package com.sun.identity.wsfederation.servlet;

import com.iplanet.sso.SSOToken;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.whitelist.URLPatternMatcher;
import com.sun.identity.wsfederation.common.WSFederationConstants;
import com.sun.identity.wsfederation.common.WSFederationException;
import com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
import java.net.MalformedURLException;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.forgerock.openam.saml2.plugins.WsFedAuthenticator;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.forgerock.openam.wsfederation.common.ActiveRequestorException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/sun/identity/wsfederation/servlet/ActiveRequest.class */
public class ActiveRequest extends WSFederationAction {
    private static final Debug DEBUG = Debug.getInstance(WSFederationConstants.BUNDLE_NAME);
    public static final String NO_PROOF_KEY_KEY_TYPE = "http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey";
    private static final String ACTION = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue";
    private static final String REQUEST_TYPE = "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue";
    private String realm;
    private String messageId;
    private String username;
    private char[] password;
    private String expires;
    private String address;

    public ActiveRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super(httpServletRequest, httpServletResponse);
        this.realm = null;
        this.messageId = null;
        this.username = null;
        this.password = null;
        this.expires = null;
        this.address = null;
    }

    /* JADX WARN: Removed duplicated region for block: B:69:0x0379  */
    /* JADX WARN: Removed duplicated region for block: B:87:0x03e1  */
    /* JADX WARN: Type inference failed for: r17v6, types: [org.forgerock.openam.wsfederation.common.ActiveRequestorException, java.lang.Throwable] */
    @Override // com.sun.identity.wsfederation.servlet.WSFederationAction
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void process() throws javax.servlet.ServletException, java.io.IOException, com.sun.identity.wsfederation.common.WSFederationException {
        /*
            Method dump skipped, instructions count: 1006
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.wsfederation.servlet.ActiveRequest.process():void");
    }

    private void parseAndValidateRequest(SOAPMessage sOAPMessage, IDPSSOConfigElement iDPSSOConfigElement) throws SOAPException, WSFederationException {
        NodeList childNodes = sOAPMessage.getSOAPHeader().getChildNodes();
        String str = null;
        String str2 = null;
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item instanceof Element) {
                Element element = (Element) item;
                if (WSFederationConstants.WSA_NAMESPACE.equals(element.getNamespaceURI())) {
                    String textContent = element.getTextContent();
                    if (SAML2SDKUtils.ACTION.equals(element.getLocalName())) {
                        str = textContent;
                    } else if ("To".equals(element.getLocalName())) {
                        str2 = textContent;
                    } else if ("MessageID".equals(element.getLocalName())) {
                        this.messageId = textContent;
                    }
                } else if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(element.getNamespaceURI()) && "Security".equals(element.getLocalName())) {
                    extractSecurityDetails(element);
                }
            }
        }
        String str3 = WSFederationMetaUtils.getEndpointBaseUrl(iDPSSOConfigElement, this.request) + "/WSFederationServlet/sts/metaAlias" + iDPSSOConfigElement.getMetaAlias();
        try {
            Date stringToDate = DateUtils.stringToDate(this.expires);
            if (!ACTION.equals(str)) {
                throw ActiveRequestorException.newSenderException("invalidValueForElement", "wsa:Action");
            }
            if (StringUtils.isEmpty(this.username) || this.password.length == 0) {
                throw ActiveRequestorException.newSenderException("unableToAuthenticate", new String[0]);
            }
            if (Time.newDate().after(stringToDate)) {
                throw ActiveRequestorException.newSenderException("timeInvalid", new String[0]);
            }
            try {
                if (!new URLPatternMatcher().match(str3, Collections.singleton(str2), false)) {
                    throw ActiveRequestorException.newSenderException("invalidValueForElement", "wsa:To");
                }
                SOAPBody sOAPBody = sOAPMessage.getSOAPBody();
                if (!REQUEST_TYPE.equals(getSingleElement(sOAPBody, WSFederationConstants.WST_NAMESPACE, "RequestType"))) {
                    throw ActiveRequestorException.newReceiverException("unsupportedRequestType", new String[0]);
                }
                this.address = getSingleElement(sOAPBody, WSFederationConstants.WSA_NAMESPACE, WSFederationConstants.ADDRESS_TAG_NAME);
                List<String> attributes = WSFederationMetaUtils.getAttributes(iDPSSOConfigElement, WSFederationConstants.TRUSTED_ADDRESSES);
                if (attributes == null || !attributes.contains(this.address)) {
                    throw ActiveRequestorException.newReceiverException("invalidReceiver", new String[0]);
                }
                if (!NO_PROOF_KEY_KEY_TYPE.equals(getSingleElement(sOAPBody, WSFederationConstants.WST_NAMESPACE, "KeyType"))) {
                    throw ActiveRequestorException.newReceiverException("unsupportedKeyType", new String[0]);
                }
            } catch (MalformedURLException e) {
                throw ActiveRequestorException.newSenderException("invalidValueForElement", "wsa:To");
            }
        } catch (ParseException e2) {
            throw ActiveRequestorException.newSenderException("invalidOrExpiredRequest", new String[0]);
        }
    }

    private SSOToken authenticateEndUser(SOAPMessage sOAPMessage, String str) throws ActiveRequestorException {
        try {
            WsFedAuthenticator wsFedAuthenticator = (WsFedAuthenticator) Class.forName(str).asSubclass(WsFedAuthenticator.class).newInstance();
            this.request.setAttribute("org.forgerock.openam.federation.wsfed.active.login", true);
            return wsFedAuthenticator.authenticate(this.request, this.response, sOAPMessage, this.realm, this.username, this.password);
        } catch (ReflectiveOperationException e) {
            DEBUG.error("An error occurred while invoking WsFedAuthenticator", e);
            throw ActiveRequestorException.newReceiverException(e);
        }
    }

    private void extractSecurityDetails(Element element) throws WSFederationException {
        this.username = getSingleElement(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Username");
        this.password = getSingleElement(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Password").toCharArray();
        this.expires = getSingleElement(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Expires");
    }

    private String getSingleElement(Element element, String str, String str2) throws WSFederationException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(str, str2);
        if (elementsByTagNameNS.getLength() == 0) {
            throw ActiveRequestorException.newSenderException("missingElement", str2, str);
        }
        if (elementsByTagNameNS.getLength() > 1) {
            throw ActiveRequestorException.newSenderException("tooManyElements", str2, str);
        }
        return elementsByTagNameNS.item(0).getTextContent();
    }

    private String maskPassword(String str) {
        return str.substring(0, str.indexOf("Password>") + "Password>".length()) + "### MASKED PASSWORD ###" + str.substring(str.lastIndexOf("<", str.lastIndexOf("Password>")));
    }
}
