package com.sun.identity.saml.common;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.services.naming.ServerEntryNotFoundException;
import com.iplanet.services.naming.WebtopNaming;
import com.iplanet.services.util.Base64;
import com.iplanet.services.util.CookieUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.SAMLCallback;
import com.sun.identity.common.Constants;
import com.sun.identity.liberty.ws.idpp.common.IDPPConstants;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.Attribute;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.Condition;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectStatement;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.plugins.PartnerAccountMapper;
import com.sun.identity.saml.protocol.Response;
import com.sun.identity.saml.servlet.POSTCleanUpThread;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.sm.ServiceSchemaManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.text.StringCharacterIterator;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;

/* JADX WARN: Classes with same name are omitted:
  input_file:120954-02/SUNWamclnt/reloc/SUNWam/lib/amclientsdk.jar:com/sun/identity/saml/common/SAMLUtils.class
 */
/* loaded from: input_file:120954-02/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/saml/common/SAMLUtils.class */
public class SAMLUtils extends SAMLUtilsCommon {
    public static final String HTTP_MAX_CONTENT_LENGTH = "com.sun.identity.saml.request.maxContentLength";
    public static final int defaultMaxLength = 16384;
    private static int maxContentLength;
    private static Thread cThread;
    private static SSOToken ssoToken;
    public static final String DEFAULT_CONTENT_LENGTH = String.valueOf(16384);
    private static Map idTimeMap = new HashMap();

    private SAMLUtils() {
    }

    public static String generateAssertionID() {
        String generateID = SAMLUtilsCommon.generateID();
        if (generateID == null) {
            return null;
        }
        String str = null;
        try {
            str = WebtopNaming.getServerID(SAMLServiceManager.getServerProtocol(), SAMLServiceManager.getServerHost(), SAMLServiceManager.getServerPort());
        } catch (Exception e) {
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message("SAMLUtil:generateAssertionID: exception obtain serverID:", e);
            }
        }
        return str == null ? generateID : new StringBuffer().append(generateID).append(str).toString();
    }

    public static boolean checkQuery(Element element, String str) {
        String localName = element.getLocalName();
        if (localName == null) {
            return false;
        }
        if (!localName.equals(IDPPConstants.QUERY_TYPE) && !localName.equals("SubjectQuery")) {
            return localName.equals(str);
        }
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Attr attr = (Attr) attributes.item(i);
            String localName2 = attr.getLocalName();
            if (localName2 != null && localName2.equals("type") && attr.getNodeValue().equals(new StringBuffer().append(str).append("Type").toString())) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public static String getDecodedSourceIDString(String str) {
        if (str == null) {
            SAMLUtilsCommon.debug.error("SAMLUtils.getDecodedSourceIDString: null input.");
            return null;
        }
        try {
            return byteArrayToString(Base64.decode(str));
        } catch (Exception e) {
            SAMLUtilsCommon.debug.error("SAMLUtils.getDecodedSourceIDString: ", e);
            return null;
        }
    }

    public static String generateSourceID(String str) {
        if (str == null || str.length() == 0) {
            SAMLUtilsCommon.debug.error("SAMLUtils.genrateSourceID: empty siteURL.");
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(stringToByteArray(str));
            String str2 = null;
            try {
                str2 = Base64.encode(messageDigest.digest()).trim();
            } catch (Exception e) {
                SAMLUtilsCommon.debug.error("SAMLUtils.generateSourceID: Exception:", e);
            }
            return str2;
        } catch (Exception e2) {
            SAMLUtilsCommon.debug.error("SAMLUtils.generateSourceID: Exception when generating digest:", e2);
            return null;
        }
    }

    public static String generateAssertionHandle() {
        if (SAMLUtilsCommon.random == null) {
            return null;
        }
        byte[] bArr = new byte[20];
        SAMLUtilsCommon.random.nextBytes(bArr);
        String str = null;
        try {
            str = WebtopNaming.getServerID(SAMLServiceManager.getServerProtocol(), SAMLServiceManager.getServerHost(), SAMLServiceManager.getServerPort());
        } catch (Exception e) {
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message("SAMLUtil:generateAssertionHandle: exception obtain serverID:", e);
            }
        }
        if (str != null) {
            byte[] stringToByteArray = stringToByteArray(str);
            if (stringToByteArray.length < bArr.length) {
                for (int i = 1; i <= stringToByteArray.length; i++) {
                    bArr[bArr.length - i] = stringToByteArray[stringToByteArray.length - i];
                }
            }
        }
        return byteArrayToString(bArr);
    }

