package com.sun.identity.federation.services.fednsso;

import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountManager;
import com.sun.identity.federation.alliance.FSAllianceManagementConstants;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.alliance.FSHostedProviderDescriptor;
import com.sun.identity.federation.alliance.FSLocalConfigurationDescriptor;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSAMLRequest;
import com.sun.identity.federation.services.FSAssertionManager;
import com.sun.identity.federation.services.FSAuthContextResult;
import com.sun.identity.federation.services.FSAuthnDecisionImpl;
import com.sun.identity.federation.services.FSServiceManager;
import com.sun.identity.federation.services.FSSession;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.FSSessionPartner;
import com.sun.identity.federation.services.util.FSNameIdentifierHelper;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureManager;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:117586-16/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/federation/services/fednsso/FSSSOAndFedHandler.class */
public abstract class FSSSOAndFedHandler {
    protected HttpServletRequest request;
    protected HttpServletResponse response;
    protected FSProviderDescriptor spDescriptor;
    protected String relayState;
    protected FSAuthnRequest authnRequest;
    protected SSOToken ssoToken;
    protected String hostProviderId;
    protected String metaAlias;
    protected FSLocalConfigurationDescriptor localConfig;

    public void setHostProviderId(String str) {
        this.hostProviderId = str;
        try {
            this.localConfig = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId).getLocalConfiguration();
        } catch (FSAllianceManagementException e) {
            FSUtils.debug.error("FSSSOAndFedHandler.setHostProviderId: Could not obtain local config");
        }
    }

    public void setMetaAlias(String str) {
        this.metaAlias = str;
    }

    public String getHostProviderId() {
        return this.hostProviderId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSSSOAndFedHandler() {
        this.request = null;
        this.response = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.hostProviderId = null;
        this.metaAlias = null;
        this.localConfig = null;
    }

    public FSSSOAndFedHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, FSProviderDescriptor fSProviderDescriptor, String str, SSOToken sSOToken) {
        this.request = null;
        this.response = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.hostProviderId = null;
        this.metaAlias = null;
        this.localConfig = null;
        if (httpServletRequest != null) {
            this.request = httpServletRequest;
        }
        if (httpServletResponse != null) {
            this.response = httpServletResponse;
        }
        if (str != null) {
            this.relayState = str;
        }
        if (fSAuthnRequest != null) {
            this.authnRequest = fSAuthnRequest;
        }
        if (fSProviderDescriptor != null) {
            this.spDescriptor = fSProviderDescriptor;
        }
        if (sSOToken != null) {
            this.ssoToken = sSOToken;
        }
    }

    public FSSSOAndFedHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, FSProviderDescriptor fSProviderDescriptor, String str) {
        this.request = null;
        this.response = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.hostProviderId = null;
        this.metaAlias = null;
        this.localConfig = null;
        if (httpServletRequest != null) {
            this.request = httpServletRequest;
        }
        if (httpServletResponse != null) {
            this.response = httpServletResponse;
        }
        if (fSAuthnRequest != null) {
            this.authnRequest = fSAuthnRequest;
        }
        if (fSProviderDescriptor != null) {
            this.spDescriptor = fSProviderDescriptor;
        }
        if (str != null) {
            this.relayState = str;
        }
    }

    public FSSSOAndFedHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.request = null;
        this.response = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.hostProviderId = null;
        this.metaAlias = null;
        this.localConfig = null;
        if (httpServletRequest != null) {
            this.request = httpServletRequest;
        }
        if (httpServletResponse != null) {
            this.response = httpServletResponse;
        }
    }

