package com.sun.identity.saml2.profile;

import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.liberty.ws.paos.PAOSConstants;
import com.sun.identity.liberty.ws.paos.PAOSException;
import com.sun.identity.liberty.ws.paos.PAOSHeader;
import com.sun.identity.liberty.ws.paos.PAOSRequest;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.common.QuerySignatureUtil;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2FailoverUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.common.SOAPCommunicator;
import com.sun.identity.saml2.ecp.ECPFactory;
import com.sun.identity.saml2.ecp.ECPRelayState;
import com.sun.identity.saml2.ecp.ECPRequest;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement;
import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.ExtensionsType;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.SAML2IDPFinder;
import com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.Extensions;
import com.sun.identity.saml2.protocol.GetComplete;
import com.sun.identity.saml2.protocol.IDPEntry;
import com.sun.identity.saml2.protocol.IDPList;
import com.sun.identity.saml2.protocol.NameIDPolicy;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.RequestedAuthnContext;
import com.sun.identity.saml2.protocol.Scoping;
import com.sun.identity.shared.datastruct.OrderedSet;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.IOException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;
import org.forgerock.openam.saml2.audit.SAML2EventLogger;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:com/sun/identity/saml2/profile/SPSSOFederate.class */
public class SPSSOFederate {
    static SAML2MetaManager sm;

    public static void initiateAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, Map map, SAML2EventLogger sAML2EventLogger) throws SAML2Exception {
        try {
            String sPEntityId = getSPEntityId(str);
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPSSOFederate : spEntityID is :" + sPEntityId);
                SAML2Utils.debug.message("SPSSOFederate realm is :" + realmByMetaAlias);
            }
            initiateAuthnRequest(httpServletRequest, httpServletResponse, sPEntityId, str2, realmByMetaAlias, map, sAML2EventLogger);
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("SPSSOFederate: Error retreiving spEntityID from MetaAlias", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaAliasError"));
        }
    }

    public static String getSPEntityId(String str) throws SAML2MetaException {
        return sm.getEntityByMetaAlias(str);
    }

