package com.iplanet.services.cdc;

import com.iplanet.dpro.session.SessionException;
import com.iplanet.dpro.session.TokenRestrictionFactory;
import com.iplanet.dpro.session.service.SessionService;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.client.AuthClientUtils;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthenticationStatement;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.message.common.AuthnContext;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.message.common.IDPProvidedNameIdentifier;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.saml.assertion.AssertionIDReference;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectLocality;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.CookieUtils;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.workflow.ParameterKeys;
import com.sun.identity.wss.sts.STSConstants;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.agent.TokenRestrictionResolver;
import org.forgerock.openam.identity.idm.AMIdentityRepositoryFactory;
import org.forgerock.openam.ldap.LDAPUtils;
import org.forgerock.openam.utils.Time;
import org.owasp.esapi.ESAPI;

/* loaded from: input_file:com/iplanet/services/cdc/CDCServlet.class */
public class CDCServlet extends HttpServlet {
    private static final String UNIQUE_COOKIE_NAME = "sunIdentityServerAuthNServer";
    private static final String DEFAULT_DEPLOY_URI = "/amserver";
    private static final String GOTO_PARAMETER = "goto";
    private static final String TARGET_PARAMETER = "TARGET";
    private static final String AUTHURI = "/UI/Login";
    private static final String PROVIDER_ID = "ProviderID";
    private static final String REQUEST_ID = "RequestID";
    private static final String RELAY_STATE = "RelayState";
    private static final String LOGIN_URI = "loginURI";
    private static final String RESPONSE_HEADER_ALERT = "X-DSAME-Assertion-Form";
    private static final String RESPONSE_HEADER_ALERT_VALUE = "true";
    private static final String FORBIDDEN_STR_MATCH = "#403x";
    private static final String SERVER_ERROR_STR_MATCH = "#500x";
    private static final String LEFT_ANGLE = "<";
    private static final String RIGHT_ANGLE = ">";
    private static final String URLENC_RIGHT_ANGLE = "%3e";
    private static final String URLENC_LEFT_ANGLE = "%3c";
    private static final String URLENC_JAVASCRIPT = "javascript%3a";
    private static final String JAVASCRIPT = "javascript:";
    private static final String DELIM = ",";
    private static final char QUESTION_MARK = '?';
    private static final char AMP = '&';
    private static final char EQUALS = '=';
    private volatile TokenRestrictionResolver tokenRestrictionResolver;
    private SSOTokenManager tokenManager;
    private SessionService sessionService;
    private String DNSAddress = "localhost";
    private String IPAddress = "127.0.0.1";
    private String authURLCookieName;
    private String authURLCookieDomain;
    private String deployDescriptor;
    private String responseID;
    private boolean uniqueCookieEnabled;
    private static final String CDCURI = "/cdcservlet";
    private static final String SELF_PROVIDER_ID = FSServiceUtils.getBaseURL() + CDCURI;
    private static final List adviceParams = new ArrayList();
    private static final Set<String> INVALID_SET = new HashSet();
    private static final Set<String> VALID_LOGIN_URIS = new HashSet();
    private static final String DEBUG_FILE_NAME = "amCDC";
    private static Debug debug = Debug.getInstance(DEBUG_FILE_NAME);

