package com.sun.identity.multiprotocol;

import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement;
import com.sun.identity.federation.message.FSLogoutResponse;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.plugin.configuration.ConfigurationException;
import com.sun.identity.plugin.configuration.ConfigurationManager;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.profile.LogoutUtil;
import com.sun.identity.saml2.protocol.LogoutResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/identity/multiprotocol/SingleLogoutManager.class */
public class SingleLogoutManager {
    public static final int LOGOUT_SUCCEEDED_STATUS = 0;
    public static final int LOGOUT_PARTIAL_STATUS = 1;
    public static final int LOGOUT_FAILED_STATUS = 2;
    public static final int LOGOUT_REDIRECTED_STATUS = 3;
    public static final int LOGOUT_NO_ACTION_STATUS = 4;
    public static final String SAML2 = "saml2";
    public static final String IDFF = "idff";
    public static final String WS_FED = "wsfed";
    private static final String KEY_PARAM = "key";
    private static final String CLASS_PARAM = "class";
    static final String FEDERATION_PROTOCOLS = "federationprotocols";
    static final String RELAY_SERVLET = "multiprotocolrelay";
    private static final String RELAY_SERVLET_URI = "/multiprotocolrelay/";
    public static final String STATUS_PARAM = "logoutStatus";
    private static String MULTI_PROTOCOL_CONFIG_NAME = "MULTI_PROTOCOL";
    private static String EMPTY_STRING = "";
    private static String DELIMITOR = "|";
    private static String LOCAL_HOST_URL = "http://localhost/idp";
    private static Map handlerMap = new HashMap();
    private static Map relayStateMap = new HashMap();
    private static Map userSessionMap = new HashMap();
    private static Map userIDMap = new HashMap();
    private static Map isSOAPInitiatedMap = new HashMap();
    private static Map isIDPInitiatedMap = new HashMap();
    private static Map origProtocolMap = new HashMap();
    private static Map protocolListMap = new HashMap();
    private static Map realmMap = new HashMap();
    private static Map idpEntityIDMap = new HashMap();
    private static Map spEntityIDMap = new HashMap();
    private static Map sloRequestXMLMap = new HashMap();
    private static Map sloResponseXMLMap = new HashMap();
    private static Map currentStatusMap = new HashMap();
    private static List protocolList = new ArrayList();
    static Debug debug = Debug.getInstance("libMultipleProtocol");
    private static SingleLogoutManager manager = new SingleLogoutManager();

