package com.sun.identity.federation.services.logout;

import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.federation.message.FSLogoutNotification;
import com.sun.identity.federation.message.FSLogoutResponse;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.plugins.FederationSPAdapter;
import com.sun.identity.federation.services.FSSOAPService;
import com.sun.identity.federation.services.FSSession;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.FSSessionPartner;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
import com.sun.identity.multiprotocol.MultiProtocolUtils;
import com.sun.identity.multiprotocol.SingleLogoutManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Vector;
import java.util.logging.Level;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/federation/services/logout/FSSingleLogoutHandler.class */
public class FSSingleLogoutHandler {
    private static final String LOGOUT_JSP = "/saml2/jsp/autologout.jsp";
    private static final String WML_LOGOUT_JSP = "/saml2/jsp/autologoutwml.jsp";
    private boolean isCurrentProviderIDPRole;
    private IDFFMetaManager metaManager;
    private static final char QUESTION_MARK = '?';
    private static final char AMPERSAND = '&';
    private static String LOGOUT_DONE_URL = null;
    private static String COMMON_ERROR_URL = null;
    private HttpServletResponse response = null;
    private HttpServletRequest request = null;
    private String locale = null;
    private String userID = null;
    private String sessionIndex = "";
    private boolean isWMLAgent = false;
    private ProviderDescriptorType remoteDescriptor = null;
    private ProviderDescriptorType hostedDescriptor = null;
    private BaseConfigType hostedConfig = null;
    private String remoteEntityId = "";
    private String realm = null;
    private String hostedEntityId = "";
    private String hostedRole = null;
    private String metaAlias = null;
    private String relayState = null;
    private boolean logoutStatus = true;
    private boolean isHttpRedirect = false;
    private Object ssoToken = null;
    private FSLogoutResponse respObj = null;
    private FSLogoutNotification requestLogout = null;
    private String singleLogoutProtocol = null;

    public FSSingleLogoutHandler() {
        this.metaManager = null;
        FSUtils.debug.message("FSSingleLogoutHandler::Constructor");
        this.metaManager = FSUtils.getIDFFMetaManager();
    }

    protected void setLogoutURL() {
        LOGOUT_DONE_URL = FSServiceUtils.getLogoutDonePageURL(this.request, this.hostedConfig, this.metaAlias);
        COMMON_ERROR_URL = FSServiceUtils.getErrorPageURL(this.request, this.hostedConfig, this.metaAlias);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("LOGOUT_DONE_URL : " + LOGOUT_DONE_URL + "\nCOMMON_ERROR_URL : " + COMMON_ERROR_URL);
        }
    }

    public void setRelayState(String str) {
        this.relayState = str;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void setSingleLogoutProtocol(String str) {
        this.singleLogoutProtocol = str;
    }

    public FSLogoutStatus handleSingleLogout(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, FSSessionPartner fSSessionPartner, String str, String str2, boolean z, Object obj) {
        FSLogoutStatus doHttpRedirect;
        FSUtils.debug.message("Entered FSSingleLogoutHandler::handleSingleLogout");
        this.response = httpServletResponse;
        this.request = httpServletRequest;
        this.locale = FSServiceUtils.getLocale(httpServletRequest);
        setLogoutURL();
        this.userID = str;
        this.sessionIndex = str2;
        this.isWMLAgent = z;
        if (fSSessionPartner != null) {
            this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
            this.remoteEntityId = fSSessionPartner.getPartner();
            setRemoteDescriptor(getRemoteDescriptor(this.remoteEntityId));
        }
        this.ssoToken = obj;
        String profileToCommunicateLogout = getProfileToCommunicateLogout();
        this.singleLogoutProtocol = profileToCommunicateLogout;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Communicating logout with provider " + this.remoteEntityId + " using profile " + profileToCommunicateLogout);
        }
        FSUtils.debug.message("FSSingleLogoutHandler, in case 1");
        if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE)) {
            FSUtils.debug.message("In redirect profile");
            try {
                SessionManager.getProvider().setProperty(obj, IFSConstants.IS_SOAP_PROFILE, new String[]{"false"});
            } catch (SessionException e) {
            } catch (UnsupportedOperationException e2) {
            }
            doHttpRedirect = doHttpRedirect(this.remoteEntityId);
        } else if (profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) || profileToCommunicateLogout.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("In SOAP profile, current partner IDP? " + this.isCurrentProviderIDPRole);
            }
            try {
                SessionManager.getProvider().setProperty(obj, IFSConstants.IS_SOAP_PROFILE, new String[]{"true"});
            } catch (SessionException e3) {
            } catch (UnsupportedOperationException e4) {
            }
            doHttpRedirect = doIDPSoapProfile(this.remoteEntityId);
        } else {
            if (!profileToCommunicateLogout.equals(IFSConstants.LOGOUT_IDP_GET_PROFILE) || this.isCurrentProviderIDPRole) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Single Logout Profile cannot be processed. Verify profile in metadata");
                }
                LogUtil.error(Level.INFO, LogUtil.LOGOUT_PROFILE_NOT_SUPPORTED, new String[]{profileToCommunicateLogout}, obj);
                FSServiceUtils.returnLocallyAfterOperation(httpServletResponse, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
            }
            FSUtils.debug.message("In GET profile");
            FSLogoutUtil.removeCurrentSessionPartner(this.metaAlias, this.remoteEntityId, obj, str);
            doHttpRedirect = doHttpGet(this.remoteEntityId);
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Logout completed first round with status : " + doHttpRedirect);
        }
        if (!doHttpRedirect.getStatus().equalsIgnoreCase("samlp:Success")) {
            FSServiceUtils.returnLocallyAfterOperation(httpServletResponse, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
        }
        return doHttpRedirect;
    }

