package com.sun.identity.federation.services.fednsso;

import com.iplanet.am.console.base.model.AMQueryParameters;
import com.iplanet.am.sdk.AMTemplate;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.share.AuthXMLTags;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertionArtifact;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSAMLRequest;
import com.sun.identity.federation.services.FSAssertionManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.AssertionArtifact;
import com.sun.identity.saml.protocol.Request;
import com.sun.identity.saml.protocol.Response;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* JADX WARN: Classes with same name are omitted:
  input_file:117586-19/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/federation/services/fednsso/FSSSOBrowserArtifactProfileHandler.class
 */
/* loaded from: input_file:117586-19/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/federation/services/fednsso/FSSSOBrowserArtifactProfileHandler.class */
public class FSSSOBrowserArtifactProfileHandler extends FSSSOAndFedHandler {
    private Request samlRequest;
    private Element samlRequestElement;
    private SOAPMessage soapMsg;

    public void setSOAPMessage(SOAPMessage sOAPMessage) {
        this.soapMsg = sOAPMessage;
    }

    public void setSAMLRequestElement(Element element) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler.setSAMLRequestElement: Called");
        }
        this.samlRequestElement = element;
    }

    protected FSSSOBrowserArtifactProfileHandler() {
        this.samlRequestElement = null;
        this.soapMsg = null;
    }

    public FSSSOBrowserArtifactProfileHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, FSProviderDescriptor fSProviderDescriptor, String str) {
        super(httpServletRequest, httpServletResponse, fSAuthnRequest, fSProviderDescriptor, str);
        this.samlRequestElement = null;
        this.soapMsg = null;
    }

    public FSSSOBrowserArtifactProfileHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Request request) {
        this.samlRequestElement = null;
        this.soapMsg = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.samlRequest = request;
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    public void processAuthnRequest(FSAuthnRequest fSAuthnRequest, boolean z) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: Called");
        }
        try {
            if (z) {
                if (processPostAuthnSSO(fSAuthnRequest)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processingsuccessful");
                        return;
                    }
                    return;
                } else {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processing failed");
                    FSUtils.error("FSSSOBrowserArtifactProfileHandler", FSUtils.bundle.getString("AuthnRequestProcessingFailed"));
                    sendSAMLArtifacts(null);
                    return;
                }
            }
            FSServiceUtils.getAllianceInstance();
            this.spDescriptor.getKeyInfo();
            boolean authnRequestSigned = this.spDescriptor.getAuthnRequestSigned();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: ProviderID : ").append(this.spDescriptor.getProviderID()).append(" AuthnRequestSigned : ").append(authnRequestSigned).toString());
            }
            if (FSServiceUtils.isSigningOn() && authnRequestSigned) {
                if (!verifyRequestSignature(fSAuthnRequest)) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Signature Verification Failed");
                    FSUtils.error("FSSSOBrowserArtifactProfileHandler", FSUtils.bundle.getString("SignatureVerificationFailed"));
                    sendSAMLArtifacts(null);
                    return;
                } else if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Signature Verified");
                }
            }
            if (processPreAuthnSSO(fSAuthnRequest)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processing  successful");
                }
            } else {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processing failed");
                FSUtils.error("FSSSOBrowserArtifactProfileHandler", FSUtils.bundle.getString("AuthnRequestProcessingFailed"));
                sendSAMLArtifacts(null);
            }
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: Exception Occured: ").append(e.getMessage()).toString());
            FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString(AuthXMLTags.EXCEPTION)).append(e.getMessage()).toString());
            sendSAMLArtifacts(null);
        }
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    public FSResponse processSAMLRequest(FSSAMLRequest fSSAMLRequest) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processSAMLRequest: Called");
        }
        try {
            return createSAMLResponse(fSSAMLRequest);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.processSAMLRequest: Fatal error, cannot create status or response: ").append(e.getMessage()).toString());
            return null;
        }
    }