    private static void initiateAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, Map map, SAML2EventLogger sAML2EventLogger) throws SAML2Exception {
        if (FSUtils.needSetLBCookieAndRedirect(httpServletRequest, httpServletResponse, false)) {
            return;
        }
        if (str == null) {
            SAML2Utils.debug.error("SPSSOFederate:Service Provider ID  is missing.");
            LogUtil.error(Level.INFO, LogUtil.INVALID_SP, new String[]{str}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
        }
        if (str2 == null) {
            SAML2Utils.debug.error("SPSSOFederate: Identity Provider ID is missing .");
            LogUtil.error(Level.INFO, LogUtil.INVALID_IDP, new String[]{str2}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate: in initiateSSOFed");
            SAML2Utils.debug.message("SPSSOFederate: spEntityID is : " + str);
            SAML2Utils.debug.message("SPSSOFederate: idpEntityID : " + str2);
        }
        String realm = getRealm(str3);
        try {
            if (sm == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
            }
            Map<String, Collection<String>> attrsMapForAuthnReq = getAttrsMapForAuthnReq(realm, str);
            SPSSODescriptorElement sPSSOForAuthnReq = getSPSSOForAuthnReq(realm, str);
            if (sPSSOForAuthnReq == null) {
                LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str}, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            List extensionsList = getExtensionsList(str, realm);
            IDPSSODescriptorElement iDPSSOForAuthnReq = getIDPSSOForAuthnReq(realm, str2);
            if (iDPSSOForAuthnReq == null) {
                LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str2}, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            String parameter = getParameter(map, SAML2Constants.REQ_BINDING);
            SingleSignOnServiceElement singleSignOnServiceEndpoint = getSingleSignOnServiceEndpoint(iDPSSOForAuthnReq.getSingleSignOnService(), parameter);
            if (singleSignOnServiceEndpoint == null || StringUtils.isEmpty(singleSignOnServiceEndpoint.getLocation())) {
                LogUtil.error(Level.INFO, LogUtil.SSO_NOT_FOUND, new String[]{str2}, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound"));
            }
            String location = singleSignOnServiceEndpoint.getLocation();
            SAML2Utils.debug.message("SPSSOFederate: SingleSignOnService URL : {}", new Object[]{location});
            if (parameter == null) {
                SAML2Utils.debug.message("SPSSOFederate: reqBinding is null using endpoint binding: {} ", new Object[]{singleSignOnServiceEndpoint.getBinding()});
                parameter = singleSignOnServiceEndpoint.getBinding();
                if (parameter == null) {
                    LogUtil.error(Level.INFO, LogUtil.NO_RETURN_BINDING, new String[]{str2}, null);
                    throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding"));
                }
            }
            AuthnRequest createAuthnRequest = createAuthnRequest(httpServletRequest, httpServletResponse, realm, str, str2, map, attrsMapForAuthnReq, extensionsList, sPSSOForAuthnReq, iDPSSOForAuthnReq, location, false);
            if (null != sAML2EventLogger && null != createAuthnRequest) {
                sAML2EventLogger.setRequestId(createAuthnRequest.getID());
            }
            String xMLString = createAuthnRequest.toXMLString(true, true);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPSSOFederate: AuthnRequest:" + xMLString);
            }
