package com.sun.identity.saml2.plugins;

import com.sun.identity.cot.COTException;
import com.sun.identity.cot.CircleOfTrustManager;
import com.sun.identity.sae.api.Utils;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.assertion.AttributeElement;
import com.sun.identity.saml2.jaxb.assertion.AttributeValueElement;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.ExtensionsType;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadataattr.EntityAttributesElement;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.profile.IDPSSOUtil;
import com.sun.identity.saml2.profile.SPCache;
import com.sun.identity.saml2.profile.SPSSOFederate;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.RequestedAuthnContext;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/sun/identity/saml2/plugins/SAML2IDPProxyFRImpl.class */
public class SAML2IDPProxyFRImpl implements SAML2IDPFinder {
    SPSSODescriptorElement spSSODescriptor = null;
    String relayState = "";
    String binding = "";
    public static String IDP_FINDER_ENABLED_IN_SP = "idpFinderEnabled";
    public static String SESSION_ATTR_NAME_IDP_LIST = "_IDPLIST_";
    public static String SESSION_ATTR_NAME_RELAYSTATE = "_RELAYSTATE_";
    public static String SESSION_ATTR_NAME_SPREQUESTER = "_SPREQUESTER_";
    public static String SESSION_ATTR_NAME_REQAUTHNCONTEXT = "_REQAUTHNCONTEXT_";
    public static String className = "SAML2IDPProxyFRImpl.";

    @Override // com.sun.identity.saml2.plugins.SAML2IDPFinder
    public List getPreferredIDP(AuthnRequest authnRequest, String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SAML2Exception {
        String str3 = className + "getPreferredIDP:";
        debugMessage("getPreferredIDP", "Entering.");
        Boolean isIDPFinderForAllSPs = isIDPFinderForAllSPs(str2, str);
        try {
            SAML2MetaManager sAML2MetaManager = new SAML2MetaManager();
            if (sAML2MetaManager == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
            }
            try {
                this.spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(str2, authnRequest.getIssuer().getValue().toString());
            } catch (SAML2MetaException e) {
                SAML2Utils.debug.error(str3, e);
                this.spSSODescriptor = null;
            }
            this.relayState = httpServletRequest.getParameter("RelayState");
            this.binding = SAML2Constants.HTTP_REDIRECT;
            if (httpServletRequest.getMethod().equals(Utils.POST)) {
                this.binding = SAML2Constants.HTTP_POST;
            }
            SPSSOConfigElement sPSSOConfig = sAML2MetaManager.getSPSSOConfig(str2, authnRequest.getIssuer().getValue());
            Map<String, List<String>> map = null;
            if (sPSSOConfig != null) {
                map = SAML2MetaUtils.getAttributes(sPSSOConfig);
            }
            Boolean bool = false;
            String parameter = SPSSOFederate.getParameter(map, "useIntroductionForIDPProxy");
            if (parameter != null) {
                bool = Boolean.valueOf(parameter.equalsIgnoreCase("true"));
            }
            Boolean bool2 = false;
            String parameter2 = SPSSOFederate.getParameter(map, IDP_FINDER_ENABLED_IN_SP);
            if (parameter2 != null) {
                bool2 = Boolean.valueOf(parameter2.equalsIgnoreCase("true"));
            }
            String iDPFinderJSP = getIDPFinderJSP(str2, str);
            ArrayList arrayList = new ArrayList();
            if (!bool.booleanValue() && !bool2.booleanValue() && !isIDPFinderForAllSPs.booleanValue()) {
                debugMessage("getPreferredIDP", " idpFinder wil use the static list of the SP");
                List<String> list = null;
                if (map != null && !map.isEmpty()) {
                    list = map.get("idpProxyList");
                }
                debugMessage("getPreferredIDP", " List from the configuration: " + list);
                if (list == null || list.isEmpty()) {
                    SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:Preferred IDPs are null.");
                    return null;
                }
                if (list.size() <= 1) {
                    arrayList.add(list.iterator().next());
                    return arrayList;
                }
                String selectIDPBasedOnLOA = selectIDPBasedOnLOA(list, str2, authnRequest);
                String redirect = getRedirect(httpServletRequest, iDPFinderJSP);
                String generateID = SAML2Utils.generateID();
                storeSessionParamsAndCache(httpServletRequest, selectIDPBasedOnLOA, authnRequest, str, str2, generateID);
                debugMessage("getPreferredIDP", ": Redirect url = " + redirect);
                httpServletResponse.sendRedirect(redirect);
                arrayList.add(generateID);
                debugMessage("getPreferredIDP", " Redirected successfully");
                return arrayList;
            }
            if (!bool.booleanValue() && (bool2.booleanValue() || isIDPFinderForAllSPs.booleanValue())) {
                debugMessage("getPreferredIDP", "SP wants to use IdP Finder");
                String idpList = idpList(authnRequest, str2);
                if (idpList.trim().isEmpty()) {
                    return null;
                }
                String redirect2 = getRedirect(httpServletRequest, iDPFinderJSP);
                String generateID2 = SAML2Utils.generateID();
                storeSessionParamsAndCache(httpServletRequest, idpList, authnRequest, str, str2, generateID2);
                debugMessage("getPreferredIDP", ": Redirect url = " + redirect2);
                httpServletResponse.sendRedirect(redirect2);
                arrayList.add(generateID2);
                debugMessage("getPreferredIDP", " Redirected successfully");
                return arrayList;
            }
            String sAML2ReaderServiceURL = new CircleOfTrustManager().getCircleOfTrust(str2, map.get("cotlist").iterator().next()).getSAML2ReaderServiceURL();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(str3 + "SAMLv2 idpdiscovery reader URL = " + sAML2ReaderServiceURL);
            }
            if (sAML2ReaderServiceURL == null || sAML2ReaderServiceURL.equals("")) {
                return null;
            }
            String generateID3 = SAML2Utils.generateID();
            String redirectURL = SAML2Utils.getRedirectURL(sAML2ReaderServiceURL, generateID3, httpServletRequest);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.error(str3 + "Redirect url = " + redirectURL);
            }
            if (redirectURL == null) {
                return null;
            }
            httpServletResponse.sendRedirect(redirectURL);
            SPCache.reqParamHash.put(generateID3, new HashMap());
            arrayList.add(generateID3);
            return arrayList;
        } catch (COTException e2) {
            SAML2Utils.debug.error(str3 + "Error retreiving COT ", e2);
            return null;
        } catch (SAML2MetaException e3) {
            SAML2Utils.debug.error(str3 + "meta Exception in retrieving the preferred IDP", e3);
            return null;
        } catch (Exception e4) {
            SAML2Utils.debug.error(str3 + "Exception in retrieving the preferred IDP", e4);
            return null;
        }
    }