    public boolean processPreAuthnSSO(FSAuthnRequest fSAuthnRequest) {
        boolean z;
        FSAuthContextResult uRLForAuthnContext;
        FSAuthContextResult uRLForAuthnContext2;
        FSAuthContextResult uRLForAuthnContext3;
        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
        List list = null;
        String str = null;
        String str2 = null;
        FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.hostProviderId);
        if (fSAuthnRequest.getAuthnContext() != null) {
            list = fSAuthnRequest.getAuthnContext().getAuthnContextClassRefList();
            if (list == null) {
                list = new ArrayList();
                list.add(FSAllianceManagementConstants.PASSWORD);
            }
            str2 = fSAuthnRequest.getAuthContextCompType();
            fSAuthnRequest.getAuthnContext().getAuthnContextStatementRefList();
            str = null;
        }
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(this.request);
            if (createSSOToken == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: SSOToken is null. User is not authenticated.");
                }
                z = false;
            } else if (sSOTokenManager.isValidToken(createSSOToken)) {
                FSSession session = fSSessionManager.getSession(createSSOToken);
                if (session != null) {
                    str = session.getAuthnContext();
                    if (str != null) {
                        z = true;
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPreAuthnSSO: User has an existing valid session with authnContext: ").append(str).toString());
                        }
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context information not found using default authentication context");
                        }
                        str = this.localConfig.getDefaultAuthenticationContext();
                        z = true;
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authenticated session information is not present in FSSessionManager. using default authentication context");
                    }
                    str = this.localConfig.getDefaultAuthenticationContext();
                    z = true;
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: SSOToken is not valid. User is not authenticated.");
                }
                z = false;
            }
        } catch (SSOException e) {
            FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPreAuthnSSO: SSOException Occured: User does not have SSOToken ").append(e.getMessage()).toString());
            z = false;
        }
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication status: ").append(z).toString());
            }
            FSServiceManager.getInstance();
            FSAuthnDecisionImpl fSAuthnDecisionImpl = new FSAuthnDecisionImpl(this.hostProviderId, this.request);
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.localConfig.getDefaultAuthenticationContext());
            if (fSAuthnRequest.getIsPassive()) {
                if (fSAuthnRequest.getForceAuthn()) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: IDP is passive can't force authentication.");
                    return false;
                }
                if (!z) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: IDP is passive and user is not authenticated");
                    return false;
                }
                if (list != null) {
                    uRLForAuthnContext3 = fSAuthnDecisionImpl.decideAuthnContext(list, str, str2);
                } else if (0 != 0) {
                    uRLForAuthnContext3 = fSAuthnDecisionImpl.decideAuthnContext((String) null, str);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is default");
                    }
                    uRLForAuthnContext3 = fSAuthnDecisionImpl.getURLForAuthnContext(arrayList, str2);
                }
                if (uRLForAuthnContext3 == null) {
                    return false;
                }
                if (uRLForAuthnContext3.getLoginURL() != null) {
                    FSUtils.forwardRequest(this.request, this.response, formatLoginURL(uRLForAuthnContext3.getLoginURL(), uRLForAuthnContext3.getAuthContextRef()));
                    return true;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is evaluated to be valid");
                }
                return processPostAuthnSSO(fSAuthnRequest);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: AuthnRequest is active");
            }
            if (fSAuthnRequest.getForceAuthn()) {
                FSAuthContextResult uRLForAuthnContext4 = list != null ? fSAuthnDecisionImpl.getURLForAuthnContext(list, str2) : 0 != 0 ? fSAuthnDecisionImpl.getURLForAuthnContext((String) null) : fSAuthnDecisionImpl.getURLForAuthnContext(arrayList);
                if (uRLForAuthnContext4 == null || uRLForAuthnContext4.getLoginURL() == null || uRLForAuthnContext4.getLoginURL().equals("")) {
                    if (!FSUtils.debug.messageEnabled()) {
                        return false;
                    }
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:AuthnDecision engine failed to take a authn decision");
                    return false;
                }
                String loginURL = uRLForAuthnContext4.getLoginURL();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPreAuthnSSO: AuthnDecision engine returned: ").append(loginURL).toString());
                }
                FSUtils.forwardRequest(this.request, this.response, formatLoginURL(loginURL, uRLForAuthnContext4.getAuthContextRef()));
                this.response.flushBuffer();
                return true;
            }
            if (z) {
                if (list != null) {
                    uRLForAuthnContext2 = fSAuthnDecisionImpl.decideAuthnContext(list, str, str2);
                } else if (0 != 0) {
                    uRLForAuthnContext2 = fSAuthnDecisionImpl.decideAuthnContext((String) null, str);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is default");
                    }
                    uRLForAuthnContext2 = fSAuthnDecisionImpl.getURLForAuthnContext(arrayList, str2);
                }
                if (uRLForAuthnContext2 == null) {
                    return false;
                }
                if (uRLForAuthnContext2.getLoginURL() == null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is evaluated to be valid");
                    }
                    return processPostAuthnSSO(fSAuthnRequest);
                }
                if (uRLForAuthnContext2.getLoginURL().equals("")) {
                    return false;
                }
                String loginURL2 = uRLForAuthnContext2.getLoginURL();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPreAuthnSSO: AuthnDecision engine returned: ").append(loginURL2).toString());
                }
                FSUtils.forwardRequest(this.request, this.response, formatLoginURL(loginURL2, uRLForAuthnContext2.getAuthContextRef()));
                return true;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: AuthnRequest is active");
            }
            if (list != null) {
                uRLForAuthnContext = fSAuthnDecisionImpl.getURLForAuthnContext(list, str2);
            } else if (0 != 0) {
                uRLForAuthnContext = fSAuthnDecisionImpl.getURLForAuthnContext((String) null);
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is default");
                }
                uRLForAuthnContext = fSAuthnDecisionImpl.getURLForAuthnContext(arrayList, str2);
            }
            if (uRLForAuthnContext == null || uRLForAuthnContext.getLoginURL() == null || uRLForAuthnContext.getLoginURL().equals("")) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO:  AuthnDecision engine failed to take a decision");
                return false;
            }
            String loginURL3 = uRLForAuthnContext.getLoginURL();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPreAuthnSSO: AuthnDecision engine returned: ").append(loginURL3).toString());
            }
            FSUtils.forwardRequest(this.request, this.response, formatLoginURL(loginURL3, uRLForAuthnContext.getAuthContextRef()));
            return true;
        } catch (Exception e2) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: Exception occured");
            return processPostAuthnSSO(fSAuthnRequest);
        }
    }

