package com.sun.identity.federation.services.fednsso;

import com.iplanet.am.console.base.model.AMQueryParameters;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.server.AuthContextLocal;
import com.sun.identity.authentication.service.AuthUtils;
import com.sun.identity.common.Constants;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountManager;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.alliance.FSHostedProviderDescriptor;
import com.sun.identity.federation.alliance.FSLocalConfigurationDescriptor;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.alliance.FSSPAuthenticationContextInfo;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthenticationStatement;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.message.common.AuthnContextStmt;
import com.sun.identity.federation.message.common.IDPProvidedNameIdentifier;
import com.sun.identity.federation.services.FSServiceManager;
import com.sun.identity.federation.services.FSSession;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.FSSessionPartner;
import com.sun.identity.federation.services.registration.FSNameRegistrationHandler;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.Response;
import com.sun.identity.saml.servlet.POSTCleanUpThread;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.sm.CookieUtils;
import java.io.IOException;
import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:117586-13/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/federation/services/fednsso/FSAssertionArtifactHandler.class */
public class FSAssertionArtifactHandler {
    protected HttpServletRequest request;
    protected HttpServletResponse response;
    protected FSProviderDescriptor idpDescriptor;
    protected FSAuthnRequest authnRequest;
    protected String relayState;
    protected static Map idTimeMap = new HashMap();
    protected static Thread cThread = new POSTCleanUpThread(idTimeMap);
    protected boolean doFederate;
    protected String hostProviderId;
    protected FSLocalConfigurationDescriptor localConfig;
    private String idpSessionIndex;
    private Date reAuthnOnOrAfterDate;
    private AuthnContextStmt authnContextStmt;
    private List cookieDomainList;
    protected AttributeStatement bootStrapStatement;

    public void setHostProviderId(String str) {
        this.hostProviderId = str;
        try {
            this.localConfig = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId).getLocalConfiguration();
        } catch (FSAllianceManagementException e) {
            FSUtils.debug.error("FSAssertionArtifactHandler.setHostProviderId: Could not obtain local config");
        }
    }

    public String getHostProviderId() {
        return this.hostProviderId;
    }

    public FSAuthnRequest getAuthnRequest() {
        return this.authnRequest;
    }

    public void setAuthnRequest(FSAuthnRequest fSAuthnRequest) {
        this.authnRequest = fSAuthnRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSAssertionArtifactHandler() {
        this.request = null;
        this.response = null;
        this.idpDescriptor = null;
        this.authnRequest = null;
        this.relayState = null;
        this.doFederate = false;
        this.hostProviderId = null;
        this.localConfig = null;
        this.idpSessionIndex = null;
        this.reAuthnOnOrAfterDate = null;
        this.authnContextStmt = null;
        this.cookieDomainList = FSServiceUtils.getCookieDomainList();
        this.bootStrapStatement = null;
    }

    public FSAssertionArtifactHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSProviderDescriptor fSProviderDescriptor, boolean z, String str) {
        this.request = null;
        this.response = null;
        this.idpDescriptor = null;
        this.authnRequest = null;
        this.relayState = null;
        this.doFederate = false;
        this.hostProviderId = null;
        this.localConfig = null;
        this.idpSessionIndex = null;
        this.reAuthnOnOrAfterDate = null;
        this.authnContextStmt = null;
        this.cookieDomainList = FSServiceUtils.getCookieDomainList();
        this.bootStrapStatement = null;
        if (httpServletRequest != null) {
            this.request = httpServletRequest;
        }
        if (httpServletResponse != null) {
            this.response = httpServletResponse;
        }
        if (str != null) {
            this.relayState = str;
        }
        if (fSProviderDescriptor != null) {
            this.idpDescriptor = fSProviderDescriptor;
        }
        this.doFederate = z;
    }