    public static byte[] hexStringToByteArray(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        int i = 0;
        int i2 = 0;
        while (i < length) {
            bArr[i2] = new Short(Integer.toString(Integer.parseInt(str.substring(i, i + 2), 16))).byteValue();
            i = i + 1 + 1;
            i2++;
        }
        return bArr;
    }

    public static String hexStringToBase64(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        int i = 0;
        int i2 = 0;
        while (i < length) {
            bArr[i2] = new Short(Integer.toString(Integer.parseInt(str.substring(i, i + 2), 16))).byteValue();
            i = i + 1 + 1;
            i2++;
        }
        String str2 = null;
        try {
            str2 = Base64.encode(bArr).trim();
        } catch (Exception e) {
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message("SAMLUtil:hexStringToBase64: exception encode input:", e);
            }
        }
        if (SAMLUtilsCommon.debug.messageEnabled()) {
            SAMLUtilsCommon.debug.message(new StringBuffer().append("base 64 source id is :").append(str2).toString());
        }
        return str2;
    }

    public static SAMLServiceManager.SOAPEntry getSourceSite(String str) {
        String issuer;
        if (str == null) {
            return null;
        }
        Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
        if (map == null) {
            SAMLUtilsCommon.debug.error("SAMLUtils.isOnPartnerURLList: PartnerURL list is null.");
            return null;
        }
        Iterator it = map.values().iterator();
        boolean z = false;
        SAMLServiceManager.SOAPEntry sOAPEntry = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            sOAPEntry = (SAMLServiceManager.SOAPEntry) it.next();
            if (sOAPEntry != null && (issuer = sOAPEntry.getIssuer()) != null && issuer.equals(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return sOAPEntry;
        }
        return null;
    }

    public static void main(String[] strArr) {
        if (strArr.length != 1) {
            System.out.println("usage : java SAMLUtils <host_name>");
        } else {
            System.out.println(generateSourceID(strArr[0]));
        }
    }

    public static boolean isCorrectConfirmationMethod(SubjectConfirmation subjectConfirmation) {
        if (subjectConfirmation == null) {
            return false;
        }
        Set confirmationMethod = subjectConfirmation.getConfirmationMethod();
        if (confirmationMethod == null || confirmationMethod.size() != 1) {
            if (!SAMLUtilsCommon.debug.messageEnabled()) {
                return false;
            }
            SAMLUtilsCommon.debug.message("SAMLUtils.isCorrectConfirmationMethod: missing ConfirmationMethod in the Subject.");
            return false;
        }
        String str = (String) confirmationMethod.iterator().next();
        if (str != null && str.equals(SAMLConstants.CONFIRMATION_METHOD_IS)) {
            return true;
        }
        if (!SAMLUtilsCommon.debug.messageEnabled()) {
            return false;
        }
        SAMLUtilsCommon.debug.message("SAMLUtils.isCorrectConfirmationMethod: wrong ConfirmationMethod value.");
        return false;
    }

    public static boolean isAuthNAssertion(Assertion assertion) {
        if (assertion == null || !assertion.isTimeValid() || !assertion.isSignatureValid()) {
            return false;
        }
        Iterator it = assertion.getStatement().iterator();
        while (it.hasNext()) {
            if (((Statement) it.next()).getStatementType() == 1) {
                return true;
            }
        }
        return false;
    }

    public static byte[] stringToByteArray(String str) {
        char[] charArray = str.toCharArray();
        byte[] bArr = new byte[charArray.length];
        for (int i = 0; i < charArray.length; i++) {
            bArr[i] = (byte) charArray[i];
        }
        return bArr;
    }

    public static String byteArrayToString(byte[] bArr) {
        char[] cArr = new char[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            cArr[i] = (char) bArr[i];
        }
        return new String(cArr);
    }

    public static String getServerID(String str) {
        int length;
        if (str != null && (length = str.length()) >= 2) {
            return str.substring(length - 2, length);
        }
        return null;
    }

