package com.sun.identity.saml2.profile;

import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.logging.SAML2LogManager;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.protocol.LogoutRequest;
import com.sun.identity.saml2.protocol.LogoutResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.security.AdminTokenAction;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:122984-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/profile/IDPSingleLogout.class */
public class IDPSingleLogout {
    static SAML2MetaManager sm;
    static SSOToken adminSSOToken;
    static LogUtil logUtil;
    static Debug debug = SAML2Utils.debug;

    /* JADX WARN: Code restructure failed: missing block: B:98:0x04a1, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void initiateLogoutRequest(javax.servlet.http.HttpServletRequest r12, javax.servlet.http.HttpServletResponse r13, java.lang.String r14, java.util.Map r15) throws com.sun.identity.saml2.common.SAML2Exception {
        /*
            Method dump skipped, instructions count: 1186
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.saml2.profile.IDPSingleLogout.initiateLogoutRequest(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String, java.util.Map):void");
    }

    public static void processLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SAML2Exception, SSOException {
        List singleLogoutService;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("IDPSingleLogout:processLogoutRequest").toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("samlRequest : ").append(str).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("relayState : ").append(str2).toString());
        }
        String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
        if (decodeFromRedirect == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlRequest"));
        }
        LogoutRequest createLogoutRequest = ProtocolFactory.getInstance().createLogoutRequest(decodeFromRedirect);
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        String value = createLogoutRequest.getIssuer().getValue();
        boolean wantLogoutRequestSigned = SAML2Utils.getWantLogoutRequestSigned(realm, entityByMetaAlias, SAML2Constants.IDP_ROLE);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("metaAlias : ").append(metaAliasByUri).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("realm : ").append(realm).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("idpEntityID : ").append(entityByMetaAlias).toString());
            debug.message(new StringBuffer().append("processLogoutRequest : ").append("spEntityID : ").append(value).toString());
        }
        if (wantLogoutRequestSigned) {
            if (!SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.IDP_ROLE, value)) {
                debug.error("Invalid signature in SLO Request.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
            }
            IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(realm, entityByMetaAlias);
            String str3 = null;
            if (iDPSSODescriptor != null && (singleLogoutService = iDPSSODescriptor.getSingleLogoutService()) != null && !singleLogoutService.isEmpty()) {
                str3 = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
                if (str3 == null || str3.length() == 0) {
                    str3 = LogoutUtil.getSLOServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
                }
            }
            if (!SAML2Utils.verifyDestination(createLogoutRequest.getDestination(), str3)) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        LogoutResponse processLogoutRequest = processLogoutRequest(createLogoutRequest, httpServletRequest, httpServletResponse, SAML2Constants.HTTP_REDIRECT, str2, entityByMetaAlias, realm);
        if (processLogoutRequest == null) {
            return;
        }
        SPSSODescriptorElement sPSSODescriptor = sm.getSPSSODescriptor(realm, value);
        if (sPSSODescriptor == null) {
            logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{value}, adminSSOToken);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List singleLogoutService2 = sPSSODescriptor.getSingleLogoutService();
        String sLOResponseServiceLocation = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService2, SAML2Constants.HTTP_REDIRECT);
        if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
            sLOResponseServiceLocation = LogoutUtil.getSLOServiceLocation(singleLogoutService2, SAML2Constants.HTTP_REDIRECT);
            if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                debug.error("Unable to find the IDP's single logout response service with the HTTP-Redirect binding");
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SP's single logout response service location = ").append(sLOResponseServiceLocation).toString());
            }
        } else if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("IDP's single logout response service location = ").append(sLOResponseServiceLocation).toString());
        }
        processLogoutRequest.setDestination(sLOResponseServiceLocation);
        LogoutUtil.sendSLOResponse(httpServletResponse, processLogoutRequest, sLOResponseServiceLocation, str2, realm, entityByMetaAlias, SAML2Constants.IDP_ROLE, value);
    }

