package com.sun.identity.federation.plugins;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountManager;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.FederationException;
import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthenticationStatement;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSFederationTerminationNotification;
import com.sun.identity.federation.message.FSLogoutNotification;
import com.sun.identity.federation.message.FSLogoutResponse;
import com.sun.identity.federation.message.FSNameRegistrationRequest;
import com.sun.identity.federation.message.FSNameRegistrationResponse;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdType;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.encode.URLEncDec;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/identity/federation/plugins/FSDefaultSPAdapter.class */
public class FSDefaultSPAdapter implements FederationSPAdapter {
    private final String ROOT_REALM = "/";
    private String realm = null;

    public void initialize(String str, Set set) {
        FSUtils.debug.message("In FSDefaultSPAdapter.initialize.");
        if (set != null && !set.isEmpty()) {
            Iterator it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (str2.toUpperCase().startsWith("REALM=")) {
                    try {
                        this.realm = str2.substring("REALM=".length(), str2.length());
                        break;
                    } catch (Exception e) {
                        if (FSUtils.debug.warningEnabled()) {
                            FSUtils.debug.warning("FSDefaultSPAdapter.init:Could not get realm:", e);
                        }
                    }
                }
            }
        }
        if (this.realm == null || this.realm.length() == 0) {
            this.realm = "/";
        }
    }

    public void preSSOFederationRequest(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest) {
        FSUtils.debug.message("In FSDefaultSPAdapter.preSSOFederationRequest.");
    }

    public void preSSOFederationProcess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, FSAuthnResponse fSAuthnResponse, FSResponse fSResponse) throws FederationException {
        FSUtils.debug.message("In FSDefaultSPAdapter.preSSOFederationProcess.");
    }

    public boolean postSSOFederationSuccess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, FSAuthnRequest fSAuthnRequest, FSAuthnResponse fSAuthnResponse, FSResponse fSResponse) throws FederationException {
        List assertion;
        SPDescriptorConfigElement sPDescriptorConfig;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, process " + str);
        }
        boolean z = false;
        if (fSAuthnRequest == null) {
            FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
        } else {
            String nameIDPolicy = fSAuthnRequest.getNameIDPolicy();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSDefaultSPAdapter.postSuccess " + nameIDPolicy);
            }
            if (nameIDPolicy.equals("federated")) {
                z = true;
            }
        }
        SSOToken sSOToken = (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
        if (!z || sSOToken == null) {
            return false;
        }
        String str2 = null;
        String str3 = null;
        try {
            if (fSAuthnResponse != null) {
                assertion = fSAuthnResponse.getAssertion();
                str3 = fSAuthnResponse.getProviderId();
            } else {
                assertion = fSResponse.getAssertion();
            }
            FSAssertion fSAssertion = (FSAssertion) assertion.iterator().next();
            if (str3 == null) {
                str3 = fSAssertion.getIssuer();
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAdapter.postSuccess: idp=" + str3);
            }
            Iterator it = fSAssertion.getStatement().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                FSAuthenticationStatement fSAuthenticationStatement = (Statement) it.next();
                if (fSAuthenticationStatement.getStatementType() == 1) {
                    FSSubject subject = fSAuthenticationStatement.getSubject();
                    NameIdentifier iDPProvidedNameIdentifier = subject.getIDPProvidedNameIdentifier();
                    if (iDPProvidedNameIdentifier == null) {
                        iDPProvidedNameIdentifier = subject.getNameIdentifier();
                    }
                    if (iDPProvidedNameIdentifier != null) {
                        str2 = iDPProvidedNameIdentifier.getName();
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: found name id =" + str2);
                    }
                }
            }
            if (str2 == null) {
                FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
                return false;
            }
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            hashSet.add("|" + str + "|" + str2 + "|");
            hashMap.put("iplanet-am-user-federation-info-key", hashSet);
            AMIdentityRepository aMIdentityRepository = new AMIdentityRepository(sSOToken, ((SSOToken) obj).getProperty("Organization"));
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setTimeOut(0);
            idSearchControl.setMaxResults(0);
            idSearchControl.setAllReturnAttributes(false);
            idSearchControl.setSearchModifiers(IdSearchOpModifier.AND, hashMap);
            Set searchResults = aMIdentityRepository.searchIdentities(IdType.USER, "*", idSearchControl).getSearchResults();
            if (searchResults.size() > 1) {
                String property = ((SSOToken) obj).getProperty("sun.am.UniversalIdentifier");
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAdapter.postSuccess: found " + searchResults.size() + " federation with same ID as " + property);
                }
                String str4 = null;
                try {
                    IDFFMetaManager iDFFMetaManager = new IDFFMetaManager(obj);
                    if (iDFFMetaManager != null && (sPDescriptorConfig = iDFFMetaManager.getSPDescriptorConfig(this.realm, str)) != null) {
                        str4 = sPDescriptorConfig.getMetaAlias();
                    }
                } catch (IDFFMetaException e) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: couldn't find meta alias:", e);
                    }
                }
                FSAccountManager fSAccountManager = FSAccountManager.getInstance(str4);
                FSAccountFedInfoKey fSAccountFedInfoKey = new FSAccountFedInfoKey(str, str2);
                Iterator it2 = searchResults.iterator();
                while (it2.hasNext()) {
                    String universalId = IdUtils.getUniversalId((AMIdentity) it2.next());
                    if (!property.equalsIgnoreCase(universalId)) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSAdapter.postSucces, remove fed info for user " + universalId);
                        }
                        fSAccountManager.removeAccountFedInfo(universalId, fSAccountFedInfoKey, str3);
                    }
                }
            }
            return false;
        } catch (IdRepoException e2) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e2);
            return false;
        } catch (FSAccountMgmtException e3) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e3);
            return false;
        } catch (SSOException e4) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e4);
            return false;
        }
    }