    public String formatLoginURL(String str, String str2) {
        FSUtils.debug.message("FSSSOAndFedHandler.formatLoginURL: Called");
        try {
            if (str == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.formatLoginURL: ");
                return null;
            }
            FSHostedProviderDescriptor hostedProvider = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId);
            String sSOServiceURL = hostedProvider.getSSOServiceURL();
            StringBuffer stringBuffer = new StringBuffer(sSOServiceURL);
            if (sSOServiceURL.indexOf(63) == -1) {
                stringBuffer.append("?");
            } else {
                stringBuffer.append(SessionEncodeURL.AMPERSAND);
            }
            stringBuffer.append(IFSConstants.AUTHN_INDICATOR_PARAM).append("=").append("true").append(SessionEncodeURL.AMPERSAND).append(IFSConstants.AUTHN_CONTEXT).append("=").append(URLEncoder.encode(str2)).append(SessionEncodeURL.AMPERSAND).append("_liberty_idp").append("=").append(URLEncoder.encode(this.hostProviderId)).append(SessionEncodeURL.AMPERSAND).append("RequestID").append("=").append(URLEncoder.encode(this.authnRequest.getRequestID()));
            hostedProvider.getLocalConfiguration();
            String stringBuffer2 = new StringBuffer().append(FSServiceUtils.getBaseURL(this.request)).append(IFSConstants.POST_LOGIN_PAGE).toString();
            StringBuffer stringBuffer3 = new StringBuffer(stringBuffer2);
            if (stringBuffer2.indexOf(63) == -1) {
                stringBuffer3.append("?");
            } else {
                stringBuffer3.append(SessionEncodeURL.AMPERSAND);
            }
            stringBuffer3.append("RelayState").append("=").append(URLEncoder.encode(stringBuffer.toString())).append(SessionEncodeURL.AMPERSAND).append(IFSConstants.SSOKEY).append("=").append("true").append(SessionEncodeURL.AMPERSAND).append(IFSConstants.META_ALIAS).append("=").append(this.metaAlias);
            StringBuffer stringBuffer4 = new StringBuffer(100);
            stringBuffer4.append(str);
            if (str.indexOf(63) == -1) {
                stringBuffer4.append("?");
            } else {
                stringBuffer4.append(SessionEncodeURL.AMPERSAND);
            }
            stringBuffer4.append("goto").append("=").append(URLEncoder.encode(stringBuffer3.toString()));
            Set authDomainURLList = this.localConfig.getAuthDomainURLList();
            if (authDomainURLList != null && !authDomainURLList.isEmpty()) {
                stringBuffer4.append(SessionEncodeURL.AMPERSAND).append("org").append("=").append(URLEncoder.encode((String) authDomainURLList.iterator().next()));
            }
            this.request.getSession(true).setAttribute(IFSConstants.AUTHN_CONTEXT, str2);
            int length = stringBuffer4.length() - 1;
            if (stringBuffer4.charAt(length) == '&') {
                stringBuffer4 = stringBuffer4.deleteCharAt(length);
            }
            return stringBuffer4.toString();
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.formatLoginURL: Exception: ").append(e.getMessage()).toString());
            return null;
        }
    }

