package com.sun.identity.saml;

import com.sun.identity.common.GeneralTaskRunnable;
import com.sun.identity.common.PeriodicGroupRunnable;
import com.sun.identity.common.ScheduleableGroupAction;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.common.SystemTimerPool;
import com.sun.identity.common.TaskRunnable;
import com.sun.identity.common.TimerPool;
import com.sun.identity.plugin.monitoring.FedMonAgent;
import com.sun.identity.plugin.monitoring.FedMonSAML1Svc;
import com.sun.identity.plugin.monitoring.MonitorManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AssertionIDReference;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.AuthorizationDecisionStatement;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectLocality;
import com.sun.identity.saml.common.LogUtils;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLRequesterException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.plugins.ActionMapper;
import com.sun.identity.saml.plugins.AttributeMapper;
import com.sun.identity.saml.plugins.ConsumerSiteAttributeMapper;
import com.sun.identity.saml.plugins.DefaultNameIdentifierMapper;
import com.sun.identity.saml.plugins.NameIdentifierMapper;
import com.sun.identity.saml.plugins.PartnerAccountMapper;
import com.sun.identity.saml.plugins.PartnerSiteAttributeMapper;
import com.sun.identity.saml.plugins.SiteAttributeMapper;
import com.sun.identity.saml.protocol.AssertionArtifact;
import com.sun.identity.saml.protocol.AttributeQuery;
import com.sun.identity.saml.protocol.AuthenticationQuery;
import com.sun.identity.saml.protocol.AuthorizationDecisionQuery;
import com.sun.identity.saml.protocol.Query;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.stats.Stats;
import com.sun.identity.shared.xml.XMLUtils;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.openam.utils.Time;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/saml/AssertionManager.class */
public final class AssertionManager {
    public static Stats assStats = Stats.getInstance("amAssertionMap");
    public static Stats artStats = Stats.getInstance("amArtifactMap");
    private static AssertionStats assertionStats;
    private static ArtifactStats artifactStats;
    private static final String SUPER_USER = "com.sun.identity.authentication.super.user";
    private static String superUser;
    private static SessionProvider sessionProvider;
    private static long cleanUpInterval;
    private static long assertionTimeout;
    private static long artifactTimeout;
    private static long notBeforeSkew;
    private static FedMonAgent agent;
    private static FedMonSAML1Svc saml1Svc;
    private static AssertionManager instance;
    private static Map artEntryMap;
    private static Map idEntryMap;
    private static TaskRunnable assertionTimeoutRunnable;
    private static TaskRunnable artifactTimeoutRunnable;
    private static TaskRunnable goThroughRunnable;
    private static String assertionVersion;
    private static String protocolVersion;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/identity/saml/AssertionManager$ArtEntry.class */
    public class ArtEntry {
        private String aID;
        private long expiretime;

        public ArtEntry(String str, long j) {
            this.aID = null;
            this.expiretime = 0L;
            this.aID = str;
            this.expiretime = j;
        }

        public String getAssertionID() {
            return this.aID;
        }

        public long getExpireTime() {
            return this.expiretime;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/identity/saml/AssertionManager$Entry.class */
    public class Entry {
        private String destID;
        private String artString;
        private Object token;
        private Assertion assertion;

        public Entry(Assertion assertion, String str, String str2, Object obj) {
            this.destID = null;
            this.artString = null;
            this.token = null;
            this.assertion = null;
            this.assertion = assertion;
            this.destID = str;
            this.artString = str2;
            this.token = obj;
        }

        public Assertion getAssertion() {
            return this.assertion;
        }

        public String getDestID() {
            return this.destID;
        }

        public void setDestID(String str) {
            this.destID = str;
        }

        public String getArtifactString() {
            return this.artString;
        }

        public void setArtifactString(String str) {
            this.artString = str;
        }

        public Object getSSOToken() {
            return this.token;
        }
    }

    /* loaded from: input_file:com/sun/identity/saml/AssertionManager$GoThroughRunnable.class */
    private class GoThroughRunnable extends GeneralTaskRunnable {
        private Set keys = new HashSet();
        private long runPeriod;

        public GoThroughRunnable(long j) {
            this.runPeriod = j;
        }

        public boolean addElement(Object obj) {
            boolean add;
            synchronized (this.keys) {
                add = this.keys.add(obj);
            }
            return add;
        }