    public static boolean processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SAML2Exception, SSOException {
        List singleLogoutService;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("samlResponse : ").append(str).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("relayState : ").append(str2).toString());
        }
        String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
        if (decodeFromRedirect == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
        }
        LogoutResponse createLogoutResponse = ProtocolFactory.getInstance().createLogoutResponse(decodeFromRedirect);
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        String value = createLogoutResponse.getIssuer().getValue();
        SAML2Utils.verifyResponseIssuer(realm, entityByMetaAlias, createLogoutResponse.getIssuer(), createLogoutResponse.getInResponseTo());
        boolean wantLogoutResponseSigned = SAML2Utils.getWantLogoutResponseSigned(realm, entityByMetaAlias, SAML2Constants.IDP_ROLE);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("metaAlias : ").append(metaAliasByUri).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("realm : ").append(realm).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("idpEntityID : ").append(entityByMetaAlias).toString());
            debug.message(new StringBuffer().append("processLogoutResponse : ").append("spEntityID : ").append(value).toString());
        }
        if (wantLogoutResponseSigned) {
            if (!SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.IDP_ROLE, value)) {
                debug.error("Invalid signature in SLO Response.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
            }
            IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(realm, entityByMetaAlias);
            String str3 = null;
            if (iDPSSODescriptor != null && (singleLogoutService = iDPSSODescriptor.getSingleLogoutService()) != null && !singleLogoutService.isEmpty()) {
                str3 = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
                if (str3 == null || str3.length() == 0) {
                    str3 = LogoutUtil.getSLOServiceLocation(singleLogoutService, SAML2Constants.HTTP_REDIRECT);
                }
            }
            if (!SAML2Utils.verifyDestination(createLogoutResponse.getDestination(), str3)) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        SSOToken sSOToken = SAML2Utils.getSSOToken(httpServletRequest);
        String obj = sSOToken.getTokenID().toString();
        Enumeration keys = IDPCache.idpSessionsByIndices.keys();
        String str4 = null;
        IDPSession iDPSession = null;
        while (keys.hasMoreElements()) {
            str4 = (String) keys.nextElement();
            iDPSession = (IDPSession) IDPCache.idpSessionsByIndices.get(str4);
            if (iDPSession != null) {
                SSOToken sSOToken2 = iDPSession.getSSOToken();
                if (sSOToken2 != null && obj.equals(sSOToken2.getTokenID().toString())) {
                    break;
                }
            } else {
                IDPCache.idpSessionsByIndices.remove(str4);
                IDPCache.authnContextCache.remove(str4);
            }
            str4 = null;
        }
        if (str4 == null) {
            if (debug.messageEnabled()) {
                debug.message("No SP session participant(s)");
            }
            SAML2Utils.destroySession(sSOToken);
            return false;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("idpSessionIndex=").append(str4).toString());
        }
        List nameIDandSPpairs = iDPSession.getNameIDandSPpairs();
        debug.message(new StringBuffer().append("idpSession.getNameIDandSPpairs()=").append(nameIDandSPpairs).toString());
        if (nameIDandSPpairs.size() != 0) {
            NameIDandSPpair nameIDandSPpair = (NameIDandSPpair) nameIDandSPpairs.remove(0);
            String sPEntityID = nameIDandSPpair.getSPEntityID();
            try {
                SPSSODescriptorElement sPSSODescriptor = sm.getSPSSODescriptor(realm, sPEntityID);
                if (sPSSODescriptor == null) {
                    logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{sPEntityID}, adminSSOToken);
                    throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
                }
                List singleLogoutService2 = sPSSODescriptor.getSingleLogoutService();
                List extensionsList = LogoutUtil.getExtensionsList(httpServletRequest.getParameterMap());
                HashMap hashMap = new HashMap(httpServletRequest.getParameterMap());
                hashMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
                String stringBuffer = LogoutUtil.doLogout(metaAliasByUri, sPEntityID, singleLogoutService2, extensionsList, SAML2Constants.HTTP_REDIRECT, str2, str4, nameIDandSPpair.getNameID(), httpServletResponse, hashMap, null).toString();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("\requestIDStr = ").append(stringBuffer).append("\nbinding = ").append(SAML2Constants.HTTP_REDIRECT).toString());
                }
                if (stringBuffer == null || stringBuffer.length() == 0) {
                    return true;
                }
                iDPSession.setPendingLogoutRequestID(stringBuffer);
                return true;
            } catch (SSOException e) {
                debug.error("SSO error : ", e);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
        }
        String pendingLogoutRequestID = iDPSession.getPendingLogoutRequestID();
        String inResponseTo = createLogoutResponse.getInResponseTo();
        if (inResponseTo != null && pendingLogoutRequestID != null && inResponseTo.equals(pendingLogoutRequestID) && debug.messageEnabled()) {
            debug.message("LogoutRespone's inResponseTo matches the previous LogoutRequest's ID.");
        }
        String originatingLogoutRequestID = iDPSession.getOriginatingLogoutRequestID();
        if (originatingLogoutRequestID == null) {
            if (iDPSession.getLogoutAll()) {
                destroyAllTokenForUser(SAML2Utils.isFM() ? iDPSession.getSSOToken().getPrincipal().getName() : iDPSession.getSSOToken().getProperty("sun.am.UniversalIdentifier"));
            } else {
                SAML2Utils.destroySession(iDPSession.getSSOToken());
                IDPCache.idpSessionsByIndices.remove(str4);
                IDPCache.authnContextCache.remove(str4);
            }
            debug.message("IDP initiated SLO Success");
            return false;
        }
        String originatingLogoutSPEntityID = iDPSession.getOriginatingLogoutSPEntityID();
        try {
            SPSSODescriptorElement sPSSODescriptor2 = sm.getSPSSODescriptor(realm, originatingLogoutSPEntityID);
            if (sPSSODescriptor2 == null) {
                logUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{originatingLogoutSPEntityID}, adminSSOToken);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            List singleLogoutService3 = sPSSODescriptor2.getSingleLogoutService();
            String sLOResponseServiceLocation = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService3, SAML2Constants.HTTP_REDIRECT);
            if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                sLOResponseServiceLocation = LogoutUtil.getSLOServiceLocation(singleLogoutService3, SAML2Constants.HTTP_REDIRECT);
                if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                    debug.error("Unable to find the IDP's single logout response service with the HTTP-Redirect binding");
