package com.iplanet.services.cdc;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.SessionException;
import com.iplanet.dpro.session.service.ClusterStateService;
import com.iplanet.dpro.session.service.SessionService;
import com.iplanet.services.util.Base64;
import com.iplanet.services.util.CookieUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.Constants;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthenticationStatement;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.message.common.AuthnContextStmt;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.message.common.IDPProvidedNameIdentifier;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.assertion.AssertionIDReference;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectLocality;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.URLEncoder;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:115766-06/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/iplanet/services/cdc/CDCServlet.class */
public class CDCServlet extends HttpServlet {
    private static final ArrayList adviceParams = new ArrayList();
    static Debug debug;
    private static SSOTokenManager tokenManager;
    private static SessionService sessionService;
    private static SPValidator spValidator;
    private static String DNSAddress;
    private static String IPAddress;
    private static String authURLCookieName;
    private static String authURLCookieDomain;
    private static String deployDescriptor;
    private static boolean uniqueCookieEnabled;
    private String responseID;
    private static final char QUESTION_MARK = '?';
    private static final char AMPERSAND = '&';
    private static final char EQUAL_TO = '=';
    private static final String GOTO_PARAMETER = "goto";
    private static final String TARGET_PARAMETER = "TARGET";
    private static final String DEBUG_FILE_NAME = "amCDC";
    private static final String CDCURI = "/cdcservlet";
    private static final String AUTHURI = "/UI/Login";
    private static final String PROVIDER_ID = "ProviderID";
    private static final String REQUEST_ID = "RequestID";
    private static final String RELAY_STATE = "RelayState";
    private static final String SELF_PROVIDER_ID;

    public void init(ServletConfig servletConfig) throws ServletException {
        super/*javax.servlet.GenericServlet*/.init(servletConfig);
        debug = Debug.getInstance(DEBUG_FILE_NAME);
        debug.message("CDCServlet Initializing...");
        try {
            tokenManager = SSOTokenManager.getInstance();
        } catch (SSOException e) {
            debug.error("Unable to get SSOTokenManager", e);
        }
        sessionService = SessionService.getSessionService();
        spValidator = new LdapSPValidator();
        try {
            DNSAddress = SystemProperties.get("com.iplanet.am.server.host");
            IPAddress = InetAddress.getByName(DNSAddress).getHostAddress();
        } catch (UnknownHostException e2) {
            debug.error("CDCServlet:init: Unknown Host Exception", e2);
        }
        authURLCookieName = SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_NAME, "sunIdentityServerAuthNServer");
        authURLCookieDomain = SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_DOMAIN, "");
        deployDescriptor = SystemProperties.get("com.iplanet.am.services.deploymentDescriptor", "/amserver");
        uniqueCookieEnabled = Boolean.valueOf(SystemProperties.get(Constants.IS_ENABLE_UNIQUE_COOKIE, "false")).booleanValue();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("CDCServlet init params. Restricted Token Enabled: ").append(uniqueCookieEnabled).append(" Auth URL Cookie Name: ").append(authURLCookieName).append(" Auth URL Cookie Domain: ").append(authURLCookieDomain).append(" Deployment Descriptor: ").append(deployDescriptor).toString());
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    private void doGetPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("CDCServlet.doGetPost: Query String received: ").append(httpServletRequest.getQueryString()).toString());
        }
        SSOToken sSOToken = getSSOToken(httpServletRequest, httpServletResponse);
        if (sSOToken == null || checkForPolicyAdvice(httpServletRequest, httpServletResponse) != null) {
            redirectForAuthentication(httpServletRequest, httpServletResponse);
        } else {
            redirectWithAuthNResponse(httpServletRequest, httpServletResponse, sSOToken);
        }
    }

