package com.sun.identity.federation.services.namemapping;

import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountManager;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.alliance.FSAllianceManagementException;
import com.sun.identity.federation.alliance.FSAllianceManager;
import com.sun.identity.federation.alliance.FSHostedProviderDescriptor;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.message.FSNameIdentifierMappingResponse;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.util.logging.Level;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:119465-07/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/namemapping/FSNameMappingHandler.class */
public class FSNameMappingHandler {
    private FSAllianceManager allianceMgr = FSServiceUtils.getAllianceInstance();
    private FSAccountManager accountMgr;
    private String hostedProviderID;
    private FSHostedProviderDescriptor hostedProviderDesc;

    public FSNameMappingHandler(String str) {
        this.hostedProviderID = str;
        FSUtils.debug.message("FSNameMappingHandler: entering constructor");
        try {
            this.accountMgr = FSAccountManager.getInstance();
        } catch (FSAccountMgmtException e) {
            FSUtils.debug.error(new StringBuffer().append("FSNameMappingHandler: ").append(FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE)).toString());
        }
        try {
            this.hostedProviderDesc = this.allianceMgr.getHostedProvider(str);
        } catch (FSAllianceManagementException e2) {
            FSUtils.debug.error(new StringBuffer().append("FSNameMappingHandler: ").append(e2).toString());
        } catch (Throwable th) {
            FSUtils.debug.error(new StringBuffer().append("FSNameMappingHandler: ").append(th).toString());
        }
    }

    public static String getUserDN(SSOToken sSOToken) {
        String str = null;
        try {
            str = sSOToken.getPrincipal().toString();
        } catch (SSOException e) {
            FSUtils.debug.error(new StringBuffer().append("FSNameMappingHandler.getUserDN: ").append(e.getMessage()).toString());
            LogUtil.error(Level.INFO, "FSNameMappingHandler.getUserDN", FSUtils.bundle.getString(IFSConstants.USER_NOT_FOUND));
        }
        return str;
    }

    public NameIdentifier getNameIdentifier(String str, String str2, boolean z) throws FSAccountMgmtException, SAMLException {
        NameIdentifier remoteNameIdentifier;
        NameIdentifier localNameIdentifier;
        NameIdentifier remoteNameIdentifier2;
        FSAccountFedInfo readAccountFedInfo = this.accountMgr.readAccountFedInfo(str, str2);
        if (z) {
            remoteNameIdentifier = readAccountFedInfo.getLocalNameIdentifier();
            if (remoteNameIdentifier == null && (remoteNameIdentifier2 = readAccountFedInfo.getRemoteNameIdentifier()) != null) {
                remoteNameIdentifier = new NameIdentifier(remoteNameIdentifier2.getName(), this.hostedProviderID, remoteNameIdentifier2.getFormat());
            }
        } else {
            remoteNameIdentifier = readAccountFedInfo.getRemoteNameIdentifier();
            if (remoteNameIdentifier == null && (localNameIdentifier = readAccountFedInfo.getLocalNameIdentifier()) != null) {
                remoteNameIdentifier = new NameIdentifier(localNameIdentifier.getName(), str2, localNameIdentifier.getFormat());
            }
        }
        if (remoteNameIdentifier != null && (remoteNameIdentifier.getFormat().equals("") || remoteNameIdentifier.getFormat() == null)) {
            remoteNameIdentifier.setFormat(IFSConstants.NI_FEDERATED_FORMAT_URI);
        }
        return remoteNameIdentifier;
    }

    public NameIdentifier getNameIdentifier(NameIdentifier nameIdentifier, String str, boolean z) throws FSAccountMgmtException, SAMLException {
        String associatedOrgDN = this.hostedProviderDesc.getLocalConfiguration().getAssociatedOrgDN();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSNameMappingHandler.getNameIdentifier(): NameId=").append(nameIdentifier).append(", orgDN=").append(associatedOrgDN).toString());
        }
        return getNameIdentifier(this.accountMgr.getUserDN(nameIdentifier, associatedOrgDN), str, z);
    }

    public static boolean verifyNameIdMappingResponseSignature(Element element, SOAPMessage sOAPMessage) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameMappingHandler.verifyNameIdMappingResponseSignature: Called");
        }
        try {
            FSNameIdentifierMappingResponse fSNameIdentifierMappingResponse = new FSNameIdentifierMappingResponse(element);
            FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
            if (allianceInstance == null) {
                FSUtils.debug.error("FSNameMappingHandler.verifyNameIdMappingResponseSignature: Unable to get alliance manager");
                return false;
            }
            String signingKeyAlias = allianceInstance.getProvider(fSNameIdentifierMappingResponse.getProviderID()).getSigningKeyAlias();
            if (signingKeyAlias == null) {
                FSUtils.debug.error("FSNameMappingHandler.verifyNameIdMappingResponseSignature: couldn't obtain the cert alias for signature verification.");
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSNameMappingHandler.verifyNameIdMappingResponseSignature: Provider's certAlias is found: ").append(signingKeyAlias).toString());
                FSUtils.debug.message(new StringBuffer().append("FSNameMappingHandler.verifyNameIdMappingResponseSignature: xmlString to be verified: ").append(XMLUtils.print(element)).toString());
            }
            return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), signingKeyAlias);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSNameMappingHandler.verifyNameIdMappingResponseSignature: Exception occured while verifying signature:").append(e.getMessage()).toString());
            return false;
        }
    }
}