    private void debugMessage(String str, String str2) {
        String str3 = "SAML2IDPPRoxyFRImpl." + str + ":";
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(str3 + str2);
        }
    }

    private String idpList(AuthnRequest authnRequest, String str) {
        try {
            return selectIDPBasedOnLOA(SAML2Utils.getSAML2MetaManager().getAllRemoteIdentityProviderEntities(str), str, authnRequest);
        } catch (SAML2MetaException e) {
            debugMessage("idpList", "SOmething went wrong: " + e);
            return null;
        }
    }

    private String selectIDPBasedOnLOA(List<String> list, String str, AuthnRequest authnRequest) {
        RequestedAuthnContext requestedAuthnContext;
        HashSet hashSet;
        String str2 = "";
        try {
            requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        } catch (SAML2MetaException e) {
            debugMessage("selectIdPBasedOnLOA", "SOmething went wrong: " + e);
        }
        if (requestedAuthnContext == null) {
            return StringUtils.join(list, " ");
        }
        List authnContextClassRef = requestedAuthnContext.getAuthnContextClassRef();
        debugMessage("selectIdPBasedOnLOA", "listofAuthnContexts: " + authnContextClassRef);
        try {
            hashSet = new HashSet(authnContextClassRef);
        } catch (Exception e2) {
            hashSet = new HashSet();
        }
        if (list != null && !list.isEmpty()) {
            for (String str3 : list) {
                debugMessage("selectIdPBasedOnLOA", "IDP is: " + str3);
                EntityDescriptorElement entityDescriptor = SAML2Utils.getSAML2MetaManager().getEntityDescriptor(str, str3);
                if (entityDescriptor != null) {
                    ExtensionsType extensions = entityDescriptor.getExtensions();
                    if (extensions != null) {
                        debugMessage("selectIdPBasedOnLOA", "Extensions found for idp: " + str3);
                        List<EntityAttributesElement> any = extensions.getAny();
                        if (any != null || !any.isEmpty()) {
                            debugMessage("selectIdPBasedOnLOA", "Extensions content found for idp: " + str3);
                            for (EntityAttributesElement entityAttributesElement : any) {
                                if (entityAttributesElement != null) {
                                    debugMessage("selectIdPBasedOnLOA", "Entity Attributes found for idp: " + str3);
                                    List attributeOrAssertion = entityAttributesElement.getAttributeOrAssertion();
                                    if (attributeOrAssertion != null || !attributeOrAssertion.isEmpty()) {
                                        Iterator it = attributeOrAssertion.iterator();
                                        while (it.hasNext()) {
                                            List<AttributeValueElement> attributeValue = ((AttributeElement) it.next()).getAttributeValue();
                                            if (attributeValue != null || !attributeValue.isEmpty()) {
                                                debugMessage("selectIdPBasedOnLOA", "Attribute Values found for idp: " + str3);
                                                for (AttributeValueElement attributeValueElement : attributeValue) {
                                                    if (attributeValueElement != null) {
                                                        List content = attributeValueElement.getContent();
                                                        debugMessage("selectIdPBasedOnLOA", "Attribute Value Elements found for idp: " + str3 + "-->" + content);
                                                        if (content != null || !content.isEmpty()) {
                                                            Set trimmedListToSet = trimmedListToSet(content);
                                                            debugMessage("selectIdPBasedOnLOA", "idpContextSet = " + trimmedListToSet);
                                                            trimmedListToSet.retainAll(hashSet);
                                                            if (trimmedListToSet != null && !trimmedListToSet.isEmpty()) {
                                                                str2 = str3 + " " + str2;
                                                                debugMessage("selectIdPBasedOnLOA", "Extension Values found for idp " + str3 + ": " + trimmedListToSet);
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    } else {
                        debugMessage("selectIdPBasedOnLOA", " No extensions found for IdP " + str3);
                    }
                } else {
                    debugMessage("selectIdPBasedOnLOA", "Configuration for the idp " + str3 + " was not found in this system");
                }
            }
        }
        debugMessage("selectIdPBasedOnLOA", " IDPList returns: " + str2);
        return str2.trim();
    }

