package com.sun.identity.federation.services.fednsso;

import com.iplanet.am.util.XMLUtils;
import com.sun.identity.federation.alliance.FSAllianceManager;
import com.sun.identity.federation.alliance.FSProviderDescriptor;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertionArtifact;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSRequest;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.services.FSServiceManager;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpUtils;
import org.w3c.dom.Document;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:120091-12/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/fednsso/FSAssertionConsumerService.class */
public class FSAssertionConsumerService extends HttpServlet {
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest == null || httpServletResponse == null) {
            FSUtils.error("FSAssertionConsumerService.doGet", FSUtils.bundle.getString("nullInputParameter"));
            httpServletResponse.sendError(500, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        if (!FSServiceUtils.isLibertyEnabled()) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService: ").append(FSUtils.bundle.getString("notLibertyEnabled")).toString());
            FSUtils.error("FSAssertionConsumerService", FSUtils.bundle.getString("notLibertyEnabled"));
            httpServletResponse.sendError(500, FSUtils.bundle.getString("notLibertyEnabled"));
            return;
        }
        String hostedProviderID = FSServiceUtils.getHostedProviderID(httpServletRequest);
        FSUtils.debug.message("FSAssertionConsumerService.doGet(): called");
        String parameter = httpServletRequest.getParameter("RelayState");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.doGet():Resource URL: ").append(parameter).toString());
        }
        String[] strArr = (String[]) HttpUtils.parseQueryString(httpServletRequest.getQueryString()).get("SAMLart");
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), parameter, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest));
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService: CommonLoginPage: ").append(commonLoginPageURL).toString());
        }
        if (strArr == null || strArr.length < 0 || strArr[0] == null) {
            FSUtils.debug.error("FSAssertionConsumerService.doGet: AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
        }
        ArrayList arrayList = new ArrayList();
        try {
            FSAssertionArtifact fSAssertionArtifact = new FSAssertionArtifact(strArr[0]);
            String sourceID = fSAssertionArtifact.getSourceID();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.doGet: SourceID within the Artifact is ").append(sourceID).toString());
            }
            arrayList.add(fSAssertionArtifact);
            for (int i = 1; i < strArr.length; i++) {
                FSAssertionArtifact fSAssertionArtifact2 = new FSAssertionArtifact(strArr[i]);
                String sourceID2 = fSAssertionArtifact2.getSourceID();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.doGet: SourceID within the Artifact is ").append(sourceID2).toString());
                }
                if (!sourceID2.equals(sourceID)) {
                    FSUtils.debug.error("FSAssertionConsumerService.doGet: Received multiple artifacts have different source id");
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                    return;
                } else {
                    FSUtils.access("FSAssertionConsumerService", new StringBuffer().append(FSUtils.bundle.getString("Artifact")).append(i).append(": ").append(strArr[i]).toString());
                    arrayList.add(fSAssertionArtifact2);
                }
            }
            FSRequest fSRequest = new FSRequest((String) null, arrayList);
            try {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionConsumerService.doGet: Trying to get BrowserArtifactHandler");
                }
                FSAssertionArtifactHandler browserArtifactHandler = FSServiceManager.getInstance().getBrowserArtifactHandler(httpServletRequest, httpServletResponse, sourceID, fSRequest, parameter);
                if (browserArtifactHandler == null) {
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doGet: ").append(FSUtils.bundle.getString(IFSConstants.INTERNAL_ERROR)).toString());
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doGet: BrowserArtifactHandler created");
                    }
                    browserArtifactHandler.setHostProviderId(hostedProviderID);
                    browserArtifactHandler.processSAMLRequest();
                }
            } catch (Exception e) {
                FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doGet: Exception occured :").append(e.getMessage()).toString());
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
            }
        } catch (FSMsgException e2) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doGet: ").append(e2.getMessage()).toString());
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
        } catch (SAMLException e3) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doGet: ").append(e3.getMessage()).toString());
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        FSProviderDescriptor provider;
        FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