    public FSAssertionArtifactHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSProviderDescriptor fSProviderDescriptor, FSAuthnRequest fSAuthnRequest, boolean z, String str) {
        this.request = null;
        this.response = null;
        this.idpDescriptor = null;
        this.authnRequest = null;
        this.relayState = null;
        this.doFederate = false;
        this.hostProviderId = null;
        this.localConfig = null;
        this.idpSessionIndex = null;
        this.reAuthnOnOrAfterDate = null;
        this.authnContextStmt = null;
        this.cookieDomainList = FSServiceUtils.getCookieDomainList();
        this.bootStrapStatement = null;
        if (httpServletRequest != null) {
            this.request = httpServletRequest;
        }
        if (httpServletResponse != null) {
            this.response = httpServletResponse;
        }
        if (str != null) {
            this.relayState = str;
        }
        if (fSProviderDescriptor != null) {
            this.idpDescriptor = fSProviderDescriptor;
        }
        if (fSAuthnRequest != null) {
            this.authnRequest = fSAuthnRequest;
        }
        this.doFederate = z;
    }

    public FSAssertionArtifactHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, String str) {
        this.request = null;
        this.response = null;
        this.idpDescriptor = null;
        this.authnRequest = null;
        this.relayState = null;
        this.doFederate = false;
        this.hostProviderId = null;
        this.localConfig = null;
        this.idpSessionIndex = null;
        this.reAuthnOnOrAfterDate = null;
        this.authnContextStmt = null;
        this.cookieDomainList = FSServiceUtils.getCookieDomainList();
        this.bootStrapStatement = null;
        if (httpServletRequest != null) {
            this.request = httpServletRequest;
        }
        if (httpServletResponse != null) {
            this.response = httpServletResponse;
        }
        if (str != null) {
            this.relayState = str;
        }
        this.doFederate = z;
    }