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        debug.message("CDCServlet Initializing...");
        try {
            this.tokenManager = SSOTokenManager.getInstance();
            this.sessionService = (SessionService) InjectorHolder.getInstance(SessionService.class);
            this.tokenRestrictionResolver = new TokenRestrictionResolver((AMIdentityRepositoryFactory) InjectorHolder.getInstance(AMIdentityRepositoryFactory.class), (TokenRestrictionFactory) InjectorHolder.getInstance(TokenRestrictionFactory.class));
            this.DNSAddress = SystemConfigurationUtil.getProperty("com.iplanet.am.server.host");
            this.IPAddress = InetAddress.getByName(this.DNSAddress).getHostAddress();
            this.authURLCookieName = SystemConfigurationUtil.getProperty("com.sun.identity.authentication.uniqueCookieName", UNIQUE_COOKIE_NAME);
            this.authURLCookieDomain = SystemConfigurationUtil.getProperty("com.sun.identity.authentication.uniqueCookieDomain", "");
            this.deployDescriptor = SystemConfigurationUtil.getProperty("com.iplanet.am.services.deploymentDescriptor", DEFAULT_DEPLOY_URI);
            this.uniqueCookieEnabled = Boolean.valueOf(SystemConfigurationUtil.getProperty("com.sun.identity.enableUniqueSSOTokenCookie", "false")).booleanValue();
            if (debug.messageEnabled()) {
                debug.message("CDCServlet init params: Restricted Token Enabled = " + this.uniqueCookieEnabled + " Auth URL Cookie Name = " + this.authURLCookieName + " Auth URL Cookie Domain = " + this.authURLCookieDomain + " Deployment Descriptor: " + this.deployDescriptor);
            }
        } catch (SSOException e) {
            debug.error("CDCServlet.init: Unable to get SSOTokenManager", e);
            throw new ServletException(e.getMessage());
        } catch (UnknownHostException e2) {
            debug.error("CDCServlet.init", e2);
            throw new ServletException(e2.getMessage());
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    private void doGetPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.doGetPost: Query String received: " + httpServletRequest.getQueryString());
        }
        String parameter = httpServletRequest.getParameter(GOTO_PARAMETER);
        String parameter2 = httpServletRequest.getParameter(TARGET_PARAMETER);
        if (parameter2 == null) {
            parameter2 = httpServletRequest.getParameter(TARGET_PARAMETER.toLowerCase());
        }
        if (parameter != null || parameter2 != null) {
            debug.message("CDCServlet:doGetPost():goto or target is not null");
            for (String str : INVALID_SET) {
                if (parameter != null && parameter.toLowerCase().contains(str)) {
                    showError(httpServletResponse, "GOTO parameter has invalid characters");
                    return;
                } else if (parameter2 != null && parameter2.toLowerCase().contains(str)) {
                    showError(httpServletResponse, "TARGET parameter has invalid characters");
                    return;
                }
            }
        }
        SSOToken sSOToken = getSSOToken(httpServletRequest, httpServletResponse);
        String checkForPolicyAdvice = checkForPolicyAdvice(sSOToken, httpServletRequest, httpServletResponse);
        if (sSOToken == null || checkForPolicyAdvice != null) {
            redirectForAuthentication(httpServletRequest, httpServletResponse, checkForPolicyAdvice);
            return;
        }
        String cookieName = AuthClientUtils.getCookieName();
        if (CookieUtils.getCookieFromReq(httpServletRequest, cookieName) == null) {
            try {
                String sSOTokenID = sSOToken.getTokenID().toString();
                if (cookieName != null && cookieName.length() != 0) {
                    Set cookieDomainsForRequest = AuthClientUtils.getCookieDomainsForRequest(httpServletRequest);
                    if (cookieDomainsForRequest.isEmpty()) {
                        CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(cookieName, sSOTokenID, "/", (String) null));
                    } else {
                        Iterator it = cookieDomainsForRequest.iterator();
                        while (it.hasNext()) {
                            CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(cookieName, sSOTokenID, "/", (String) it.next()));
                        }
                    }
                }
            } catch (Exception e) {
                if (debug.messageEnabled()) {
                    debug.message("Error creating cookie. : " + e.getMessage());
                }
            }
        }
        redirectWithAuthNResponse(httpServletRequest, httpServletResponse, sSOToken);
    }

    private void redirectWithAuthNResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOToken sSOToken) throws ServletException, IOException {
        String redirectURL = getRedirectURL(httpServletRequest, httpServletResponse);
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.redirectWithAuthNResponse: gotoURL = " + redirectURL);
        }
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.redirectWithAuthNResponse: After encoding: gotoURL = " + redirectURL);
        }
        if (redirectURL != null) {
            try {
                String parameter = httpServletRequest.getParameter(REQUEST_ID);
                sendAuthnResponse(httpServletRequest, httpServletResponse, createAuthnResponse(SELF_PROVIDER_ID, this.responseID, parameter, new Status(new StatusCode("samlp:Success")), createAssertion(httpServletRequest.getParameter(PROVIDER_ID), SELF_PROVIDER_ID, this.uniqueCookieEnabled ? this.sessionService.getRestrictedTokenId(sSOToken.getTokenID().toString(), this.tokenRestrictionResolver.resolve(FSAuthnRequest.parseURLEncodedRequest(httpServletRequest).getProviderId(), redirectURL, (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), this.uniqueCookieEnabled)) : sSOToken.getTokenID().toString(), sSOToken.getAuthType(), sSOToken.getProperty("authInstant"), sSOToken.getPrincipal().getName(), parameter), httpServletRequest.getParameter(RELAY_STATE)), redirectURL);
            } catch (Exception e) {
                debug.error("CDCServlet.doGetPost", e);
                showError(httpServletResponse, FORBIDDEN_STR_MATCH);
            } catch (SSOException e2) {
                debug.error("CDCServlet.doGetPost", e2);
            } catch (FSException e3) {
                debug.error("CDCServlet.doGetPost", e3);
                showError(httpServletResponse);
            } catch (SessionException e4) {
                debug.error("CDCServlet.doGetPost", e4);
            } catch (SAMLException e5) {
                debug.error("CDCServlet.doGetPost", e5);
                showError(httpServletResponse);
            } catch (FSMsgException e6) {
                debug.error("CDCServlet.doGetPost", e6);
                showError(httpServletResponse);
            }
        }
    }