            String parameter2 = getParameter(map, "RelayState");
            SAML2Utils.validateRelayStateURL(realm, str, parameter2, SAML2Constants.SP_ROLE);
            String str4 = null;
            if (parameter2 != null && parameter2.length() > 0) {
                str4 = getRelayStateID(parameter2, createAuthnRequest.getID());
            }
            if (parameter.equals(SAML2Constants.HTTP_POST)) {
                SAML2Utils.postToTarget(httpServletRequest, httpServletResponse, "SAMLRequest", getPostBindingMsg(iDPSSOForAuthnReq, sPSSOForAuthnReq, attrsMapForAuthnReq, createAuthnRequest), "RelayState", str4, location);
            } else {
                httpServletResponse.sendRedirect(getRedirect(xMLString, str4, location, iDPSSOForAuthnReq, sPSSOForAuthnReq, attrsMapForAuthnReq));
            }
            LogUtil.access(Level.INFO, LogUtil.REDIRECT_TO_IDP, new String[]{location}, null);
            AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(httpServletRequest, httpServletResponse, realm, str, str2, createAuthnRequest, parameter2, map);
            synchronized (SPCache.requestHash) {
                SPCache.requestHash.put(createAuthnRequest.getID(), authnRequestInfo);
            }
            if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                long currentTimeMillis = (Time.currentTimeMillis() / 1000) + SPCache.interval;
                String id = createAuthnRequest.getID();
                try {
                    SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(id, new AuthnRequestInfoCopy(authnRequestInfo), currentTimeMillis);
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPSSOFederate.initiateAuthnRequest: SAVE AuthnRequestInfoCopy for requestID " + id);
                    }
                } catch (SAML2TokenRepositoryException e) {
                    SAML2Utils.debug.error("SPSSOFederate.initiateAuthnRequest: There was a problem saving the AuthnRequestInfoCopy in the SAML2 Token Repository for requestID " + id, e);
                    throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
                }
            }
        } catch (SAML2MetaException e2) {
            SAML2Utils.debug.error("SPSSOFederate:Error retrieving metadata", e2);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (IOException e3) {
            SAML2Utils.debug.error("SPSSOFederate: Exception :", e3);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorCreatingAuthnRequest"));
        }
    }

    public static String getRedirect(String str, String str2, String str3, IDPSSODescriptorElement iDPSSODescriptorElement, SPSSODescriptorElement sPSSODescriptorElement, Map map) throws SAML2Exception {
        String encodeForRedirect = SAML2Utils.encodeForRedirect(str);
        StringBuilder sb = new StringBuilder();
        sb.append("SAMLRequest").append("=").append(encodeForRedirect);
        if (str2 != null && str2.length() > 0) {
            sb.append("&").append("RelayState").append("=").append(URLEncDec.encode(str2));
        }
        StringBuilder append = new StringBuilder().append(str3).append(str3.contains("?") ? "&" : "?");
        if (iDPSSODescriptorElement.isWantAuthnRequestsSigned() || sPSSODescriptorElement.isAuthnRequestsSigned()) {
            append.append(signQueryString(sb.toString(), getParameter(map, "signingCertAlias")));
        } else {
            append.append((CharSequence) sb);
        }
        return append.toString();
    }

    public static SPSSODescriptorElement getSPSSOForAuthnReq(String str, String str2) throws SAML2MetaException {
        return sm.getSPSSODescriptor(str, str2);
    }