    private void redirectWithAuthNResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOToken sSOToken) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("goto");
        String parameter2 = httpServletRequest.getParameter("TARGET");
        if (parameter == null || parameter.length() < 1) {
            if (parameter2 == null || parameter2.length() < 1) {
                debug.error("No GOTO or TARGET URL present in the Query !!");
                showError(httpServletResponse);
                return;
            } else {
                parameter = parameter2;
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("CDCServlet.doGetPost: targetURL = ").append(parameter2).toString());
                }
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("CDCServlet.doGetPost: gotoURL = ").append(parameter).toString());
        }
        try {
            String parameter3 = httpServletRequest.getParameter("RequestID");
            sendAuthnResponse(httpServletRequest, httpServletResponse, createAuthnResponse(SELF_PROVIDER_ID, this.responseID, parameter3, new Status(new StatusCode("samlp:Success")), createAssertion(httpServletRequest.getParameter("ProviderID"), SELF_PROVIDER_ID, uniqueCookieEnabled ? sessionService.getRestrictedTokenId(sSOToken.getTokenID().toString(), spValidator.validateAndGetRestriction(FSAuthnRequest.parseURLEncodedRequest(httpServletRequest), parameter)) : sSOToken.getTokenID().toString(), sSOToken.getAuthType(), sSOToken.getProperty("authInstant"), sSOToken.getPrincipal().getName(), parameter3), httpServletRequest.getParameter("RelayState")), parameter);
        } catch (SessionException e) {
            debug.error("CDCServlet.doGetPost:SessionException occured", e);
        } catch (SSOException e2) {
            debug.error("CDCServlet.doGetPost:SSOException occured", e2);
        } catch (FSMsgException e3) {
            debug.error("CDCServlet.doGetPost:FSMsgException occured", e3);
            showError(httpServletResponse);
        } catch (FSException e4) {
            debug.error("CDCServlet.doGetPost:FSException occured", e4);
            showError(httpServletResponse);
        } catch (SAMLException e5) {
            debug.error("CDCServlet.doGetPost:SAMLException occured", e5);
            showError(httpServletResponse);
        } catch (Exception e6) {
            debug.error("CDCServlet.doGetPost:Exception occured", e6);
        }
    }

    private String getParameterString(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(100);
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (!str.equals("goto") && !adviceParams.contains(str)) {
                String[] parameterValues = httpServletRequest.getParameterValues(str);
                for (int i = 0; parameterValues != null && i < parameterValues.length; i++) {
                    stringBuffer.append('&').append(str).append('=').append(URLEncoder.encode(parameterValues[i]));
                }
            }
        }
        return stringBuffer.deleteCharAt(0).toString();
    }

    private String checkForPolicyAdvice(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        StringBuffer stringBuffer = null;
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (adviceParams.contains(str)) {
                if (stringBuffer == null) {
                    stringBuffer = new StringBuffer();
                } else {
                    stringBuffer.append('&');
                }
                String[] parameterValues = httpServletRequest.getParameterValues(str);
                for (int i = 0; parameterValues != null && i < parameterValues.length; i++) {
                    stringBuffer.append(str).append('=').append(parameterValues[i]);
                }
            }
        }
        if (stringBuffer == null) {
            return null;
        }
        return stringBuffer.toString();
    }

    private void redirectForAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        StringBuffer stringBuffer = new StringBuffer(100);
        StringBuffer stringBuffer2 = new StringBuffer(100);
        String str = null;
        Cookie cookieFromReq = CookieUtils.getCookieFromReq(httpServletRequest, authURLCookieName);
        if (cookieFromReq != null) {
            str = CookieUtils.getCookieValue(cookieFromReq);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("CDCServlet::redirectForAuthentiation got an authenticated URL: ").append(str).toString());
            }
        }
        if (str == null || str.length() == 0 || !str.toLowerCase().startsWith("http")) {
            String parameter = httpServletRequest.getParameter("goto");
            if (parameter == null || parameter.equals("")) {
                parameter = httpServletRequest.getParameter("TARGET");
            }
            if (parameter == null || parameter.equals("")) {
                showError(httpServletResponse);
                return;
            }
            stringBuffer2.append(deployDescriptor).append(CDCURI).append('?').append("TARGET").append('=').append(URLEncoder.encode(parameter)).append('&').append(getParameterString(httpServletRequest));
            stringBuffer.append("/UI/Login").append('?').append("goto").append('=').append(URLEncoder.encode(stringBuffer2.toString()));
            String checkForPolicyAdvice = checkForPolicyAdvice(httpServletRequest, httpServletResponse);
            if (checkForPolicyAdvice != null) {
                stringBuffer.append('&').append(checkForPolicyAdvice);
            }
        } else {
            stringBuffer.append(str).append(deployDescriptor).append(CDCURI).append('?').append(httpServletRequest.getQueryString());
            if (cookieFromReq != null) {
                cookieFromReq.setValue("");
                httpServletResponse.addCookie(cookieFromReq);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("Forwarding for authentication to: ").append((Object) stringBuffer).toString());
        }
        try {
            httpServletRequest.getRequestDispatcher(stringBuffer.toString()).forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            debug.error("CDCServlet.redirectForAuthentication : Failed in forwarding to Authentication service", e);
            showError(httpServletResponse);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:8:0x004a
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private void showError(javax.servlet.http.HttpServletResponse r5) {
        /*
            r4 = this;
            r0 = 0
            r6 = r0
            r0 = r5
            javax.servlet.ServletOutputStream r0 = r0.getOutputStream()     // Catch: java.io.IOException -> L19 java.lang.Throwable -> L39
            r6 = r0
            r0 = r6
            java.lang.String r1 = "ERROR: An application error has occured."
            r0.println(r1)     // Catch: java.io.IOException -> L19 java.lang.Throwable -> L39
            r0 = r6
            r0.flush()     // Catch: java.io.IOException -> L19 java.lang.Throwable -> L39
            r0 = jsr -> L41
        L16:
            goto L4e
        L19:
            r7 = move-exception
            com.iplanet.am.util.Debug r0 = com.iplanet.services.cdc.CDCServlet.debug     // Catch: java.lang.Throwable -> L39
            java.lang.StringBuffer r1 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> L39
            r2 = r1
            r2.<init>()     // Catch: java.lang.Throwable -> L39
            java.lang.String r2 = "Could not show error message to the user "
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L39
            r2 = r7
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L39
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> L39
            r0.error(r1)     // Catch: java.lang.Throwable -> L39
            r0 = jsr -> L41
        L36:
            goto L4e
        L39:
            r8 = move-exception
            r0 = jsr -> L41
        L3e:
            r1 = r8
            throw r1
        L41:
            r9 = r0
            r0 = r6
            r0.close()     // Catch: java.io.IOException -> L4a
            goto L4c
        L4a:
            r10 = move-exception
        L4c:
            ret r9
        L4e:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.iplanet.services.cdc.CDCServlet.showError(javax.servlet.http.HttpServletResponse):void");
    }