    public static String getServerURL(String str) {
        String serverID = getServerID(str);
        if (serverID == null) {
            return null;
        }
        if (SAMLUtilsCommon.debug.messageEnabled()) {
            SAMLUtilsCommon.debug.message(new StringBuffer().append("SAMLUtils.getServerURL: id=").append(serverID).toString());
        }
        try {
            String serverFromID = WebtopNaming.getServerFromID(serverID);
            String serverURL = SAMLServiceManager.getServerURL();
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message(new StringBuffer().append("SAMLUtils.getServerURL: remoteUrl=").append(serverFromID).append(", thisUrl=").append(serverURL).toString());
            }
            if (serverFromID == null || serverURL == null || serverFromID.equals(serverURL)) {
                return null;
            }
            return serverFromID;
        } catch (ServerEntryNotFoundException e) {
            if (!SAMLUtilsCommon.debug.messageEnabled()) {
                return null;
            }
            SAMLUtilsCommon.debug.message(new StringBuffer().append("SAMLUtils.getServerURL: ServerEntryNotFoundException for ").append(serverID).toString());
            return null;
        }
    }

    public static String getFullServiceURL(String str) {
        String str2 = null;
        try {
            URL url = new URL(str);
            str2 = WebtopNaming.getServiceURL(SAMLConstants.SAML_AM_NAMING, url.getProtocol(), url.getHost(), Integer.toString(url.getPort())).toString();
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message(new StringBuffer().append("SAMLUtils.getFullServiceURL:full remote URL is: ").append(str2).toString());
            }
        } catch (Exception e) {
            if (SAMLUtilsCommon.debug.warningEnabled()) {
                SAMLUtilsCommon.debug.warning("SAMLUtils.getFullServiceURL:Exception:", e);
            }
        }
        return str2;
    }

    public static void addEnvParamsFromAssertion(Map map, Assertion assertion, Subject subject) {
        Set<Statement> statement = assertion.getStatement();
        if (statement == null || statement.isEmpty()) {
            return;
        }
        for (Statement statement2 : statement) {
            if (statement2.getStatementType() == 3 && subject.equals(((AttributeStatement) statement2).getSubject())) {
                for (Attribute attribute : ((AttributeStatement) statement2).getAttribute()) {
                    try {
                        List attributeValue = attribute.getAttributeValue();
                        String attributeName = attribute.getAttributeName();
                        Element element = (Element) attributeValue.get(0);
                        if (attributeValue.size() != 1 || XMLUtils.hasElementChild(element)) {
                            try {
                                map.put(attributeName, attributeValue);
                            } catch (Exception e) {
                            }
                        } else {
                            String elementValue = XMLUtils.getElementValue(element);
                            try {
                                if (SAMLUtilsCommon.debug.messageEnabled()) {
                                    SAMLUtilsCommon.debug.message(new StringBuffer().append("SAMLUtils.addEnvParamsFromAssertion: attrName = ").append(attributeName).append(" attrValue = ").append(elementValue).toString());
                                }
                                map.put(attributeName, elementValue);
                            } catch (Exception e2) {
                            }
                        }
                    } catch (Exception e3) {
                        SAMLUtilsCommon.debug.error("SAMLUtils.addEnvParamsFromAssertion: cannot obtain attribute value:", e3);
                    }
                }
            }
        }
    }

    public static int getMaxContentLength() {
        return maxContentLength;
    }

    public static void checkHTTPContentLength(HttpServletRequest httpServletRequest) throws ServletException {
        if (maxContentLength != 0) {
            int contentLength = httpServletRequest.getContentLength();
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message(new StringBuffer().append("HttpRequest content length= ").append(contentLength).toString());
            }
            if (contentLength > maxContentLength) {
                if (SAMLUtilsCommon.debug.messageEnabled()) {
                    SAMLUtilsCommon.debug.message(new StringBuffer().append("content length too large").append(contentLength).toString());
                }
                throw new ServletException(SAMLUtilsCommon.bundle.getString("largeContentLength"));
            }
        }
    }

