package com.sun.identity.workflow;

import com.sun.identity.common.HttpURLConnectionManager;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement;
import com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.locale.Locale;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.List;
import java.util.MissingResourceException;
import java.util.ResourceBundle;

/* loaded from: input_file:com/sun/identity/workflow/ValidateSAML2.class */
public class ValidateSAML2 {
    private static Debug debug = Debug.getInstance("workflow");
    private static final String LOGIN_URL = "/UI/Login";
    private static final String LOGOUT_URL = "/UI/Logout";
    private String realm;
    private String idpEntityId;
    private String spEntityId;
    private String idpMetaAlias;
    private String spMetaAlias;
    private String idpBaseURL;
    private String spBaseURL;
    private boolean bFedlet = false;

    public ValidateSAML2(String str, String str2, String str3) throws WorkflowException {
        this.realm = str;
        setIDPEntityId(str2);
        setSPEntityId(str3);
        validateIDP();
        validateSP();
    }

    private void validateIDP() throws WorkflowException {
        try {
            SAML2MetaManager sAML2MetaManager = SAML2Utils.getSAML2MetaManager();
            IDPSSODescriptorElement iDPSSODescriptor = sAML2MetaManager.getIDPSSODescriptor(this.realm, this.idpEntityId);
            if (iDPSSODescriptor == null) {
                throw new WorkflowException("cannot.locate.idp", this.idpEntityId);
            }
            if (this.idpMetaAlias != null) {
                IDPSSOConfigElement iDPSSOConfig = sAML2MetaManager.getIDPSSOConfig(this.realm, this.idpEntityId);
                if (iDPSSOConfig == null) {
                    throw new WorkflowException("cannot.locate.idp", this.idpEntityId);
                }
                if (!iDPSSOConfig.getMetaAlias().equals(this.idpMetaAlias)) {
                    throw new WorkflowException("cannot.locate.idp", this.idpEntityId);
                }
            }
            this.idpBaseURL = getIDPBaseURL(iDPSSODescriptor.getSingleSignOnService());
            if (this.idpBaseURL == null) {
                throw new WorkflowException("cannot.locate.idp.loginURL", this.idpEntityId);
            }
            validateURL(this.idpBaseURL);
        } catch (SAML2MetaException e) {
            debug.error("ValidateSAML2: Error while validating IdP", e);
            throw new WorkflowException("cannot.locate.idp", this.idpEntityId);
        }
    }

    private String getIDPBaseURL(List list) {
        String location;
        int indexOf;
        String str = null;
        if (list != null && !list.isEmpty()) {
            Iterator it = list.iterator();
            while (it.hasNext() && str == null) {
                SingleSignOnServiceElement singleSignOnServiceElement = (SingleSignOnServiceElement) it.next();
                if (singleSignOnServiceElement != null && singleSignOnServiceElement.getBinding() != null && (indexOf = (location = singleSignOnServiceElement.getLocation()).indexOf("/metaAlias/")) != -1) {
                    String substring = location.substring(0, indexOf);
                    str = substring.substring(0, substring.lastIndexOf("/"));
                }
            }
        }
        return str;
    }

    private void validateSP() throws WorkflowException {
        try {
            SAML2MetaManager sAML2MetaManager = SAML2Utils.getSAML2MetaManager();
            SPSSODescriptorElement sPSSODescriptor = sAML2MetaManager.getSPSSODescriptor(this.realm, this.spEntityId);
            if (sPSSODescriptor == null) {
                throw new WorkflowException("cannot.locate.sp", this.spEntityId);
            }
            if (this.spMetaAlias != null) {
                SPSSOConfigElement sPSSOConfig = sAML2MetaManager.getSPSSOConfig(this.realm, this.spEntityId);
                if (sPSSOConfig == null) {
                    throw new WorkflowException("cannot.locate.sp", this.spEntityId);
                }
                if (!sPSSOConfig.getMetaAlias().equals(this.spMetaAlias)) {
                    throw new WorkflowException("cannot.locate.sp", this.spEntityId);
                }
            }
            this.spBaseURL = getSPBaseURL(sPSSODescriptor.getSingleLogoutService());
            if (this.spBaseURL == null) {
                this.bFedlet = true;
            } else {
                validateURL(this.spBaseURL);
            }
        } catch (SAML2MetaException e) {
            debug.error("ValidateSAML2: Error while validating SP", e);
            throw new WorkflowException("cannot.locate.sp", this.spEntityId);
        }
    }

    private void validateURL(String str) throws WorkflowException {
        try {
            HttpURLConnectionManager.getConnection(new URL(str)).connect();
        } catch (MalformedURLException e) {
            throw new WorkflowException("malformedurl", str);
        } catch (IOException e2) {
            debug.error("ValidateSAML2: IO Error while validating URL", e2);
            throw new WorkflowException("unable.to.reach.url", str);
        }
    }

    private String getSPBaseURL(List list) {
        String location;
        int indexOf;
        String str = null;
        if (list != null && !list.isEmpty()) {
            Iterator it = list.iterator();
            while (it.hasNext() && str == null) {
                SingleLogoutServiceElement singleLogoutServiceElement = (SingleLogoutServiceElement) it.next();
                if (singleLogoutServiceElement != null && singleLogoutServiceElement.getBinding() != null && (indexOf = (location = singleLogoutServiceElement.getLocation()).indexOf("/metaAlias/")) != -1) {
                    String substring = location.substring(0, indexOf);
                    str = substring.substring(0, substring.lastIndexOf("/"));
                }
            }
        }
        return str;
    }