    private String getRedirectURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(GOTO_PARAMETER);
        if (parameter == null || parameter.length() == 0) {
            parameter = httpServletRequest.getParameter(TARGET_PARAMETER);
        }
        if (parameter == null || parameter.length() == 0) {
            debug.error("No GOTO or TARGET URL present in the Query !!");
            showError(httpServletResponse);
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.getRedirectURL, URL =" + parameter);
        }
        return parameter;
    }

    private String getParameterString(HttpServletRequest httpServletRequest) {
        String[] parameterValues;
        StringBuilder sb = new StringBuilder(1024);
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (!str.equalsIgnoreCase(GOTO_PARAMETER) && !adviceParams.contains(str) && (parameterValues = httpServletRequest.getParameterValues(str)) != null) {
                for (String str2 : parameterValues) {
                    sb.append('&').append(str).append('=').append(URLEncDec.encode(str2));
                }
            }
        }
        return sb.deleteCharAt(0).toString();
    }

    private String checkForPolicyAdvice(SSOToken sSOToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        StringBuilder sb = null;
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (adviceParams.contains(str)) {
                if (sSOToken != null && str.equals(ParameterKeys.P_REALM) && httpServletRequest.getParameter("sunamcompositeadvice") == null) {
                    try {
                        String property = sSOToken.getProperty("Organization");
                        if (property != null) {
                            String rdnTypeFromDn = LDAPUtils.rdnTypeFromDn(property);
                            if ((rdnTypeFromDn.equalsIgnoreCase(SMSEntry.getRootSuffix()) ? "/" : rdnTypeFromDn.substring(rdnTypeFromDn.indexOf("o=") + 2, rdnTypeFromDn.length())).equalsIgnoreCase(httpServletRequest.getParameter(str))) {
                                return null;
                            }
                        }
                    } catch (SSOException e) {
                        debug.error("CDCServlet.checkForPolicyAdvice: Failed to get realm info. ", e);
                    }
                }
                if (sb == null) {
                    sb = new StringBuilder();
                } else {
                    sb.append('&');
                }
                String[] parameterValues = httpServletRequest.getParameterValues(str);
                if (parameterValues != null) {
                    for (String str2 : parameterValues) {
                        sb.append(str).append('=').append(str2);
                    }
                }
            }
        }
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.checkForPolicyAdvice: Advice List is : " + ((Object) sb));
        }
        if (sb == null) {
            return null;
        }
        return sb.toString();
    }

    /* JADX WARN: Removed duplicated region for block: B:46:0x02b2 A[Catch: Exception -> 0x02cf, TryCatch #0 {Exception -> 0x02cf, blocks: (B:51:0x004d, B:55:0x0059, B:57:0x020a, B:58:0x0217, B:60:0x0221, B:67:0x0261, B:69:0x026d, B:44:0x02a9, B:46:0x02b2, B:8:0x0066, B:10:0x0073, B:12:0x00c1, B:14:0x00c9, B:16:0x00d2, B:18:0x00db, B:20:0x0100, B:22:0x0109, B:23:0x0123, B:25:0x012e, B:26:0x014b, B:28:0x015a, B:30:0x0164, B:32:0x0180, B:33:0x0193, B:36:0x01a7, B:37:0x01b3, B:39:0x01d4, B:40:0x01f1, B:41:0x013e), top: B:50:0x004d }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void redirectForAuthentication(javax.servlet.http.HttpServletRequest r6, javax.servlet.http.HttpServletResponse r7, java.lang.String r8) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 737
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.iplanet.services.cdc.CDCServlet.redirectForAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String):void");
    }

    private void showError(HttpServletResponse httpServletResponse) {
        showError(httpServletResponse, SERVER_ERROR_STR_MATCH);
    }