    public void processAuthnResponse(FSAuthnResponse fSAuthnResponse) {
        int i;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler.ProcessAuthnResponse: Called");
        }
        try {
            FSLocalConfigurationDescriptor localConfiguration = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId).getLocalConfiguration();
            String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(this.request), this.authnRequest.getRelayState(), null, this.request, FSServiceUtils.getBaseURL(this.request));
            try {
                if (fSAuthnResponse == null) {
                    FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("missingAuthnResponse"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: ").append(FSUtils.bundle.getString("missingAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP ").append("Redirecting to the Framed Login Page").toString());
                    this.response.sendRedirect(commonLoginPageURL);
                    return;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.doPost: Received ").append(fSAuthnResponse.toXMLString()).toString());
                }
                if (!verifyResponseStatus(fSAuthnResponse)) {
                    FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("invalidResponse"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler. processAuthnResponse: ").append(FSUtils.bundle.getString("invalidResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    this.response.sendRedirect(commonLoginPageURL);
                    return;
                }
                FSSubject fSSubject = (FSSubject) validateAssertions(fSAuthnResponse.getAssertion());
                if (fSSubject == null) {
                    FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("invalidAssertion"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: ").append(FSUtils.bundle.getString("InvalidResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    this.response.sendRedirect(commonLoginPageURL);
                    return;
                }
                FSSessionManager fSSessionManager = FSSessionManager.getInstance(getHostProviderId());
                if (this.doFederate) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Initiate Account Federation");
                    }
                    IDPProvidedNameIdentifier iDPProvidedNameIdentifier = fSSubject.getIDPProvidedNameIdentifier();
                    if (iDPProvidedNameIdentifier == null) {
                        FSUtils.error("FSAssertionArtifactHandler", "Single Sign-On failed. NameIdentifier of the subject is null");
                        throw new FSException("NameIdentifier of the subject is null");
                    }
                    if (!doAccountFederation(iDPProvidedNameIdentifier)) {
                        FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("Accountfederationfailed"));
                        FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: ").append(FSUtils.bundle.getString("Accountfederationfailed")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                        this.response.sendRedirect(commonLoginPageURL);
                        return;
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Account federation successful");
                        }
                        String inResponseTo = fSAuthnResponse.getInResponseTo();
                        fSSessionManager.removeAuthnRequest(inResponseTo);
                        fSSessionManager.removeLocalSSOToken(inResponseTo);
                        return;
                    }
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Initiate SingleSign-On");
                }
                IDPProvidedNameIdentifier iDPProvidedNameIdentifier2 = fSSubject.getIDPProvidedNameIdentifier();
                NameIdentifier nameIdentifier = fSSubject.getNameIdentifier();
                if (iDPProvidedNameIdentifier2 == null || nameIdentifier == null) {
                    FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("invalidResponse"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler. processAuthnResponse: ").append(FSUtils.bundle.getString("invalidResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    this.response.sendRedirect(commonLoginPageURL);
                    return;
                }
                String name = iDPProvidedNameIdentifier2.getName();
                String name2 = nameIdentifier.getName();
                if (name == null || name2 == null) {
                    FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("invalidResponse"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: ").append(FSUtils.bundle.getString("invalidResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    this.response.sendRedirect(commonLoginPageURL);
                    return;
                }
                if (name.equals(name2)) {
                    nameIdentifier = iDPProvidedNameIdentifier2;
                    i = 1;
                } else {
                    i = 0;
                }
                if (doSingleSignOn(nameIdentifier, i, localConfiguration.getAssociatedOrgDN())) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Accountfederation successful");
                    }
                    fSSessionManager.removeAuthnRequest(fSAuthnResponse.getInResponseTo());
                } else {
                    FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("SSOfailed"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: ").append(FSUtils.bundle.getString("invalidResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    this.response.sendRedirect(commonLoginPageURL);
                }
            } catch (Exception e) {
                FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: Exception Occured: ").append(e.getMessage()).toString());
                FSUtils.error("FSAssertionArtifactHandler", e.getMessage());
                try {
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: ").append(FSUtils.bundle.getString("invalidResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    this.response.sendRedirect(commonLoginPageURL);
                } catch (IOException e2) {
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.processAuthnResponse: IOException Occured: ").append(e2.getMessage()).toString());
                }
            }
        } catch (FSAllianceManagementException e3) {
            FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: Could not obtain local config");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifyResponseStatus(Response response) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler.verifyResponseStatus: Called");
        }
        if (!response.getStatus().getStatusCode().getValue().endsWith(":Success")) {
            FSUtils.debug.error("FSAssertionArtifactHandler.verifyResponse: Incorrect StatusCode value.");
            return false;
        }
        if (!FSUtils.debug.messageEnabled()) {
            return true;
        }
        FSUtils.debug.message("FSAssertionArtifactHandler.verifyResponse: StatusCode value verified.");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject validateAssertions(List list) {
        Set confirmationMethod;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertions: Called");
        }
        FSSubject fSSubject = null;
        Iterator it = list.iterator();
        try {
            String providerID = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId).getProviderID();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertions: ProviderID of the site is:").append(providerID).toString());
            }
            long currentTimeMillis = System.currentTimeMillis() + 180000;
            while (it.hasNext()) {