    private String selectIDPBasedOnAuthContext(List list, String str, AuthnRequest authnRequest) {
        HashSet hashSet;
        String str2 = "";
        try {
            List authnContextClassRef = authnRequest.getRequestedAuthnContext().getAuthnContextClassRef();
            debugMessage("selectIdPBasedOnLOA", "listofAuthnContexts: " + authnContextClassRef);
            try {
                hashSet = new HashSet(authnContextClassRef);
            } catch (Exception e) {
                hashSet = new HashSet();
            }
            if (list != null && !list.isEmpty()) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    String str3 = (String) it.next();
                    debugMessage("selectIdPBasedOnLOA", "IDP is: " + str3);
                    List supportedAuthnContextsByIDP = getSupportedAuthnContextsByIDP(str, str3);
                    if (supportedAuthnContextsByIDP != null) {
                        debugMessage("selectIdPBasedOnLOA", "Standard Authn Contexts found for idp: " + str3);
                        Set trimmedListToSet = trimmedListToSet(supportedAuthnContextsByIDP);
                        debugMessage("selectIdPBasedOnLOA", "idpContextSet = " + trimmedListToSet);
                        trimmedListToSet.retainAll(hashSet);
                        if (trimmedListToSet != null && !trimmedListToSet.isEmpty()) {
                            str2 = str3 + " " + str2;
                            debugMessage("selectIdPBasedOnLOA", "Standard Authn Contexts found for idp " + str3 + ": " + trimmedListToSet);
                        }
                    } else {
                        debugMessage("selectIdPBasedOnLOA", "The IdP" + str3 + " has no standard authentication contexts configured");
                    }
                }
            }
        } catch (Exception e2) {
            SAML2Utils.debug.error("selectIdPBasedOnLOAError when trying to get the idp's by standard Authn Context: " + e2);
        }
        debugMessage("selectIdPBasedOnLOA", " IDPList returns: " + str2);
        return str2.trim();
    }

    private Set trimmedListToSet(List list) {
        HashSet hashSet = new HashSet();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().toString().trim());
            debugMessage("trimmedListToSet", " element added to Set : ");
        }
        return hashSet;
    }

    private String buildReturnURL(String str, HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer();
        String str2 = httpServletRequest.getScheme() + "://" + httpServletRequest.getHeader("host") + httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && !queryString.isEmpty()) {
            str2 = str2 + "?" + queryString;
        }
        StringBuffer append = new StringBuffer().append(str2);
        if (append.toString().indexOf("?") == -1) {
            append.append("?");
        } else {
            append.append("&");
        }
        append.append("requestID=").append(str);
        stringBuffer.append(append);
        String stringBuffer2 = stringBuffer.toString();
        debugMessage("buildReturnURL", " ReturnURL is: " + stringBuffer2);
        return stringBuffer2;
    }