    private SingleLogoutManager() {
        Object obj;
        try {
            Set<String> set = (Set) ConfigurationManager.getConfigurationInstance(MULTI_PROTOCOL_CONFIG_NAME).getConfiguration(null, null).get("SingleLogoutHandlerList");
            if (debug.messageEnabled()) {
                debug.message("SingleLogoutManager.constructor: handlers set=" + set);
            }
            if (set != null && !set.isEmpty()) {
                for (String str : set) {
                    StringTokenizer stringTokenizer = new StringTokenizer(str, DELIMITOR);
                    if (stringTokenizer.countTokens() != 2) {
                        debug.error("SingleLogoutManager.constructor: wrong handler value " + str);
                    } else {
                        String[] strArr = {stringTokenizer.nextToken(), stringTokenizer.nextToken()};
                        String str2 = null;
                        String str3 = null;
                        int i = 0;
                        while (true) {
                            if (i >= 2) {
                                break;
                            }
                            int indexOf = strArr[i].indexOf("=");
                            if (i == -1) {
                                debug.error("SingleLogoutManager.constructor: missing = in parameter " + strArr[i]);
                                break;
                            }
                            String substring = strArr[i].substring(0, indexOf);
                            if (!substring.equalsIgnoreCase("key")) {
                                if (!substring.equalsIgnoreCase(CLASS_PARAM)) {
                                    debug.error("SingleLogoutManager.constructor: wrong key in parameter " + strArr[i]);
                                    break;
                                }
                                str3 = strArr[i].substring(indexOf + 1);
                            } else {
                                str2 = strArr[i].substring(indexOf + 1);
                            }
                            i++;
                        }
                        if (str2 == null || str2.length() == 0 || str3 == null || str3.length() == 0) {
                            debug.error("SingleLogoutManager.constructor: invalid value " + strArr[0] + "|" + strArr[1]);
                        } else {
                            try {
                                if (str2.equalsIgnoreCase("saml2")) {
                                    obj = "saml2";
                                } else if (str2.equalsIgnoreCase("idff")) {
                                    obj = "idff";
                                } else if (str2.equalsIgnoreCase("wsfed")) {
                                    obj = "wsfed";
                                } else {
                                    debug.error("SingleLogoutManager.constructor: invalid protocol " + str2);
                                }
                                SingleLogoutHandler singleLogoutHandler = (SingleLogoutHandler) Class.forName(str3).newInstance();
                                protocolList.add(obj);
                                handlerMap.put(obj, singleLogoutHandler);
                            } catch (ClassNotFoundException e) {
                                debug.error("SingleLogoutManager.constructor: class not found " + str3, e);
                            } catch (IllegalAccessException e2) {
                                debug.error("SingleLogoutManager.constructor: illegal access exception " + str3, e2);
                            } catch (InstantiationException e3) {
                                debug.error("SingleLogoutManager.constructor: instantiation exception " + str3, e3);
                            }
                        }
                    }
                }
            }
            if (debug.messageEnabled()) {
                debug.message("SingleLogoutManager.constructor: handlers map=" + handlerMap);
            }
        } catch (ConfigurationException e4) {
            debug.error("Unable to initiate Single Loogut Manager", e4);
        }
    }

    public static SingleLogoutManager getInstance() {
        return manager;
    }

    boolean containKey(String str) {
        return (str == null || str.length() == 0 || !relayStateMap.containsKey(str)) ? false : true;
    }

    public int doIDPSingleLogout(Set set, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2, String str2, String str3, String str4, String str5, String str6, String str7, String str8, int i) throws Exception {
        int i2;
        if (str6 == null) {
            str6 = EMPTY_STRING;
        }
        if (protocolList.isEmpty()) {
            debug.message("SingleLogoutManager.doIDPSingleLogour : no handler");
            return 4;
        }
        String str9 = str6;
        if (!relayStateMap.containsKey(str6)) {
            str9 = getShortRelayState(str6);
            if (str9 != null && !relayStateMap.containsKey(str9)) {
                str9 = null;
            }
        }
        if (debug.messageEnabled()) {
            debug.message("SingleLogoutManager.doIDPSLO: userID=" + str + ", protocol=" + str2 + ", relay=" + str6 + ", hex relay=" + str9);
        }
        if (str9 == null) {
            str9 = saveParameters(set, str, z, z2, str2, str3, str4, str5, str6, str7, str8, i);
            str6 = getRelayStateURL(httpServletRequest, str9);
            if (debug.messageEnabled()) {
                debug.message("SingleLogoutManager.doIDPSingleLogout : save " + str9 + ", new relayState=" + str6);
            }
        } else {
            updateStatus(str9, i);
            if (str9.equals(str6)) {
                str6 = getRelayStateURL(httpServletRequest, str9);
            }
            if (debug.messageEnabled()) {
                debug.message("SingleLogoutManager.doIDPSingleLogout : read " + str9 + ", nu relayState=" + str6);
            }
        }
        List list = (List) protocolListMap.get(str9);
        if (list == null || list.isEmpty()) {
            return ((Integer) currentStatusMap.get(str9)).intValue();
        }
        while (!list.isEmpty()) {
            String str10 = (String) list.remove(0);
            SingleLogoutHandler singleLogoutHandler = (SingleLogoutHandler) handlerMap.get(str10);
            if (singleLogoutHandler == null) {
                debug.error("SingleLogoutManager.doIDPSingleLogout: no handler for protocol " + str10);
            } else {
                if (debug.messageEnabled()) {
                    debug.message("SingleLogoutManager.doIDPSingleLogout:  handle protocol " + str10);
                }
                Set set2 = (Set) userSessionMap.get(str9);
                String str11 = (String) userIDMap.get(str9);
                z = ((Boolean) isSOAPInitiatedMap.get(str9)).booleanValue();
                try {
                    i2 = singleLogoutHandler.doIDPSingleLogout(set2, str11, httpServletRequest, httpServletResponse, z, ((Boolean) isIDPInitiatedMap.get(str9)).booleanValue(), (String) origProtocolMap.get(str9), (String) realmMap.get(str9), (String) idpEntityIDMap.get(str9), (String) spEntityIDMap.get(str9), str6, (String) sloRequestXMLMap.get(str9), str8, ((Integer) currentStatusMap.get(str9)).intValue());
                    if (debug.messageEnabled()) {
                        debug.message("SingleLogoutManager.doIDPSingleLogout:  logout status = " + i2 + " for " + str10);
                    }
                } catch (Exception e) {
                    debug.error("SingleLogoutManager.doIDPSingleLogout: error for protocol " + str10, e);
                    i2 = 2;
                }
                if (i2 == 3) {
                    return i2;
                }
                updateStatus(str9, i2);
            }
        }
        int intValue = ((Integer) currentStatusMap.get(str9)).intValue();
        if (z) {
            cleanupParameters(str9);
        }
        return intValue;
    }