        if (httpServletRequest == null || httpServletResponse == null) {
            FSUtils.error("FSAssertionConsumerService.doPost", FSUtils.bundle.getString("nullInputParameter"));
            httpServletResponse.sendError(500, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        if (!FSServiceUtils.isLibertyEnabled()) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService: ").append(FSUtils.bundle.getString("notLibertyEnabled")).toString());
            FSUtils.error("FSAssertionConsumerService", FSUtils.bundle.getString("notLibertyEnabled"));
            httpServletResponse.sendError(500, FSUtils.bundle.getString("notLibertyEnabled"));
            return;
        }
        String hostedProviderID = FSServiceUtils.getHostedProviderID(httpServletRequest);
        String parameter = httpServletRequest.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.doPost: BASE64 encoded AuthnResponse: ").append(parameter).toString());
        }
        if (parameter == null) {
            FSUtils.error("FSAssertionConsumerService.doPost", FSUtils.bundle.getString("missingAuthnResponse"));
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("missingAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), null, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest)));
            return;
        }
        String replace = parameter.replace(' ', '\n');
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.doPost: BASE64 encoded AuthnResponse2: ").append(replace).toString());
        }
        try {
            String str = new String(new BASE64Decoder().decodeBuffer(new ByteArrayInputStream(replace.getBytes())));
            FSUtils.debug.message(new StringBuffer().append("Decoded authnResponse").append(str).toString());
            Document dOMDocument = XMLUtils.toDOMDocument(str, FSUtils.debug);
            FSAuthnResponse parseBASE64EncodedString = FSAuthnResponse.parseBASE64EncodedString(replace.replace(' ', '\n'));
            if (parseBASE64EncodedString == null) {
                FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. Can't parse BASE64 encoded AuthnResponse");
                FSUtils.error("FSAssertionConsumerService", FSUtils.bundle.getString("invalidAuthnResponse"));
                FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("invalidAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), null, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest)));
                return;
            }
            try {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.doPost: AuthnResponse received is valid: ").append(parseBASE64EncodedString.toXMLString()).toString());
                }
                String inResponseTo = parseBASE64EncodedString.getInResponseTo();
                if (inResponseTo == null) {
                    FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. AuthnResponse received does not have inResponseTo attribute");
                    FSUtils.error("FSAssertionConsumerService.doPost", FSUtils.bundle.getString("invalidAuthnResponse"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("invalidAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), null, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest)));
                    return;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.doPost: AuthnResponse received is against requestID: ").append(inResponseTo).toString());
                }
                FSAuthnRequest inResponseToRequest = getInResponseToRequest(inResponseTo, hostedProviderID);
                if (inResponseToRequest == null) {
                    FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. AuthnResponse received does not have an associated AuthnRequest");
                    FSUtils.error("FSAssertionConsumerService.doPost", FSUtils.bundle.getString("invalidAuthnResponse"));
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("invalidAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), null, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest)));
                    return;
                }
                String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), inResponseToRequest.getRelayState(), null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest));
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionConsumerService.doPost: inResponseTo validation is successful");
                }
                try {
                    if (inResponseToRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSAssertionConsumerService.doPost: LECP Profile identified. IDP info is unknown so farGet providerId from the response");
                        }
                        provider = FSServiceUtils.getAllianceInstance().getProvider(parseBASE64EncodedString.getProviderId());
                    } else {
                        provider = getProvider(parseBASE64EncodedString.getInResponseTo(), hostedProviderID);
                        if (provider == null) {
                            FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. Sender information not found for the received AuthnResponse");
                            FSUtils.error("FSAssertionConsumerService.doPost", FSUtils.bundle.getString("invalidAuthnResponse"));
                            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("invalidAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                            return;