    private void continueLogout(boolean z) {
        FSUtils.debug.message("Entered FSSingleLogoutHandler::continueLogout");
        if (!FSLogoutUtil.liveConnectionsExist(this.userID, this.metaAlias)) {
            FSUtils.debug.message("Reached else part in continuelogout");
            if (z || !this.isCurrentProviderIDPRole) {
                FSUtils.debug.message("No live connections, destroy session");
                FSLogoutUtil.destroyPrincipalSession(this.userID, this.metaAlias, this.sessionIndex, this.request, this.response);
            }
            callPostSingleLogoutSuccess(this.respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
            if (this.response != null) {
                returnAfterCompletion();
                return;
            }
            return;
        }
        FSUtils.debug.message("More liveConnectionsExist");
        HashMap currentProvider = FSLogoutUtil.getCurrentProvider(this.userID, this.metaAlias, this.ssoToken);
        if (currentProvider == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("GetCurrentProvider returns null HashMap Clean session and return\nNo live connections, destroy user  session call destroyPrincipalSession");
            }
            FSLogoutUtil.destroyPrincipalSession(this.userID, this.metaAlias, this.sessionIndex, this.request, this.response);
            if (this.response != null) {
                returnAfterCompletion();
                return;
            }
            return;
        }
        FSSessionPartner fSSessionPartner = (FSSessionPartner) currentProvider.get(IFSConstants.PARTNER_SESSION);
        this.sessionIndex = (String) currentProvider.get("SessionIndex");
        if (fSSessionPartner == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Reached else part  currentSessionProvider is null. nothing more to broadcast\nNo more providers, destroy usersession call destroyPrincipalSession");
            }
            FSLogoutUtil.destroyPrincipalSession(this.userID, this.metaAlias, this.sessionIndex, this.request, this.response);
            if (this.response != null) {
                returnAfterCompletion();
                return;
            }
            return;
        }
        String partner = fSSessionPartner.getPartner();
        this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
        IDPDescriptorType iDPDescriptorType = null;
        try {
            iDPDescriptorType = this.isCurrentProviderIDPRole ? this.metaManager.getIDPDescriptor(this.realm, partner) : this.metaManager.getSPDescriptor(this.realm, partner);
        } catch (Exception e) {
            FSUtils.debug.error("FSSingleLogoutHandler:cannot get meta:", e);
        }
        setRemoteDescriptor(iDPDescriptorType);
        FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.metaAlias);
        fSSessionManager.getSession(fSSessionManager.getSessionList(this.userID), this.sessionIndex);
        if (!supportSOAPProfile(this.remoteDescriptor)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Single Logout Profile cannot be processed. Verify profile in metadata");
            }
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_PROFILE_NOT_SUPPORTED, new String[]{IFSConstants.LOGOUT_IDP_SOAP_PROFILE}, this.ssoToken);
        } else {
            FSUtils.debug.message("FSSLOHandler, SOAP in case 2");
            if (doIDPSoapProfile(partner).getStatus().equalsIgnoreCase("samlp:Success") || !this.isCurrentProviderIDPRole) {
                FSLogoutUtil.removeCurrentSessionPartner(this.metaAlias, partner, this.ssoToken, this.userID);
                FSUtils.debug.message("SOAP partner removed, case 3");
            }
        }
    }

    private FSLogoutStatus doHttpRedirect(String str) {
        try {
            FSUtils.debug.message("In HTTP Redirect profile");
            this.isHttpRedirect = true;
            FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.metaAlias);
            if (this.ssoToken == null) {
                try {
                    this.ssoToken = SessionManager.getProvider().getSession(this.request);
                } catch (SessionException e) {
                    FSUtils.debug.error("FSSLOHandler.doHttpRedirect: null ssoToken:", e);
                }
            }
            FSSession session = fSSessionManager.getSession(this.ssoToken);
            FSAccountFedInfo fSAccountFedInfo = null;
            if (session != null) {
                fSAccountFedInfo = session.getAccountFedInfo();
            }
            if (fSAccountFedInfo == null && session != null && !session.getOneTime()) {
                fSAccountFedInfo = FSLogoutUtil.getCurrentWorkingAccount(this.userID, str, this.metaAlias);
            }
            if (fSAccountFedInfo == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSingleLogoutHandler.doHttpRedirect: Account might have been terminated.");
                }
                return new FSLogoutStatus("samlp:Success");
            }
            FSLogoutNotification createSingleLogoutRequest = createSingleLogoutRequest(fSAccountFedInfo, this.sessionIndex);
            if (this.relayState != null) {
                createSingleLogoutRequest.setRelayState(this.relayState);
            }
            if (createSingleLogoutRequest == null) {
                FSUtils.debug.message("Logout Request is null");
                return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
            }
            createSingleLogoutRequest.setMinorVersion(getMinorVersion(this.remoteDescriptor));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect " + this.remoteDescriptor.getSingleLogoutServiceURL() + "\nLogout request: " + createSingleLogoutRequest.toXMLString());
            }
            String uRLEncodedQueryString = createSingleLogoutRequest.toURLEncodedQueryString();
            if (FSServiceUtils.isSigningOn()) {
                String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, "signingCertAlias");
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Retrieving self certalias  : " + firstAttributeValueFromConfig);
                }
                if (firstAttributeValueFromConfig == null || firstAttributeValueFromConfig.length() == 0) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSingleLogoutHandler:: doHttpRedirect: couldn't obtain this site's cert alias.");
                    }
                    return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
                }
                uRLEncodedQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, firstAttributeValueFromConfig);
            }
            StringBuffer stringBuffer = new StringBuffer();
            String singleLogoutServiceURL = this.remoteDescriptor.getSingleLogoutServiceURL();
            FSUtils.debug.message("Encoded Redirect URL " + uRLEncodedQueryString);
            stringBuffer.append(singleLogoutServiceURL);
            if (singleLogoutServiceURL.indexOf(63) == -1) {
                stringBuffer.append('?');
            } else {
                stringBuffer.append('&');
            }
            stringBuffer.append(uRLEncodedQueryString);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect URL is " + stringBuffer.toString());
            }
            this.response.sendRedirect(stringBuffer.toString());
            return new FSLogoutStatus("samlp:Success");
        } catch (FSMsgException e2) {
            FSUtils.debug.error("FSSingleLogoutHandler:: doHttpRedirect FSMsgException:", e2);
            return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        } catch (IOException e3) {
            FSUtils.debug.error("FSSingleLogoutHandler::doHttpRedirect IOException:", e3);
            return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        }
    }