    private String getShortRelayState(String str) {
        int indexOf;
        if (str.length() == 0 || (indexOf = str.indexOf(RELAY_SERVLET_URI)) == -1) {
            return null;
        }
        return str.substring(indexOf + RELAY_SERVLET_URI.length());
    }

    private String saveParameters(Set set, String str, boolean z, boolean z2, String str2, String str3, String str4, String str5, String str6, String str7, String str8, int i) {
        String generateIDWithServerID = SAML2Utils.generateIDWithServerID();
        relayStateMap.put(generateIDWithServerID, str6);
        if (debug.messageEnabled()) {
            debug.message("SingleLogoutManager.saveParameters: userID=" + str + ", session=" + set + ", orig relayState=" + str6 + ", new=" + generateIDWithServerID + ", isSOAInitiated=" + z + ", isIDPInitiated=" + z2 + ", protocol=" + str2 + ", relam=" + str3 + ", idpEntityID=" + str4 + ", spEntityID=" + str5 + ", status=" + i + "\nlogout Request XML=" + str7 + "\nlogout response XML=" + str8);
        }
        if (set != null) {
            userSessionMap.put(generateIDWithServerID, set);
        }
        if (str != null) {
            userIDMap.put(generateIDWithServerID, str);
        }
        if (z) {
            isSOAPInitiatedMap.put(generateIDWithServerID, Boolean.TRUE);
        } else {
            isSOAPInitiatedMap.put(generateIDWithServerID, Boolean.FALSE);
        }
        if (z2) {
            isIDPInitiatedMap.put(generateIDWithServerID, Boolean.TRUE);
        } else {
            isIDPInitiatedMap.put(generateIDWithServerID, Boolean.FALSE);
        }
        if (str2 != null) {
            origProtocolMap.put(generateIDWithServerID, str2);
            int size = protocolList.size();
            ArrayList arrayList = new ArrayList(size - 1);
            for (int i2 = 0; i2 < size; i2++) {
                String str9 = (String) protocolList.get(i2);
                if (!str9.equals(str2)) {
                    arrayList.add(str9);
                }
            }
            protocolListMap.put(generateIDWithServerID, arrayList);
        }
        if (str3 != null) {
            realmMap.put(generateIDWithServerID, str3);
        }
        if (str4 != null) {
            idpEntityIDMap.put(generateIDWithServerID, str4);
        }
        if (str5 != null) {
            spEntityIDMap.put(generateIDWithServerID, str5);
        }
        if (str7 != null) {
            sloRequestXMLMap.put(generateIDWithServerID, str7);
        }
        if (str8 != null) {
            sloResponseXMLMap.put(generateIDWithServerID, str8);
        }
        currentStatusMap.put(generateIDWithServerID, new Integer(i));
        return generateIDWithServerID;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean containRelayState(String str) {
        return relayStateMap.containsKey(str);
    }