    public static void postToTarget(HttpServletResponse httpServletResponse, List list, String str, Map map) throws IOException {
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<HTML>");
        writer.println("<HEAD>\n");
        writer.println("<TITLE>Access rights validated</TITLE>\n");
        writer.println("</HEAD>\n");
        writer.println("<BODY Onload=\"document.forms[0].submit()\">");
        if (SAMLUtilsCommon.debug.messageEnabled()) {
            writer.println("<H1>Access rights validated</H1>\n");
            writer.println("<meta http-equiv=\"refresh\" content=\"20\">\n");
            writer.println("<P>We have verified your access rights <STRONG></STRONG> according to the assertion shown below. \n");
            writer.println("You are being redirected to the resource.\n");
            writer.println("Please wait ......\n");
            writer.println("</P>\n");
            writer.println("<HR><P>\n");
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    writer.println(displayXML((String) it.next()));
                }
            }
            writer.println("</P>\n");
        }
        writer.println(new StringBuffer().append("<FORM METHOD=\"POST\" ACTION=\"").append(str).append("\">").toString());
        if (list != null) {
            Iterator it2 = list.iterator();
            while (it2.hasNext()) {
                writer.println("<INPUT TYPE=\"HIDDEN\" NAME=\"ASSERTION\"");
                writer.println(new StringBuffer().append("VALUE=\"").append(AMURLEncDec.encode((String) it2.next())).append("\">").toString());
            }
        }
        if (map != null && !map.isEmpty()) {
            StringBuffer stringBuffer = new StringBuffer();
            for (Map.Entry entry : map.entrySet()) {
                String HTMLEncode = HTMLEncode((String) entry.getKey(), '\"');
                writer.println(new StringBuffer().append("<INPUT TYPE=\"HIDDEN\" NAME=\"").append(HTMLEncode).append("\" VALUE=\"").append(HTMLEncode((String) entry.getValue(), '\"')).append("\">").toString());
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(":");
                }
                stringBuffer.append(HTMLEncode);
            }
            writer.println(new StringBuffer().append("<INPUT TYPE=\"HIDDEN\" NAME=\"ATTRIBUTENAMES\" VALUE=\"").append((Object) stringBuffer).append("\">").toString());
        }
        writer.println("</FORM>");
        writer.println("</BODY></HTML>");
        writer.close();
    }

    public static boolean postYN(String str) {
        Set set;
        SAMLUtilsCommon.debug.message("Inside postYN()");
        if (str == null || str.equals("") || (set = (Set) SAMLServiceManager.getAttribute(SAMLConstants.POST_TO_TARGET_URLS)) == null || set.size() == 0) {
            return false;
        }
        try {
            URL url = new URL(str);
            return set.contains(new StringBuffer(url.getHost().toLowerCase()).append(":").append(String.valueOf(url.getPort())).append("/").append(url.getPath()).toString());
        } catch (MalformedURLException e) {
            SAMLUtilsCommon.debug.error("SAMLUtils:postYN(): Malformed URL passed");
            return false;
        }
    }

    public static String HTMLEncode(String str, char c) {
        if (str == null) {
            return null;
        }
        int i = 0;
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            int indexOf = str.indexOf(c, i);
            if (indexOf == -1) {
                stringBuffer.append(str.substring(i));
                return stringBuffer.toString();
            }
            stringBuffer.append(str.substring(i, indexOf)).append(new StringBuffer().append("&#").append((int) c).append(";").toString());
            i = indexOf + 1;
        }
    }

    public static String displayXML(String str) {
        SAMLUtilsCommon.debug.message("In displayXML ");
        StringCharacterIterator stringCharacterIterator = new StringCharacterIterator(str);
        StringBuffer stringBuffer = new StringBuffer();
        char first = stringCharacterIterator.first();
        while (true) {
            char c = first;
            if (c == 65535) {
                return stringBuffer.toString();
            }
            if (c == '>') {
                stringBuffer.append("&gt;");
            } else if (c == '<') {
                stringBuffer.append("&lt;");
            } else if (c == '\n') {
                stringBuffer.append("<BR>\n");
            } else {
                stringBuffer.append(c);
            }
            first = stringCharacterIterator.next();
        }
    }

