {
        if (sSOToken == null) {
            return null;
        }
        String str = null;
        try {
            str = sSOToken.getProperty(SAML2Constants.IDP_SESSION_INDEX);
        } catch (SSOException e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.getSessionIndex: ").append("error retrieving session index from the SSOToken: ").toString(), e);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getSessionIndex: ").append("Returning sessionIndex=").append(str).toString());
        }
        return str;
    }

    public static String getAuthenticationServiceURL(String str, String str2, HttpServletRequest httpServletRequest) {
        String attributeValueFromIDPSSOConfig = getAttributeValueFromIDPSSOConfig(str, str2, SAML2Constants.AUTH_URL);
        if (attributeValueFromIDPSSOConfig == null) {
            String requestURI = httpServletRequest.getRequestURI();
            String str3 = requestURI;
            int indexOf = requestURI.indexOf("/", requestURI.indexOf("/") + 1);
            if (indexOf != -1) {
                str3 = requestURI.substring(0, indexOf);
            }
            StringBuffer stringBuffer = new StringBuffer(100);
            stringBuffer.append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).append(str3).append("/UI/Login?realm=").append(str);
            attributeValueFromIDPSSOConfig = stringBuffer.toString();
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAuthenticationServiceURL: ").append("auth url=:").append(attributeValueFromIDPSSOConfig).toString());
        }
        return attributeValueFromIDPSSOConfig;
    }

    private static String getAttributeValueFromIDPSSOConfig(String str, String str2, String str3) {
        String str4 = null;
        try {
            List list = (List) SAML2MetaUtils.getAttributes(metaManager.getIDPSSOConfig(str, str2)).get(str3);
            if (list != null && list.size() != 0) {
                str4 = (String) list.get(0);
            }
        } catch (SAML2MetaException e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAttributeValueFromIDPSSOConfig: ").append("get IDPSSOConfig failed:").toString(), e);
            }
            str4 = null;
        } catch (SSOException e2) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getAttributeValueFromIDPSSOConfig: ").append("invalid or expired SSO token:").toString(), e2);
            }
            str4 = null;
        }
        return str4;
    }

    static void redirectAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthnRequest authnRequest, String str, String str2, String str3) throws SAML2Exception, IOException {
        StringBuffer stringBuffer = new StringBuffer(getAuthenticationServiceURL(str2, str3, httpServletRequest));
        Set authnTypeAndValues = getIDPAuthnContextMapper(str2, str3).getIDPAuthnContextInfo(authnRequest, str3, str2).getAuthnTypeAndValues();
        if (authnTypeAndValues != null && !authnTypeAndValues.isEmpty()) {
            Iterator it = authnTypeAndValues.iterator();
            StringBuffer stringBuffer2 = new StringBuffer((String) it.next());
            while (it.hasNext()) {
                stringBuffer2.append("&");
                stringBuffer2.append((String) it.next());
            }
            if (stringBuffer.indexOf("?") == -1) {
                stringBuffer.append("?");
            } else {
                stringBuffer.append("&");
            }
            stringBuffer.append(stringBuffer2.toString());
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.redirectAuthentication: ").append("authString=").append(stringBuffer2.toString()).toString());
            }
        }
        if (stringBuffer.indexOf("?") == -1) {
            stringBuffer.append("?goto=");
        } else {
            stringBuffer.append("&goto=");
        }
        String stringBuffer3 = httpServletRequest.getRequestURL().toString();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            stringBuffer3 = new StringBuffer().append(stringBuffer3).append("?").append(queryString).toString();
            if (str != null) {
                stringBuffer3 = new StringBuffer().append(stringBuffer3).append("&ReqID=").append(str).toString();
            }
        } else if (str != null) {
            stringBuffer3 = new StringBuffer().append(stringBuffer3).append("?ReqID=").append(str).toString();
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.redirectAuthentication: ").append("gotoURL=").append(stringBuffer3).toString());
        }
        stringBuffer.append(AMURLEncDec.encode(stringBuffer3));
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.redirectAuthentication: ").append("New URL for authentication: ").append(stringBuffer.toString()).toString());
        }
        httpServletResponse.sendRedirect(stringBuffer.toString());
    }