    private SSOToken getSSOToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        SSOToken sSOToken;
        try {
            SSOToken createSSOToken = tokenManager.createSSOToken(httpServletRequest);
            sSOToken = createSSOToken;
            if (createSSOToken == null || !tokenManager.isValidToken(sSOToken)) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("SSOToken is either null or not valid: ").append(sSOToken).append("\nRedirecting for authentication").toString());
                }
                sSOToken = null;
            }
        } catch (SSOException e) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("SSOException caught: ").append(e).toString());
            }
            sSOToken = null;
        }
        return sSOToken;
    }

    private FSAuthnResponse createAuthnResponse(String str, String str2, String str3, Status status, FSAssertion fSAssertion, String str4) throws SAMLException, FSMsgException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(fSAssertion);
        FSAuthnResponse fSAuthnResponse = new FSAuthnResponse(null, str3, status, arrayList, str4);
        fSAuthnResponse.setProviderId(str);
        return fSAuthnResponse;
    }

    private FSAssertion createAssertion(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws FSException, SAMLException {
        Date date;
        debug.message("CDCServlet: createAssertion(...): Called");
        if (str == null || str2 == null || str3 == null || str4 == null || str6 == null || str7 == null) {
            if (debug.messageEnabled()) {
                debug.message("CDCServlet::createAssertion: null input for method createAssertion.");
            }
            throw new FSException(FSUtils.bundle.getString("nullInput"));
        }
        try {
            NameIdentifier nameIdentifier = new NameIdentifier(URLEncoder.encode(str3), str2);
            if (str5 != null) {
                try {
                    date = FSUtils.stringToDate(str5);
                } catch (Exception e) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("CDCServlet: unable to convert authInst: ").append(str5).toString());
                    }
                    date = new Date();
                }
            } else {
                date = new Date();
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("CDCServlet.createAssertion(id):  Creating Authentication Assertion for user with opaqueHandle =").append(nameIdentifier.getName()).append(" and SecurityDomain = ").append(str2).toString());
            }
            FSAuthenticationStatement fSAuthenticationStatement = new FSAuthenticationStatement(str4, date, new FSSubject(nameIdentifier, new SubjectConfirmation("urn:oasis:names:tc:SAML:1.0:cm:bearer"), new IDPProvidedNameIdentifier(nameIdentifier.getNameQualifier(), nameIdentifier.getName())), new SubjectLocality(IPAddress, DNSAddress), null, new AuthnContextStmt(null, null));
            Date date2 = new Date();
            long intValue = new Integer(60).intValue() * ClusterStateService.DEFAULT_TIMEOUT;
            if (intValue < 60000) {
                intValue = 60000;
            }
            Date date3 = new Date(date2.getTime() + intValue);
            fSAuthenticationStatement.setReauthenticateOnOrAfter(date3);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("CDCServlet.createAssertion(...):Authentication Statement: ").append(fSAuthenticationStatement.toXMLString()).toString());
            }
            Conditions conditions = new Conditions(date2, date3);
            if (str != null && !str.equals("")) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(str);
                conditions.addAudienceRestrictionCondition(new AudienceRestrictionCondition(arrayList));
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("CDCServlet.createAssertion(...): Condition: ").append(conditions.toString()).toString());
            }
            AssertionIDReference assertionIDReference = new AssertionIDReference();
            HashSet hashSet = new HashSet();
            hashSet.add(fSAuthenticationStatement);
            FSAssertion fSAssertion = new FSAssertion(assertionIDReference.getAssertionIDReference(), str2, date2, conditions, hashSet, str7);
            fSAssertion.setID(assertionIDReference.getAssertionIDReference());
            FSUtils.access("FSAssertionManager", new StringBuffer().append(FSUtils.bundle.getString("assertionCreated")).append(":").append(fSAssertion.toString()).toString());
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("CDCServlet.createAssertion(id): Returning Assertion: ").append(fSAssertion.toXMLString()).toString());
            }
            return fSAssertion;
        } catch (Exception e2) {
            debug.error("CDCServlet:createAssertion(...): exception preparing assertion info: ", e2);
            throw new FSException("Alliance manager could not find local descriptor");
        }
    }