        public boolean removeElement(Object obj) {
            boolean remove;
            synchronized (this.keys) {
                remove = this.keys.remove(obj);
            }
            return remove;
        }

        public boolean isEmpty() {
            return false;
        }

        public long getRunPeriod() {
            return this.runPeriod;
        }

        public void run() {
            Assertion assertion;
            long currentTimeMillis = Time.currentTimeMillis();
            SAMLUtils.debug.message("Clean up runnable wakes up..");
            synchronized (this.keys) {
                Iterator it = this.keys.iterator();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager::CleanUpThread::number of assertions in IdEntryMap:" + AssertionManager.idEntryMap.size());
                }
                while (it.hasNext()) {
                    String str = (String) it.next();
                    Entry entry = (Entry) AssertionManager.idEntryMap.get(str);
                    if (entry != null && (assertion = entry.getAssertion()) != null) {
                        if (assertion.getConditions() == null) {
                            Date issueInstant = assertion.getIssueInstant();
                            Date date = new Date(issueInstant.getTime() - AssertionManager.notBeforeSkew);
                            Date date2 = new Date(issueInstant.getTime() + AssertionManager.assertionTimeout);
                            if (currentTimeMillis < date.getTime() || currentTimeMillis >= date2.getTime()) {
                                it.remove();
                                AssertionManager.this.deleteAssertion(str, null);
                            }
                        } else if (!assertion.isTimeValid()) {
                            it.remove();
                            AssertionManager.this.deleteAssertion(str, null);
                        }
                    }
                }
            }
        }
    }

    private AssertionManager() {
        idEntryMap = new HashMap();
        artEntryMap = new HashMap();
        try {
            assertionVersion = SystemConfigurationUtil.getProperty(SAMLConstants.SAML_ASSERTION_VERSION);
            protocolVersion = SystemConfigurationUtil.getProperty(SAMLConstants.SAML_PROTOCOL_VERSION);
        } catch (Exception e) {
            assertionVersion = "1.0";
            protocolVersion = "1.0";
        }
        TimerPool timerPool = SystemTimerPool.getTimerPool();
        assertionTimeoutRunnable = new PeriodicGroupRunnable(new ScheduleableGroupAction() { // from class: com.sun.identity.saml.AssertionManager.1
            public void doGroupAction(Object obj) {
                AssertionManager.this.deleteAssertion((String) obj, null);
            }
        }, cleanUpInterval, assertionTimeout, true);
        timerPool.schedule(assertionTimeoutRunnable, new Date(((Time.currentTimeMillis() + cleanUpInterval) / 1000) * 1000));
        artifactTimeoutRunnable = new PeriodicGroupRunnable(new ScheduleableGroupAction() { // from class: com.sun.identity.saml.AssertionManager.2
            public void doGroupAction(Object obj) {
                AssertionManager.this.deleteAssertion(null, (String) obj);
            }
        }, cleanUpInterval, artifactTimeout, true);
        timerPool.schedule(artifactTimeoutRunnable, new Date(((Time.currentTimeMillis() + cleanUpInterval) / 1000) * 1000));
        goThroughRunnable = new GoThroughRunnable(cleanUpInterval);
        timerPool.schedule(goThroughRunnable, new Date(((Time.currentTimeMillis() + cleanUpInterval) / 1000) * 1000));
        if (assStats.isEnabled()) {
            artifactStats = new ArtifactStats(artEntryMap);
            artStats.addStatsListener(artifactStats);
            assertionStats = new AssertionStats(idEntryMap);
            assStats.addStatsListener(assertionStats);
        }
    }

    public static AssertionManager getInstance() throws SAMLException {
        if (instance == null) {
            synchronized (AssertionManager.class) {
                if (instance == null) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Constructing a new instance of AssertionManager");
                    }
                    instance = new AssertionManager();
                }
            }
        }
        return instance;
    }

    public Assertion createAssertion(Object obj) throws SAMLException {
        if (assertionVersion.equals("1.0")) {
            return createAssertion(obj, null, "urn:oasis:names:tc:SAML:1.0:cm:artifact-01", 0);
        }
        if (assertionVersion.equals("1.1")) {
            return createAssertion(obj, null, SAMLConstants.CONFIRMATION_METHOD_ARTIFACT, 1);
        }
        throw new SAMLException(SAMLUtils.bundle.getString("assertionVersionNotSupport"));
    }