    public static Map<String, Collection<String>> getAttrsMapForAuthnReq(String str, String str2) throws SAML2MetaException {
        SPSSOConfigElement sPSSOConfig = sm.getSPSSOConfig(str, str2);
        Map<String, List<String>> map = null;
        if (sPSSOConfig != null) {
            map = SAML2MetaUtils.getAttributes(sPSSOConfig);
        }
        return map;
    }

    public static IDPSSODescriptorElement getIDPSSOForAuthnReq(String str, String str2) throws SAML2MetaException {
        return sm.getIDPSSODescriptor(str, str2);
    }

    public static String getPostBindingMsg(IDPSSODescriptorElement iDPSSODescriptorElement, SPSSODescriptorElement sPSSODescriptorElement, Map map, AuthnRequest authnRequest) throws SAML2Exception {
        if (iDPSSODescriptorElement.isWantAuthnRequestsSigned() || sPSSODescriptorElement.isAuthnRequestsSigned()) {
            signAuthnRequest(getParameter(map, "signingCertAlias"), authnRequest);
        }
        String xMLString = authnRequest.toXMLString(true, true);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate.initiateAuthnRequest: SAML Response content :\n" + xMLString);
        }
        return SAML2Utils.encodeForPOST(xMLString);
    }

    /* JADX WARN: Type inference failed for: r33v0, types: [java.lang.Throwable, com.sun.identity.liberty.ws.paos.PAOSException] */
    public static void initiateECPRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SAML2Exception, IOException {
        List<String> preferredIDP;
        if (!isFromECP(httpServletRequest)) {
            SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest: invalid HTTP request from ECP.");
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "invalidHttpRequestFromECP", SAML2Utils.bundle.getString("invalidHttpRequestFromECP"));
            return;
        }
        String parameter = httpServletRequest.getParameter("metaAlias");
        Map<String, List<String>> paramsMap = SAML2Utils.getParamsMap(httpServletRequest);
        String entityByMetaAlias = sm.getEntityByMetaAlias(parameter);
        String realm = getRealm(SAML2MetaUtils.getRealmByMetaAlias(parameter));
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest: spEntityID is " + entityByMetaAlias + ", realm is " + realm);
        }
        try {
            if (sm == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
            }
            SPSSOConfigElement sPSSOConfig = sm.getSPSSOConfig(realm, entityByMetaAlias);
            Map<String, List<String>> attributes = sPSSOConfig != null ? SAML2MetaUtils.getAttributes(sPSSOConfig) : null;
            SPSSODescriptorElement sPSSODescriptor = sm.getSPSSODescriptor(realm, entityByMetaAlias);
            if (sPSSODescriptor == null) {
                LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{entityByMetaAlias}, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            LogUtil.access(Level.INFO, LogUtil.RECEIVED_HTTP_REQUEST_ECP, new String[]{entityByMetaAlias, realm}, null);
            AuthnRequest createAuthnRequest = createAuthnRequest(httpServletRequest, httpServletResponse, realm, entityByMetaAlias, null, paramsMap, attributes, getExtensionsList(entityByMetaAlias, realm), sPSSODescriptor, null, null, true);
            PrivateKey privateKey = KeyUtil.getKeyProviderInstance().getPrivateKey(SAML2Utils.getSigningCertAlias(realm, entityByMetaAlias, SAML2Constants.SP_ROLE));
            if (privateKey == null) {
                SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest: Unable to find signing key.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            createAuthnRequest.sign(privateKey, null);
            ECPFactory eCPFactory = ECPFactory.getInstance();
            String parameter2 = getParameter(paramsMap, "RelayState");
            String str = "";
            if (parameter2 != null && parameter2.length() > 0) {
                String relayStateID = getRelayStateID(parameter2, createAuthnRequest.getID());
                ECPRelayState createECPRelayState = eCPFactory.createECPRelayState();
                createECPRelayState.setValue(relayStateID);
                createECPRelayState.setMustUnderstand(Boolean.TRUE);
                createECPRelayState.setActor("http://schemas.xmlsoap.org/soap/actor/next");
                str = createECPRelayState.toXMLString(true, true);
            }
            ECPRequest createECPRequest = eCPFactory.createECPRequest();
            createECPRequest.setIssuer(createIssuer(entityByMetaAlias));
            createECPRequest.setMustUnderstand(Boolean.TRUE);
            createECPRequest.setActor("http://schemas.xmlsoap.org/soap/actor/next");
            createECPRequest.setIsPassive(createAuthnRequest.isPassive());
            SAML2IDPFinder eCPIDPFinder = SAML2Utils.getECPIDPFinder(realm, entityByMetaAlias);
            if (eCPIDPFinder != null && (preferredIDP = eCPIDPFinder.getPreferredIDP(createAuthnRequest, entityByMetaAlias, realm, httpServletRequest, httpServletResponse)) != null && !preferredIDP.isEmpty()) {
                SAML2MetaManager sAML2MetaManager = SAML2Utils.getSAML2MetaManager();
                ArrayList arrayList = null;
                for (String str2 : preferredIDP) {
                    IDPSSODescriptorElement iDPSSODescriptor = sAML2MetaManager.getIDPSSODescriptor(realm, str2);
                    if (iDPSSODescriptor != null) {
                        IDPEntry createIDPEntry = ProtocolFactory.getInstance().createIDPEntry();
                        createIDPEntry.setProviderID(str2);
                        createIDPEntry.setName(SAML2Utils.getAttributeValueFromSSOConfig(realm, str2, SAML2Constants.IDP_ROLE, SAML2Constants.ENTITY_DESCRIPTION));
                        SingleSignOnServiceElement singleSignOnServiceEndpoint = getSingleSignOnServiceEndpoint(iDPSSODescriptor.getSingleSignOnService(), SAML2Constants.SOAP);