    public boolean postSSOFederationFailure(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, FSAuthnResponse fSAuthnResponse, FSResponse fSResponse, int i) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultSPAdapter.postFedFailure, process " + str + "\nfailure code=" + i);
        }
        String baseURL = FSServiceUtils.getBaseURL(httpServletRequest);
        String str2 = null;
        if (fSAuthnRequest != null) {
            str2 = fSAuthnRequest.getRelayState();
        }
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), str2, (String) null, httpServletRequest, baseURL);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(commonLoginPageURL).append("&").append("FailureCode").append("=").append(i);
        if (i == 1 || i == 2) {
            StatusCode statusCode = (i == 1 ? fSAuthnResponse.getStatus() : fSResponse.getStatus()).getStatusCode();
            if (statusCode == null) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSDefaultSPAdapter.postSSOFederationFailure: Status is null");
                return false;
            }
            StatusCode statusCode2 = statusCode.getStatusCode();
            if (statusCode2 == null) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSDefaultSPAdapter.postSSOFederationFailure: Second level status is empty");
                return false;
            }
            stringBuffer.append("&").append("StatusCode").append("=").append(URLEncDec.encode(statusCode2.getValue()));
        }
        String stringBuffer2 = stringBuffer.toString();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultSPAdapter.postSSOFederationFailure. URL to be redirected: " + stringBuffer2);
        }
        try {
            httpServletResponse.setHeader("Location", stringBuffer2);
            httpServletResponse.sendRedirect(stringBuffer2);
            return true;
        } catch (IOException e) {
            FSUtils.debug.error("FSDefaultSPAdapter.postSSOFedFailure", e);
            return false;
        }
    }

    public void postRegisterNameIdentifierSuccess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2, FSNameRegistrationRequest fSNameRegistrationRequest, FSNameRegistrationResponse fSNameRegistrationResponse, String str3) {
        FSUtils.debug.message("In FSDefaultSPAdapter.postRegistrationNameIdentifierSuccess");
    }

    public void postTerminationNotificationSuccess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2, FSFederationTerminationNotification fSFederationTerminationNotification, String str3) {
        FSUtils.debug.message("In FSDefaultSPAdapter.postTerminationNotificationSuccess.");
    }

    public void preSingleLogoutProcess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2, FSLogoutNotification fSLogoutNotification, FSLogoutResponse fSLogoutResponse, String str3) {
        FSUtils.debug.message("In FSDefaultSPAdapter.preSingleLogoutProcess.");
    }

    public void postSingleLogoutSuccess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2, FSLogoutNotification fSLogoutNotification, FSLogoutResponse fSLogoutResponse, String str3) {
        FSUtils.debug.message("In FSDefaultSPAdapter.postSingleLogoutSuccess.");
    }
}