    public Assertion createAssertion(Object obj, List list) throws SAMLException {
        if (assertionVersion.equals("1.0")) {
            return createAssertion(obj, list, "urn:oasis:names:tc:SAML:1.0:cm:artifact-01", 0);
        }
        if (assertionVersion.equals("1.1")) {
            return createAssertion(obj, list, SAMLConstants.CONFIRMATION_METHOD_ARTIFACT, 1);
        }
        throw new SAMLException(SAMLUtils.bundle.getString("assertionVersionNotSupport"));
    }

    private Assertion createAssertion(Object obj, List list, String str, int i) throws SAMLException {
        if (obj == null) {
            SAMLUtils.debug.error("AssertionManager.createAssertion(id):input Session is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (sessionProvider == null) {
            throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
        }
        return createAssertion(sessionProvider.getSessionID(obj), null, null, list, str, i, null);
    }

    public AssertionArtifact createAssertionArtifact(Assertion assertion, String str) throws SAMLException {
        Object put;
        if (assertion == null || str == null || str.length() == 0) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(Assertion, String): null input.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        Map map = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
        if (map == null || !map.containsKey(str)) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact:(Assertion, String): destID not in partner list.");
            throw new SAMLException(SAMLUtils.bundle.getString("destIDNotFound"));
        }
        String generateAssertionHandle = SAMLUtils.generateAssertionHandle();
        if (generateAssertionHandle == null) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(Assertion,String): couldn't generate assertion handle.");
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
        }
        AssertionArtifact assertionArtifact = new AssertionArtifact((String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID), generateAssertionHandle);
        String assertionArtifact2 = assertionArtifact.getAssertionArtifact();
        String assertionID = assertion.getAssertionID();
        Entry entry = (Entry) idEntryMap.get(assertionID);
        if (agent != null && agent.isRunning() && saml1Svc != null) {
            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CREAD);
        }
        if (entry != null || validateNumberOfAssertions(idEntryMap)) {
            if (agent != null && agent.isRunning() && saml1Svc != null) {
                saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CHIT);
            }
            String artifactString = entry.getArtifactString();
            if (artifactString != null) {
                if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CREAD);
                }
                if (artEntryMap.containsKey(artifactString)) {
                    if (agent != null && agent.isRunning() && saml1Svc != null) {
                        saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CHIT);
                    }
                    SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(Asssertion, String): Artifact exists for the assertion.");
                    throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
                }
                if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CMISS);
                }
            }
            entry.setDestID(str);
            entry.setArtifactString(assertionArtifact2);
        } else {
            if (agent != null && agent.isRunning() && saml1Svc != null) {
                saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CMISS);
            }
            Entry entry2 = new Entry(assertion, str, assertionArtifact2, null);
            try {
                synchronized (idEntryMap) {
                    idEntryMap.put(assertionID, entry2);
                }
                if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CWRITE);
                }
                goThroughRunnable.addElement(assertionID);
                if (LogUtils.isAccessLoggable(Level.FINER)) {
                    LogUtils.access(Level.FINER, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertion.toString(true, true)});
                } else {
                    LogUtils.access(Level.INFO, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertion.getAssertionID()});
                }
            } catch (Exception e) {
                SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(Assertion,String): couldn't add to idEntryMap." + e);
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
            }
        }
        try {
            synchronized (artEntryMap) {
                put = artEntryMap.put(assertionArtifact2, new ArtEntry(assertionID, Time.currentTimeMillis() + artifactTimeout));
            }
            if (put != null) {
                artifactTimeoutRunnable.removeElement(assertionArtifact2);
            }
            artifactTimeoutRunnable.addElement(assertionArtifact2);
            if (agent != null && agent.isRunning() && saml1Svc != null) {
                saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CWRITE);
            }
            LogUtils.access(Level.INFO, LogUtils.ASSERTION_ARTIFACT_CREATED, new String[]{SAMLUtils.bundle.getString("assertionArtifactCreated"), assertionArtifact2, assertionID});
            return assertionArtifact;
        } catch (Exception e2) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtfact(Assertion,String): couldn't add artifact to the artEntryMap", e2);
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
        }
    }