                        if (singleSignOnServiceEndpoint == null || StringUtils.isEmpty(singleSignOnServiceEndpoint.getLocation())) {
                            throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound"));
                        }
                        String location = singleSignOnServiceEndpoint.getLocation();
                        SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest URL : {}", new Object[]{location});
                        createIDPEntry.setLoc(location);
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(createIDPEntry);
                    }
                }
                if (arrayList != null) {
                    IDPList createIDPList = ProtocolFactory.getInstance().createIDPList();
                    createIDPList.setIDPEntries(arrayList);
                    createECPRequest.setIDPList(createIDPList);
                    List<String> list = SAML2MetaUtils.getAttributes(sPSSOConfig).get(SAML2Constants.ECP_REQUEST_IDP_LIST_GET_COMPLETE);
                    if (list != null && !list.isEmpty()) {
                        GetComplete createGetComplete = ProtocolFactory.getInstance().createGetComplete();
                        createGetComplete.setValue(list.get(0));
                        createIDPList.setGetComplete(createGetComplete);
                    }
                }
            }
            try {
                try {
                    SOAPMessage createSOAPMessage = SOAPCommunicator.getInstance().createSOAPMessage(new PAOSRequest(createAuthnRequest.getAssertionConsumerServiceURL(), "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp", null, Boolean.TRUE, "http://schemas.xmlsoap.org/soap/actor/next").toXMLString(true, true) + createECPRequest.toXMLString(true, true) + str, createAuthnRequest.toXMLString(true, true), false);
                    String[] strArr = {entityByMetaAlias, realm, ""};
                    if (LogUtil.isAccessLoggable(Level.FINE)) {
                        strArr[2] = SOAPCommunicator.getInstance().soapMessageToString(createSOAPMessage);
                    }
                    LogUtil.access(Level.INFO, LogUtil.SEND_ECP_PAOS_REQUEST, strArr, null);
                    if (createSOAPMessage.saveRequired()) {
                        createSOAPMessage.saveChanges();
                    }
                    httpServletResponse.setStatus(200);
                    SAML2Utils.putHeaders(createSOAPMessage.getMimeHeaders(), httpServletResponse);
                    httpServletResponse.setContentType(PAOSConstants.PAOS_MIME_TYPE);
                    ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                    createSOAPMessage.writeTo(outputStream);
                    outputStream.flush();
                    AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(httpServletRequest, httpServletResponse, realm, entityByMetaAlias, null, createAuthnRequest, parameter2, paramsMap);
                    synchronized (SPCache.requestHash) {
                        SPCache.requestHash.put(createAuthnRequest.getID(), authnRequestInfo);
                    }
                    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        long currentTimeMillis = (Time.currentTimeMillis() / 1000) + SPCache.interval;
                        String id = createAuthnRequest.getID();
                        try {
                            SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(id, new AuthnRequestInfoCopy(authnRequestInfo), currentTimeMillis);
                            if (SAML2Utils.debug.messageEnabled()) {
                                SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest: SAVE AuthnRequestInfoCopy for requestID " + id);
                            }
                        } catch (SAML2TokenRepositoryException e) {
                            SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest: There was a problem saving the AuthnRequestInfoCopy in the SAML2 Token Repository for requestID " + id, e);
                        }
                    }
                } catch (SOAPException e2) {
                    SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest", e2);
                    LogUtil.error(Level.INFO, LogUtil.SEND_ECP_PAOS_REQUEST_FAILED, new String[]{entityByMetaAlias, realm}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "soapError", e2.getMessage());
                }
            } catch (PAOSException e3) {
                SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest:", (Throwable) e3);
                throw new SAML2Exception(e3.getMessage());
            }
        } catch (SAML2MetaException e4) {
            SAML2Utils.debug.error("SPSSOFederate:Error retrieving metadata", e4);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static boolean isFromECP(HttpServletRequest httpServletRequest) {
        try {
            HashMap servicesAndOptions = new PAOSHeader(httpServletRequest).getServicesAndOptions();
            if (servicesAndOptions != null && servicesAndOptions.containsKey("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp")) {
                String header = httpServletRequest.getHeader("Accept");
                return (header == null || header.indexOf(PAOSConstants.PAOS_MIME_TYPE) == -1) ? false : true;
            }
            if (!SAML2Utils.debug.messageEnabled()) {
                return false;
            }
            SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest:PAOS header doesn't contain ECP service");
            return false;
        } catch (PAOSException e) {
            if (!SAML2Utils.debug.messageEnabled()) {
                return false;
            }
            SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest:no PAOS header");
            return false;
        }
    }