    public static javax.security.auth.Subject getAuthSubject(String[] strArr, Response response, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        javax.security.auth.Subject subject = null;
        SSOToken sSOToken = null;
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            sSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            if (sSOToken != null) {
                if (!sSOTokenManager.isValidToken(sSOToken)) {
                    sSOToken = null;
                }
            }
        } catch (SSOException e) {
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message("getAuthSubject : No SSOToken in the request cookie. Generating from Auth...", e);
            }
        }
        try {
            AuthContext authContext = sSOToken != null ? new AuthContext(sSOToken) : new AuthContext("/");
            AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
            SAMLUtilsCommon.debug.message("SAML auth module : Obtained AuthContext");
            authContext.login(indexType, "SAML");
            while (authContext.hasMoreRequirements()) {
                Callback[] requirements = authContext.getRequirements();
                if (requirements != null) {
                    try {
                        processCallbacks(requirements, strArr, response, str);
                        authContext.submitRequirements(requirements);
                    } catch (Exception e2) {
                        SAMLUtilsCommon.debug.message(new StringBuffer().append("Login failed!!").append(e2.toString()).toString());
                        return null;
                    }
                }
            }
            if (authContext.getStatus() == AuthContext.Status.SUCCESS) {
                SAMLUtilsCommon.debug.message("Login success!!");
                SAMLUtilsCommon.debug.message("Getting SSOToken from Auth API");
                SSOToken sSOToken2 = authContext.getSSOToken();
                SAMLUtilsCommon.debug.message("Getting Subject from Auth API");
                subject = authContext.getSubject();
                setCookieInHttpResponse(sSOToken2, httpServletResponse);
            } else if (authContext.getStatus() == AuthContext.Status.FAILED) {
                SAMLUtilsCommon.debug.message("Login has failed!!");
            } else if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message(new StringBuffer().append("Unknown status: ").append(authContext.getStatus()).toString());
            }
            return subject;
        } catch (AuthLoginException e3) {
            e3.printStackTrace();
            SAMLUtilsCommon.debug.message("Login failed!!");
            return null;
        }
    }

    private static void processCallbacks(Callback[] callbackArr, String[] strArr, Response response, String str) throws UnsupportedCallbackException {
        SAMLUtilsCommon.debug.message("begin processCallbacks()");
        for (int i = 0; i < callbackArr.length; i++) {
            try {
                if (callbackArr[i] instanceof SAMLCallback) {
                    SAMLUtilsCommon.debug.message("Got SAMLCallback");
                    SAMLCallback sAMLCallback = (SAMLCallback) callbackArr[i];
                    SAMLUtilsCommon.debug.message(sAMLCallback.getPrompt());
                    if (strArr != null) {
                        sAMLCallback.setType(1);
                        sAMLCallback.setArtifact(strArr);
                    } else if (response != null) {
                        sAMLCallback.setType(2);
                        sAMLCallback.setSamlResponse(response);
                        sAMLCallback.setCheckSignature(true);
                    } else {
                        SAMLUtilsCommon.debug.error("Invalid input to SAMLCallback");
                    }
                } else if (callbackArr[i] instanceof NameCallback) {
                    SAMLUtilsCommon.debug.message("Got NameCallback");
                    NameCallback nameCallback = (NameCallback) callbackArr[i];
                    SAMLUtilsCommon.debug.message(nameCallback.getPrompt());
                    nameCallback.setName(str);
                }
            } catch (Exception e) {
                throw new UnsupportedCallbackException(callbackArr[i], new StringBuffer().append("Callback exception: ").append(e).toString());
            }
        }
    }

    public static void setCookieInHttpResponse(SSOToken sSOToken, HttpServletResponse httpServletResponse) throws Exception {
        try {
            Set set = (Set) new ServiceSchemaManager("iPlanetAMPlatformService", sSOToken).getGlobalSchema().getAttributeDefaults().get("iplanet-am-platform-cookie-domains");
            String sSOTokenID = sSOToken.getTokenID().toString();
            String str = SystemProperties.get(Constants.AM_COOKIE_NAME);
            if (set.size() == 0) {
                if (SAMLUtilsCommon.debug.messageEnabled()) {
                    SAMLUtilsCommon.debug.message("SAMLUtils.generateSSOToken: cookie domain is null");
                }
                httpServletResponse.addCookie(CookieUtils.newCookie(str, sSOTokenID, "/"));
            } else {
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    httpServletResponse.addCookie(CookieUtils.newCookie(str, sSOTokenID, "/", (String) it.next()));
                }
            }
        } catch (Exception e) {
            SAMLUtilsCommon.debug.message(new StringBuffer().append("setCookieInHttpResponse : ").append(e).toString());
        }
    }