    public Set getAssertions(Object obj) throws SAMLException {
        if (obj == null) {
            SAMLUtils.debug.error("AssertionManager.getAssertions(Object): input session is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (isSuperUser(obj)) {
            return idEntryMap.keySet();
        }
        SAMLUtils.debug.error("AssertionManager.getAssertions(Object): Session doesn't have the privilege.");
        throw new SAMLException(SAMLUtils.bundle.getString("noPrivilege"));
    }

    private boolean isSuperUser(Object obj) {
        try {
            if (sessionProvider == null) {
                SAMLUtils.debug.error("SessionProvider is null.");
                return false;
            }
            String str = sessionProvider.getProperty(obj, "sun.am.UniversalIdentifier")[0];
            if (superUser == null || superUser.length() <= 0) {
                return false;
            }
            return superUser.equalsIgnoreCase(str);
        } catch (Exception e) {
            if (!SAMLUtils.debug.messageEnabled()) {
                return false;
            }
            SAMLUtils.debug.message("AssertionManager.isSuperUser:Exception: ", e);
            return false;
        }
    }

    public Assertion getAssertion(String str) throws SAMLException {
        if (str != null && str.length() != 0) {
            return getAssertion(new AssertionIDReference(str), (Set) null, false);
        }
        SAMLUtils.debug.error("AssertionManager.getAssetion(String): id is null.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }

    public Set getAssertionArtifacts(Object obj) throws SAMLException {
        if (obj == null) {
            SAMLUtils.debug.error("AssertionManager.getAssertionArtifacts(Object token): input token is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (isSuperUser(obj)) {
            return artEntryMap.keySet();
        }
        SAMLUtils.debug.error("AssertionManager.getAssertionArtifacts(Object token): Session doesn't have the privilege.");
        throw new SAMLException(SAMLUtils.bundle.getString("noPrivilege"));
    }

    public Assertion createSSOAssertion(String str, AssertionArtifact assertionArtifact, String str2, String str3, String str4) throws SAMLException {
        return createSSOAssertion(str, assertionArtifact, null, null, str2, str3, str4);
    }

    public Assertion createSSOAssertion(String str, AssertionArtifact assertionArtifact, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2, String str3, String str4) throws SAMLException {
        List list = null;
        SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) ((Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS)).get(str2);
        if (sOAPEntry != null) {
            try {
                if (sessionProvider == null) {
                    throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
                }
                Object session = sessionProvider.getSession(str);
                ConsumerSiteAttributeMapper consumerSiteAttributeMapper = sOAPEntry.getConsumerSiteAttributeMapper();
                if (consumerSiteAttributeMapper != null) {
                    list = consumerSiteAttributeMapper.getAttributes(session, httpServletRequest, httpServletResponse, str3);
                } else {
                    PartnerSiteAttributeMapper partnerSiteAttributeMapper = sOAPEntry.getPartnerSiteAttributeMapper();
                    if (partnerSiteAttributeMapper != null) {
                        list = partnerSiteAttributeMapper.getAttributes(session, str3);
                    } else {
                        SiteAttributeMapper siteAttributeMapper = sOAPEntry.getSiteAttributeMapper();
                        if (siteAttributeMapper != null) {
                            list = siteAttributeMapper.getAttributes(session);
                        }
                    }
                }
            } catch (SessionException e) {
                SAMLUtils.debug.error("AssertionManager.createAssertion(id): exception retrieving info from the Session", e);
                return null;
            }
        }
        String parameter = httpServletRequest.getParameter("NameIDFormat");
        if (assertionArtifact == null) {
            return str4.equals("1.1") ? createAssertion(str, assertionArtifact, str2, list, "urn:oasis:names:tc:SAML:1.0:cm:bearer", 1, parameter) : createAssertion(str, assertionArtifact, str2, list, "urn:oasis:names:tc:SAML:1.0:cm:bearer", 0, parameter);
        }
        if (str4 == null || str4.equals("1.0")) {
            return createAssertion(str, assertionArtifact, str2, list, "urn:oasis:names:tc:SAML:1.0:cm:artifact-01", 0, parameter);
        }
        if (str4.equals("1.1")) {
            return createAssertion(str, assertionArtifact, str2, list, SAMLConstants.CONFIRMATION_METHOD_ARTIFACT, 1, parameter);
        }
        SAMLUtils.debug.error("Input version " + str4 + " is not supported.");
        return null;
    }