    private static NameIDPolicy createNameIDPolicy(String str, String str2, boolean z, SPSSODescriptorElement sPSSODescriptorElement, IDPSSODescriptorElement iDPSSODescriptorElement, String str3, Map map) throws SAML2Exception {
        String verifyNameIDFormat = SAML2Utils.verifyNameIDFormat(str2, sPSSODescriptorElement, iDPSSODescriptorElement);
        NameIDPolicy createNameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
        String parameter = getParameter(map, "affiliationID");
        if (parameter != null) {
            AffiliationDescriptorType affiliationDescriptor = sm.getAffiliationDescriptor(str3, parameter);
            if (affiliationDescriptor == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("affiliationNotFound"));
            }
            if (!affiliationDescriptor.getAffiliateMember().contains(str)) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
            }
            createNameIDPolicy.setSPNameQualifier(parameter);
        } else {
            createNameIDPolicy.setSPNameQualifier(str);
        }
        createNameIDPolicy.setAllowCreate(z);
        createNameIDPolicy.setFormat(verifyNameIDFormat);
        return createNameIDPolicy;
    }

    private static Issuer createIssuer(String str) throws SAML2Exception {
        Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
        createIssuer.setValue(str);
        return createIssuer;
    }

    public static AuthnRequest createAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, Map map, Map map2, List list, SPSSODescriptorElement sPSSODescriptorElement, IDPSSODescriptorElement iDPSSODescriptorElement, String str4, boolean z) throws SAML2Exception {
        String generateID = SAML2Utils.generateID();
        if (generateID == null || generateID.length() == 0) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("cannotGenerateID"));
        }
        String parameter = getParameter(map, SAML2Constants.DESTINATION);
        Boolean doPassive = doPassive(map, map2);
        Boolean isForceAuthN = isForceAuthN(map, map2);
        boolean isAllowCreate = isAllowCreate(map, map2);
        boolean includeRequestedAuthnContext = includeRequestedAuthnContext(map, map2);
        String parameter2 = getParameter(map, "Consent");
        Extensions createExtensions = createExtensions(list);
        NameIDPolicy createNameIDPolicy = createNameIDPolicy(str2, getParameter(map, "NameIDFormat"), isAllowCreate, sPSSODescriptorElement, iDPSSODescriptorElement, str, map);
        Issuer createIssuer = createIssuer(str2);
        Integer index = getIndex(map, "AssertionConsumerServiceIndex");
        Integer index2 = getIndex(map, "AttributeConsumingServiceIndex");
        OrderedSet aCSUrl = getACSUrl(sPSSODescriptorElement, z ? SAML2Constants.PAOS : getParameter(map, SAML2Constants.BINDING));
        String str5 = (String) aCSUrl.get(0);
        String str6 = (String) aCSUrl.get(1);
        if (!SAML2Utils.isSPProfileBindingSupported(str, str2, SAML2Constants.ACS_SERVICE, str6)) {
            SAML2Utils.debug.error("SPSSOFederate.createAuthnRequest:" + str6 + "is not supported for " + str2);
            LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, new String[]{str2, str6}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
        }
        AuthnRequest createAuthnRequest = ProtocolFactory.getInstance().createAuthnRequest();
        if (!z) {
            if (parameter == null || parameter.length() == 0) {
                createAuthnRequest.setDestination(XMLUtils.escapeSpecialCharacters(str4));
            } else {
                createAuthnRequest.setDestination(XMLUtils.escapeSpecialCharacters(parameter));
            }
        }
        createAuthnRequest.setConsent(parameter2);
        createAuthnRequest.setIsPassive(doPassive);
        createAuthnRequest.setForceAuthn(isForceAuthN);
        createAuthnRequest.setAttributeConsumingServiceIndex(index2);
        createAuthnRequest.setAssertionConsumerServiceIndex(index);
        createAuthnRequest.setAssertionConsumerServiceURL(XMLUtils.escapeSpecialCharacters(str5));
        createAuthnRequest.setProtocolBinding(str6);
        createAuthnRequest.setIssuer(createIssuer);
        createAuthnRequest.setNameIDPolicy(createNameIDPolicy);
        if (includeRequestedAuthnContext) {
            createAuthnRequest.setRequestedAuthnContext(createReqAuthnContext(str, str2, map, map2));
        }
        if (createExtensions != null) {
            createAuthnRequest.setExtensions(createExtensions);
        }
        createAuthnRequest.setID(generateID);
        createAuthnRequest.setVersion(SAML2Constants.VERSION_2_0);
        createAuthnRequest.setIssueInstant(Time.newDate());
        Boolean attrValueFromMap = getAttrValueFromMap(map2, "enableIDPProxy");
        if (attrValueFromMap != null && attrValueFromMap.booleanValue()) {
            Scoping createScoping = ProtocolFactory.getInstance().createScoping();
            String parameter3 = getParameter(map2, "idpProxyCount");
            if (parameter3 != null && !parameter3.equals("")) {
                createScoping.setProxyCount(new Integer(parameter3));
            }
            List list2 = (List) map2.get("idpProxyList");
            if (list2 != null && !list2.isEmpty()) {
                Iterator it = list2.iterator();
                ArrayList arrayList = new ArrayList();
                while (it.hasNext()) {
                    IDPEntry createIDPEntry = ProtocolFactory.getInstance().createIDPEntry();
                    createIDPEntry.setProviderID((String) it.next());
                    arrayList.add(createIDPEntry);
                }
                IDPList createIDPList = ProtocolFactory.getInstance().createIDPList();
                createIDPList.setIDPEntries(arrayList);
                createScoping.setIDPList(createIDPList);
            }
            createAuthnRequest.setScoping(createScoping);
        }
        SAML2ServiceProviderAdapter sPAdapterClass = SAML2Utils.getSPAdapterClass(str2, str);
        if (sPAdapterClass != null) {
            sPAdapterClass.preSingleSignOnRequest(str2, str3, str, httpServletRequest, httpServletResponse, createAuthnRequest);
        }
        return createAuthnRequest;
    }

    public static Boolean getAttrValueFromMap(Map map, String str) {
        String parameter;
        Boolean bool = null;
        if (map != null && map.size() > 0 && (parameter = getParameter(map, str)) != null && (parameter.equals("true") || parameter.equals("false"))) {
            bool = new Boolean(parameter);
        }
        return bool;
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0048, code lost:
    