                FSAssertion fSAssertion = (FSAssertion) it.next();
                if (!this.authnRequest.getRequestID().equals(fSAssertion.getInResponseTo())) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: assertion does not correspond to any valid request");
                    return null;
                }
                if (FSServiceUtils.isSigningOn() && !verifyAssertionSignature(fSAssertion)) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: assertion signature verification failed");
                    return null;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: Assertion signature verified");
                }
                String assertionID = fSAssertion.getAssertionID();
                if (idTimeMap.containsKey(assertionID)) {
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion: Assertion: ").append(assertionID).append(" is used").toString());
                    return null;
                }
                String issuer = fSAssertion.getIssuer();
                try {
                    FSProviderDescriptor provider = FSServiceUtils.getAllianceInstance().getProvider(issuer);
                    if (provider == null) {
                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is not on the trust list");
                        return null;
                    }
                    if (this.idpDescriptor == null) {
                        FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is: ").append(issuer).toString());
                        setProviderDescriptor(provider);
                    } else if (!this.idpDescriptor.getProviderID().equals(issuer)) {
                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is not the entity where AuthnRequest was sent originally.");
                        return null;
                    }
                    if (!fSAssertion.isTimeValid()) {
                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion's time is not valid.");
                        return null;
                    }
                    Conditions conditions = fSAssertion.getConditions();
                    if (!forThisServer(conditions, providerID)) {
                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: assertion is not issued for this site.");
                        return null;
                    }
                    boolean z = false;
                    if (fSAssertion.getStatement() != null) {
                        for (Statement statement : fSAssertion.getStatement()) {
                            if (statement.getStatementType() == 1) {
                                FSAuthenticationStatement fSAuthenticationStatement = (FSAuthenticationStatement) statement;
                                z = true;
                                try {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion: validating AuthenticationStatement:").append(fSAuthenticationStatement.toXMLString()).toString());
                                    }
                                    this.reAuthnOnOrAfterDate = fSAuthenticationStatement.getReauthenticateOnOrAfter();
                                    this.idpSessionIndex = fSAuthenticationStatement.getSessionIndex();
                                    this.authnContextStmt = fSAuthenticationStatement.getAuthnContext();
                                    fSSubject = (FSSubject) fSAuthenticationStatement.getSubject();
                                    if (fSSubject == null) {
                                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Subject is null");
                                        return null;
                                    }
                                    try {
                                        if (FSUtils.debug.messageEnabled()) {
                                            FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion: found Authentication Statement. Subject = ").append(fSSubject.toXMLString()).toString());
                                        }
                                        SubjectConfirmation subjectConfirmation = fSSubject.getSubjectConfirmation();
                                        if (subjectConfirmation == null || (confirmationMethod = subjectConfirmation.getConfirmationMethod()) == null || confirmationMethod.size() != 1) {
                                            FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: missing or extra ConfirmationMethod.");
                                            return null;
                                        }
                                        String str = (String) confirmationMethod.iterator().next();
                                        if (str == null || !(str.equals("urn:oasis:names:tc:SAML:1.0:cm:bearer") || str.equals("urn:oasis:names:tc:SAML:1.0:cm:artifact-01"))) {
                                            FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: wrong ConfirmationMethod");
                                            return null;
                                        }
                                        if (FSUtils.debug.messageEnabled()) {
                                            FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion: Confirmation method: ").append(str).toString());
                                        }
                                    } catch (FSException e) {
                                        FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion:  Exception. Invalid subject: ").append(e.getMessage()).toString());
                                        FSUtils.error("FSAssertionArtifactHandler", new StringBuffer().append("Exception. Invalid subject: ").append(e.getMessage()).toString());
                                    }
                                } catch (FSException e2) {
                                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion: Exception. Invalid AuthenticationStatement: ").append(e2.getMessage()).toString());
                                    FSUtils.error("FSAssertionArtifactHandler", e2.getMessage());
                                    return null;
                                }
                            }
                        }
                    }
                    if (!z) {
                        if (!FSUtils.debug.messageEnabled()) {
                            return null;
                        }
                        FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: No Authentication statement found in the Assertion. User is not authenticated by the IDP");
                        return null;
                    }
                    Date notOnorAfter = conditions.getNotOnorAfter();
                    if (notOnorAfter != null) {
                        currentTimeMillis = notOnorAfter.getTime();
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertion: Adding ").append(assertionID).append(" to idTimeMap.").toString());
                    }
                    synchronized (idTimeMap) {
                        idTimeMap.put(assertionID, new Long(currentTimeMillis));
                    }
                } catch (Exception e3) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is not on the trust list");
                    return null;
                }
            }
            if (fSSubject != null) {
                return fSSubject;
            }
            FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: couldn't find Subject.");
            return null;
        } catch (Exception e4) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.validateAssertions:").append(e4.getMessage()).toString());
            return null;
        }
    }