    protected void returnAfterCompletion() {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSSingleLogoutHandler::returnAC: PROTOCOL=" + this.singleLogoutProtocol + ", relayState=" + this.relayState);
        }
        try {
            FSReturnSessionManager fSReturnSessionManager = FSReturnSessionManager.getInstance(this.metaAlias);
            HashMap hashMap = new HashMap();
            if (fSReturnSessionManager != null) {
                hashMap = fSReturnSessionManager.getUserProviderInfo(this.userID);
            }
            if (hashMap == null) {
                FSUtils.debug.message("no source provider. return to local status page");
                if (this.singleLogoutProtocol != null && this.singleLogoutProtocol.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) && this.relayState != null && MultiProtocolUtils.isMultiProtocolRelayState(this.relayState)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSingleLogoutHandler::returnAC: this is multiProto for IDP initiated SOAP");
                        return;
                    }
                    return;
                }
                if (MultiProtocolUtils.isMultipleProtocolSession(this.request, "idff") && this.hostedRole.equalsIgnoreCase("IDP") && !MultiProtocolUtils.isMultiProtocolRelayState("")) {
                    boolean z = false;
                    if (this.singleLogoutProtocol.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) || this.singleLogoutProtocol.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE)) {
                        z = true;
                    }
                    int handleMultiProtocolLogout = handleMultiProtocolLogout(z, null, this.remoteEntityId);
                    if (handleMultiProtocolLogout == 3) {
                        return;
                    }
                    if (handleMultiProtocolLogout == 2 || handleMultiProtocolLogout == 1) {
                        this.logoutStatus = false;
                    }
                }
                if (this.logoutStatus) {
                    FSServiceUtils.returnLocallyAfterOperation(this.response, LOGOUT_DONE_URL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                    return;
                }
                return;
            }
            String str = (String) hashMap.get("Provider");
            String str2 = (String) hashMap.get("RelayState");
            String str3 = (String) hashMap.get("logoutStatus");
            if (str3 == null || str3.length() == 0) {
                str3 = "samlp:Success";
            }
            String str4 = (String) hashMap.get(IFSConstants.RESPONSE_TO);
            fSReturnSessionManager.removeUserProviderInfo(this.userID);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Deleted " + str + " from return list");
            }
            SPDescriptorType sPDescriptor = this.hostedRole.equalsIgnoreCase("IDP") ? this.metaManager.getSPDescriptor(this.realm, str) : this.metaManager.getIDPDescriptor(this.realm, str);
            String singleLogoutServiceReturnURL = sPDescriptor.getSingleLogoutServiceReturnURL();
            if (singleLogoutServiceReturnURL != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Getting provider " + str + " IDP Return URL = " + singleLogoutServiceReturnURL);
                }
                FSLogoutResponse fSLogoutResponse = new FSLogoutResponse();
                fSLogoutResponse.setResponseTo(str4);
                fSLogoutResponse.setRelayState(str2);
                fSLogoutResponse.setProviderId(this.hostedEntityId);
                fSLogoutResponse.setStatus(str3);
                fSLogoutResponse.setID(IFSConstants.LOGOUTID);
                fSLogoutResponse.setMinorVersion(getMinorVersion(sPDescriptor));
                fSLogoutResponse.setResponseID(FSUtils.generateID());
                callPostSingleLogoutSuccess(fSLogoutResponse, IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE);
                if (MultiProtocolUtils.isMultipleProtocolSession(this.request, "idff") && this.hostedRole.equalsIgnoreCase("IDP") && !MultiProtocolUtils.isMultiProtocolRelayState(str2)) {
                    int handleMultiProtocolLogout2 = handleMultiProtocolLogout(false, fSLogoutResponse.toXMLString(true, true), str);
                    if (handleMultiProtocolLogout2 == 3) {
                        return;
                    }
                    if (handleMultiProtocolLogout2 == 2 || handleMultiProtocolLogout2 == 1) {
                        fSLogoutResponse.setStatus(IFSConstants.SAML_RESPONDER);
                    }
                }
                String uRLEncodedQueryString = fSLogoutResponse.toURLEncodedQueryString();
                if (FSServiceUtils.isSigningOn()) {
                    String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, "signingCertAlias");
                    if (firstAttributeValueFromConfig == null || firstAttributeValueFromConfig.length() == 0) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: signSAMLRequest:couldn't obtain this site's cert alias.");
                        }
                        throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
                    }
                    uRLEncodedQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, firstAttributeValueFromConfig);
                }
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(singleLogoutServiceReturnURL);
                if (singleLogoutServiceReturnURL.indexOf(63) == -1) {
                    stringBuffer.append('?');
                } else {
                    stringBuffer.append('&');
                }
                stringBuffer.append(uRLEncodedQueryString);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Response to be sent : " + stringBuffer.toString());
                }
                LogUtil.access(Level.INFO, LogUtil.LOGOUT_SUCCESS, new String[]{this.userID});
                this.response.sendRedirect(stringBuffer.toString());
            }
        } catch (IDFFMetaException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Unable to get LRURL. No location to redirect. processing completed");
            }
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, new String[]{FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED)}, this.ssoToken);
        } catch (Exception e2) {
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, new String[]{FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED)}, this.ssoToken);
        }
    }

    private FSLogoutStatus doHttpGet(String str) {
        FSUtils.debug.message("doHttpGet - Entered");
        return this.isWMLAgent ? doWMLGet(str) : doHTMLGet(str);
    }