    void cleanupParameters(String str) {
        if (debug.messageEnabled()) {
            debug.message("SingleLogoutManager.cleanupParameters: new relayState=" + str);
        }
        relayStateMap.remove(str);
        userSessionMap.remove(str);
        userIDMap.remove(str);
        isSOAPInitiatedMap.remove(str);
        isSOAPInitiatedMap.remove(str);
        isIDPInitiatedMap.remove(str);
        origProtocolMap.remove(str);
        protocolListMap.remove(str);
        realmMap.remove(str);
        idpEntityIDMap.remove(str);
        spEntityIDMap.remove(str);
        sloRequestXMLMap.remove(str);
        sloResponseXMLMap.remove(str);
        currentStatusMap.remove(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r20v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public void sendLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (debug.messageEnabled()) {
            debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + str);
        }
        String str2 = (String) sloResponseXMLMap.get(str);
        if (str2 == null) {
            String str3 = (String) relayStateMap.get(str);
            String logoutStatus = MultiProtocolUtils.getLogoutStatus(((Integer) currentStatusMap.get(str)).intValue());
            if (str3 == null || str3.length() == 0) {
                httpServletResponse.getWriter().print("Logout DONE. Status = " + logoutStatus);
            } else if (str3.indexOf("?") == -1) {
                httpServletResponse.sendRedirect(str3 + "?logoutStatus=" + logoutStatus);
            } else {
                httpServletResponse.sendRedirect(str3 + "&logoutStatus=" + logoutStatus);
            }
        } else {
            String str4 = (String) origProtocolMap.get(str);
            String str5 = (String) spEntityIDMap.get(str);
            String str6 = (String) relayStateMap.get(str);
            String str7 = (String) realmMap.get(str);
            String str8 = (String) idpEntityIDMap.get(str);
            int intValue = ((Integer) currentStatusMap.get(str)).intValue();
            if (str4.equals("saml2")) {
                try {
                    LogoutResponse createLogoutResponse = ProtocolFactory.getInstance().createLogoutResponse(str2);
                    String destination = createLogoutResponse.getDestination();
                    String value = createLogoutResponse.getStatus().getStatusCode().getValue();
                    String newStatusCode = getNewStatusCode(intValue, value);
                    if (!value.equals(newStatusCode)) {
                        createLogoutResponse.getStatus().getStatusCode().setValue(value);
                    }
                    if (debug.messageEnabled()) {
                        debug.message("SingleLogoutManager.sendLogoutRes:(SAML2) location=" + destination + " orig status=" + value + ", new status=" + newStatusCode + ", orig relay=" + str6 + ", realm=" + str7 + ", idpEntityID=" + str8 + ", spEntityID=" + str5);
                    }
                    LogoutUtil.sendSLOResponse(httpServletResponse, createLogoutResponse, destination, str6, str7, str8, SAML2Constants.IDP_ROLE, str5);
                } catch (SAML2Exception e) {
                    debug.error("SingleLogoutManager.sendLogoutResponse:saml2", (Throwable) e);
                    throw new IOException(e.getMessage());
                }
            } else if (str4.equals("idff")) {
                boolean z = false;
                String str9 = null;
                try {
                    debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
                    IDFFMetaManager iDFFMetaManager = FSUtils.getIDFFMetaManager();
                    String singleLogoutServiceReturnURL = iDFFMetaManager.getSPDescriptor(str7, str5).getSingleLogoutServiceReturnURL();
                    FSLogoutResponse fSLogoutResponse = new FSLogoutResponse(XMLUtils.toDOMDocument(str2, debug).getDocumentElement());
                    IDPDescriptorConfigElement iDPDescriptorConfig = iDFFMetaManager.getIDPDescriptorConfig(str7, str8);
                    str9 = FSServiceUtils.getLogoutDonePageURL(httpServletRequest, iDPDescriptorConfig, null);
                    String value2 = fSLogoutResponse.getStatus().getStatusCode().getValue();
                    String newStatusCode2 = getNewStatusCode(intValue, value2);
                    if (!value2.equals(newStatusCode2)) {
                        fSLogoutResponse.setStatus(new Status(new StatusCode(newStatusCode2)));
