package com.sun.identity.saml.servlet;

import com.iplanet.am.console.base.model.AMQueryParameters;
import com.iplanet.am.sdk.AMTemplate;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.saml.AssertionManager;
import com.sun.identity.saml.SAMLClient;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.Condition;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectStatement;
import com.sun.identity.saml.common.LogUtils;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.AssertionArtifact;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:120091-12/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/servlet/SAMLAwareServlet.class */
public class SAMLAwareServlet extends HttpServlet {
    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (httpServletRequest == null || httpServletResponse == null) {
            LogUtils.error(Level.INFO, SAMLUtils.bundle.getString("nullInputParameter"));
            httpServletResponse.sendError(500, SAMLUtils.bundle.getString("nullInputParameter"));
            return;
        }
        SAMLUtils.checkHTTPContentLength(httpServletRequest);
        String parameter = httpServletRequest.getParameter((String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER));
        String parameter2 = httpServletRequest.getParameter((String) SAMLServiceManager.getAttribute("iplanet-am-saml-artifact-name"));
        if (parameter == null || parameter.equals("")) {
            LogUtils.error(Level.INFO, SAMLUtils.bundle.getString("missingTargetSite"));
            httpServletResponse.sendError(500, SAMLUtils.bundle.getString("invalidConfig"));
            return;
        }
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        if (parameter2 == null || parameter2.equals("")) {
            IntersiteTransfer(httpServletRequest, httpServletResponse, parameter);
        } else {
            ArtifactHandler(httpServletRequest, httpServletResponse);
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        doGet(httpServletRequest, httpServletResponse);
    }

    private List createArtifact(SSOToken sSOToken, String str, String str2, String str3) throws SAMLException {
        if (sSOToken == null || str == null || str.equals("") || str3 == null || str3.equals("")) {
            throw new SAMLException(SAMLUtils.bundle.getString("createArtifactError"));
        }
        ArrayList arrayList = new ArrayList();
        AssertionArtifact createAssertionArtifact = AssertionManager.getInstance().createAssertionArtifact(sSOToken.getTokenID().toString(), str, str2, str3);
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(new StringBuffer().append("AssertionArtifact id = ").append(createAssertionArtifact.toString()).toString());
        }
        arrayList.add(createAssertionArtifact.getAssertionArtifact());
        return arrayList;
    }

    private void IntersiteTransfer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        URL url = new URL(str);
        String host = url.getHost();
        int port = url.getPort();
        if (host == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.error("SAMLAwareServlet:IntersiteTransfer:Failed to get host name of target URL.");
            }
            httpServletResponse.sendError(500, SAMLUtils.bundle.getString("missingTargetHost"));
            return;
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message(new StringBuffer().append("TargetUrl Host = ").append(host).append(" Port= ").append(port).toString());
        }
        SAMLServiceManager.SiteEntry siteEntry = null;
        Set set = (Set) SAMLServiceManager.getAttribute(SAMLConstants.TRUSTED_SERVER_LIST);
        if (set == null) {
            httpServletResponse.sendError(500, SAMLUtils.bundle.getString("nullTrustedSite"));
            return;
        }
        Iterator it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SAMLServiceManager.SiteEntry siteEntry2 = (SAMLServiceManager.SiteEntry) it.next();
            String hostName = siteEntry2.getHostName();
            int port2 = siteEntry2.getPort();
            if (port2 != -1) {
                if (host.indexOf(hostName) != -1 && port != -1 && port == port2) {
                    siteEntry = siteEntry2;
                    break;
                }
            } else if (host.indexOf(hostName) != -1) {
                siteEntry = siteEntry2;
            }
        }
        if (siteEntry == null) {
            LogUtils.error(Level.INFO, new StringBuffer().append(SAMLUtils.bundle.getString("targetForbidden")).append(" ").append(str).toString());
            httpServletResponse.sendError(403, new StringBuffer().append(SAMLUtils.bundle.getString("targetForbidden")).append(" ").append(str).toString());
            return;
        }
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            if (createSSOToken == null) {
                SAMLUtils.debug.error("SSOToken is null.");
                httpServletResponse.sendError(500, SAMLUtils.bundle.getString("nullSSOToken"));
                return;
            }
            if (!sSOTokenManager.isValidToken(createSSOToken)) {
                SAMLUtils.debug.error("SSOToken is invalid.");
                httpServletResponse.sendError(500, SAMLUtils.bundle.getString("invalidSSOToken"));
                return;
            }
            new ArrayList();
            try {
                List createArtifact = createArtifact(createSSOToken, siteEntry.getSourceID(), str, siteEntry.getVersion());
                String str2 = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
                String str3 = (String) SAMLServiceManager.getAttribute("iplanet-am-saml-artifact-name");
                Iterator it2 = createArtifact.iterator();
                StringBuffer stringBuffer = new StringBuffer(1000);
                while (it2.hasNext()) {
                    String encode = URLEncoder.encode((String) it2.next());
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("Encoded SAML AssertionArtifact ").append(encode).toString());
                    }
                    stringBuffer.append(SessionEncodeURL.AMPERSAND).append(str3).append("=").append(encode);
                }
                String stringBuffer2 = new StringBuffer().append(siteEntry.getSAMLUrl()).append("?").append(str2).append("=").append(str).append(stringBuffer.toString()).toString();
                httpServletResponse.setStatus(AMTemplate.ORGANIZATION_TEMPLATE);
                httpServletResponse.setHeader(AMQueryParameters.QUERY_PARAM_LOCATION, stringBuffer2);
                LogUtils.access(Level.FINE, new StringBuffer().append(SAMLUtils.bundle.getString("redirectTo")).append(stringBuffer2).toString());
                httpServletResponse.sendRedirect(stringBuffer2);
            } catch (SAMLException e) {
                SAMLUtils.debug.error("IntersiteTransfer:Failed to create AssertionArtifact(s)");
                httpServletResponse.sendError(500, e.getMessage());
            }
        } catch (SSOException e2) {
            SAMLUtils.debug.error("IntersiteTransfer", e2);
            httpServletResponse.sendError(500, e2.getMessage());
        }
    }