    private void sendAuthnResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnResponse fSAuthnResponse, String str) {
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.sendAuthnResponse: Called");
        }
        try {
            String xMLString = fSAuthnResponse.toXMLString(true, true);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("CDCServlet::sendAuthnResponse: AuthnResponse: ").append(xMLString).toString());
            }
            String encode = Base64.encode(xMLString.getBytes());
            httpServletResponse.setContentType("text/html");
            httpServletResponse.setHeader("Pragma", "no-cache");
            Cookie cookie = null;
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null && 0 < cookies.length) {
                Cookie cookie2 = cookies[0];
                cookie = cookie2;
                if (cookie2.getName().equals(authURLCookieName)) {
                }
            }
            if (cookie != null && !cookie.getValue().toLowerCase().startsWith("http")) {
                StringBuffer stringBuffer = new StringBuffer(50);
                stringBuffer.append(new StringBuffer().append(httpServletRequest.getScheme()).append(ISAuthConstants.URL_SEPARATOR).append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).toString());
                if (cookie == null) {
                    cookie = new Cookie(authURLCookieName, stringBuffer.toString());
                    cookie.setDomain(authURLCookieDomain);
                } else {
                    cookie.setValue(stringBuffer.toString());
                }
                httpServletResponse.addCookie(cookie);
            }
            PrintWriter writer = httpServletResponse.getWriter();
            writer.println("<HTML>");
            writer.println("<BODY Onload=\"document.Response.submit()\">");
            writer.println(new StringBuffer().append("<FORM NAME=\"Response\" METHOD=\"POST\" ACTION=\"").append(str).append("\">").toString());
            writer.println(new StringBuffer().append("<INPUT TYPE=\"HIDDEN\" NAME=\"LARES\" VALUE=\"").append(encode).append("\"/>").toString());
            writer.println("</FORM>");
            writer.println("</BODY></HTML>");
            writer.close();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("CDCServlet:sendAuthnResponse: AuthnResponse sent successfully to: ").append(str).toString());
            }
        } catch (FSMsgException e) {
            debug.error(new StringBuffer().append("CDCServlet:sendAuthnResponse:").append(e.getMessage()).toString());
        } catch (IOException e2) {
            debug.error(new StringBuffer().append("CDCServlet:sendAuthnResponse:").append(e2.getMessage()).toString());
        }
    }

    static {
        adviceParams.add("module");
        adviceParams.add(IFSConstants.AUTH_LEVEL_KEY);
        adviceParams.add("role");
        adviceParams.add(AuthXMLTags.INDEX_TYPE_SVC_ATTR);
        adviceParams.add(AuthXMLTags.INDEX_TYPE_USER_ATTR);
        adviceParams.add("org");
        DNSAddress = "localhost";
        IPAddress = "127.0.0.1";
        SELF_PROVIDER_ID = new StringBuffer().append(FSServiceUtils.getBaseURL()).append(CDCURI).toString();
    }
}