                    }
                    if (debug.messageEnabled()) {
                        debug.message("SingleLogoutManager.sendLogoutRes:(IDFF) orig status=" + value2 + ", new status=" + newStatusCode2 + ", orig relay=" + str6 + ", logout done URL=" + str9 + ", realm=" + str7 + ", idpEntityID=" + str8 + ", spEntityID=" + str5);
                    }
                    String uRLEncodedQueryString = fSLogoutResponse.toURLEncodedQueryString();
                    if (FSServiceUtils.isSigningOn()) {
                        String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(iDPDescriptorConfig, "signingCertAlias");
                        if (firstAttributeValueFromConfig == null || firstAttributeValueFromConfig.length() == 0) {
                            if (debug.messageEnabled()) {
                                debug.message("SingleLogoutManager.sendLogoutRes:signSAMLRequest couldn't obtain cert alias.");
                            }
                            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
                        }
                        uRLEncodedQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, firstAttributeValueFromConfig);
                    }
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(singleLogoutServiceReturnURL);
                    if (singleLogoutServiceReturnURL.indexOf(63) == -1) {
                        stringBuffer.append('?');
                    } else {
                        stringBuffer.append('&');
                    }
                    stringBuffer.append(uRLEncodedQueryString);
                    if (debug.messageEnabled()) {
                        debug.message("SingleLogoutManager.sendResponse for IDFF, url = " + stringBuffer.toString());
                    }
                    httpServletResponse.sendRedirect(stringBuffer.toString());
                } catch (FSMsgException e2) {
                    debug.error("SingleLogoutManager.sendLogoutRes", e2);
                    z = true;
                } catch (IDFFMetaException e3) {
                    debug.error("SingleLogoutManager.sendLogoutRes", e3);
                    z = true;
                } catch (SAMLException e4) {
                    debug.error("SingleLogoutManager.sendLogoutRes", e4);
                    z = true;
                } catch (IOException e5) {
                    debug.error("SingleLogoutManager.sendLogoutRes", e5);
                    z = true;
                }
                if (z) {
                    FSServiceUtils.returnLocallyAfterOperation(httpServletResponse, str9, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                }
            } else if (str4.equals("wsfed")) {
                debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
                if (str6 != null) {
                    httpServletResponse.sendRedirect(str6);
                } else {
                    httpServletResponse.getWriter().print("Logout DONE.");
                }
            } else {
                debug.error("SingleLogoutManager.sendLogoutResponse: invalid protocol : " + str4);
            }
        }
        cleanupParameters(str);
    }

    private void updateStatus(String str, int i) {
        Integer num = (Integer) currentStatusMap.get(str);
        if (num == null) {
            currentStatusMap.put(str, new Integer(i));
            return;
        }
        int intValue = num.intValue();
        switch (intValue) {
            case 0:
                if (i > intValue) {
                    currentStatusMap.put(str, new Integer(i));
                    return;
                }
                return;
            case 2:
                if (i < 2) {
                    currentStatusMap.put(str, new Integer(1));
                    return;
                }
                return;
            default:
                return;
        }
    }

    private String getNewStatusCode(int i, String str) {
        switch (i) {
            case 0:
                return str;
            case 1:
            case 2:
                return IFSConstants.SAML_RESPONDER;
            default:
                return str;
        }
    }

    private String getRelayStateURL(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest == null) {
            return LOCAL_HOST_URL + RELAY_SERVLET_URI + str;
        }
        return MultiProtocolUtils.geServerBaseURL(httpServletRequest) + RELAY_SERVLET_URI + str;
    }
}