    public static List getListOfAssertions(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            try {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    Element documentElement = XMLUtils.toDOMDocument((String) it.next(), SAMLUtilsCommon.debug).getDocumentElement();
                    if (documentElement != null) {
                        arrayList.add(new Assertion(documentElement));
                    }
                }
            } catch (Exception e) {
                if (SAMLUtilsCommon.debug.messageEnabled()) {
                    SAMLUtilsCommon.debug.message("SAMLUtils.getListOfAssertions : Exception : ", e);
                }
            }
        }
        return arrayList;
    }

    public static byte[] getResponseBytes(Response response) throws SAMLException {
        try {
            return response.toString(true, true, true).getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message("getResponseBytes : ", e);
            }
            throw new SAMLException(e.getMessage());
        }
    }

    public static Response getResponse(byte[] bArr) {
        Response response = null;
        if (bArr == null) {
            return null;
        }
        try {
            response = Response.parseXML(new ByteArrayInputStream(bArr));
        } catch (SAMLException e) {
            SAMLUtilsCommon.debug.error("getResponse : ", e);
        }
        return response;
    }

    public static boolean verifyResponse(Response response, String str, HttpServletRequest httpServletRequest) {
        String recipient = response.getRecipient();
        if (recipient == null || recipient.length() == 0 || !(recipient.equals(str) || recipient.equals(getLBURL(str, httpServletRequest)))) {
            SAMLUtilsCommon.debug.error("verifyResponse : Incorrect Recipient.");
            return false;
        }
        if (response.getStatus().getStatusCode().getValue().endsWith(":Success")) {
            return true;
        }
        SAMLUtilsCommon.debug.error("verifyResponse : Incorrect StatusCode value.");
        return false;
    }

    private static String getLBURL(String str, HttpServletRequest httpServletRequest) {
        int indexOf;
        String header = httpServletRequest.getHeader("host");
        if (header != null && (indexOf = str.indexOf("//")) != -1) {
            StringBuffer stringBuffer = new StringBuffer(HttpServletResponse.SC_OK);
            stringBuffer.append(str.substring(0, indexOf + 2)).append(header);
            String substring = str.substring(indexOf + 2, str.length());
            int indexOf2 = substring.indexOf("/");
            if (indexOf2 != -1) {
                stringBuffer.append(substring.substring(indexOf2, substring.length()));
            }
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message(new StringBuffer().append("getLBURL: LBURL = ").append(stringBuffer.toString()).toString());
            }
            return stringBuffer.toString().trim();
        }
        return str;
    }

    public static List getStrAssertions(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(((Assertion) it.next()).toString(true, true));
            }
        }
        return arrayList;
    }

    public static boolean verifySignature(Response response) {
        if (response != null) {
            return response.isSigned() && response.isSignatureValid();
        }
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.util.Map] */
    public static Map getAttributeMap(SAMLServiceManager.SOAPEntry sOAPEntry, List list, Subject subject, String str) throws Exception {
        String str2;
        String sourceID = sOAPEntry.getSourceID();
        HashMap hashMap = new HashMap();
        PartnerAccountMapper partnerAccountMapper = sOAPEntry.getPartnerAccountMapper();
        if (partnerAccountMapper != null) {
            Map user = partnerAccountMapper.getUser(list, sourceID, str);
            str2 = (String) user.get("name");
            hashMap = (Map) user.get("attribute");
        } else {
            str2 = (String) sOAPEntry.getAccountMapper().getUser(subject, sourceID).get("name");
        }
        if (hashMap == null) {
            hashMap = new HashMap();
        }
        hashMap.put(SAMLConstants.USER_NAME, str2);
        if (SAMLUtilsCommon.debug.messageEnabled()) {
            SAMLUtilsCommon.debug.message(new StringBuffer().append("getAttributeMap : name = ").append(str2).append(", attrMap = ").append(hashMap).toString());
        }
        return hashMap;
    }