    private Response validateStatements(Assertion assertion, List list, List list2, int i, String str, String str2) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.validateStatements: Called");
        }
        Set statement = assertion.getStatement();
        int size = statement.size();
        FSResponse fSResponse = null;
        if (statement.isEmpty() || size == 0) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.validateStatements: Assertion found does not have any statements in it");
            try {
                fSResponse = new FSResponse(str, str2, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("missingStatement"), null), list2);
            } catch (FSException e) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.validateStatements: Fatal error, cannot create status or response:").append(e.getMessage()).toString());
                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e.getMessage()).toString());
            } catch (SAMLException e2) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.validateStatements: Fatal error, cannot create status or response:").append(e2.getMessage()).toString());
                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e2.getMessage()).toString());
            }
            return fSResponse;
        }
        list2.add(i, assertion);
        if (0 == 0) {
            return null;
        }
        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.validateStatements: Assertion does not  meet respondWith criteria in the received Request");
        try {
            return new FSResponse(str, str2, new Status(new StatusCode("samlp:Success"), FSUtils.bundle.getString("mismatchRespondWith"), null), list2);
        } catch (FSException e3) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.validateStatements: Fatal error,  cannot create status or response:").append(e3.getMessage()).toString());
            FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e3.getMessage()).toString());
            return null;
        } catch (SAMLException e4) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.validateStatements: Fatal error,  cannot create status or response:").append(e4.getMessage()).toString());
            FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e4.getMessage()).toString());
            return null;
        }
    }