    private void showError(HttpServletResponse httpServletResponse, String str) {
        ServletOutputStream servletOutputStream = null;
        try {
            try {
                servletOutputStream = httpServletResponse.getOutputStream();
                servletOutputStream.println(str);
                servletOutputStream.flush();
                if (servletOutputStream != null) {
                    try {
                        servletOutputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (IOException e2) {
                debug.error("CDCServlet.showError: Could not show error message to the user", e2);
                if (servletOutputStream != null) {
                    try {
                        servletOutputStream.close();
                    } catch (IOException e3) {
                    }
                }
            }
        } catch (Throwable th) {
            if (servletOutputStream != null) {
                try {
                    servletOutputStream.close();
                } catch (IOException e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private SSOToken getSSOToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        SSOToken sSOToken;
        try {
            SSOToken createSSOToken = this.tokenManager.createSSOToken(httpServletRequest);
            sSOToken = createSSOToken;
            if (createSSOToken == null || !this.tokenManager.isValidToken(sSOToken)) {
                if (debug.messageEnabled()) {
                    debug.message("CDCSerlvet.getSSOToken: SSOToken is either null or not valid: " + sSOToken + "\nRedirecting for authentication");
                }
                sSOToken = null;
            }
        } catch (SSOException e) {
            if (debug.messageEnabled()) {
                debug.message("CDCServlet.getSSOToken" + e);
            }
            sSOToken = null;
        }
        return sSOToken;
    }

    private FSAuthnResponse createAuthnResponse(String str, String str2, String str3, Status status, FSAssertion fSAssertion, String str4) throws SAMLException, FSMsgException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(fSAssertion);
        FSAuthnResponse fSAuthnResponse = new FSAuthnResponse((String) null, str3, status, arrayList, str4);
        fSAuthnResponse.setProviderId(str);
        return fSAuthnResponse;
    }

    private FSAssertion createAssertion(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws FSException, SAMLException {
        debug.message("Entering CDCServlet.createAssertion Method");
        if (str == null || str2 == null || str3 == null || str4 == null || str6 == null || str7 == null) {
            debug.message("CDCServlet,createAssertion: null input");
            throw new FSException(FSUtils.bundle.getString("nullInput"));
        }
        NameIdentifier nameIdentifier = new NameIdentifier(URLEncDec.encode(str3), str2);
        Date convertAuthInstanceToDate = convertAuthInstanceToDate(str5);
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.createAssertion Creating Authentication Assertion for user with opaqueHandle =" + nameIdentifier.getName() + " and SecurityDomain = " + str2);
        }
        FSAuthenticationStatement fSAuthenticationStatement = new FSAuthenticationStatement(str4, convertAuthInstanceToDate, new FSSubject(nameIdentifier, new SubjectConfirmation(STSConstants.SAML_BEARER_1_0), new IDPProvidedNameIdentifier(nameIdentifier.getNameQualifier(), nameIdentifier.getName())), new SubjectLocality(this.IPAddress, this.DNSAddress), (List) null, new AuthnContext((String) null, (String) null));
        Date newDate = Time.newDate();
        long intValue = new Integer(60).intValue() * 1000;
        if (intValue < 60000) {
            intValue = 60000;
        }
        Date date = new Date(newDate.getTime() + intValue);
        fSAuthenticationStatement.setReauthenticateOnOrAfter(date);
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.createAssertion: Authentication Statement: " + fSAuthenticationStatement.toXMLString());
        }
        Conditions conditions = new Conditions(newDate, date);
        if (str != null && str.length() != 0) {
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(str);
            conditions.addAudienceRestrictionCondition(new AudienceRestrictionCondition(arrayList));
        }
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.createAssertion: Condition: " + conditions.toString());
        }
        AssertionIDReference assertionIDReference = new AssertionIDReference();
        HashSet hashSet = new HashSet(2);
        hashSet.add(fSAuthenticationStatement);
        FSAssertion fSAssertion = new FSAssertion(assertionIDReference.getAssertionIDReference(), str2, newDate, conditions, hashSet, str7);
        fSAssertion.setID(assertionIDReference.getAssertionIDReference());
        LogUtil.access(Level.INFO, "CREATE_ASSERTION", new String[]{FSUtils.bundle.getString("assertionCreated") + ":" + fSAssertion.toString()});
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.createAssertion: Returning Assertion: " + fSAssertion.toXMLString());
        }
        return fSAssertion;
    }

