package com.sun.identity.federation.services.logout;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.alliance.FSAllianceManager;
import com.sun.identity.federation.alliance.FSHostedProviderDescriptor;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSLogoutResponse;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:115766-10/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/logout/FSReturnLogoutServlet.class */
public class FSReturnLogoutServlet extends HttpServlet {
    private static String COMMON_ERROR_PAGE = "";
    FSAllianceManager allianceInst = null;
    private String userDN = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super/*javax.servlet.GenericServlet*/.init(servletConfig);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSReturnLogoutServlet Initializing...");
        }
        this.allianceInst = FSServiceUtils.getAllianceInstance();
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    private void doGetPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
        }
        if (!FSServiceUtils.isLibertyEnabled()) {
            FSUtils.debug.error(new StringBuffer().append("FSReturnLogoutServlet: ").append(FSUtils.bundle.getString("notLibertyEnabled")).toString());
            FSUtils.error("FSReturnLogoutServlet", FSUtils.bundle.getString("notLibertyEnabled"));
            httpServletResponse.sendError(500, FSUtils.bundle.getString("notLibertyEnabled"));
            return;
        }
        String parameter = httpServletRequest.getParameter(IFSConstants.META_ALIAS);
        if (parameter == null || parameter.length() < 1) {
            parameter = FSServiceUtils.getMetaAlias(httpServletRequest);
        }
        if (parameter == null || parameter.length() < 1) {
            FSUtils.debug.message("Unable to retrieve alias, Hosted Provider. Cannot process request");
            httpServletResponse.sendError(500, FSUtils.bundle.getString("aliasNotFound"));
            return;
        }
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            sSOTokenManager.validateToken(createSSOToken);
            this.userDN = createSSOToken.getPrincipal().toString();
            try {
                FSHostedProviderDescriptor hostedProviderByMetaAlias = this.allianceInst.getHostedProviderByMetaAlias(parameter);
                setLogoutURL(hostedProviderByMetaAlias.getProviderID(), httpServletRequest);
                new FSLogoutResponse();
                try {
                    FSLogoutResponse parseURLEncodedRequest = FSLogoutResponse.parseURLEncodedRequest(httpServletRequest);
                    FSProviderDescriptor fSProviderDescriptor = null;
                    try {
                        fSProviderDescriptor = this.allianceInst.getProvider(parseURLEncodedRequest.getProviderId());
                    } catch (FSAllianceManagementException e) {
                    }
                    if (fSProviderDescriptor == null) {
                        showBadRequestErrorPage(httpServletResponse);
                        return;
                    }
                    boolean z = true;
                    try {
                        if (FSServiceUtils.isSigningOn()) {
                            z = verifyResponseSignature(httpServletRequest, fSProviderDescriptor);
                        }
                    } catch (FSException e2) {
                    } catch (SAMLException e3) {
                    }
                    if (!z) {
                        FSUtils.debug.error("FSReturnLogoutServlet Signature on logout response is invalidCannot proceed logout");
                        FSUtils.error("FSReturnLogoutServlet", FSUtils.bundle.getString(IFSConstants.LOGOUT_INVALID_SIGNATURE));
                        showBadRequestErrorPage(httpServletResponse);
                        return;
                    }
                    String value = parseURLEncodedRequest.getStatus().getStatusCode().getValue();
                    if (value.equalsIgnoreCase(IFSConstants.SAML_FAILURE)) {
                        FSReturnSessionManager fSReturnSessionManager = FSReturnSessionManager.getInstance(hostedProviderByMetaAlias.getProviderID());
                        if (fSReturnSessionManager != null) {
                            FSUtils.debug.message("update status of logout to failure  in session manager");
                            fSReturnSessionManager.setLogoutStatus(value, this.userDN);
                        } else {
                            FSUtils.debug.message("Cannot get FSReturnSessionManager");
                        }
                    }
                    StringBuffer stringBuffer = new StringBuffer();
                    httpServletRequest.setAttribute("logoutSource", "remote");
                    stringBuffer.append(IFSConstants.SLO_VALUE);
                    stringBuffer.append("/");
                    stringBuffer.append(IFSConstants.META_ALIAS);
                    stringBuffer.append("/");
                    stringBuffer.append(parameter);
                    FSUtils.debug.message(new StringBuffer().append("About to get RequestDispatcher for ").append(stringBuffer.toString()).toString());
                    RequestDispatcher requestDispatcher = getServletConfig().getServletContext().getRequestDispatcher(stringBuffer.toString());
                    if (requestDispatcher != null) {
                        requestDispatcher.forward(httpServletRequest, httpServletResponse);
                        return;
                    }
                    FSUtils.debug.message("RequestDispatcher is null");
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("Unable to find ").append((Object) stringBuffer).toString());
                    }
                    FSUtils.debug.message("calling sendErrorPage ");
                    sendErrorPage(httpServletRequest, httpServletResponse, parameter);
                } catch (FSMsgException e4) {
                    showBadRequestErrorPage(httpServletResponse);
                } catch (SAMLException e5) {
                    showBadRequestErrorPage(httpServletResponse);
                }
            } catch (FSAllianceManagementException e6) {
                FSUtils.debug.error("Failed to get Hosted Provider");
                httpServletResponse.sendError(500, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
            }
        } catch (SSOException e7) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", e7);
            }
            httpServletResponse.sendError(500, FSUtils.bundle.getString("nullSSOToken"));
        }
    }