    private FSResponse createSAMLResponse(FSSAMLRequest fSSAMLRequest) throws FSException {
        String str;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Called");
        }
        FSResponse fSResponse = null;
        String generateID = FSUtils.generateID();
        String requestID = fSSAMLRequest.getRequestID();
        ArrayList arrayList = new ArrayList();
        String remoteAddr = this.request.getRemoteAddr();
        String stringBuffer = new StringBuffer().append(FSUtils.bundle.getString("responseLogMessage")).append(remoteAddr).toString();
        int contentType = fSSAMLRequest.getContentType();
        if (contentType == -1) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Found element in the request which are not supported");
            }
            try {
                fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Responder"), FSUtils.bundle.getString("unsupportedElement"), null), arrayList);
                fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
            } catch (SAMLException e) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response: ").append(e.getMessage()).toString());
                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e.getMessage()).toString());
            }
            FSUtils.access("FSSSOBrowserArtifactProfileHandler.createSAMLResponse", new StringBuffer().append(stringBuffer).append(fSResponse.toString()).toString());
            return fSResponse;
        }
        List respondWith = fSSAMLRequest.getRespondWith();
        if (respondWith.size() == 0) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(0, "SingleStatement");
            respondWith = arrayList2;
        }
        try {
            FSAssertionManager fSAssertionManager = FSAssertionManager.getInstance(this.hostProviderId);
            List list = null;
            ArrayList arrayList3 = new ArrayList();
            if (contentType == 3) {
                list = fSSAMLRequest.getAssertionArtifact();
                int size = list.size();
                String str2 = null;
                AssertionArtifact assertionArtifact = null;
                for (int i = 0; i < size; i++) {
                    assertionArtifact = (AssertionArtifact) list.get(i);
                    if (str2 == null) {
                        str2 = assertionArtifact.getSourceID();
                    } else if (!str2.equals(assertionArtifact.getSourceID())) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Artifacts not from the same source");
                        }
                        try {
                            fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), FSUtils.bundle.getString("mismatchSourceID"), null), arrayList);
                            fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        } catch (SAMLException e2) {
                            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response: ").append(e2.getMessage()).toString());
                            FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e2.getMessage()).toString());
                        }
                        FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(fSResponse.toString()).toString());
                        return fSResponse;
                    }
                }
                if (assertionArtifact == null) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: No artifact found in samlRequest");
                    try {
                        FSResponse fSResponse2 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Requester"), FSUtils.bundle.getString("missingArtifact"), null), arrayList);
                        fSResponse2.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse2;
                    } catch (SAMLException e3) {
                        FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ").append(e3.getMessage()).toString());
                        FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e3.getMessage()).toString());
                        return null;
                    }
                }
                try {
                    str = fSAssertionManager.getDestIdForArtifact(assertionArtifact);
                } catch (FSException e4) {
                    FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: FSException Occured while retrieving sp's providerID for the artifact: ").append(e4.getMessage()).toString());
                    str = null;
                }
                if (str == null) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: artifact received does not correspond to any SP");
                    try {
                        FSResponse fSResponse3 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), FSUtils.bundle.getString("invalidSource"), null), arrayList);
                        fSResponse3.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse3;
                    } catch (SAMLException e5) {
                        FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ").append(e5.getMessage()).toString());
                        FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e5.getMessage()).toString());
                        return null;
                    }
                }
                try {
                    Set trustedProviders = this.localConfig.getTrustedProviders();
                    if (trustedProviders == null) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: RemoteProvider is not trusted");
                        FSResponse fSResponse4 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Requester"), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), arrayList);
                        fSResponse4.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse4;
                    }
                    if (!trustedProviders.contains(str)) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: RemoteProvider is not trusted");
                        FSResponse fSResponse5 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Requester"), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), arrayList);
                        fSResponse5.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse5;
                    }
                    this.spDescriptor = FSServiceUtils.getAllianceInstance().getProvider(str);
                    remoteAddr = str;
                    if (FSServiceUtils.isSigningOn()) {
                        if (!verifySAMLRequestSignature(this.samlRequestElement, this.soapMsg)) {
                            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: SAMLRequest signature verification failed");
                            try {
                                FSResponse fSResponse6 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Requester"), FSUtils.bundle.getString("signatureVerificationFailed"), null), arrayList);
                                fSResponse6.setMinorVersion(fSSAMLRequest.getMinorVersion());
                                return fSResponse6;
                            } catch (SAMLException e6) {
                                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ").append(e6.getMessage()).toString());
                                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e6.getMessage()).toString());
                                return null;
                            }
                        }
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: SAMLRequest signature verified");
                    }
                    for (int i2 = 0; i2 < size; i2++) {
                        try {
                            Assertion assertion = fSAssertionManager.getAssertion((AssertionArtifact) list.get(i2), this.spDescriptor.getProviderID());
                            if (assertion != null) {
                                arrayList3.add(i2, assertion);
                            }