    public boolean processPostAuthnSSO(FSAuthnRequest fSAuthnRequest) {
        FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: Called");
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(this.request);
            if (createSSOToken == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: SSOToken is null.");
                return false;
            }
            if (!sSOTokenManager.isValidToken(createSSOToken)) {
                FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: SSOToken is not valid.");
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: SSOToken is valid.");
            }
            this.ssoToken = createSSOToken;
            try {
                String name = createSSOToken.getPrincipal().getName();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPostAuthnSSO: UserDN of the principal in the session: ").append(name).toString());
                }
                FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.hostProviderId);
                FSSession session = fSSessionManager.getSession(name, createSSOToken.getTokenID().toString());
                if (session != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPostAuthnSSO: An existing SSO session found with ID:").append(session.getSessionID()).toString());
                    }
                    session.addSessionPartner(new FSSessionPartner(this.spDescriptor.getProviderID(), false));
                    fSSessionManager.addSession(name, session);
                } else {
                    String sSOTokenID = createSSOToken.getTokenID().toString();
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processPostAuthnSSO: No existing SSO session found. Entering a new session to the session manager with ID: ").append(sSOTokenID).toString());
                    }
                    FSSession fSSession = new FSSession(sSOTokenID);
                    fSSession.addSessionPartner(new FSSessionPartner(this.spDescriptor.getProviderID(), false));
                    fSSessionManager.addSession(name, fSSession);
                }
                if (!fSAuthnRequest.getFederate()) {
                    return doSingleSignOn(createSSOToken, fSAuthnRequest.getRequestID());
                }
                FSAccountFedInfo doAccountFederation = doAccountFederation(createSSOToken);
                if (doAccountFederation == null) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: Accountfederation failed");
                    return false;
                }
                NameIdentifier remoteNameIdentifier = doAccountFederation.getRemoteNameIdentifier();
                NameIdentifier localNameIdentifier = doAccountFederation.getLocalNameIdentifier();
                if (localNameIdentifier == null) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: Opaque handle not found");
                    return false;
                }
                if (remoteNameIdentifier == null) {
                    remoteNameIdentifier = localNameIdentifier;
                }
                return doSingleSignOn(createSSOToken, fSAuthnRequest.getRequestID(), remoteNameIdentifier, localNameIdentifier);
            } catch (SSOException e) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.processPostAuthnSSO: SSOException occured. Principal information not found in the SSOToken: ").append(e.getMessage()).toString());
                return false;
            }
        } catch (SSOException e2) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.processPostAuthnSSO: ").append(e2.getMessage()).toString());
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSAuthnResponse createAuthnResponse(SSOToken sSOToken, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse:  Called");
        try {
            String requestID = this.authnRequest.getRequestID();
            FSServiceUtils.getAllianceInstance();
            FSAssertion createFSAssertion = FSAssertionManager.getInstance(this.hostProviderId).createFSAssertion(sSOToken.getTokenID().toString(), null, this.spDescriptor, this.hostProviderId, nameIdentifier, nameIdentifier2, str, this.authnRequest.getMinorVersion());
            Status status = new Status(new StatusCode("samlp:Success"));
            ArrayList arrayList = new ArrayList();
            arrayList.add(createFSAssertion);
            FSAuthnResponse fSAuthnResponse = new FSAuthnResponse(null, requestID, status, arrayList, this.relayState);
            fSAuthnResponse.setMinorVersion(this.authnRequest.getMinorVersion());
            FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.createAuthnResponse: CHECK1: ").append(this.hostProviderId).toString());
            fSAuthnResponse.setProviderId(this.hostProviderId);
            return fSAuthnResponse;
        } catch (FSException e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.createAuthnResponse: FSException: ").append(e.getMessage()).toString());
            return null;
        } catch (SAMLException e2) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.createAuthnResponse: SAMLException: ").append(e2.getMessage()).toString());
            return null;
        }
    }