    protected boolean verifyAssertionSignature(FSAssertion fSAssertion) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: Called");
        }
        try {
            if (!fSAssertion.isSigned()) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: Assertion is not signed");
                return false;
            }
            String keyInfo = this.idpDescriptor.getKeyInfo();
            if (keyInfo == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.verifyAssertionSignature: Provider's certAlias is found: ").append(keyInfo).toString());
                FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.verifyAssertionSignature: xmlString to be verified: ").append(fSAssertion.getSignedXMLString()).toString());
            }
            return XMLSignatureManager.getInstance().verifyXMLSignature(fSAssertion.getDOMElement(), keyInfo);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.verifyAssertionSignature: Exception occured while verifying IDP's signature:").append(e.getMessage()).toString());
            return false;
        }
    }

    protected boolean forThisServer(Conditions conditions, String str) {
        Set audienceRestrictionCondition;
        FSUtils.debug.message("FSAssertionArtifactHandler.forThisServer: Called");
        if (conditions == null || str == null || str.equals("") || (audienceRestrictionCondition = conditions.getAudienceRestrictionCondition()) == null || audienceRestrictionCondition.isEmpty()) {
            return true;
        }
        boolean z = false;
        Iterator it = audienceRestrictionCondition.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((AudienceRestrictionCondition) it.next()).containsAudience(str)) {
                z = true;
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.forThisServer: Assertion is validated to befor this server");
                }
            }
        }
        return z;
    }