                        } catch (FSException e7) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: could not find matching assertion");
                            }
                            try {
                                fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), e7.getMessage(), null), arrayList);
                                fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                            } catch (SAMLException e8) {
                                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ").append(e8.getMessage()).toString());
                                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e8.getMessage()).toString());
                            }
                            FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(fSResponse.toString()).toString());
                            return fSResponse;
                        }
                    }
                } catch (Exception e9) {
                    FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: FSAllianceManagementException Occured while getting").append(e9.getMessage()).toString());
                    try {
                        FSResponse fSResponse7 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Requester"), e9.getMessage(), null), arrayList);
                        fSResponse7.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse7;
                    } catch (SAMLException e10) {
                        FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ").append(e10.getMessage()).toString());
                        FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e10.getMessage()).toString());
                        return null;
                    }
                }
            }
            int size2 = arrayList3.size();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: found ").append(size2).append("assertions.").toString());
            }
            for (int i3 = 0; i3 < size2; i3++) {
                Assertion assertion2 = (Assertion) arrayList3.get(i3);
                Set audienceRestrictionCondition = assertion2.getConditions().getAudienceRestrictionCondition();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: checking to see if assertions are for host:").append(remoteAddr).toString());
                }
                if (!audienceRestrictionCondition.isEmpty()) {
                    Iterator it = audienceRestrictionCondition.iterator();
                    while (it.hasNext()) {
                        if (!((AudienceRestrictionCondition) it.next()).containsAudience(remoteAddr)) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: removing TRC notmeant for this host");
                            }
                            arrayList3.remove(assertion2);
                        }
                    }
                }
            }
            int size3 = arrayList3.size();
            if (size3 == 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Matching Assertions(s) not created for this host");
                }
                try {
                    fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), FSUtils.bundle.getString("mismatchDest"), null), arrayList);
                    fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                } catch (SAMLException e11) {
                    FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:").append(e11.getMessage()).toString());
                    FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(": ").append(e11.getMessage()).toString());
                }
                FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(fSResponse.toString()).toString());
                return fSResponse;
            }
            for (int i4 = 0; i4 < size3; i4++) {
                Response validateStatements = validateStatements((Assertion) arrayList3.get(i4), respondWith, arrayList, i4, generateID, requestID);
                if (validateStatements != null) {
                    FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(validateStatements.toString()).toString());
                    FSResponse fSResponse8 = (FSResponse) validateStatements;
                    fSResponse8.setMinorVersion(fSSAMLRequest.getMinorVersion());
                    return fSResponse8;
                }
            }
            if (contentType != 3) {
                try {
                    fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), null, null), arrayList);
                    fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                } catch (SAMLException e12) {
                    FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:").append(e12.getMessage()).toString());
                    FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e12.getMessage()).toString());
                }
                FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(fSResponse.toString()).toString());
                return fSResponse;
            }
            if (arrayList.size() != list.size()) {
                try {
                    fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), FSUtils.bundle.getString("unequalMatch"), null), arrayList);
                    fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                } catch (SAMLException e13) {
                    FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:").append(e13.getMessage()).toString());
                    FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e13.getMessage()).toString());
                }
                FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(fSResponse.toString()).toString());
                return fSResponse;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Matching Assertion found");
            }
            try {
                FSResponse fSResponse9 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), null, null), arrayList);
                fSResponse9.setMinorVersion(fSSAMLRequest.getMinorVersion());
                FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(fSResponse9.toString()).toString());
                return fSResponse9;
            } catch (SAMLException e14) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:").append(e14.getMessage()).toString());
                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e14.getMessage()).toString());
                return null;
            } catch (Exception e15) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:").append(e15.getMessage()).toString());
                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e15.getMessage()).toString());
                return null;
            }
        } catch (FSException e16) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Cannot instantiate FSAssertionManager");
            }
            try {
                fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Responder"), e16.getMessage(), null), arrayList);
                fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
            } catch (SAMLException e17) {
                FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response: ").append(e17.getMessage()).toString());
                FSUtils.error("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("cannotBuildResponse")).append(e17.getMessage()).toString());
            }
            FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(stringBuffer).append(fSResponse.toString()).toString());
            return fSResponse;
        }
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    protected boolean doSingleSignOn(SSOToken sSOToken, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.doSingleSignOn: Called");
        sendSAMLArtifacts(createSAMLAssertionArtifact(sSOToken, str, nameIdentifier, nameIdentifier2));
        return true;
    }