    private void storeSessionParamsAndCache(HttpServletRequest httpServletRequest, String str, AuthnRequest authnRequest, String str2, String str3, String str4) {
        HttpSession session = httpServletRequest.getSession();
        session.setAttribute(SESSION_ATTR_NAME_IDP_LIST, str);
        debugMessage("storeSessionParamsAndCache", " Setting " + SESSION_ATTR_NAME_IDP_LIST + " = " + str);
        session.setAttribute(SESSION_ATTR_NAME_RELAYSTATE, buildReturnURL(str4, httpServletRequest));
        debugMessage("storeSessionParamsAndCache", " Setting " + SESSION_ATTR_NAME_RELAYSTATE);
        session.setAttribute(SESSION_ATTR_NAME_SPREQUESTER, authnRequest.getIssuer().getValue().toString());
        debugMessage("storeSessionParamsAndCache", " Setting " + SESSION_ATTR_NAME_SPREQUESTER);
        RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        session.setAttribute(SESSION_ATTR_NAME_REQAUTHNCONTEXT, requestedAuthnContext == null ? null : requestedAuthnContext.getAuthnContextClassRef());
        debugMessage("storeSessionParamsAndCache", " Setting " + SESSION_ATTR_NAME_REQAUTHNCONTEXT);
        HashMap hashMap = new HashMap();
        hashMap.put("authnReq", authnRequest);
        hashMap.put("spSSODescriptor", this.spSSODescriptor);
        hashMap.put("idpEntityID", str2);
        hashMap.put("realm", str3);
        hashMap.put("relayState", this.relayState);
        hashMap.put(SAML2Constants.BINDING, this.binding);
        SPCache.reqParamHash.put(str4, hashMap);
    }

    private String getRedirect(HttpServletRequest httpServletRequest, String str) {
        String str2 = (httpServletRequest.getScheme() + "://" + httpServletRequest.getHeader("host") + httpServletRequest.getContextPath()) + "/" + str;
        debugMessage("getRedirect", ": Redirect url = " + str2);
        return str2;
    }

    private Boolean isIDPFinderForAllSPs(String str, String str2) throws SAML2Exception {
        Boolean bool;
        try {
            String attributeValueFromIDPSSOConfig = IDPSSOUtil.getAttributeValueFromIDPSSOConfig(str, str2, SAML2Constants.ENABLE_PROXY_IDP_FINDER_FOR_ALL_SPS);
            if (attributeValueFromIDPSSOConfig == null || attributeValueFromIDPSSOConfig.isEmpty()) {
                bool = false;
            } else {
                debugMessage("isIDPFinderForAllSPs", "idpFinderForAllSPs is: " + attributeValueFromIDPSSOConfig);
                bool = Boolean.valueOf(attributeValueFromIDPSSOConfig.equalsIgnoreCase("true"));
            }
            return bool;
        } catch (Exception e) {
            SAML2Utils.debug.error("isIDPFinderForAllSPsUnable to get IDP Proxy Finder.", e);
            throw new SAML2Exception(e);
        }
    }

    private String getIDPFinderJSP(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromIDPSSOConfig = IDPSSOUtil.getAttributeValueFromIDPSSOConfig(str, str2, SAML2Constants.PROXY_IDP_FINDER_JSP);
            if (attributeValueFromIDPSSOConfig != null && !attributeValueFromIDPSSOConfig.isEmpty()) {
                debugMessage("getIDPFinderJSP", "idpFinderForAllSPs is: " + attributeValueFromIDPSSOConfig);
            }
            return attributeValueFromIDPSSOConfig;
        } catch (Exception e) {
            SAML2Utils.debug.error("getIDPFinderJSPUnable to get IDP Proxy Finder.", e);
            throw new SAML2Exception(e);
        }
    }

    public List getAttributeListValueFromIDPSSOConfig(String str, String str2, String str3) {
        List<String> list = null;
        try {
            List<String> list2 = SAML2MetaUtils.getAttributes(SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(str, str2)).get(str3);
            if (list2 != null) {
                if (list2.size() != 0) {
                    list = list2;
                }
            }
        } catch (SAML2MetaException e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("IDPSSOUtil.getAttributeValueFromIDPSSOConfig: get IDPSSOConfig failed:", e);
            }
            list = null;
        }
        return list;
    }

    public List getSupportedAuthnContextsByIDP(String str, String str2) {
        List list = null;
        List attributeListValueFromIDPSSOConfig = getAttributeListValueFromIDPSSOConfig(str, str2, SAML2Constants.IDP_AUTHNCONTEXT_CLASSREF_MAPPING);
        if (attributeListValueFromIDPSSOConfig != null && !attributeListValueFromIDPSSOConfig.isEmpty()) {
            Iterator it = attributeListValueFromIDPSSOConfig.iterator();
            while (it.hasNext()) {
                StringTokenizer stringTokenizer = new StringTokenizer((String) it.next(), "|");
                if (stringTokenizer.countTokens() > 1) {
                    list.add(stringTokenizer.nextToken());
                }
            }
        }
        return null;
    }
}