    static void signAssertion(String str, String str2, Assertion assertion) throws SAML2Exception {
        KeyProvider keyProviderInstance = KeyUtil.getKeyProviderInstance();
        if (keyProviderInstance == null) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAssertion: ").append("Unable to get a key provider instance.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
        }
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, str2, SAML2Constants.IDP_ROLE);
        if (signingCertAlias == null) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAssertion: ").append("Unable to get the hosted IDP signing certificate alias.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        assertion.sign(keyProviderInstance.getPrivateKey(signingCertAlias), keyProviderInstance.getX509Certificate(signingCertAlias));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void signAndEncryptResponseComponents(String str, String str2, String str3, Response response, boolean z) throws SAML2Exception {
        List assertion;
        AttributeStatement attributeStatement;
        List attribute;
        NameID nameID;
        boolean z2 = false;
        boolean z3 = false;
        if (response == null || (assertion = response.getAssertion()) == null || assertion.size() == 0) {
            return;
        }
        Assertion assertion2 = (Assertion) assertion.get(0);
        String attributeValueFromSSOConfig = SAML2Utils.getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
        boolean z4 = attributeValueFromSSOConfig != null && attributeValueFromSSOConfig.equals(SAML2Constants.TRUE);
        if (!z4) {
            String attributeValueFromSSOConfig2 = SAML2Utils.getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.WANT_NAMEID_ENCRYPTED);
            z2 = attributeValueFromSSOConfig2 != null && attributeValueFromSSOConfig2.equals(SAML2Constants.TRUE);
            String attributeValueFromSSOConfig3 = SAML2Utils.getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.WANT_ATTRIBUTE_ENCRYPTED);
            z3 = attributeValueFromSSOConfig3 != null && attributeValueFromSSOConfig3.equals(SAML2Constants.TRUE);
        }
        if (!z4 && !z2 && !z3) {
            if (z) {
                signAssertion(str, str3, assertion2);
                ArrayList arrayList = new ArrayList();
                arrayList.add(assertion2);
                response.setAssertion(arrayList);
                return;
            }
            return;
        }
        if (metaManager == null) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("Unable to get meta manager.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        try {
            SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str, str2);
            if (sPSSODescriptor == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("Unable to get SP SSO Descriptor from meta.").toString());
                logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str2}, adminToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            EncInfo encInfo = KeyUtil.getEncInfo(sPSSODescriptor, str2, false);
            if (encInfo == null) {
                SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("failed to get service provider encryption key info.").toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("UnableToFindEncryptKeyInfo"));
            }
            if (z4) {
                if (z) {
                    signAssertion(str, str3, assertion2);
                }
                EncryptedAssertion encrypt = assertion2.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), str2);
                if (encrypt == null) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("failed to encrypt the assertion.").toString());
                    throw new SAML2Exception(SAML2Utils.bundle.getString("FailedToEncryptAssertion"));
                }
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(encrypt);
                response.setEncryptedAssertion(arrayList2);
                response.setAssertion(new ArrayList());
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("Assertion encrypted.").toString());
                    return;
                }
                return;
            }
            if (z2) {
                Subject subject = assertion2.getSubject();
                if (subject == null || (nameID = subject.getNameID()) == null) {
                    return;
                }
                EncryptedID encrypt2 = nameID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), str2);
                if (encrypt2 == null) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("failed to encrypt the NameID.").toString());
                    throw new SAML2Exception(SAML2Utils.bundle.getString("FailedToEncryptNameID"));
                }
                subject.setEncryptedID(encrypt2);
                subject.setNameID(null);
                assertion2.setSubject(subject);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("NameID encrypted.").toString());
                }
            }
            if (z3) {
                List attributeStatements = assertion2.getAttributeStatements();
                if (attributeStatements == null || attributeStatements.size() == 0 || (attribute = (attributeStatement = (AttributeStatement) attributeStatements.get(0)).getAttribute()) == null || attribute.size() == 0) {
                    return;
                }
                EncryptedAttribute encrypt3 = ((Attribute) attribute.get(0)).encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), str2);
                if (encrypt3 == null) {
                    SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("failed to encrypt the Attribute.").toString());
                    throw new SAML2Exception(SAML2Utils.bundle.getString("FailedToEncryptAttribute"));
                }
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add(encrypt3);
                attributeStatement.setEncryptedAttribute(arrayList3);
                attributeStatement.setAttribute(new ArrayList());
                ArrayList arrayList4 = new ArrayList();
                arrayList4.add(attributeStatement);
                assertion2.setAttributeStatements(arrayList4);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("Attribute encrypted.").toString());
                }
            }
            if (z) {
                signAssertion(str, str3, assertion2);
            }
            ArrayList arrayList5 = new ArrayList();
            arrayList5.add(assertion2);
            response.setAssertion(arrayList5);
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("Unable to get SP SSO Descriptor from meta.").toString());
            logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str2}, adminToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (SSOException e2) {
            SAML2Utils.debug.error(new StringBuffer().append("IDPSSOUtil.signAndEncryptResponseComponents: ").append("invalid sso token.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    private static String getWriterURL(String str, String str2, String str3) {
        List list;
        String str4 = null;
        try {
            IDPSSOConfigElement iDPSSOConfig = metaManager.getIDPSSOConfig(str, str2);
            list = (List) (iDPSSOConfig != null ? SAML2MetaUtils.getAttributes(iDPSSOConfig) : null).get(SAML2Constants.COT_LIST);
        } catch (SAML2Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getWriterURL: ").append("Not able to getting writer URL : ").toString(), e);
            }
        } catch (Exception e2) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getWriterURL: ").append("Not able to getting writer URL : ").toString(), e2);
            }
        } catch (SSOException e3) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(new StringBuffer().append("IDPSSOUtil.getWriterURL: ").append("invalid or expired sso token : ").toString(), e3);
            }
        }
        if (list == null || list.size() == 0) {
            return null;
        }
        SPSSOConfigElement sPSSOConfig = metaManager.getSPSSOConfig(str, str3);
        List list2 = (List) (sPSSOConfig != null ? SAML2MetaUtils.getAttributes(sPSSOConfig) : null).get(SAML2Constants.COT_LIST);
        if (list2 == null || list2.size() == 0) {
            return null;
        }
        list.retainAll(list2);
        for (int i = 0; i < list.size(); i++) {
            str4 = cotManager.getCircleOfTrust(str, (String) list.get(i)).getWriterServiceURL();
            if (str4 != null && str4.trim().length() != 0) {
                break;
            }
        }
        return str4;
    }

    static {
        metaManager = null;
        cotManager = null;
        adminToken = null;
        logUtil = null;
        adminToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        try {
            metaManager = new SAML2MetaManager(adminToken);
            cotManager = new SAML2COTManager(adminToken);
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("Error retrieving metadata", e);
        } catch (SSOException e2) {
            SAML2Utils.debug.error("Invalid SSOToken", e2);
        }
        logUtil = SAML2LogManager.getLogInstance();
    }
}