    private FSLogoutStatus doWMLGet(String str) {
        FSUtils.debug.message("In WML based response");
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(this.hostedDescriptor.getSingleLogoutServiceURL());
        if (stringBuffer.toString().indexOf(63) == -1) {
            stringBuffer.append('?');
        } else {
            stringBuffer.append('&');
        }
        stringBuffer.append("logoutSource=logoutGet");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Submit action : " + stringBuffer.toString());
        }
        FSUtils.debug.message("Calling getLogoutGETProviders");
        HashMap logoutGETProviders = FSLogoutUtil.getLogoutGETProviders(this.userID, str, this.sessionIndex, this.realm, this.metaAlias);
        Vector vector = (Vector) logoutGETProviders.get("Provider");
        FSUtils.debug.message("Calling cleanSessionMapProviders");
        FSLogoutUtil.cleanSessionMapProviders(this.userID, vector, this.metaAlias);
        FSUtils.debug.message("Calling getMultiLogoutRequest");
        String multiLogoutRequest = getMultiLogoutRequest(logoutGETProviders);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Image Statements : " + multiLogoutRequest);
        }
        this.request.setAttribute("DESTINATION_URL", stringBuffer.toString());
        this.request.setAttribute("MULTI_LOGOUT_REQUEST", multiLogoutRequest);
        try {
            this.request.getRequestDispatcher(WML_LOGOUT_JSP).forward(this.request, this.response);
            return new FSLogoutStatus("samlp:Success");
        } catch (ServletException e) {
            FSUtils.debug.error("Error in performing HTTP GET for WML agent:", e);
            return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        } catch (IOException e2) {
            FSUtils.debug.error("Error in performing HTTP GET for WML agent:", e2);
            return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        }
    }

    private FSLogoutStatus doHTMLGet(String str) {
        FSUtils.debug.message("In HTML based response");
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(this.hostedDescriptor.getSingleLogoutServiceURL());
        if (stringBuffer.toString().indexOf(63) == -1) {
            stringBuffer.append('?');
        } else {
            stringBuffer.append('&');
        }
        stringBuffer.append("logoutSource=logoutGet");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Submit action : " + stringBuffer.toString());
        }
        FSUtils.debug.message("Calling getLogoutGETProviders");
        HashMap logoutGETProviders = FSLogoutUtil.getLogoutGETProviders(this.userID, str, this.sessionIndex, this.realm, this.metaAlias);
        Vector vector = (Vector) logoutGETProviders.get("Provider");
        FSUtils.debug.message("Calling cleanSessionMapProviders");
        FSLogoutUtil.cleanSessionMapProviders(this.userID, vector, this.metaAlias);
        FSUtils.debug.message("Calling getMultiLogoutRequest");
        String multiLogoutRequest = getMultiLogoutRequest(logoutGETProviders);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Image Statements : " + multiLogoutRequest);
        }
        this.request.setAttribute("DESTINATION_URL", stringBuffer.toString());
        this.request.setAttribute("MULTI_LOGOUT_REQUEST", multiLogoutRequest);
        try {
            this.request.getRequestDispatcher(LOGOUT_JSP).forward(this.request, this.response);
            return new FSLogoutStatus("samlp:Success");
        } catch (ServletException e) {
            FSUtils.debug.error("Error in performing HTTP GET for regular agent", e);
            return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        } catch (IOException e2) {
            FSUtils.debug.error("Error in performing HTTP GET for regular agent", e2);
            return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        }
    }

    private String getMultiLogoutRequest(HashMap hashMap) {
        try {
            Vector vector = (Vector) hashMap.get("Provider");
            HashMap hashMap2 = (HashMap) hashMap.get("SessionIndex");
            StringBuffer stringBuffer = new StringBuffer();
            if (vector != null) {
                for (int i = 0; i < vector.size(); i++) {
                    String str = (String) vector.elementAt(i);
                    FSLogoutNotification createSingleLogoutRequest = createSingleLogoutRequest(FSLogoutUtil.getCurrentWorkingAccount(this.userID, str, this.metaAlias), (String) hashMap2.get(str));
                    SPDescriptorType sPDescriptor = this.metaManager.getSPDescriptor(this.realm, str);
                    createSingleLogoutRequest.setMinorVersion(getMinorVersion(sPDescriptor));
                    String uRLEncodedQueryString = createSingleLogoutRequest.toURLEncodedQueryString();
                    String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, "signingCertAlias");
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("certalias  : " + firstAttributeValueFromConfig);
                    }
                    if (firstAttributeValueFromConfig != null && firstAttributeValueFromConfig.length() != 0) {
                        String signAndReturnQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, firstAttributeValueFromConfig);
                        StringBuffer stringBuffer2 = new StringBuffer();
                        String singleLogoutServiceURL = sPDescriptor.getSingleLogoutServiceURL();
                        stringBuffer2.append(singleLogoutServiceURL);
                        if (singleLogoutServiceURL.indexOf(63) == -1) {
                            stringBuffer2.append('?');
                        } else {
                            stringBuffer2.append('&');
                        }
                        stringBuffer2.append(signAndReturnQueryString);
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect URL is " + stringBuffer2.toString());
                        }
                        stringBuffer.append("<IMG SRC=\"").append(stringBuffer2.toString()).append("\" />");
                    } else if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSingleLogoutHandler getMultiLogoutRequest: couldn't obtain this site's cert alias.");
                    }
                }
                return stringBuffer.toString();
            }
        } catch (FSMsgException e) {
            FSUtils.debug.error("FSSingleLogoutHandler::getMultiLogoutRequest FSMsgException", e);
        } catch (IDFFMetaException e2) {
            FSUtils.debug.error("FSSingleLogoutHandler::getMultiLogoutRequest  IDFFMetaException", e2);
        }
        FSUtils.debug.error("Returning null from getMultiLogoutRequest");
        return null;
    }

    private FSLogoutStatus doIDPSoapProfile(String str) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSLOHandler.doIDPSoapProfile : providerId=" + str);
        }
        FSLogoutStatus doSoapProfile = doSoapProfile(str);
        if (doSoapProfile.getStatus().equalsIgnoreCase("samlp:Success")) {
            FSUtils.debug.message("SOAP first round went fine. Calling continue logout");
            FSLogoutUtil.removeCurrentSessionPartner(this.metaAlias, str, this.ssoToken, this.userID);
            FSUtils.debug.message("SOAP partner removed in case of success");
        } else {
            FSUtils.debug.message("SOAP first round false. No continue logout");
            if (!this.isCurrentProviderIDPRole) {
                FSLogoutUtil.removeCurrentSessionPartner(this.metaAlias, str, this.ssoToken, this.userID);
            }
            this.logoutStatus = false;
        }
        if (!this.isHttpRedirect && (this.logoutStatus || !this.isCurrentProviderIDPRole)) {
            continueLogout(this.logoutStatus);
        }
        if (!this.isHttpRedirect) {
            FSUtils.debug.message("FSSLOHandler.doIDPSoapProfile: call MP/SOAP");
            try {
                if (SessionManager.getProvider().isValid(this.ssoToken) && MultiProtocolUtils.isMultipleProtocolSession(this.ssoToken, "idff")) {
                    this.logoutStatus = updateLogoutStatus(this.logoutStatus, handleMultiProtocolLogout(true, null, this.remoteEntityId));
                }
            } catch (SessionException e) {
                FSUtils.debug.message("FSSLOHandler.doIDPSoapProfile2", e);
            }
        }
        if (!this.logoutStatus) {
            return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        }
        if (this.response != null && !this.isHttpRedirect) {
            returnAfterCompletion();
        }
        return doSoapProfile;
    }