    protected boolean doSingleSignOn(SSOToken sSOToken, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        return false;
    }

    protected boolean doSingleSignOn(SSOToken sSOToken, String str) {
        FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn(2):  Called");
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.doSingleSignOn: Initiating SSO for user with DN: ").append(sSOToken.getPrincipal().getName()).toString());
            }
            FSAccountFedInfo readAccountFedInfo = FSAccountManager.getInstance().readAccountFedInfo(sSOToken.getPrincipal().getName(), this.authnRequest.getProviderId());
            if (readAccountFedInfo == null) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.doSingleSignOn: Account Federation Information not found for user with DN: ").append(sSOToken.getPrincipal().getName()).toString());
                FSUtils.error("FSSSOAndFedHandler", new StringBuffer().append("Account Federation Information not found for user with DN: ").append(sSOToken.getPrincipal().getName()).toString());
                return false;
            }
            NameIdentifier localNameIdentifier = readAccountFedInfo.getLocalNameIdentifier();
            if (localNameIdentifier == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: NameIdentifier not found");
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.doSingleSignOn: IDP generated opaque handle: ").append(localNameIdentifier.getName()).toString());
            }
            NameIdentifier remoteNameIdentifier = readAccountFedInfo.getRemoteNameIdentifier();
            if (remoteNameIdentifier == null) {
                remoteNameIdentifier = localNameIdentifier;
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.doSingleSignOn: SP generated opaque handle: ").append(remoteNameIdentifier.getName()).toString());
            }
            return doSingleSignOn(sSOToken, str, remoteNameIdentifier, localNameIdentifier);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.doSingleSignOn: Exception during Single Sign-On:").append(e.getMessage()).toString());
            return false;
        }
    }

    protected FSAccountFedInfo doAccountFederation(SSOToken sSOToken) {
        FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation:  Called");
        try {
            String createNameIdentifier = new FSNameIdentifierHelper(this.hostProviderId).createNameIdentifier();
            if (createNameIdentifier == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: Could not generate handle");
                return null;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.doAccountFederation: Generated handle: ").append(createNameIdentifier).toString());
            }
            String name = sSOToken.getPrincipal().getName();
            String providerId = this.authnRequest.getProviderId();
            String hostProviderId = getHostProviderId();
            FSAccountFedInfo fSAccountFedInfo = new FSAccountFedInfo(providerId, new NameIdentifier(createNameIdentifier, hostProviderId), (NameIdentifier) null, false);
            FSAccountManager.getInstance().writeAccountFedInfo(name, new FSAccountFedInfoKey(hostProviderId, createNameIdentifier), fSAccountFedInfo);
            return fSAccountFedInfo;
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: Exception when doing account federation");
            return null;
        }
    }