    private Date convertAuthInstanceToDate(String str) {
        Date date = null;
        if (str != null) {
            try {
                date = DateUtils.stringToDate(str);
            } catch (ParseException e) {
                if (debug.messageEnabled()) {
                    debug.message("CDCServlet.convertAuthInstanceToDate: cannot convert " + str);
                }
            }
        }
        return date == null ? Time.newDate() : date;
    }

    private void sendAuthnResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnResponse fSAuthnResponse, String str) {
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.sendAuthnResponse: Called");
        }
        try {
            String xMLString = fSAuthnResponse.toXMLString(true, true);
            if (debug.messageEnabled()) {
                debug.message("CDCServlet.sendAuthnResponse: AuthnResponse: " + xMLString);
            }
            String encode = Base64.encode(xMLString.getBytes());
            httpServletResponse.setContentType("text/html");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setHeader(RESPONSE_HEADER_ALERT, RESPONSE_HEADER_ALERT_VALUE);
            httpServletRequest.setAttribute("destURL", ESAPI.encoder().encodeForHTML(str));
            httpServletRequest.setAttribute("authnResponse", ESAPI.encoder().encodeForHTML(encode));
            httpServletRequest.getRequestDispatcher("config/federation/default/cdclogin.jsp").forward(httpServletRequest, httpServletResponse);
            if (debug.messageEnabled()) {
                debug.message("CDCServlet:sendAuthnResponse: AuthnResponse sent successfully to: " + str);
            }
        } catch (ServletException e) {
            debug.error("CDCServlet.sendAuthnResponse:" + e);
        } catch (IOException e2) {
            debug.error("CDCServlet.sendAuthnResponse:" + e2);
        } catch (FSMsgException e3) {
            debug.error("CDCServlet.sendAuthnResponse:" + e3);
        }
    }

    private boolean isValidCDCURI(String str) {
        int indexOf = str.indexOf(QUESTION_MARK);
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        boolean contains = VALID_LOGIN_URIS.contains(str);
        if (debug.messageEnabled()) {
            debug.message("CDCServlet.isValidCDCURI: checking if " + str + " is in validLoginURISet: " + VALID_LOGIN_URIS + " result:" + contains);
        }
        return contains;
    }

    private static void initConfig() {
        adviceParams.add("module");
        adviceParams.add("authlevel");
        adviceParams.add("role");
        adviceParams.add("service");
        adviceParams.add("user");
        adviceParams.add(ParameterKeys.P_REALM);
        adviceParams.add("org");
        adviceParams.add("domain");
        adviceParams.add("sunamcompositeadvice");
        adviceParams.add("resource");
        String str = SystemPropertiesManager.get("com.iplanet.services.cdc.invalidGotoStrings");
        if (INVALID_SET.isEmpty()) {
            debug.message("CDCServlet.initConfig: creating invalidSet");
            if (str == null) {
                debug.message("CDCServlet.initConfig: invalidStrings is null");
                INVALID_SET.add(LEFT_ANGLE);
                INVALID_SET.add(RIGHT_ANGLE);
                INVALID_SET.add(URLENC_LEFT_ANGLE);
                INVALID_SET.add(URLENC_RIGHT_ANGLE);
                INVALID_SET.add(JAVASCRIPT);
                INVALID_SET.add(URLENC_JAVASCRIPT);
            } else {
                debug.message("CDCServlet.initConfig: invalidStrings is NOT null");
                StringTokenizer stringTokenizer = new StringTokenizer(str, DELIM);
                while (stringTokenizer.hasMoreTokens()) {
                    INVALID_SET.add(stringTokenizer.nextToken());
                }
            }
            debug.message("CDCServlet.initConfig: created invalidSet " + INVALID_SET);
        }
        String str2 = SystemPropertiesManager.get("org.forgerock.openam.cdc.validLoginURIs");
        debug.message("CDCServlet.initConfig: creating validLoginURISet");
        if (str2 == null) {
            debug.message("CDCServlet.initConfig: validLoginURIStrings is null, creating default set");
            VALID_LOGIN_URIS.add(AUTHURI);
        } else {
            if (debug.messageEnabled()) {
                debug.message("CDCServlet.initConfig: validLoginURIStrings is: " + str2);
            }
            StringTokenizer stringTokenizer2 = new StringTokenizer(str2, DELIM);
            while (stringTokenizer2.hasMoreTokens()) {
                VALID_LOGIN_URIS.add(stringTokenizer2.nextToken());
            }
        }
        debug.message("CDCServlet.initConfig: created validLoginURISet " + VALID_LOGIN_URIS);
    }

    static {
        initConfig();
    }
}