    private Assertion createAssertion(String str, AssertionArtifact assertionArtifact, String str2, List list, String str3, int i, String str4) throws SAMLException {
        SubjectConfirmation subjectConfirmation;
        Object put;
        Object put2;
        if (str == null || str.length() == 0) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createAssertion(id):null input.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        validateNumberOfAssertions(idEntryMap);
        String str5 = null;
        try {
            if (sessionProvider == null) {
                throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
            }
            Object session = sessionProvider.getSession(str);
            String str6 = sessionProvider.getProperty(session, SessionProvider.AUTH_METHOD)[0];
            String str7 = sessionProvider.getProperty(session, SessionProvider.AUTH_INSTANT)[0];
            Date newDate = (str7 == null || str7.equals("")) ? Time.newDate() : DateUtils.stringToDate(str7);
            try {
                str5 = InetAddress.getByName(sessionProvider.getProperty(session, SessionProvider.HOST)[0]).getHostAddress();
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.createAssertion(id):exception when obtaining client ip: ", e);
                }
            }
            SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) ((Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS)).get(str2);
            NameIdentifierMapper nameIdentifierMapper = null;
            if (sOAPEntry != null) {
                nameIdentifierMapper = sOAPEntry.getNameIdentifierMapper();
            }
            if (nameIdentifierMapper == null) {
                nameIdentifierMapper = new DefaultNameIdentifierMapper();
            }
            NameIdentifier nameIdentifier = nameIdentifierMapper.getNameIdentifier(session, (String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID), str2, str4);
            if (nameIdentifier == null) {
                SAMLUtils.debug.error("AssertionManager.createAssertion(id): name identifier is null.");
                return null;
            }
            String str8 = null;
            if (str3 != null && str3.length() > 0) {
                subjectConfirmation = new SubjectConfirmation(str3);
            } else if (assertionArtifact != null) {
                subjectConfirmation = new SubjectConfirmation(i == 0 ? "urn:oasis:names:tc:SAML:1.0:cm:artifact-01" : SAMLConstants.CONFIRMATION_METHOD_ARTIFACT);
            } else {
                subjectConfirmation = new SubjectConfirmation("urn:oasis:names:tc:SAML:1.0:cm:bearer");
            }
            if (assertionArtifact != null) {
                str8 = assertionArtifact.getAssertionArtifact();
            }
            Subject subject = new Subject(nameIdentifier, subjectConfirmation);
            SubjectLocality subjectLocality = null;
            if (str5 != null && str5.length() != 0) {
                subjectLocality = new SubjectLocality(str5, null);
            }
            HashSet hashSet = new HashSet();
            hashSet.add(new AuthenticationStatement(str6, newDate, subject, subjectLocality, null));
            if (list != null && !list.isEmpty()) {
                hashSet.add(new AttributeStatement(subject, list));
            }
            Date newDate2 = Time.newDate();
            Assertion assertion = new Assertion(null, (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME), newDate2, new Conditions(new Date(newDate2.getTime() - notBeforeSkew), new Date(newDate2.getTime() + assertionTimeout)), hashSet);
            assertion.setMinorVersion(i);
            String assertionID = assertion.getAssertionID();
            if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
                assertion.signXML();
            }
            Entry entry = new Entry(assertion, str2, str8, session);
            try {
                synchronized (idEntryMap) {
                    put = idEntryMap.put(assertionID, entry);
                }
                if (put != null) {
                    assertionTimeoutRunnable.removeElement(assertionID);
                }
                assertionTimeoutRunnable.addElement(assertionID);
                if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CWRITE);
                }
                if (LogUtils.isAccessLoggable(Level.FINER)) {
                    LogUtils.access(Level.FINER, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertion.toString(true, true)});
                } else {
                    LogUtils.access(Level.INFO, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertionID});
                }
                if (str8 != null) {
                    try {
                        synchronized (artEntryMap) {
                            put2 = artEntryMap.put(str8, new ArtEntry(assertionID, Time.currentTimeMillis() + artifactTimeout));
                        }
                        if (put2 != null) {
                            artifactTimeoutRunnable.removeElement(str8);
                        }
                        artifactTimeoutRunnable.addElement(str8);
                        if (agent != null && agent.isRunning() && saml1Svc != null) {
                            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CWRITE);
                        }
                        LogUtils.access(Level.INFO, LogUtils.ASSERTION_ARTIFACT_CREATED, new String[]{SAMLUtils.bundle.getString("assertionArtifactCreated"), str8, assertionID});
                    } catch (Exception e2) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("AssertionManager: couldn't add artifact to the artEntryMap.", e2);
                        }
                        throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
                    }
                }
                if (session != null) {
                    try {
                        sessionProvider.addListener(session, new AssertionSSOTokenListener(assertionID, str8));
                    } catch (SessionException e3) {
                        SAMLUtils.debug.error("AssertionManager.createAssertion(id): Couldn't add listener to session:", e3);
                    } catch (UnsupportedOperationException e4) {
                        SAMLUtils.debug.warning("AssertionManager.createAssertion(id): Operation add listener to session not supported:", e4);
                    }
                }
                return assertion;
            } catch (Exception e5) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager: couldn't add to idEntryMap.", e5);
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
        } catch (Exception e6) {
            SAMLUtils.debug.error("AssertionManager.createAssertion(id): exception retrieving info from the Session: ", e6);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAssertion(String str, String str2) {
        String artifactString;
        ArtEntry artEntry = null;
        if (str2 != null) {
            artEntry = (ArtEntry) artEntryMap.remove(str2);
            LogUtils.access(Level.FINE, LogUtils.ASSERTION_ARTIFACT_REMOVED, new String[]{SAMLUtils.bundle.getString("assertionArtifactRemoved"), str2});
        }
        if (str == null) {
            if (artEntry == null || !SAMLServiceManager.getRemoveAssertion()) {
                return;
            }
            synchronized (idEntryMap) {
                idEntryMap.remove(artEntry.getAssertionID());
            }
            return;
        }
        Entry entry = (Entry) idEntryMap.remove(str);
        if (entry != null) {
            LogUtils.access(Level.FINE, LogUtils.ASSERTION_REMOVED, new String[]{SAMLUtils.bundle.getString("assertionRemoved"), str});
            if (str2 != null || (artifactString = entry.getArtifactString()) == null) {
                return;
            }
            synchronized (artEntryMap) {
                artEntryMap.remove(artifactString);
            }
            LogUtils.access(Level.FINE, LogUtils.ASSERTION_ARTIFACT_REMOVED, new String[]{SAMLUtils.bundle.getString("assertionArtifactRemoved"), str2});
        }
    }