                        }
                        if (FSServiceUtils.isSigningOn() && !verifyAuthnResponseSignature(dOMDocument, provider.getProviderID())) {
                            FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature verification failed");
                            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                            return;
                        }
                    }
                    FSAssertionArtifactHandler assertionArtifactHandler = FSServiceManager.getInstance().getAssertionArtifactHandler(httpServletRequest, httpServletResponse, inResponseToRequest, parseBASE64EncodedString, provider);
                    if (assertionArtifactHandler != null) {
                        assertionArtifactHandler.setHostProviderId(FSServiceUtils.getHostedProviderID(httpServletRequest));
                        assertionArtifactHandler.processAuthnResponse(parseBASE64EncodedString);
                    } else {
                        FSUtils.debug.error("FSAssertionConsumerService.doPost: could not create AssertionArtifactHandler");
                        FSUtils.error("FSAssertionConsumerService:", FSUtils.bundle.getString("requestProcessingFailed"));
                        FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("requestProcessingFailed")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                    }
                } catch (Exception e) {
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: Exception: ").append(e.getMessage()).toString());
                    FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("requestProcessingFailed")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                }
            } catch (FSException e2) {
                FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: Invalid AuthnResponse. FSException occured while calling AuthnResponse.toXMLString(): ").append(e2.getMessage()).toString());
                FSUtils.error("FSAssertionConsumerService.doPost", FSUtils.bundle.getString("invalidAuthnResponse"));
                FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("invalidAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), null, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest)));
            }
        } catch (FSException e3) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: Invalid AuthnResponse. FSException occured while parsing BASE64 encoded AuthnResponse: ").append(e3.getMessage()).toString());
            FSUtils.error("FSAssertionConsumerService", FSUtils.bundle.getString("invalidAuthnResponse"));
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("invalidAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), null, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest)));
        } catch (SAMLException e4) {
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: Invalid AuthnResponse. SAMLException occured while parsing BASE64 encoded AuthnResponse: ").append(e4.getMessage()).toString());
            FSUtils.error("FSAssertionConsumerService.doPost", FSUtils.bundle.getString("invalidAuthnResponse"));
            FSUtils.debug.error(new StringBuffer().append("FSAssertionConsumerService.doPost: ").append(FSUtils.bundle.getString("invalidAuthnResponse")).append(" AuthnRequest Processing Failed at the IDP").append(" Redirecting to the Framed Login Page").toString());
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), null, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest)));
        }
    }

    private FSAuthnRequest getInResponseToRequest(String str, String str2) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService.getInResponseToRequest: Called");
        }
        return FSSessionManager.getInstance(str2).getAuthnRequest(str);
    }

    private FSProviderDescriptor getProvider(String str, String str2) {
        FSUtils.debug.message("FSAssertionConsumerService.getProvider: Called");
        return FSSessionManager.getInstance(str2).getProviderDescriptor(str);
    }

    private boolean verifyAuthnResponseSignature(Document document, String str) {
        FSUtils.debug.message("FSAssertionConsumerService.verifyAuthnResponseSignature: Called");
        try {
            FSAllianceManager allianceInstance = FSServiceUtils.getAllianceInstance();
            if (allianceInstance == null) {
                FSUtils.debug.error("FSAssertionConsumerService.verifyAuthnResponseSignature: Unable to get alliance manager");
                return false;
            }
            String keyInfo = allianceInstance.getProvider(str).getKeyInfo();
            if (keyInfo == null) {
                FSUtils.debug.error("FSAssertionConsumerService.verifyAuthnResponseSignature: couldn't obtain this site's cert alias.");
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAssertionConsumerService.verifyAuthnResponseSignature: Provider's certAlias is found: ").append(keyInfo).toString());
            }
            return XMLSignatureManager.getInstance().verifyXMLSignature(document, keyInfo);
        } catch (Exception e) {
            FSUtils.debug.error("FSAssertionConsumerService.verifyAuthnResponseSignature: Exception occured while verifying signature: ", e);
            return false;
        }
    }
}