    protected boolean generateToken(NameIdentifier nameIdentifier, int i, String str) {
        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Called");
        if (nameIdentifier == null) {
            FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Invalid userDN input");
            return false;
        }
        if (str == null || str.equals("")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.generateToken:Invalid orgDN input using default orgDN");
            }
            str = SystemProperties.get("com.iplanet.am.defaultOrg");
        }
        try {
            String name = nameIdentifier.getName();
            String hostProviderId = i == 0 ? getHostProviderId() : this.idpDescriptor.getProviderID();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.generateToken: Trying to get userDN for opaqueHandle= ").append(name).append(" ,securityDomain= ").append(hostProviderId).append(" And HandleType=").append(i).toString());
            }
            FSAccountFedInfoKey fSAccountFedInfoKey = new FSAccountFedInfoKey(hostProviderId, name);
            FSAccountManager fSAccountManager = FSAccountManager.getInstance();
            String userDN = fSAccountManager.getUserDN(fSAccountFedInfoKey, str);
            if (userDN == null) {
                FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Can't dereference handle.");
                return false;
            }
            if (fSAccountManager.readAccountFedInfo(userDN, this.idpDescriptor.getProviderID()) == null) {
                FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: User's account is not federated");
                return false;
            }
            String str2 = SystemProperties.get(Constants.AM_COOKIE_NAME);
            String str3 = null;
            int i2 = 0;
            Map sPAuthContextInfo = this.localConfig.getSPAuthContextInfo();
            if (this.authnContextStmt == null || this.authnContextStmt.getAuthnContextClassRef() == null || this.authnContextStmt.getAuthnContextClassRef().equals("")) {
                FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Could not find AuthnContextClassRef in the AuthenticationStatement. Using default authnContextClass");
            } else {
                str3 = this.authnContextStmt.getAuthnContextClassRef();
                if (str3 != null && !str3.equals("")) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.generateToken: AuthnContextClassRef found in AuthenticationStatement:").append(str3).toString());
                    }
                    FSSPAuthenticationContextInfo fSSPAuthenticationContextInfo = (FSSPAuthenticationContextInfo) sPAuthContextInfo.get(str3);
                    if (fSSPAuthenticationContextInfo != null) {
                        i2 = fSSPAuthenticationContextInfo.getAuthenticationLevel();
                    } else {
                        FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.generateToken: Could not find AuthnContextClassInfo for authnContextClassRef: ").append(str3).append("Using default authnContextClass").toString());
                        str3 = null;
                    }
                }
            }
            if (str3 == null || str3.equals("")) {
                FSSPAuthenticationContextInfo fSSPAuthenticationContextInfo2 = (FSSPAuthenticationContextInfo) sPAuthContextInfo.get(this.localConfig.getDefaultAuthenticationContext());
                if (fSSPAuthenticationContextInfo2 == null) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Could not find authentication level for default authentication context class");
                    return false;
                }
                i2 = fSSPAuthenticationContextInfo2.getAuthenticationLevel();
            }
            AuthContextLocal authContext = AuthUtils.getAuthContext(str);
            AuthUtils.getLoginState(authContext).setHttpServletRequest(this.request);
            authContext.login(AuthContext.IndexType.USER, userDN, true);
            SSOToken sSOToken = authContext.getSSOToken();
            sSOToken.setProperty("AuthLevel", new Integer(i2).toString());
            sSOToken.setProperty("authInstant", getAuthInstant());
            String sSOTokenID = sSOToken.getTokenID().toString();
            this.request.setAttribute(str2, sSOTokenID);
            this.relayState = SessionEncodeURL.encodeURL(SessionEncodeURL.createCookieString(sSOTokenID), this.relayState, (short) 0, true);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler. generateTokenSetting SSOToken as cookie: CookieName=").append(str2).append(" And cookie value= ").append(sSOTokenID).append(" And relayState=").append(this.relayState).toString());
            }
            if (this.cookieDomainList != null) {
                Iterator it = this.cookieDomainList.iterator();
                while (it != null && it.hasNext()) {
                    this.response.addCookie(CookieUtils.newCookie(str2, sSOTokenID, "/", (String) it.next()));
                }
            } else {
                this.response.addCookie(CookieUtils.newCookie(str2, sSOTokenID, "/"));
            }
            String str4 = SystemProperties.get("com.sun.identity.federation.fedCookieName");
            if (this.cookieDomainList != null) {
                Iterator it2 = this.cookieDomainList.iterator();
                while (it2 != null && it2.hasNext()) {
                    this.response.addCookie(CookieUtils.newCookie(str4, "yes", 31536000, "/", (String) it2.next()));
                }
            } else {
                this.response.addCookie(CookieUtils.newCookie(str4, "yes", 31536000, "/", null));
            }
            FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.hostProviderId);
            FSSession session = fSSessionManager.getSession(userDN, sSOTokenID);
            if (session != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.generateToken: No existing session found  for userDN:").append(userDN).append(" And SessionID: ").append(sSOTokenID).append(" Creating a new Session").toString());
                }
                session.addSessionPartner(new FSSessionPartner(this.idpDescriptor.getProviderID(), true));
                session.setSessionIndex(this.idpSessionIndex);
                fSSessionManager.addSession(userDN, session);
                return true;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.generateToken: An Existing session foundfor userDN:").append(userDN).append(" And SessionID: ").append(sSOTokenID).append(" Adding partner to the Session").toString());
            }
            FSSession fSSession = new FSSession(sSOTokenID);
            fSSession.addSessionPartner(new FSSessionPartner(this.idpDescriptor.getProviderID(), true));
            if (this.idpSessionIndex != null) {
                fSSession.setSessionIndex(this.idpSessionIndex);
            }
            fSSessionManager.addSession(userDN, fSSession);
            return true;
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.generateToken: Exception Occured ").append(e.getMessage()).toString());
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processSAMLRequest() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doSingleSignOn(NameIdentifier nameIdentifier, int i, String str) {
        FSUtils.debug.message("FSAssertionArtifactHandler.doSingleSignOn: Called");
        try {
            if (!generateToken(nameIdentifier, i, str)) {
                FSUtils.error("FSAssertionArtifactHandler.doSingleSignOn", FSUtils.bundle.getString("failGenerateSSOToken"));
                return false;
            }
            FSUtils.access("FSAssertionArtifactHandler", new StringBuffer().append(FSUtils.bundle.getString("accessGranted")).append(" ").append(FSUtils.bundle.getString("redirectTo")).append(this.relayState).toString());
            this.response.setHeader(AMQueryParameters.QUERY_PARAM_LOCATION, this.relayState);
            redirectToResource(this.relayState);
            return true;
        } catch (Exception e) {
            FSUtils.error("FSAssertionArtifactHandler.doSingleSignOn", e.getMessage());
            return false;
        }
    }