    private boolean updateLogoutStatus(boolean z, int i) {
        boolean z2 = z;
        switch (i) {
            case 1:
                z2 = false;
                break;
            case 2:
                z2 = false;
                break;
        }
        return z2;
    }

    private FSLogoutStatus doSoapProfile(String str) {
        FSAccountFedInfo fSAccountFedInfo;
        FederationSPAdapter sPAdapter;
        FSUtils.debug.message("Entered IDP's doSoapProfile");
        try {
            FSSession session = FSSessionManager.getInstance(this.metaAlias).getSession(this.ssoToken);
            fSAccountFedInfo = null;
            if (session != null) {
                fSAccountFedInfo = session.getAccountFedInfo();
            }
            if (fSAccountFedInfo == null && !session.getOneTime()) {
                fSAccountFedInfo = FSLogoutUtil.getCurrentWorkingAccount(this.userID, str, this.metaAlias);
            }
        } catch (Exception e) {
            FSUtils.debug.error("In IOException of doSOAPProfile : ", e);
        }
        if (fSAccountFedInfo == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler. User's account may have been terminated.");
            }
            return new FSLogoutStatus("samlp:Success");
        }
        FSLogoutNotification createSingleLogoutRequest = createSingleLogoutRequest(fSAccountFedInfo, this.sessionIndex);
        createSingleLogoutRequest.setMinorVersion(getMinorVersion(this.remoteDescriptor));
        if (createSingleLogoutRequest != null) {
            FSSOAPService fSSOAPService = FSSOAPService.getInstance();
            if (fSSOAPService != null) {
                FSUtils.debug.message("Signing suceeded. To call bindLogoutRequest");
                createSingleLogoutRequest.setID(IFSConstants.LOGOUTID);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("logout request before sign: " + createSingleLogoutRequest.toXMLString(true, true));
                }
                SOAPMessage bind = fSSOAPService.bind(createSingleLogoutRequest.toXMLString(true, true));
                if (bind != null) {
                    try {
                        if (FSServiceUtils.isSigningOn()) {
                            switch (createSingleLogoutRequest.getMinorVersion()) {
                                case 0:
                                    bind = signLogoutRequest(bind, "id", createSingleLogoutRequest.getID());
                                    break;
                                case 2:
                                    bind = signLogoutRequest(bind, "RequestID", createSingleLogoutRequest.getRequestID());
                                    break;
                                default:
                                    FSUtils.debug.message("invalid minor version.");
                                    break;
                            }
                        }
                        SOAPMessage sendMessage = fSSOAPService.sendMessage(bind, this.remoteDescriptor.getSoapEndpoint());
                        if (sendMessage != null) {
                            Element parseSOAPMessage = fSSOAPService.parseSOAPMessage(sendMessage);
                            if (FSServiceUtils.isSigningOn() && !verifyResponseSignature(sendMessage)) {
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("Response signature verification failed");
                                }
                                FSServiceUtils.returnLocallyAfterOperation(this.response, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                                return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
                            }
                            this.requestLogout = createSingleLogoutRequest;
                            this.respObj = new FSLogoutResponse(parseSOAPMessage);
                            if (this.hostedRole != null && this.hostedRole.equalsIgnoreCase(IFSConstants.SP) && (sPAdapter = FSServiceUtils.getSPAdapter(this.hostedEntityId, this.hostedConfig)) != null) {
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("FSSLOHandler.preSingleLogoutProcess, SP/SOAP");
                                }
                                try {
                                    sPAdapter.preSingleLogoutProcess(this.hostedEntityId, this.request, this.response, this.userID, createSingleLogoutRequest, this.respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
                                } catch (Exception e2) {
                                    FSUtils.debug.error("spAdapter.preSingleLogoutProcess, SP/SOAP:", e2);
                                }
                            }
                            StatusCode statusCode = this.respObj.getStatus().getStatusCode();
                            statusCode.getStatusCode();
                            String value = statusCode.getValue();
                            if (value.equalsIgnoreCase("samlp:Success")) {
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("FSSingleLogoutHandler:  doSoapProfile returning success");
                                }
                                return new FSLogoutStatus("samlp:Success");
                            }
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSingleLogoutHandler: SOAP Profile failure " + value);
                            }
                            return new FSLogoutStatus(value);
                        }
                    } catch (Exception e3) {
                        FSUtils.debug.error("FSSOAPException in doSOAPProfile Cannot send request", e3);
                        return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
                    }
                }
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Unable to bindLogoutRequest.Current Provider cannot be processed");
            }
        } else if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Unable to create logout request Current Provider cannot be processed");
        }
        return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
    }

    public FSLogoutStatus doIDPProxySoapProfile(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSSessionPartner fSSessionPartner, String str, String str2, Object obj) {
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.userID = str;
        this.ssoToken = obj;
        this.sessionIndex = str2;
        this.isCurrentProviderIDPRole = true;
        this.remoteEntityId = fSSessionPartner.getPartner();
        setRemoteDescriptor(getRemoteDescriptor(this.remoteEntityId));
        FSLogoutStatus doSoapProfile = doSoapProfile(this.remoteEntityId);
        if (doSoapProfile.getStatus().equalsIgnoreCase("samlp:Success")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler.doIDPProxySoapProfile: single logout from " + this.remoteEntityId);
            }
            FSLogoutUtil.removeCurrentSessionPartner(this.metaAlias, this.remoteEntityId, obj, str);
            callPostSingleLogoutSuccess(this.respObj, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
        }
        return doSoapProfile;
    }