    protected List createSAMLAssertionArtifact(SSOToken sSOToken, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLAssertionArtifact: Called");
        }
        ArrayList arrayList = new ArrayList();
        try {
            AssertionArtifact createFSAssertionArtifact = FSAssertionManager.getInstance(this.hostProviderId).createFSAssertionArtifact(sSOToken.getTokenID().toString(), this.spDescriptor, this.hostProviderId, nameIdentifier, nameIdentifier2, str, this.authnRequest.getMinorVersion());
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("AssertionArtifact id = ").append(createFSAssertionArtifact.toString()).toString());
            }
            arrayList.add(createFSAssertionArtifact.getAssertionArtifact());
            return arrayList;
        } catch (FSException e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLAssertionArtifact: ").append(e.getMessage()).toString());
            return null;
        } catch (SAMLException e2) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createSAMLAssertionArtifact: ").append(e2.getMessage()).toString());
            return null;
        }
    }

    private void sendSAMLArtifacts(List list) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: Called");
        }
        if (list == null) {
            list = createFaultSAMLArtifact();
        }
        try {
            String assertionConsumerServiceID = this.authnRequest.getAssertionConsumerServiceID();
            if (assertionConsumerServiceID == null || assertionConsumerServiceID.equals("")) {
                assertionConsumerServiceID = this.spDescriptor.getAssertionConsumerServiceURL();
            }
            StringBuffer stringBuffer = new StringBuffer(1000);
            if (list == null || list.isEmpty()) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: Sending null artifact");
                }
                stringBuffer.append("SAMLart").append("=").append(SessionEncodeURL.AMPERSAND);
            } else {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    String encode = URLEncoder.encode((String) it.next());
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: ").append(encode).toString());
                    }
                    stringBuffer.append("SAMLart").append("=").append(encode).append(SessionEncodeURL.AMPERSAND);
                }
            }
            StringBuffer stringBuffer2 = new StringBuffer(1000);
            if (assertionConsumerServiceID.indexOf(63) == -1) {
                stringBuffer2.append(assertionConsumerServiceID).append("?");
            } else {
                stringBuffer2.append(assertionConsumerServiceID).append(SessionEncodeURL.AMPERSAND);
            }
            stringBuffer2.append(stringBuffer.toString());
            String relayState = this.authnRequest.getRelayState();
            if (relayState != null) {
                stringBuffer2.append("RelayState").append("=").append(URLEncoder.encode(relayState));
            }
            FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("targetURL")).append(assertionConsumerServiceID).toString());
            this.response.setStatus(AMTemplate.ORGANIZATION_TEMPLATE);
            String stringBuffer3 = stringBuffer2.toString();
            this.response.setContentType("text/html");
            this.response.setHeader(AMQueryParameters.QUERY_PARAM_LOCATION, stringBuffer3);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: Sending artifacts to: ").append(stringBuffer3).toString());
            }
            FSUtils.access("FSSSOBrowserArtifactProfileHandler", new StringBuffer().append(FSUtils.bundle.getString("redirectTo")).append(stringBuffer3).toString());
            this.response.sendRedirect(stringBuffer3);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: ").append(e.getMessage()).toString());
        }
    }

    private List createFaultSAMLArtifact() {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler. In createFaultSAMLArtifacts");
        }
        String generateAssertionHandle = SAMLUtils.generateAssertionHandle();
        if (generateAssertionHandle == null) {
            if (!FSUtils.debug.messageEnabled()) {
                return null;
            }
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.create FaultSAMLArtifacts: couldn't generate assertion handle.");
            return null;
        }
        try {
            String providerSuccinctID = FSServiceUtils.getAllianceInstance().getHostedProvider(this.hostProviderId).getProviderSuccinctID();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.createFaultSAMLArtifacts: SourceID for the Artifact: ").append(providerSuccinctID).toString());
            }
            FSAssertionArtifact fSAssertionArtifact = new FSAssertionArtifact(FSUtils.hexStringToByteArray(providerSuccinctID), generateAssertionHandle.getBytes("ISO-8859-1"));
            ArrayList arrayList = new ArrayList();
            arrayList.add(fSAssertionArtifact.getAssertionArtifact());
            return arrayList;
        } catch (Exception e) {
            FSUtils.debug.error("FSBrowserArtifactProfileHandler.createFaultSAMLArtifacts: ", e);
            return null;
        }
    }

    protected boolean verifySAMLRequestSignature(Element element, SOAPMessage sOAPMessage) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.verifySAMLRequestSignature: Called");
        }
        try {
            FSServiceUtils.getAllianceInstance();
            String keyInfo = this.spDescriptor.getKeyInfo();
            if (keyInfo == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.verifySAMLRequestSignature: couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.verifySAMLRequestSignature: Provider's certAlias is found: ").append(keyInfo).toString());
            }
            return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), keyInfo);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSSOBrowserArtifactProfileHandler.verifySAMLRequestSignature: Exception occured while verifying IDP's signature:").append(e.getMessage()).toString());
            return false;
        }
    }
}