                    throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SP's single logout response service location = ").append(sLOResponseServiceLocation).toString());
                }
            } else if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("IDP's single logout response service location = ").append(sLOResponseServiceLocation).toString());
            }
            LogoutResponse generateResponse = LogoutUtil.generateResponse(destroyTokenAndGenerateResponse(str4, iDPSession.getSSOToken(), originatingLogoutRequestID, entityByMetaAlias), originatingLogoutRequestID, SAML2Utils.createIssuer(entityByMetaAlias), realm, SAML2Constants.IDP_ROLE, createLogoutResponse.getIssuer().getValue());
            if (sLOResponseServiceLocation == null || generateResponse == null) {
                IDPCache.idpSessionsByIndices.remove(str4);
                IDPCache.authnContextCache.remove(str4);
                return false;
            }
            generateResponse.setDestination(sLOResponseServiceLocation);
            LogoutUtil.sendSLOResponse(httpServletResponse, generateResponse, sLOResponseServiceLocation, str2, realm, entityByMetaAlias, SAML2Constants.IDP_ROLE, value);
            IDPCache.idpSessionsByIndices.remove(str4);
            IDPCache.authnContextCache.remove(str4);
            return true;
        } catch (SSOException e2) {
            debug.error("SSO error : ", e2);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static LogoutResponse processLogoutRequest(LogoutRequest logoutRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) throws SAML2Exception {
        Status generateStatus;
        String value = logoutRequest.getIssuer().getValue();
        try {
            SAML2Utils.verifyRequestIssuer(str4, str3, logoutRequest.getIssuer(), logoutRequest.getID());
            Iterator it = logoutRequest.getSessionIndex().iterator();
            String str5 = it.hasNext() ? (String) it.next() : null;
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("IDPLogoutUtil.processLogoutRequest: idpEntityID=").append(str3).append(", sessionIndex=").append(str5).toString());
            }
            if (str5 == null) {
                debug.error("IDPLogoutUtil.processLogoutRequest: No session index in logout request");
                generateStatus = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Requester", "");
            } else {
                IDPSession iDPSession = (IDPSession) IDPCache.idpSessionsByIndices.get(str5);
                if (iDPSession == null) {
                    debug.error(new StringBuffer().append("IDPLogoutUtil.processLogoutRequest: IDP no longer has this session index ").append(str5).toString());
                    generateStatus = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", SAML2Utils.bundle.getString("invalidSessionIndex"));
                } else {
                    List nameIDandSPpairs = iDPSession.getNameIDandSPpairs();
                    int size = nameIDandSPpairs.size();
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("IDPLogoutUtil.processLogoutRequest: NameIDandSPpair for ").append(str5).append(" is ").append(nameIDandSPpairs).append(", size=").append(size).toString());
                    }
                    String value2 = logoutRequest.getIssuer().getValue();
                    int i = 0;
                    while (true) {
                        if (i >= size) {
                            break;
                        }
                        if (((NameIDandSPpair) nameIDandSPpairs.get(i)).getSPEntityID().equals(value2)) {
                            nameIDandSPpairs.remove(i);
                            break;
                        }
                        i++;
                    }
                    int size2 = nameIDandSPpairs.size();
                    if (size2 == 0) {
                        generateStatus = destroyTokenAndGenerateResponse(str5, iDPSession.getSSOToken(), logoutRequest.getID(), str3);
                        IDPCache.idpSessionsByIndices.remove(str5);
                        IDPCache.authnContextCache.remove(str5);
                    } else {
                        if (str.equals(SAML2Constants.HTTP_REDIRECT)) {
                            iDPSession.setOriginatingLogoutRequestID(logoutRequest.getID());
                            iDPSession.setOriginatingLogoutSPEntityID(logoutRequest.getIssuer().getValue());
                        }
                        for (int i2 = 0; i2 < size2; i2++) {
                            NameIDandSPpair nameIDandSPpair = str.equals(SAML2Constants.HTTP_REDIRECT) ? (NameIDandSPpair) nameIDandSPpairs.remove(0) : (NameIDandSPpair) nameIDandSPpairs.get(i2);
                            String sPEntityID = nameIDandSPpair.getSPEntityID();
                            if (debug.messageEnabled()) {
                                debug.message(new StringBuffer().append("IDPLogoutUtil.processLogoutRequest: SP for ").append(str5).append(" is ").append(sPEntityID).toString());
                            }
                            List singleLogoutService = SAML2Utils.getSAML2MetaManager().getSPSSODescriptor(str4, sPEntityID).getSingleLogoutService();
                            SPSSOConfigElement sPSSOConfigElement = null;
                            if (str.equals(SAML2Constants.SOAP)) {
                                try {
                                    sPSSOConfigElement = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(str4, sPEntityID);
                                } catch (SSOException e) {
                                    SAML2Utils.debug.error(new StringBuffer().append("IDPLogoutUtil : unable to get entity config for ").append(sPEntityID).toString(), e);
                                    sPSSOConfigElement = null;
                                }
                            }
                            String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
                            HashMap hashMap = new HashMap();
                            hashMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
                            StringBuffer doLogout = LogoutUtil.doLogout(metaAliasByUri, sPEntityID, singleLogoutService, null, str, str2, str5, nameIDandSPpair.getNameID(), httpServletResponse, hashMap, sPSSOConfigElement);
                            if (str.equals(SAML2Constants.HTTP_REDIRECT)) {
                                String stringBuffer = doLogout.toString();
                                if (stringBuffer == null || stringBuffer.length() == 0) {
                                    return null;
                                }
                                iDPSession.setPendingLogoutRequestID(stringBuffer);
                                return null;
                            }
                        }
                        generateStatus = destroyTokenAndGenerateResponse(str5, iDPSession.getSSOToken(), logoutRequest.getID(), str3);
                        IDPCache.idpSessionsByIndices.remove(str5);
                        IDPCache.authnContextCache.remove(str5);
                    }
                }
            }
        } catch (SSOException e2) {
            debug.error("IDPLogoutUtil : unable to get meta for ", e2);
            generateStatus = SAML2Utils.generateStatus(str3, e2.toString());
        }
        return LogoutUtil.generateResponse(generateStatus, logoutRequest.getID(), SAML2Utils.createIssuer(str3), str4, SAML2Constants.IDP_ROLE, value);
    }