    protected void returnErrorResponse() {
    }

    public FSResponse processSAMLRequest(FSSAMLRequest fSSAMLRequest) {
        FSUtils.debug.error("FSSSOAndFedHandler.processSAMLRequest: Call should not resolve here, abstract class.");
        return null;
    }

    public void processAuthnRequest(FSAuthnRequest fSAuthnRequest, boolean z) {
        FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: Called");
        this.authnRequest = fSAuthnRequest;
        String requestID = fSAuthnRequest.getRequestID();
        String providerId = fSAuthnRequest.getProviderId();
        try {
            Set trustedProviders = this.localConfig.getTrustedProviders();
            if (trustedProviders == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: RemoteProvider is not trusted");
                FSAuthnResponse fSAuthnResponse = new FSAuthnResponse(null, requestID, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                fSAuthnResponse.setMinorVersion(fSAuthnRequest.getMinorVersion());
                sendAuthnResponse(fSAuthnResponse);
                return;
            }
            if (!trustedProviders.contains(providerId)) {
                FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: RemoteProvider is not trusted");
                FSAuthnResponse fSAuthnResponse2 = new FSAuthnResponse(null, requestID, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                fSAuthnResponse2.setMinorVersion(fSAuthnRequest.getMinorVersion());
                sendAuthnResponse(fSAuthnResponse2);
                return;
            }
            if (z) {
                if (processPostAuthnSSO(fSAuthnRequest)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing successful");
                        return;
                    }
                    return;
                } else {
                    FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing failed");
                    FSUtils.error("FSSSOAndFedHandler", FSUtils.bundle.getString("AuthnRequestProcessingFailed"));
                    FSAuthnResponse fSAuthnResponse3 = new FSAuthnResponse(null, requestID, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                    fSAuthnResponse3.setMinorVersion(fSAuthnRequest.getMinorVersion());
                    sendAuthnResponse(fSAuthnResponse3);
                    return;
                }
            }
            FSServiceUtils.getAllianceInstance();
            this.spDescriptor.getKeyInfo();
            boolean authnRequestSigned = this.spDescriptor.getAuthnRequestSigned();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.processAuthnRequest: ProviderID : ").append(this.spDescriptor.getProviderID()).append(" AuthnRequestSigned :this is for testing ").append(authnRequestSigned).toString());
            }
            if (FSServiceUtils.isSigningOn() && authnRequestSigned) {
                if (!verifyRequestSignature(fSAuthnRequest)) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Signature Verification Failed");
                    FSUtils.error("FSSSOAndFedHandler", FSUtils.bundle.getString("SignatureVerificationFailed"));
                    FSAuthnResponse fSAuthnResponse4 = new FSAuthnResponse(null, requestID, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("SignatureVerificationFailed"), null), null, this.relayState);
                    fSAuthnResponse4.setMinorVersion(fSAuthnRequest.getMinorVersion());
                    sendAuthnResponse(fSAuthnResponse4);
                    return;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler. processAuthnRequest: AuthnRequest Signature Verified");
                }
            }
            if (processPreAuthnSSO(fSAuthnRequest)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing successful");
                }
            } else {
                FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing failed");
                FSUtils.error("FSSSOAndFedHandler", FSUtils.bundle.getString("AuthnRequestProcessingFailed"));
                FSAuthnResponse fSAuthnResponse5 = new FSAuthnResponse(null, requestID, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                fSAuthnResponse5.setMinorVersion(fSAuthnRequest.getMinorVersion());
                sendAuthnResponse(fSAuthnResponse5);
            }
        } catch (Exception e) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            e.printStackTrace(new PrintStream(byteArrayOutputStream));
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.processAuthnRequest: Exception Occured: ").append(e.getMessage()).append("Stack trace is ").append(byteArrayOutputStream.toString()).toString());
            FSUtils.error("FSSSOAndFedHandler", new StringBuffer().append(FSUtils.bundle.getString(AuthXMLTags.EXCEPTION)).append(e.getMessage()).toString());
            try {
                FSAuthnResponse fSAuthnResponse6 = new FSAuthnResponse(null, requestID, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                fSAuthnResponse6.setMinorVersion(fSAuthnRequest.getMinorVersion());
                sendAuthnResponse(fSAuthnResponse6);
            } catch (Exception e2) {
                FSUtils.error("FSSSOAndFedHandler", new StringBuffer().append(FSUtils.bundle.getString(AuthXMLTags.EXCEPTION)).append(e2.getMessage()).toString());
            }
        }
    }