    private Assertion getAssertion(AssertionArtifact assertionArtifact, Set set, boolean z) throws SAMLException {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("getAssertion(arti): destID set= " + Base64.encode(SAMLUtils.stringToByteArray((String) set.iterator().next())));
        }
        String assertionArtifact2 = assertionArtifact.getAssertionArtifact();
        String serverURL = SAMLUtils.getServerURL(assertionArtifact.getAssertionHandle());
        if (serverURL != null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid: calling another server in lb site:" + serverURL);
            }
            return new AssertionManagerClient(SAMLUtils.getFullServiceURL(serverURL)).getAssertion(assertionArtifact, set);
        }
        ArtEntry artEntry = (ArtEntry) artEntryMap.get(assertionArtifact2);
        if (agent != null && agent.isRunning() && saml1Svc != null) {
            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CREAD);
        }
        if (artEntry == null) {
            if (agent != null && agent.isRunning() && saml1Svc != null) {
                saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CMISS);
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no Assertion found corresponding to artifact.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        if (agent != null && agent.isRunning() && saml1Svc != null) {
            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CHIT);
        }
        String assertionID = artEntry.getAssertionID();
        if (assertionID == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no AssertionID found corresponding to artifact.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        if (Time.currentTimeMillis() > artEntry.getExpireTime()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): artifact timed out.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("artifactTimedOut"));
        }
        Entry entry = (Entry) idEntryMap.get(assertionID);
        if (entry == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no Entry found corresponding to artifact.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        if (z) {
            String destID = entry.getDestID();
            if (destID == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no destID found corresponding to artifact.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("noDestIDMatchingArtifact"));
            }
            if (set == null || !set.contains(destID)) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): destinationID doesn't match.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("destIDNotMatch"));
            }
        }
        Assertion assertion = entry.getAssertion();
        if (assertion == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(art, destid): no Assertion found corresponding to aID.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        synchronized (artEntryMap) {
            artEntryMap.remove(assertionArtifact2);
        }
        artifactTimeoutRunnable.removeElement(assertionArtifact2);
        LogUtils.access(Level.INFO, LogUtils.ASSERTION_ARTIFACT_VERIFIED, new String[]{SAMLUtils.bundle.getString("assertionArtifactVerified"), assertionArtifact2});
        if (SAMLServiceManager.getRemoveAssertion()) {
            synchronized (idEntryMap) {
                idEntryMap.remove(assertionID);
            }
            assertionTimeoutRunnable.removeElement(assertionID);
        }
        if (assertion.isTimeValid()) {
            return assertion;
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager: assertion " + assertionID + " is expired.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("assertionTimeNotValid"));
    }