    private void setIDPEntityId(String str) {
        int indexOf = str.indexOf("(");
        if (indexOf == -1) {
            this.idpEntityId = str;
            return;
        }
        int indexOf2 = str.indexOf(")", indexOf);
        if (indexOf2 == -1) {
            this.idpEntityId = str;
        } else {
            this.idpEntityId = str.substring(0, indexOf);
            this.idpMetaAlias = str.substring(indexOf + 1, indexOf2);
        }
    }

    private void setSPEntityId(String str) {
        int indexOf = str.indexOf("(");
        if (indexOf == -1) {
            this.spEntityId = str;
            return;
        }
        int indexOf2 = str.indexOf(")", indexOf);
        if (indexOf2 == -1) {
            this.spEntityId = str;
        } else {
            this.spEntityId = str.substring(0, indexOf);
            this.spMetaAlias = str.substring(indexOf + 1, indexOf2);
        }
    }

    public static String getMessage(String str, String str2) {
        try {
            return ResourceBundle.getBundle("workflowMessages", Locale.getLocale(str2)).getString(str);
        } catch (MissingResourceException e) {
            return null;
        }
    }

    public String getIDPEntityId() {
        return this.idpEntityId;
    }

    public String getSPEntityId() {
        return this.spEntityId;
    }

    public String getIDPLoginURL() {
        return this.idpBaseURL + LOGIN_URL;
    }

    public String getSPLoginURL() {
        return this.spBaseURL + LOGIN_URL;
    }

    public String getIDPLogoutURL() {
        return this.idpBaseURL + LOGOUT_URL;
    }

    public String getSPLogoutURL() {
        return this.spBaseURL + LOGOUT_URL;
    }

    public boolean isFedlet() {
        return this.bFedlet;
    }

    public boolean isGoogleSP() {
        return this.spEntityId != null && this.spEntityId.contains("google.com");
    }

    public boolean isSalesforceSP() {
        return this.spEntityId != null && this.spEntityId.contains("salesforce.com");
    }

    public boolean isIDPHosted() {
        return this.idpMetaAlias != null && this.idpMetaAlias.length() > 0;
    }

    public String getSSOURL() {
        if (this.idpMetaAlias == null) {
            try {
                return this.spBaseURL + "/spssoinit?metaAlias=" + URLEncoder.encode(this.spMetaAlias, "UTF-8") + "&idpEntityID=" + URLEncoder.encode(this.idpEntityId, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                return "";
            }
        }
        try {
            if (!this.bFedlet) {
                return this.idpBaseURL + "/idpssoinit?metaAlias=" + URLEncoder.encode(this.idpMetaAlias, "UTF-8") + "&spEntityID=" + URLEncoder.encode(this.spEntityId, "UTF-8");
            }
            String str = (this.idpBaseURL + "/idpssoinit") + "?metaAlias=" + URLEncoder.encode(this.idpMetaAlias, "UTF-8") + "&spEntityID=" + URLEncoder.encode(this.spEntityId, "UTF-8") + "&binding=" + URLEncoder.encode("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "UTF-8");
            if (isGoogleSP()) {
                str = str + "&NameIDFormat=" + URLEncoder.encode("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "UTF-8");
            } else if (!isSalesforceSP()) {
                str = str + "&NameIDFormat=" + URLEncoder.encode("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "UTF-8");
            }
            return str;
        } catch (UnsupportedEncodingException e2) {
            return "";
        }
    }

    public String getSLOURL() {
        if (this.idpMetaAlias != null) {
            try {
                return this.idpBaseURL + "/saml2/jsp/idpSingleLogoutInit.jsp?metaAlias=" + URLEncoder.encode(this.idpMetaAlias, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                return "";
            }
        }
        try {
            return this.spBaseURL + "/saml2/jsp/spSingleLogoutInit.jsp?metaAlias=" + URLEncoder.encode(this.spMetaAlias, "UTF-8") + "&idpEntityID=" + URLEncoder.encode(this.idpEntityId, "UTF-8");
        } catch (UnsupportedEncodingException e2) {
            return "";
        }
    }

    public String getAccountTerminationURL() {
        if (this.idpMetaAlias != null) {
            try {
                return this.idpBaseURL + "/saml2/jsp/idpMNIRequestInit.jsp?metaAlias=" + URLEncoder.encode(this.idpMetaAlias, "UTF-8") + "&spEntityID=" + URLEncoder.encode(this.spEntityId, "UTF-8") + "&requestType=Terminate";
            } catch (UnsupportedEncodingException e) {
                return "";
            }
        }
        try {
            return this.spBaseURL + "/saml2/jsp/spMNIRequestInit.jsp?metaAlias=" + URLEncoder.encode(this.spMetaAlias, "UTF-8") + "&idpEntityID=" + URLEncoder.encode(this.idpEntityId, "UTF-8") + "&requestType=Terminate";
        } catch (UnsupportedEncodingException e2) {
            return "";
        }
    }
}