    private boolean checkCondition(HttpServletResponse httpServletResponse, Assertion assertion) throws IOException {
        if (assertion == null) {
            return false;
        }
        if (!assertion.isSignatureValid()) {
            SAMLUtils.debug.error("The assertion in SAML response is(signature) invalid.");
            LogUtils.error(Level.INFO, SAMLUtils.bundle.getString("assertionSignatureNotValid"));
            httpServletResponse.sendError(500, SAMLUtils.bundle.getString("assertionSignatureNotValid"));
            return false;
        }
        if (!assertion.isTimeValid()) {
            SAMLUtils.debug.error("The assertion in SAML response is(time) invalid.");
            LogUtils.error(Level.INFO, SAMLUtils.bundle.getString("assertionTimeNotValid"));
            httpServletResponse.sendError(500, SAMLUtils.bundle.getString("assertionTimeNotValid"));
            return false;
        }
        Conditions conditions = assertion.getConditions();
        new HashSet();
        Set audienceRestrictionCondition = conditions.getAudienceRestrictionCondition();
        if (audienceRestrictionCondition == null || audienceRestrictionCondition.isEmpty()) {
            return true;
        }
        Iterator it = audienceRestrictionCondition.iterator();
        while (it.hasNext()) {
            if (((AudienceRestrictionCondition) it.next()).evaluate() != Condition.INDETERMINATE) {
                httpServletResponse.sendError(500, SAMLUtils.bundle.getString("failAudienceRestrictionCondition"));
                return false;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AudienceRestrictionConditions is indeterminate.");
            }
        }
        return true;
    }