        r5 = r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement getSingleSignOnServiceEndpoint(java.util.List<com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement> r3, java.lang.String r4) {
        /*
            r0 = 0
            r5 = r0
            r0 = r4
            boolean r0 = org.forgerock.openam.utils.StringUtils.isEmpty(r0)
            r6 = r0
            r0 = r3
            java.util.Iterator r0 = r0.iterator()
            r7 = r0
        Lf:
            r0 = r7
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L65
            r0 = r7
            java.lang.Object r0 = r0.next()
            com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement r0 = (com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement) r0
            r8 = r0
            r0 = r6
            if (r0 == 0) goto L4e
            java.lang.String r0 = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
            r1 = r8
            java.lang.String r1 = r1.getBinding()
            boolean r0 = r0.equals(r1)
            if (r0 != 0) goto L48
            java.lang.String r0 = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
            r1 = r8
            java.lang.String r1 = r1.getBinding()
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L4e
        L48:
            r0 = r8
            r5 = r0
            goto L65
        L4e:
            r0 = r4
            r1 = r8
            java.lang.String r1 = r1.getBinding()
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L62
            r0 = r8
            r5 = r0
            goto L65
        L62:
            goto Lf
        L65:
            r0 = r5
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.saml2.profile.SPSSOFederate.getSingleSignOnServiceEndpoint(java.util.List, java.lang.String):com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OrderedSet getACSUrl(SPSSODescriptorElement sPSSODescriptorElement, String str) {
        AssertionConsumerServiceElement assertionConsumerServiceElement;
        String str2 = str;
        if (str != null && str.length() > 0 && str.indexOf(SAML2Constants.BINDING_PREFIX) == -1) {
            str2 = new StringBuffer().append(SAML2Constants.BINDING_PREFIX).append(str).toString();
        }
        List assertionConsumerService = sPSSODescriptorElement.getAssertionConsumerService();
        String str3 = null;
        if (assertionConsumerService != null && !assertionConsumerService.isEmpty()) {
            Iterator it = assertionConsumerService.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                assertionConsumerServiceElement = (AssertionConsumerServiceElement) it.next();
                if (assertionConsumerServiceElement == null || !assertionConsumerServiceElement.isIsDefault() || (str2 != null && str2.length() != 0)) {
                    if (assertionConsumerServiceElement != null && assertionConsumerServiceElement.getBinding().equals(str2)) {
                        str3 = assertionConsumerServiceElement.getLocation();
                        break;
                    }
                }
            }
            str3 = assertionConsumerServiceElement.getLocation();
            str2 = assertionConsumerServiceElement.getBinding();
        }
        OrderedSet orderedSet = new OrderedSet();
        orderedSet.add(str3);
        orderedSet.add(str2);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate: AssertionConsumerService : URL :" + str3);
            SAML2Utils.debug.message("SPSSOFederate: AssertionConsumerService : Binding Passed in Query: " + str);
            SAML2Utils.debug.message("SPSSOFederate: AssertionConsumerService : Binding : " + str2);
        }
        return orderedSet;
    }

    public static String getRealm(String str) {
        return (str == null || str.length() == 0) ? "/" : str;
    }

    private static Boolean doPassive(Map map, Map map2) {
        Boolean bool = Boolean.FALSE;
        String parameter = getParameter(map, "IsPassive");
        Boolean attrValueFromMap = (parameter == null || !(parameter.equals("true") || parameter.equals("false"))) ? getAttrValueFromMap(map2, "IsPassive") : new Boolean(parameter);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate: isPassive : " + attrValueFromMap);
        }
        return attrValueFromMap == null ? Boolean.FALSE : attrValueFromMap;
    }

    private static Boolean isForceAuthN(Map map, Map map2) {
        String parameter = getParameter(map, "ForceAuthn");
        Boolean attrValueFromMap = (parameter == null || !(parameter.equals("true") || parameter.equals("false"))) ? getAttrValueFromMap(map2, "ForceAuthn") : new Boolean(parameter);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate:ForceAuthn: " + parameter);
        }
        return attrValueFromMap == null ? Boolean.FALSE : attrValueFromMap;
    }

    private static boolean isAllowCreate(Map map, Map map2) {
        boolean z = true;
        String parameter = getParameter(map, SAML2Constants.ALLOWCREATE);
        if (parameter == null || !(parameter.equals("true") || parameter.equals("false"))) {
            Boolean attrValueFromMap = getAttrValueFromMap(map2, SAML2Constants.ALLOWCREATE);
            if (attrValueFromMap != null) {
                z = attrValueFromMap.booleanValue();
            }
        } else {
            z = new Boolean(parameter).booleanValue();
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate:AllowCreate:" + z);
        }
        return z;
    }