    public static Map verifyAssertionAndGetSSMap(Response response) {
        Date notOnorAfter;
        Set confirmationMethod;
        Subject subject = null;
        SAMLServiceManager.SOAPEntry sOAPEntry = null;
        List<Assertion> assertion = response.getAssertion();
        long currentTimeMillis = System.currentTimeMillis() + 180000;
        for (Assertion assertion2 : assertion) {
            String assertionID = assertion2.getAssertionID();
            if (idTimeMap.containsKey(assertionID)) {
                SAMLUtilsCommon.debug.error(new StringBuffer().append("verifyAssertion AndGetSSMap: Assertion: ").append(assertionID).append(" is used.").toString());
                return null;
            }
            SAMLServiceManager.SOAPEntry sourceSite = getSourceSite(assertion2.getIssuer());
            sOAPEntry = sourceSite;
            if (sourceSite == null) {
                SAMLUtilsCommon.debug.error("verifyAsserti onAndGetSSMap: issuer is not on the Partner list.");
                return null;
            }
            if (!assertion2.isSignatureValid()) {
                SAMLUtilsCommon.debug.error("verifyAssertion AndGetSSMap: assertion's signature is not valid.");
                return null;
            }
            if (!assertion2.isTimeValid()) {
                SAMLUtilsCommon.debug.error("verifyAssertion AndGetSSMap: assertion's time is not valid.");
                return null;
            }
            for (Statement statement : assertion2.getStatement()) {
                int statementType = statement.getStatementType();
                if (statementType == 1 || statementType == 3 || statementType == 2) {
                    Subject subject2 = ((SubjectStatement) statement).getSubject();
                    SubjectConfirmation subjectConfirmation = subject2.getSubjectConfirmation();
                    if (subjectConfirmation == null || (confirmationMethod = subjectConfirmation.getConfirmationMethod()) == null || confirmationMethod.size() != 1) {
                        SAMLUtilsCommon.debug.error("verify AssertionAndGetSSMap: missing or extra ConfirmationMethod.");
                        return null;
                    }
                    String str = (String) confirmationMethod.iterator().next();
                    if (str == null || !str.equals("urn:oasis:names:tc:SAML:1.0:cm:bearer")) {
                        SAMLUtilsCommon.debug.error("verify AssertionAndGetSSMap:wrong ConfirmationMethod.");
                        return null;
                    }
                    if (statementType == 1 && subject == null) {
                        subject = subject2;
                    }
                }
            }
            Conditions conditions = assertion2.getConditions();
            if (conditions != null && (notOnorAfter = conditions.getNotOnorAfter()) != null) {
                currentTimeMillis = notOnorAfter.getTime();
            }
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message(new StringBuffer().append("Adding ").append(assertionID).append(" to idTimeMap.").toString());
            }
            synchronized (idTimeMap) {
                idTimeMap.put(assertionID, new Long(currentTimeMillis));
            }
        }
        if (subject == null || sOAPEntry == null) {
            SAMLUtilsCommon.debug.error("verifyAssertion AndGetSSMap: couldn't find Subject.");
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("subject", subject);
        hashMap.put("sourceSite", sOAPEntry);
        hashMap.put(SAMLConstants.POST_ASSERTION, assertion);
        return hashMap;
    }

    private static boolean checkCondition(Assertion assertion) throws IOException {
        if (assertion == null) {
            return false;
        }
        if (!assertion.isSignatureValid()) {
            SAMLUtilsCommon.debug.error(SAMLUtilsCommon.bundle.getString("assertionSignatureNotValid"));
            return false;
        }
        if (!assertion.isTimeValid()) {
            SAMLUtilsCommon.debug.error(SAMLUtilsCommon.bundle.getString("assertionTimeNotValid"));
            return false;
        }
        Conditions conditions = assertion.getConditions();
        new HashSet();
        Set audienceRestrictionCondition = conditions.getAudienceRestrictionCondition();
        if (audienceRestrictionCondition == null || audienceRestrictionCondition.isEmpty()) {
            return true;
        }
        Iterator it = audienceRestrictionCondition.iterator();
        while (it.hasNext()) {
            if (((AudienceRestrictionCondition) it.next()).evaluate() != Condition.INDETERMINATE) {
                SAMLUtilsCommon.debug.error("Failed AudienceRestrictionCondition");
                return false;
            }
            if (SAMLUtilsCommon.debug.messageEnabled()) {
                SAMLUtilsCommon.debug.message("Audience RestrictionConditions is indeterminate.");
            }
        }
        return true;
    }