    private Subject examSAMLResponse(HttpServletResponse httpServletResponse, List list) throws IOException {
        if (list == null) {
            return null;
        }
        boolean z = false;
        Subject subject = null;
        Iterator it = list.iterator();
        new ArrayList();
        while (it.hasNext()) {
            Assertion assertion = (Assertion) it.next();
            if (!checkCondition(httpServletResponse, assertion)) {
                return null;
            }
            SAMLUtils.debug.message("Passed checking Conditions!");
            new HashSet();
            Set<Statement> statement = assertion.getStatement();
            if (statement == null || statement.isEmpty()) {
                SAMLUtils.debug.error("SAML Response does not containany Statement.");
                LogUtils.error(Level.INFO, SAMLUtils.bundle.getString("noStatement"));
                httpServletResponse.sendError(500, SAMLUtils.bundle.getString("noStatement"));
                return null;
            }
            for (Statement statement2 : statement) {
                subject = ((SubjectStatement) statement2).getSubject();
                SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmation();
                new HashSet();
                Set confirmationMethod = subjectConfirmation.getConfirmationMethod();
                if (confirmationMethod == null || confirmationMethod.isEmpty()) {
                    SAMLUtils.debug.error("Subject confirmation method is null");
                    httpServletResponse.sendError(500, SAMLUtils.bundle.getString("nullSubjectConfirmationMethod"));
                    return null;
                }
                String str = (String) confirmationMethod.iterator().next();
                if (str == null || assertion.getMajorVersion() != 1 || ((assertion.getMinorVersion() != 1 || !str.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) && (assertion.getMinorVersion() != 0 || !str.equals("urn:oasis:names:tc:SAML:1.0:cm:artifact-01")))) {
                    SAMLUtils.debug.error("Wrong Confirmation Method.");
                    httpServletResponse.sendError(500, SAMLUtils.bundle.getString("wrongConfirmationMethodValue"));
                    return null;
                }
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("Correct Confirmation method");
                }
                if (statement2 instanceof AuthenticationStatement) {
                    z = true;
                }
            }
        }
        if (z) {
            return subject;
        }
        SAMLUtils.debug.error("Assertions do not contain a proper SSO AuthenticationStatement");
        LogUtils.error(Level.INFO, SAMLUtils.bundle.getString("noSSOAssertion"));
        httpServletResponse.sendError(500, SAMLUtils.bundle.getString("noSSOAssertion"));
        return null;
    }

    private void ArtifactHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        PrintWriter writer = httpServletResponse.getWriter();
        String parameter = httpServletRequest.getParameter((String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER));
        String[] parameterValues = httpServletRequest.getParameterValues((String) SAMLServiceManager.getAttribute("iplanet-am-saml-artifact-name"));
        try {
            List artifactQueryHandler = SAMLClient.artifactQueryHandler(parameterValues, null);
            Subject examSAMLResponse = examSAMLResponse(httpServletResponse, artifactQueryHandler);
            if (examSAMLResponse == null) {
                return;
            }
            String sourceID = new AssertionArtifact(parameterValues[0]).getSourceID();
            Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
            if (map == null) {
                httpServletResponse.sendError(500, SAMLUtils.bundle.getString("nullPartnerUrl"));
                return;
            }
            SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(sourceID);
            if (sOAPEntry == null) {
                httpServletResponse.sendError(500, SAMLUtils.bundle.getString("failedAccountMapping"));
                return;
            }
            try {
                Map generateSSOToken = SAMLUtils.generateSSOToken(httpServletRequest, httpServletResponse, sOAPEntry, artifactQueryHandler, examSAMLResponse, parameter);
                LogUtils.access(Level.FINE, SAMLUtils.bundle.getString("accessGranted"));
                if (SAMLUtils.postYN(parameter)) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message(new StringBuffer().append("POST to target:").append(parameter).toString());
                    }
                    SAMLUtils.postToTarget(httpServletResponse, artifactQueryHandler, parameter, generateSSOToken);
                    return;
                }
                if (!SAMLUtils.debug.messageEnabled()) {
                    httpServletResponse.sendRedirect(parameter);
                    return;
                }
                writer.println("<html>\n");
                writer.println("<head>\n");
                writer.println("<title>Access rights validated</title>\n");
                writer.println(new StringBuffer().append("<meta http-equiv=\"refresh\" content=\"10; URL=").append(parameter).append("\">\n").toString());
                writer.println("</head>\n");
                writer.println("<body>\n");
                writer.println("<H1>Access rights validated</H1>\n");
                writer.println("<P>We have verified your access rights <STRONG></STRONG> according to the assertion shown below. \n");
                writer.println("You are being redirected to the resource.\n");
                writer.println("Please wait ......\n");
                writer.println("</P>\n");
                writer.println("<HR><P>\n");
                Iterator it = artifactQueryHandler.iterator();
                while (it.hasNext()) {
                    writer.println(SAMLUtils.displayXML(it.next().toString()));
                }
                writer.println("</P>\n");
                writer.println("</body>\n");
                writer.println("</html>\n");
                writer.flush();
            } catch (Exception e) {
                SAMLUtils.debug.error("generateToken: ", e);
                LogUtils.error(Level.INFO, SAMLUtils.bundle.getString("failedCreateSSOToken"));
                httpServletResponse.sendError(500, SAMLUtils.bundle.getString("failedCreateSSOToken"));
            }
        } catch (SAMLException e2) {
            LogUtils.error(Level.INFO, e2.getMessage());
            httpServletResponse.sendError(500);
        }
    }
}