    private FSLogoutNotification createSingleLogoutRequest(FSAccountFedInfo fSAccountFedInfo, String str) {
        FSUtils.debug.message("Entered FSSingleLogoutHandler::createSingleLogoutRequest");
        FSLogoutNotification fSLogoutNotification = new FSLogoutNotification();
        if (fSLogoutNotification == null) {
            return null;
        }
        NameIdentifier remoteNameIdentifier = fSAccountFedInfo.getRemoteNameIdentifier();
        if (remoteNameIdentifier == null) {
            remoteNameIdentifier = fSAccountFedInfo.getLocalNameIdentifier();
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Hosted Provider Id : " + this.hostedEntityId);
        }
        fSLogoutNotification.setProviderId(this.hostedEntityId);
        fSLogoutNotification.setNameIdentifier(remoteNameIdentifier);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Session index is " + str);
        }
        if (str != null) {
            fSLogoutNotification.setSessionIndex(str);
        }
        return fSLogoutNotification;
    }

    public void setHostedDescriptor(ProviderDescriptorType providerDescriptorType) {
        this.hostedDescriptor = providerDescriptorType;
    }

    public void setHostedDescriptorConfig(BaseConfigType baseConfigType) {
        this.hostedConfig = baseConfigType;
    }

    public void setHostedEntityId(String str) {
        this.hostedEntityId = str;
    }

    public void setHostedProviderRole(String str) {
        this.hostedRole = str;
    }

    public void setMetaAlias(String str) {
        this.metaAlias = str;
    }

    public void setRemoteDescriptor(ProviderDescriptorType providerDescriptorType) {
        this.remoteDescriptor = providerDescriptorType;
    }

    protected ProviderDescriptorType getRemoteDescriptor(String str) {
        if (str == null || str.length() == 0 || this.metaManager == null) {
            return null;
        }
        FSUtils.debug.message("FSSingleLogoutHandler :: getRemoteDescriptor...");
        IDPDescriptorType iDPDescriptorType = null;
        try {
            iDPDescriptorType = this.isCurrentProviderIDPRole ? this.metaManager.getIDPDescriptor(this.realm, str) : this.metaManager.getSPDescriptor(this.realm, str);
        } catch (IDFFMetaException e) {
            FSUtils.debug.error("FSSingleLogoutHandler:: getRemoteDescriptor failed:", e);
        }
        return iDPDescriptorType;
    }

    protected String getProfileToCommunicateLogout() {
        FSUtils.debug.message("FSSingleLogoutHandler :: getProfileToCommunicateLogout...");
        if (this.singleLogoutProtocol != null) {
            return this.singleLogoutProtocol;
        }
        String str = "";
        if (this.metaManager != null) {
            ProviderDescriptorType providerDescriptorType = this.remoteDescriptor;
            if (this.isCurrentProviderIDPRole) {
                FSUtils.debug.message("Local provider is SP");
                providerDescriptorType = this.hostedDescriptor;
            } else {
                FSUtils.debug.message("Local provider is IDP");
            }
            List singleLogoutProtocolProfile = providerDescriptorType.getSingleLogoutProtocolProfile();
            if (singleLogoutProtocolProfile != null && !singleLogoutProtocolProfile.isEmpty()) {
                str = (String) singleLogoutProtocolProfile.iterator().next();
            }
        }
        return str;
    }