    public static Subject examAssertions(List list) throws IOException {
        if (list == null) {
            return null;
        }
        boolean z = false;
        Subject subject = null;
        Iterator it = list.iterator();
        new ArrayList();
        while (it.hasNext()) {
            Assertion assertion = (Assertion) it.next();
            if (!checkCondition(assertion)) {
                return null;
            }
            SAMLUtilsCommon.debug.message("Passed checking Conditions!");
            new HashSet();
            Set<Statement> statement = assertion.getStatement();
            if (statement == null || statement.isEmpty()) {
                SAMLUtilsCommon.debug.error(SAMLUtilsCommon.bundle.getString("noStatement"));
                return null;
            }
            for (Statement statement2 : statement) {
                subject = ((SubjectStatement) statement2).getSubject();
                SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmation();
                new HashSet();
                Set confirmationMethod = subjectConfirmation.getConfirmationMethod();
                if (confirmationMethod == null || confirmationMethod.isEmpty()) {
                    SAMLUtilsCommon.debug.error("Subject confirmation method is null");
                    return null;
                }
                String str = (String) confirmationMethod.iterator().next();
                if (str == null || assertion.getMajorVersion() != 1 || ((assertion.getMinorVersion() != 1 || !str.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) && (assertion.getMinorVersion() != 0 || !str.equals("urn:oasis:names:tc:SAML:1.0:cm:artifact-01")))) {
                    SAMLUtilsCommon.debug.error("Wrong Confirmation Method.");
                    return null;
                }
                if (SAMLUtilsCommon.debug.messageEnabled()) {
                    SAMLUtilsCommon.debug.message("Correct Confirmation method");
                }
                if (statement2 instanceof AuthenticationStatement) {
                    z = true;
                }
            }
        }
        if (z) {
            return subject;
        }
        SAMLUtilsCommon.debug.error(SAMLUtilsCommon.bundle.getString("noSSOAssertion"));
        return null;
    }

    public static String removeNewLineChars(String str) {
        String str2;
        if (str == null || str.length() <= 0 || str.indexOf(10) == -1) {
            str2 = str;
        } else {
            char[] charArray = str.toCharArray();
            StringBuffer stringBuffer = new StringBuffer(charArray.length);
            for (char c : charArray) {
                if (c != '\n') {
                    stringBuffer.append(c);
                }
            }
            str2 = stringBuffer.toString();
        }
        return str2;
    }

    public static boolean checkSignatureValid(String str, String str2, String str3) {
        boolean z;
        SAMLServiceManager.SOAPEntry sOAPEntry;
        String str4 = null;
        Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
        if (map != null && (sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(str3)) != null) {
            str4 = sOAPEntry.getCertAlias();
        }
        try {
            z = XMLSignatureManager.getInstance().verifyXMLSignature(str, str2, str4);
        } catch (Exception e) {
            SAMLUtilsCommon.debug.warning("SAMLUtils.checkSignatureValid: signature validation exception", e);
            z = false;
        }
        if (!z && SAMLUtilsCommon.debug.messageEnabled()) {
            SAMLUtilsCommon.debug.message("SAMLUtils.checkSignatureValid: Couldn't verify signature.");
        }
        return z;
    }

    /* JADX WARN: Code restructure failed: missing block: B:34:0x0041, code lost:
    
        if (r7.equals("") != false) goto L9;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.sun.identity.idm.AMIdentity getAMIdentity(com.sun.identity.idm.IdType r5, java.lang.String r6, java.lang.String r7) {
        /*
            Method dump skipped, instructions count: 334
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.saml.common.SAMLUtils.getAMIdentity(com.sun.identity.idm.IdType, java.lang.String, java.lang.String):com.sun.identity.idm.AMIdentity");
    }

    static {
        maxContentLength = 0;
        cThread = null;
        if (WebtopNaming.isServerMode()) {
            cThread = new POSTCleanUpThread(idTimeMap);
            cThread.start();
        }
        try {
            maxContentLength = Integer.parseInt(SystemProperties.get(HTTP_MAX_CONTENT_LENGTH, DEFAULT_CONTENT_LENGTH));
        } catch (NumberFormatException e) {
            SAMLUtilsCommon.debug.error("Wrong format of SAML request max content length. Take default value.");
            maxContentLength = 16384;
        }
    }
}