    private static boolean includeRequestedAuthnContext(Map map, Map map2) {
        boolean z = true;
        Boolean attrValueFromMap = getAttrValueFromMap(map, SAML2Constants.INCLUDE_REQUESTED_AUTHN_CONTEXT);
        if (attrValueFromMap != null) {
            z = attrValueFromMap.booleanValue();
        } else {
            Boolean attrValueFromMap2 = getAttrValueFromMap(map2, SAML2Constants.INCLUDE_REQUESTED_AUTHN_CONTEXT);
            if (attrValueFromMap2 != null) {
                z = attrValueFromMap2.booleanValue();
            }
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate:includeRequestedAuthnContext:" + z);
        }
        return z;
    }

    private static Integer getIndex(Map map, String str) {
        Integer num = null;
        String parameter = getParameter(map, str);
        if (parameter != null && parameter.length() > 0) {
            num = new Integer(parameter);
        }
        return num;
    }

    public static String getParameter(Map map, String str) {
        List list;
        String str2 = null;
        if (map != null && !map.isEmpty() && (list = (List) map.get(str)) != null && !list.isEmpty()) {
            str2 = (String) list.iterator().next();
        }
        return str2;
    }

    public static List getExtensionsList(String str, String str2) {
        ExtensionsType extensions;
        List list = null;
        try {
            EntityDescriptorElement entityDescriptor = sm.getEntityDescriptor(str2, str);
            if (entityDescriptor != null && (extensions = entityDescriptor.getExtensions()) != null) {
                list = extensions.getAny();
            }
        } catch (SAML2Exception e) {
            SAML2Utils.debug.error("SPSSOFederate:Error retrieving EntityDescriptor");
        }
        return list;
    }

    private static Extensions createExtensions(List list) throws SAML2Exception {
        Extensions extensions = null;
        if (list != null && !list.isEmpty()) {
            extensions = ProtocolFactory.getInstance().createExtensions();
            extensions.setAny(list);
        }
        return extensions;
    }

    public static String getRelayStateID(String str, String str2) {
        SPCache.relayStateHash.put(str2, new CacheObject(str));
        if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            String str3 = str2 + str2;
            try {
                SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(str3, str, (Time.currentTimeMillis() / 1000) + SPCache.interval);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPSSOFederate.getRelayStateID: SAVE relayState for requestID " + str3);
                }
            } catch (SAML2TokenRepositoryException e) {
                SAML2Utils.debug.error("SPSSOFederate.getRelayStateID: Unable to SAVE relayState for requestID " + str3, e);
            }
        }
        return str2;
    }

    private static RequestedAuthnContext createReqAuthnContext(String str, String str2, Map map, Map map2) {
        List list;
        RequestedAuthnContext requestedAuthnContext = null;
        String str3 = null;
        if (map2 != null && !map2.isEmpty() && (list = (List) map2.get(SAML2Constants.SP_AUTHCONTEXT_MAPPER)) != null && list.size() != 0) {
            str3 = ((String) list.iterator().next()).trim();
        }
        try {
            requestedAuthnContext = SAML2Utils.getSPAuthnContextMapper(str, str2, str3).getRequestedAuthnContext(str, str2, map);
        } catch (SAML2Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPSSOFederate:Error creating RequestedAuthnContext", e);
            }
        }
        return requestedAuthnContext;
    }

    public static String signQueryString(String str, String str2) throws SAML2Exception {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate:queryString:" + str);
            SAML2Utils.debug.message("SPSSOFederate: certAlias :" + str2);
        }
        return QuerySignatureUtil.sign(str, KeyUtil.getKeyProviderInstance().getPrivateKey(str2));
    }

    public static void signAuthnRequest(String str, AuthnRequest authnRequest) throws SAML2Exception {
        KeyProvider keyProviderInstance = KeyUtil.getKeyProviderInstance();
        if (keyProviderInstance == null) {
            SAML2Utils.debug.error("SPSSOFederate:signAuthnRequest: Unable to get a key provider instance.");
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
        }
        authnRequest.sign(keyProviderInstance.getPrivateKey(str), keyProviderInstance.getX509Certificate(str));
    }

    static {
        sm = null;
        try {
            sm = new SAML2MetaManager();
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("SPSSOFederate: Error retreiving metadata", e);
        }
    }
}