    private static Status destroyTokenAndGenerateResponse(String str, SSOToken sSOToken, String str2, String str3) throws SAML2Exception {
        Status generateStatus;
        if (sSOToken != null) {
            try {
                SSOTokenManager.getInstance().destroyToken(sSOToken);
                if (debug.messageEnabled()) {
                    debug.message("IDPLogoutUtil.destroyTAGR: Local session destroyed.");
                }
                generateStatus = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Success", "");
            } catch (Exception e) {
                debug.error("IDPLogoutUtil.destroyTAGR: ", e);
                generateStatus = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Responder", "");
            }
        } else {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("IDPLogoutUtil.destroyTAGR: No such session with index ").append(str).append(" exists.").toString());
            }
            generateStatus = SAML2Utils.generateStatus("urn:oasis:names:tc:SAML:2.0:status:Success", "");
        }
        return generateStatus;
    }

    private static void destroyAllTokenForUser(String str) {
        Enumeration keys = IDPCache.idpSessionsByIndices.keys();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("IDPLogoutUtil.destroyAllTokenForUser: User to logoutAll : ").append(str).toString());
        }
        while (keys.hasMoreElements()) {
            String str2 = (String) keys.nextElement();
            IDPSession iDPSession = (IDPSession) IDPCache.idpSessionsByIndices.get(str2);
            if (iDPSession != null) {
                SSOToken sSOToken = iDPSession.getSSOToken();
                if (sSOToken != null) {
                    try {
                        if (str.equalsIgnoreCase(SAML2Utils.isFM() ? sSOToken.getPrincipal().getName() : sSOToken.getProperty("sun.am.UniversalIdentifier"))) {
                            SAML2Utils.destroySession(sSOToken);
                            IDPCache.idpSessionsByIndices.remove(str2);
                            IDPCache.authnContextCache.remove(str2);
                        }
                    } catch (SSOException e) {
                        debug.error(SAML2Utils.bundle.getString("invalidSSOToken"), e);
                    }
                }
            } else {
                IDPCache.idpSessionsByIndices.remove(str2);
                IDPCache.authnContextCache.remove(str2);
            }
        }
    }

    static {
        sm = null;
        adminSSOToken = null;
        logUtil = null;
        adminSSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        try {
            sm = new SAML2MetaManager(adminSSOToken);
        } catch (SSOException e) {
            debug.error("Invalid SSOToken", e);
        } catch (SAML2MetaException e2) {
            debug.error("Error retreiving metadata", e2);
        }
        logUtil = SAML2LogManager.getLogInstance();
    }
}