    protected void redirectToResource(String str) throws FSException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doAccountFederation(NameIdentifier nameIdentifier) {
        SSOToken sSOToken;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation:Called");
        }
        if (nameIdentifier == null) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.doAccountFederation:").append(FSUtils.bundle.getString("invalidInput")).toString());
            return false;
        }
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            sSOToken = sSOTokenManager.createSSOToken(this.request);
            if (sSOToken == null || !sSOTokenManager.isValidToken(sSOToken)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation: couldn't obtain ssoToken from cookie");
                }
                sSOToken = null;
            }
        } catch (SSOException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation: exception when getting ssoToken from cookie:", e);
            }
            sSOToken = null;
        }
        FSSessionManager fSSessionManager = null;
        if (sSOToken == null) {
            try {
                fSSessionManager = FSSessionManager.getInstance(this.hostProviderId);
                sSOToken = fSSessionManager.getLocalSSOToken(this.authnRequest.getRequestID());
                SSOTokenManager sSOTokenManager2 = SSOTokenManager.getInstance();
                if (sSOToken == null || !sSOTokenManager2.isValidToken(sSOToken)) {
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.doAccountFederation: ").append(FSUtils.bundle.getString("failGenerateSSOToken")).toString());
                    FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("failGenerateSSOToken"));
                    return false;
                }
                this.relayState = sSOToken.encodeURL(this.relayState);
                this.request.setAttribute(SystemProperties.get(Constants.AM_COOKIE_NAME), sSOToken.getTokenID().toString());
            } catch (Exception e2) {
                FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.doAccountFederation: ").append(FSUtils.bundle.getString("failGenerateSSOToken")).toString(), e2);
                FSUtils.error("FSAssertionArtifactHandler", FSUtils.bundle.getString("failGenerateSSOToken"));
                return false;
            }
        }
        try {
            String name = nameIdentifier.getName();
            String name2 = sSOToken.getPrincipal().getName();
            String providerID = this.idpDescriptor.getProviderID();
            FSAccountManager.getInstance().writeAccountFedInfo(name2, new FSAccountFedInfoKey(providerID, name), new FSAccountFedInfo(providerID, (NameIdentifier) null, nameIdentifier, true));
            if (fSSessionManager == null) {
                fSSessionManager = FSSessionManager.getInstance(this.hostProviderId);
            }
            String sSOTokenID = sSOToken.getTokenID().toString();
            FSSession session = fSSessionManager.getSession(name2, sSOTokenID);
            if (session != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.doAccountFederation: No existing session found  for userDN:").append(name2).append(" And SessionID: ").append(sSOTokenID).append(" Creating a new Session").toString());
                }
                session.addSessionPartner(new FSSessionPartner(this.idpDescriptor.getProviderID(), true));
                session.setSessionIndex(this.idpSessionIndex);
                fSSessionManager.addSession(name2, session);
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAssertionArtifactHandler.doAccountFederation: An Existing session foundfor userDN:").append(name2).append(" And SessionID: ").append(sSOTokenID).append(" Adding partner to the Session").toString());
                }
                FSSession fSSession = new FSSession(sSOTokenID);
                fSSession.addSessionPartner(new FSSessionPartner(this.idpDescriptor.getProviderID(), true));
                if (this.idpSessionIndex != null) {
                    fSSession.setSessionIndex(this.idpSessionIndex);
                }
                fSSessionManager.addSession(name2, fSSession);
            }
            FSUtils.access("FSAssertionArtifactHandler", new StringBuffer().append(FSUtils.bundle.getString("accessGranted")).append(" ").append(FSUtils.bundle.getString("redirectTo")).append(this.relayState).toString());
            this.response.setHeader(AMQueryParameters.QUERY_PARAM_LOCATION, this.relayState);
            String str = SystemProperties.get("com.sun.identity.federation.fedCookieName");
            if (this.cookieDomainList != null) {
                Iterator it = this.cookieDomainList.iterator();
                while (it != null && it.hasNext()) {
                    this.response.addCookie(CookieUtils.newCookie(str, "yes", 31536000, "/", (String) it.next()));
                }
            } else {
                this.response.addCookie(CookieUtils.newCookie(str, "yes", 31536000, "/", null));
            }
            try {
                FSHostedProviderDescriptor hostedProvider = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId);
                if (hostedProvider.getNameRegistrationIndicator()) {
                    FSNameRegistrationHandler nameRegistrationHandler = FSServiceManager.getInstance().getNameRegistrationHandler(this.idpDescriptor.getProviderID(), sSOToken.getPrincipal().getName());
                    if (nameRegistrationHandler != null) {
                        nameRegistrationHandler.setHostedDescriptor(hostedProvider);
                        nameRegistrationHandler.handleRegistrationAfterFederation(this.relayState, this.response);
                    }
                    if (!isRegisProfileSOAP(sSOToken.getPrincipal().toString(), this.idpDescriptor.getProviderID(), hostedProvider, this.idpDescriptor)) {
                        return true;
                    }
                }
            } catch (SSOException e3) {
            } catch (FSAllianceManagementException e4) {
            }
            try {
                redirectToResource(this.relayState);
                return true;
            } catch (Exception e5) {
                FSUtils.error("FSAssertionArtifactHandler.doAccountFederation", e5.getMessage());
                return false;
            }
        } catch (Exception e6) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionArtifactHandler.doAccountFederation:").append(FSUtils.bundle.getString("ExceptionOccured")).toString(), e6);
            return false;
        }
    }