    protected void sendAuthnResponse(FSAuthnResponse fSAuthnResponse) {
        FSUtils.debug.error("FSSSOAndFedHandler.sendAuthnResponse: Call should not resolve here. error");
    }

    public void setProviderDescriptor(FSProviderDescriptor fSProviderDescriptor) {
        this.spDescriptor = fSProviderDescriptor;
    }

    public FSProviderDescriptor getProvider() {
        return this.spDescriptor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifyRequestSignature(FSAuthnRequest fSAuthnRequest) {
        String str;
        FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Called");
        try {
            FSServiceUtils.getAllianceInstance();
            String keyInfo = this.spDescriptor.getKeyInfo();
            if (keyInfo == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: couldn't obtain this site's cert alias.");
                }
                throw new FSException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.verifyRequestSignature: Provider's certAlias is found: ").append(keyInfo).toString());
            }
            if (!this.request.getMethod().equals("GET")) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Request is sent by POST ");
                }
                return XMLSignatureManager.getInstance().verifyXMLSignature(fSAuthnRequest.getSignedXMLString(), keyInfo);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Request is sent by GET");
            }
            String parameter = this.request.getParameter("SigAlg");
            String parameter2 = this.request.getParameter("Signature");
            if (parameter == null || parameter.equals("") || parameter2 == null || parameter2.equals("")) {
                return false;
            }
            if (parameter.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
                str = IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA;
            } else {
                if (!parameter.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                    FSUtils.debug.error("FSSSOAndFedHandler.signAndReturnQueryString: Invalid signature algorithim");
                    return false;
                }
                str = "SHA1withRSA";
            }
            String queryString = this.request.getQueryString();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.verifyRequestSignature: queryString:").append(queryString).toString());
            }
            String substring = queryString.substring(0, queryString.indexOf("&Signature"));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.verifyRequestSignature: Signature: ").append(parameter2).append("Algorithm: ").append(str).toString());
            }
            byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(new ByteArrayInputStream(parameter2.getBytes()));
            FSSignatureManager fSSignatureManager = FSSignatureManager.getInstance();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.verifyRequestSignature: String to be verified: ").append(substring).toString());
            }
            return fSSignatureManager.verifySignature(substring, decodeBuffer, str, keyInfo);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOAndFedHandler.verifyRequestSignature: Exception occured while verifying SP's signature:").append(e.getMessage()).toString());
            return false;
        }
    }

    public static String cleanMetaAlias(HttpServletRequest httpServletRequest) {
        FSUtils.debug.message("FSSSOAndFedHandler.cleanMetaAlias: Called");
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        String str = new String();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            if (!str2.equalsIgnoreCase(IFSConstants.META_ALIAS)) {
                String parameter = httpServletRequest.getParameter(str2);
                str = (str == null || str.length() < 1) ? new StringBuffer().append(str2).append("=").append(URLEncoder.encode(parameter)).toString() : new StringBuffer().append(str).append(SessionEncodeURL.AMPERSAND).append(str2).append("=").append(URLEncoder.encode(parameter)).toString();
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.cleanMetaAlias: found metaAlias");
            }
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSSSOAndFedHandler.cleanMetaAlias:  returning with ").append(str).toString());
        }
        return str;
    }
}