    public FSLogoutStatus processHttpSingleLogoutRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, FSLogoutNotification fSLogoutNotification, FSSessionPartner fSSessionPartner, String str, Object obj, String str2, String str3, boolean z, String str4, String str5) {
        FSLogoutStatus fSLogoutStatus;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSSingleLogoutHandler:: processHttpSingleLogoutRequest - HTTP");
        }
        this.response = httpServletResponse;
        this.request = httpServletRequest;
        this.requestLogout = fSLogoutNotification;
        this.locale = FSServiceUtils.getLocale(httpServletRequest);
        setLogoutURL();
        if (fSSessionPartner != null) {
            this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
            this.remoteEntityId = fSSessionPartner.getPartner();
            setRemoteDescriptor(getRemoteDescriptor(this.remoteEntityId));
        }
        this.userID = str;
        this.ssoToken = obj;
        this.sessionIndex = str3;
        this.isWMLAgent = z;
        if (fSLogoutNotification == null) {
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED_REQUEST_IMPROPER, new String[]{str}, obj);
            FSUtils.debug.message("Request not proper. Cannot proceed with single logout");
            returnAfterCompletion();
            return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
        }
        FSUtils.debug.message("FSLogoutNotification formed really well");
        FSReturnSessionManager fSReturnSessionManager = FSReturnSessionManager.getInstance(this.metaAlias);
        if (fSReturnSessionManager != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Added " + str2 + " top return list");
            }
            fSReturnSessionManager.setUserProviderInfo(str, str2, str5, str4, fSLogoutNotification.getRequestID());
        } else {
            FSUtils.debug.message("Cannot get FSReturnSessionManager");
        }
        FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.metaAlias);
        FSSession session = fSSessionManager.getSession(fSSessionManager.getSessionList(str), str3);
        if (fSSessionPartner == null) {
            FSUtils.debug.message("currentSessionProvider is null. destroy and return");
            FSLogoutUtil.destroyPrincipalSession(str, this.metaAlias, fSLogoutNotification.getSessionIndex(), httpServletRequest, httpServletResponse);
            returnAfterCompletion();
            return new FSLogoutStatus("samlp:Success");
        }
        String partner = fSSessionPartner.getPartner();
        this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
        FSUtils.debug.message("FSSLOHandler, in case 3");
        FSLogoutUtil.cleanSessionMapPartnerList(str, partner, this.metaAlias, session);
        List singleLogoutProtocolProfile = this.remoteDescriptor.getSingleLogoutProtocolProfile();
        if (singleLogoutProtocolProfile != null && (singleLogoutProtocolProfile.contains(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE) || singleLogoutProtocolProfile.contains(IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE))) {
            FSUtils.debug.message("In redirect profile");
            fSLogoutStatus = doHttpRedirect(partner);
        } else if (singleLogoutProtocolProfile == null || !singleLogoutProtocolProfile.contains(IFSConstants.LOGOUT_IDP_GET_PROFILE) || this.isCurrentProviderIDPRole) {
            FSUtils.debug.error("Provider " + partner + "doesn't support HTTP profile.");
            returnAfterCompletion();
            fSLogoutStatus = new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        } else {
            FSUtils.debug.message("In GET profile");
            fSLogoutStatus = doHttpGet(partner);
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Logout completed first round with status : " + fSLogoutStatus);
        }
        return fSLogoutStatus;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSLogoutStatus processSingleLogoutRequest(FSLogoutNotification fSLogoutNotification, FSSessionPartner fSSessionPartner, String str, String str2, String str3, boolean z, String str4) {
        FSUtils.debug.message("Entered FSSingleLogoutHandler::processSingleLogoutRequest - SOAP");
        if (fSSessionPartner != null) {
            this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
            this.remoteEntityId = fSSessionPartner.getPartner();
            setRemoteDescriptor(getRemoteDescriptor(this.remoteEntityId));
        }
        this.requestLogout = fSLogoutNotification;
        this.userID = str;
        this.sessionIndex = str3;
        this.isWMLAgent = z;
        if (fSLogoutNotification == null) {
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED_REQUEST_IMPROPER, new String[]{str});
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Request not proper Cannot proceed federation termination");
            }
            return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
        }
        FSUtils.debug.message("FSLogoutNotification formed really well");
        if (fSSessionPartner == null) {
            FSUtils.debug.message("currentSessionProvider is null. destroy and return");
            Vector sessionObjectList = FSLogoutUtil.getSessionObjectList(str, this.metaAlias, str3);
            if (sessionObjectList != null && !sessionObjectList.isEmpty()) {
                try {
                    this.ssoToken = SessionManager.getProvider().getSession(((FSSession) sessionObjectList.get(0)).getSessionID());
                } catch (SessionException e) {
                }
            }
            FSLogoutStatus handleIDPProxyLogout = handleIDPProxyLogout(str2);
            if (handleIDPProxyLogout != null && !handleIDPProxyLogout.getStatus().equalsIgnoreCase("samlp:Success")) {
                this.logoutStatus = false;
            }
            FSLogoutUtil.destroyPrincipalSession(str, this.metaAlias, fSLogoutNotification.getSessionIndex(), this.request, this.response);
            int handleMultiProtocolLogout = handleMultiProtocolLogout(true, null, str2);
            return (handleMultiProtocolLogout == 2 || handleMultiProtocolLogout == 1) ? new FSLogoutStatus(IFSConstants.LOGOUT_FAILURE) : new FSLogoutStatus("samlp:Success");
        }
        Vector sessionObjectList2 = FSLogoutUtil.getSessionObjectList(str, this.metaAlias, str3);
        if (sessionObjectList2 != null && !sessionObjectList2.isEmpty()) {
            try {
                this.ssoToken = SessionManager.getProvider().getSession(((FSSession) sessionObjectList2.get(0)).getSessionID());
            } catch (SessionException e2) {
            }
        }
        FSLogoutStatus handleIDPProxyLogout2 = handleIDPProxyLogout(str2);
        String partner = fSSessionPartner.getPartner();
        this.isCurrentProviderIDPRole = fSSessionPartner.getIsRoleIDP();
        if (!supportSOAPProfile(this.remoteDescriptor)) {
            return new FSLogoutStatus(IFSConstants.SAML_UNSUPPORTED);
        }
        FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.metaAlias);
        FSSession session = fSSessionManager.getSession(fSSessionManager.getSessionList(str), str3);
        FSUtils.debug.message("FSSLOHandler, process logout case 4");
        FSLogoutUtil.cleanSessionMapPartnerList(str, partner, this.metaAlias, session);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Communicate with provider " + partner + " using soap profile.");
        }
        FSUtils.debug.message("In SOAP profile");
        FSLogoutStatus doIDPSoapProfile = doIDPSoapProfile(partner);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Logout completed first round with status : " + doIDPSoapProfile);
        }
        if (doIDPSoapProfile.getStatus().equalsIgnoreCase("samlp:Success") && handleIDPProxyLogout2 != null && !handleIDPProxyLogout2.getStatus().equalsIgnoreCase("samlp:Success")) {
            doIDPSoapProfile = handleIDPProxyLogout2;
        }
        return doIDPSoapProfile;
    }

    private boolean supportSOAPProfile(ProviderDescriptorType providerDescriptorType) {
        List singleLogoutProtocolProfile;
        FSUtils.debug.message("Entered FSSingleLogoutHandler::supportSOAPProfile");
        if (providerDescriptorType == null || (singleLogoutProtocolProfile = providerDescriptorType.getSingleLogoutProtocolProfile()) == null) {
            return false;
        }
        return singleLogoutProtocolProfile.contains(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) || singleLogoutProtocolProfile.contains(IFSConstants.LOGOUT_SP_SOAP_PROFILE);
    }

    private SOAPMessage signLogoutRequest(SOAPMessage sOAPMessage, String str, String str2) throws SAMLException, FSMsgException {
        FSUtils.debug.message("Entered FSSingleLogoutHandler::signLogoutRequest");
        String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, "signingCertAlias");
        if (firstAttributeValueFromConfig == null || firstAttributeValueFromConfig.length() == 0) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler:: signLogoutRequest: couldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSingleLogoutHandler::signLogoutRequest Provider's certAlias is found: " + firstAttributeValueFromConfig);
        }
        XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
        Document document = (Document) FSServiceUtils.createSOAPDOM(sOAPMessage);
        xMLSignatureManager.signXML(document, firstAttributeValueFromConfig, SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.xmlSigAlgorithm"), str, str2, false, "//*[local-name()='ProviderID']");
        return FSServiceUtils.convertDOMToSOAP(document);
    }