    public Assertion getAssertion(AssertionArtifact assertionArtifact, String str) throws SAMLException {
        if (assertionArtifact == null || str == null || str.length() == 0) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager: input is null.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        return getAssertion(assertionArtifact, (Set) hashSet, true);
    }

    public Assertion getAssertion(AssertionArtifact assertionArtifact, Set set) throws SAMLException {
        if (assertionArtifact != null && set != null && !set.isEmpty()) {
            return getAssertion(assertionArtifact, set, true);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager: input is null.");
        }
        throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Assertion getAssertion(AssertionArtifact assertionArtifact) throws SAMLException {
        if (assertionArtifact != null) {
            return getAssertion(assertionArtifact, (Set) null, false);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager: input is null.");
        }
        throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
    }

    public Assertion getAssertion(Query query, String str) throws SAMLException {
        Assertion attributeAssertion;
        if (query == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion: input query is null.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        int queryType = query.getQueryType();
        if (queryType == 0) {
            attributeAssertion = getAuthenticationAssertion((AuthenticationQuery) query, str);
        } else if (queryType == 1) {
            attributeAssertion = getAuthorizationDecisionAssertion((AuthorizationDecisionQuery) query, str);
        } else {
            if (queryType != 2) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAssertion: this type of query is not supported:" + queryType);
                }
                throw new SAMLRequesterException(SAMLUtils.bundle.getString("queryNotSupported"));
            }
            attributeAssertion = getAttributeAssertion((AttributeQuery) query, str);
        }
        return attributeAssertion;
    }