    protected FSAuthnRequest getInResponseToRequest(String str) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
        }
        FSAuthnRequest authnRequest = FSSessionManager.getInstance(this.hostProviderId).getAuthnRequest(str);
        this.authnRequest = authnRequest;
        return authnRequest;
    }

    protected FSProviderDescriptor getProvider(String str) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getProvider: Called");
        }
        return FSSessionManager.getInstance(this.hostProviderId).getProviderDescriptor(str);
    }

    public void setProviderDescriptor(FSProviderDescriptor fSProviderDescriptor) {
        this.idpDescriptor = fSProviderDescriptor;
    }

    private String DNtoName(String str) {
        int indexOf = str.indexOf("=");
        int indexOf2 = str.indexOf(",");
        return indexOf2 == -1 ? str.substring(indexOf + 1).trim() : str.substring(indexOf + 1, indexOf2).trim();
    }

    public String getAuthInstant() {
        try {
            return SAMLUtils.dateToString(new Date());
        } catch (ParseException e) {
            FSUtils.debug.message("Error getting authInstant ", e);
            return null;
        }
    }

    private boolean isRegisProfileSOAP(String str, String str2, FSHostedProviderDescriptor fSHostedProviderDescriptor, FSProviderDescriptor fSProviderDescriptor) {
        try {
            FSAccountFedInfo readAccountFedInfo = FSAccountManager.getInstance().readAccountFedInfo(str, str2);
            FSUtils.debug.message(new StringBuffer().append("host profile is ").append(fSHostedProviderDescriptor.getNameRegistrationProfile()).toString());
            FSUtils.debug.message(new StringBuffer().append("remote profile is ").append(fSProviderDescriptor.getNameRegistrationProfile()).toString());
            if (readAccountFedInfo.isRoleIDP()) {
                if (fSHostedProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || fSHostedProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
                    return true;
                }
                if (fSHostedProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || fSHostedProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
                    return false;
                }
                FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration Invalid registration profile cannot process request");
                return true;
            }
            if (fSProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || fSProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
                return true;
            }
            if (fSProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || fSProviderDescriptor.getNameRegistrationProfile().equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
                return false;
            }
            FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration Invalid registration profile cannot process request");
            return true;
        } catch (FSAccountMgmtException e) {
            FSUtils.debug.message(new StringBuffer().append("in excpetion").append(e.getMessage()).toString());
            return true;
        }
    }

    static {
        cThread.start();
    }
}