    private boolean verifyResponseSignature(SOAPMessage sOAPMessage) {
        FSUtils.debug.message("Entered FSLogoutResponse::verifyResponseSignature");
        try {
            X509Certificate verificationCert = KeyUtil.getVerificationCert(this.remoteDescriptor, this.remoteEntityId, !this.hostedRole.equalsIgnoreCase("IDP"));
            if (verificationCert != null) {
                return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), verificationCert);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Logout.verifyResponseSignaturecouldn't obtain this site's cert.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
        } catch (SAMLException e) {
            FSUtils.debug.error("Error in verifying response:", e);
            return false;
        }
    }

    private int getMinorVersion(ProviderDescriptorType providerDescriptorType) {
        if (providerDescriptorType == null) {
            return 0;
        }
        try {
            return FSServiceUtils.getMinorVersion(providerDescriptorType.getProtocolSupportEnumeration());
        } catch (Exception e) {
            FSUtils.debug.error("FSSingleLogoutHandler.getMinorVersion:Error in getting in minor ver.", e);
            return 0;
        }
    }

    private void callPostSingleLogoutSuccess(FSLogoutResponse fSLogoutResponse, String str) {
        FederationSPAdapter sPAdapter;
        if (this.hostedRole == null || !this.hostedRole.equalsIgnoreCase(IFSConstants.SP) || (sPAdapter = FSServiceUtils.getSPAdapter(this.hostedEntityId, this.hostedConfig)) == null) {
            return;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSingleLogoutHandler, call postSingleLogoutSuccess");
        }
        try {
            sPAdapter.postSingleLogoutSuccess(this.hostedEntityId, this.request, this.response, this.userID, this.requestLogout, fSLogoutResponse, str);
        } catch (Exception e) {
            FSUtils.debug.error("postSingleLogoutSuccess." + str, e);
        }
    }

    private FSLogoutStatus handleIDPProxyLogout(String str) {
        List<FSSessionPartner> sessionPartners;
        FSLogoutStatus fSLogoutStatus = null;
        FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout.");
        String str2 = null;
        boolean z = false;
        if (this.hostedRole == "IDP") {
            str2 = IDFFMetaUtils.getMetaAlias(this.realm, this.hostedEntityId, IFSConstants.SP, null);
            if (str2 != null && this.metaManager != null) {
                try {
                    String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.metaManager.getSPDescriptorConfig(this.realm, str), "enableIDPProxy");
                    if (firstAttributeValueFromConfig != null) {
                        if (firstAttributeValueFromConfig.equalsIgnoreCase("true")) {
                            z = true;
                        }
                    }
                } catch (IDFFMetaException e) {
                    z = false;
                }
            }
        }
        if (z) {
            FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout:isProxy is true.");
            try {
                FSSession session = FSSessionManager.getInstance(str2).getSession(this.ssoToken);
                if (session != null && (sessionPartners = session.getSessionPartners()) != null && !sessionPartners.isEmpty()) {
                    FSSingleLogoutHandler fSSingleLogoutHandler = new FSSingleLogoutHandler();
                    SPDescriptorConfigElement sPDescriptorConfig = this.metaManager.getSPDescriptorConfig(this.realm, this.hostedEntityId);
                    fSSingleLogoutHandler.setHostedDescriptor(this.metaManager.getSPDescriptor(this.realm, this.hostedEntityId));
                    fSSingleLogoutHandler.setHostedDescriptorConfig(sPDescriptorConfig);
                    fSSingleLogoutHandler.setRealm(this.realm);
                    fSSingleLogoutHandler.setHostedEntityId(this.hostedEntityId);
                    fSSingleLogoutHandler.setHostedProviderRole(IFSConstants.SP);
                    fSSingleLogoutHandler.setMetaAlias(str2);
                    fSLogoutStatus = new FSLogoutStatus("samlp:Success");
                    for (FSSessionPartner fSSessionPartner : sessionPartners) {
                        if (!fSSessionPartner.getPartner().equals(str) && fSSessionPartner.getIsRoleIDP()) {
                            FSLogoutStatus doIDPProxySoapProfile = fSSingleLogoutHandler.doIDPProxySoapProfile(this.request, this.response, fSSessionPartner, this.userID, session.getSessionIndex(), this.ssoToken);
                            if (!doIDPProxySoapProfile.getStatus().equalsIgnoreCase("samlp:Success")) {
                                fSLogoutStatus = doIDPProxySoapProfile;
                            }
                        }
                    }
                }
            } catch (Exception e2) {
                FSUtils.debug.error("FSSingleLogoutHandler.handleIDPProxy:", e2);
                fSLogoutStatus = new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
            }
        }
        return fSLogoutStatus;
    }

    private int handleMultiProtocolLogout(boolean z, String str, String str2) {
        int i;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSLOHandler.handleMultiProtocolLogout: isSOAP initiated = " + z + ", response XML=" + str);
        }
        if (this.ssoToken == null) {
            try {
                this.ssoToken = SessionManager.getProvider().getSession(this.request);
            } catch (SessionException e) {
                FSUtils.debug.message("FSSLOHandler.handleMPLogout: null", e);
                return 4;
            }
        }
        try {
            if (!SessionManager.getProvider().isValid(this.ssoToken)) {
                return 4;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(this.ssoToken);
            int i2 = this.logoutStatus ? 0 : 2;
            try {
                String xMLString = this.requestLogout == null ? null : this.requestLogout.toXMLString(true, true);
                String str3 = this.relayState;
                if (str3 == null || str3.length() == 0) {
                    str3 = LOGOUT_DONE_URL;
                }
                i = SingleLogoutManager.getInstance().doIDPSingleLogout(hashSet, this.userID, this.request, this.response, z, FSLogoutUtil.isIDPInitiatedProfile(this.singleLogoutProtocol), "idff", this.realm, this.hostedEntityId, str2, str3, xMLString, str, i2);
            } catch (Exception e2) {
                FSUtils.debug.error("FSSLOHandler.doIDPProfile: MP/SOAP", e2);
                i = 2;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSLOHandler.handleMultiProtocolLogout: return status = " + i);
            }
            return i;
        } catch (SessionException e3) {
            FSUtils.debug.message("FSSLOHandler.handleMPLogout: invalid", e3);
            return 4;
        }
    }
}