    private void sendErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        FSServiceUtils.getLocale(httpServletRequest);
        try {
            if (this.allianceInst == null) {
                FSUtils.debug.error("Alliance manager instance is null");
                httpServletResponse.sendError(500, FSUtils.bundle.getString("failedToReadDataStore"));
                return;
            }
            FSHostedProviderDescriptor hostedProviderByMetaAlias = this.allianceInst.getHostedProviderByMetaAlias(str);
            String logoutDonePageURL = hostedProviderByMetaAlias.getLocalConfiguration().getLogoutDonePageURL(httpServletRequest);
            if (logoutDonePageURL != null && logoutDonePageURL.length() >= 1) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(logoutDonePageURL);
                stringBuffer.append(logoutDonePageURL.indexOf(63) < 0 ? '?' : '&');
                stringBuffer.append(IFSConstants.LOGOUT_STATUS);
                stringBuffer.append('=');
                stringBuffer.append(IFSConstants.LOGOUT_FAILURE);
                httpServletResponse.sendRedirect(stringBuffer.toString());
                return;
            }
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append(hostedProviderByMetaAlias.getLocalConfiguration().getErrorPageURL(httpServletRequest));
            stringBuffer2.append(stringBuffer2.toString().indexOf(63) < 0 ? '?' : '&');
            stringBuffer2.append(IFSConstants.FEDERROR);
            stringBuffer2.append('=');
            stringBuffer2.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED)));
            stringBuffer2.append('&');
            stringBuffer2.append(IFSConstants.FEDREMARK);
            stringBuffer2.append('=');
            stringBuffer2.append(URLEncoder.encode(FSUtils.bundle.getString(IFSConstants.METADATA_ERROR)));
            FSUtils.debug.message(new StringBuffer().append("Redirecting to Error page : ").append(stringBuffer2.toString()).toString());
            httpServletResponse.sendRedirect(stringBuffer2.toString());
        } catch (FSAllianceManagementException e) {
            FSUtils.debug.error(new StringBuffer().append("FSAllianceManagementException caught :FSReturnLogoutServlet ").append(e.getMessage()).toString());
        } catch (IOException e2) {
            FSUtils.debug.error(new StringBuffer().append("IOException caught : FSReturnLogoutServlet ").append(e2.getMessage()).toString());
        }
    }

    private void showBadRequestErrorPage(HttpServletResponse httpServletResponse) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(COMMON_ERROR_PAGE);
        stringBuffer.append(COMMON_ERROR_PAGE.indexOf(63) < 0 ? '?' : '&');
        stringBuffer.append(IFSConstants.FEDERROR);
        stringBuffer.append('=');
        stringBuffer.append(FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_IMPROPER));
        stringBuffer.append('&');
        stringBuffer.append(IFSConstants.FEDREMARK);
        stringBuffer.append('=');
        stringBuffer.append(FSUtils.bundle.getString(IFSConstants.LOGOUT_FAILED));
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("Redirecting to Error page : ").append(stringBuffer.toString()).toString());
        }
        try {
            httpServletResponse.sendRedirect(stringBuffer.toString());
        } catch (IOException e) {
            FSUtils.debug.error("Failed to redirect to error page");
        }
    }

    private boolean verifyResponseSignature(HttpServletRequest httpServletRequest, FSProviderDescriptor fSProviderDescriptor) throws SAMLException, FSException {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSReturnLogoutServlet::verifylogoutSignature");
        }
        String keyInfo = fSProviderDescriptor.getKeyInfo();
        if (keyInfo == null || keyInfo.equals("")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSReturnLogoutServlet.verifyRegistrationSignature: couldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("The certAlias is : ").append(keyInfo).toString());
        }
        if (!FSSignatureUtil.verifyRequestSignature(httpServletRequest, keyInfo)) {
            FSUtils.debug.error("Logout response is not properly signed");
            return false;
        }
        if (!FSUtils.debug.messageEnabled()) {
            return true;
        }
        FSUtils.debug.message("Logout response is properly signed");
        return true;
    }

    protected void setLogoutURL(String str, HttpServletRequest httpServletRequest) {
        try {
            if (this.allianceInst != null) {
                COMMON_ERROR_PAGE = this.allianceInst.getHostedProvider(str).getLocalConfiguration().getErrorPageURL(httpServletRequest);
            }
        } catch (FSAllianceManagementException e) {
            FSUtils.debug.error(new StringBuffer().append("FSAllianceManagementException ").append(e.getMessage()).toString());
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("COMMON_ERROR_PAGE : ").append(COMMON_ERROR_PAGE).toString());
        }
    }
}