    private Assertion getAttributeAssertion(AttributeQuery attributeQuery, String str) throws SAMLException {
        AttributeMapper attributeMapper;
        Object put;
        if (attributeQuery == null) {
            return null;
        }
        if (str == null || str.length() == 0) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: missing destID.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingDestID"));
        }
        validateNumberOfAssertions(idEntryMap);
        Map map = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
        if (map == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: empty partner URL list.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("emptyPartnerURLList"));
        }
        SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(str);
        if (sOAPEntry == null || (attributeMapper = sOAPEntry.getAttributeMapper()) == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: couldn't obtain AttributeMapper.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("errorObtainAttributeMapper"));
        }
        Subject subject = attributeQuery.getSubject();
        String sSOTokenID = attributeMapper.getSSOTokenID(attributeQuery);
        Object obj = null;
        String str2 = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
        if (sSOTokenID != null) {
            try {
                if (sessionProvider == null) {
                    throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
                }
                obj = sessionProvider.getSession(sSOTokenID);
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: invalid SSO token:", e);
                }
                throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
            }
        } else {
            Assertion sSOAssertion = attributeMapper.getSSOAssertion(attributeQuery);
            if (sSOAssertion == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: couldn't find SSOAssertion in query.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("noSSOAssertion"));
            }
            if (!sSOAssertion.isSignatureValid()) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: SSOAssertion is signature invalid.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("assertionSignatureNotValid"));
            }
            if (!sSOAssertion.isTimeValid()) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: SSOAssertion is time invalid.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("assertionTimeNotValid"));
            }
            Iterator it = sSOAssertion.getStatement().iterator();
            Subject subject2 = null;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Statement statement = (Statement) it.next();
                if (statement.getStatementType() == 1) {
                    subject2 = ((AuthenticationStatement) statement).getSubject();
                    break;
                }
            }
            if (subject2 == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttributeAssertion: missing AuthenticationStatement in SSOAssertion.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("noAuthNStatement"));
            }
            String issuer = sSOAssertion.getIssuer();
            String assertionID = sSOAssertion.getAssertionID();
            if (str2 != null && str2.equals(issuer) && SAMLUtils.getServerURL(assertionID) == null) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttrAssertion:this server is the issuer.");
                }
                Entry entry = (Entry) idEntryMap.get(assertionID);
                if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CREAD);
                }
                if (entry != null) {
                    obj = entry.getSSOToken();
                    if (obj != null) {
                        verifySSOTokenAndNI(obj, subject2.getNameIdentifier());
                    }
                    if (agent != null && agent.isRunning() && saml1Svc != null) {
                        saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CHIT);
                    }
                } else if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CMISS);
                }
            } else {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAttrAssertion:this server is not the issuer.");
                }
                obj = checkAssertionAndCreateSSOToken(sSOAssertion, null, subject2);
            }
        }
        List attributes = attributeMapper.getAttributes(attributeQuery, str, obj);
        if (attributes == null || attributes.size() == 0) {
            return null;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new AttributeStatement(subject, attributes));
        Date newDate = Time.newDate();
        Assertion assertion = new Assertion(null, str2, newDate, new Conditions(new Date(newDate.getTime() - notBeforeSkew), new Date(newDate.getTime() + assertionTimeout)), hashSet);
        if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
            assertion.signXML();
        }
        String assertionID2 = assertion.getAssertionID();
        Entry entry2 = new Entry(assertion, str, null, null);
        try {
            synchronized (idEntryMap) {
                put = idEntryMap.put(assertionID2, entry2);
            }
            if (put != null) {
                assertionTimeoutRunnable.removeElement(assertionID2);
            }
            assertionTimeoutRunnable.addElement(assertionID2);
            if (agent != null && agent.isRunning() && saml1Svc != null) {
                saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CWRITE);
            }
        } catch (Exception e2) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAttributeAssertion couldn't add assertion to the idEntryMap.", e2);
            }
        }
        if (LogUtils.isAccessLoggable(Level.FINER)) {
            LogUtils.access(Level.FINER, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertion.toString(true, true)});
        } else {
            LogUtils.access(Level.INFO, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertionID2});
        }
        return assertion;
    }

    private Assertion getAuthenticationAssertion(AuthenticationQuery authenticationQuery, String str) throws SAMLException {
        Object put;
        if (authenticationQuery == null) {
            return null;
        }
        validateNumberOfAssertions(idEntryMap);
        Subject subject = authenticationQuery.getSubject();
        SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmation();
        if (subjectConfirmation == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: missing SubjectConfirmation.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingSubjectConfirmation"));
        }
        if (!SAMLUtils.isCorrectConfirmationMethod(subjectConfirmation)) {
            throw new SAMLException(SAMLUtils.bundle.getString("wrongConfirmationMethodValue"));
        }
        Element subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
        if (subjectConfirmationData == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: missing SubjectConfirmationData in the Subject.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingSubjectConfirmationData"));
        }
        String str2 = null;
        try {
            if (sessionProvider == null) {
                throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
            }
            Object session = sessionProvider.getSession(XMLUtils.getElementString(subjectConfirmationData));
            String authMethodURI = SAMLServiceManager.getAuthMethodURI(sessionProvider.getProperty(session, "AuthType")[0]);
            Date stringToDate = DateUtils.stringToDate(sessionProvider.getProperty(session, SessionProvider.AUTH_INSTANT)[0]);
            String escapeSpecialCharacters = XMLUtils.escapeSpecialCharacters(sessionProvider.getProperty(session, SAML2Constants.ORGANIZATION)[0]);
            String escapeSpecialCharacters2 = XMLUtils.escapeSpecialCharacters(sessionProvider.getPrincipalName(session));
            try {
                str2 = InetAddress.getByName(sessionProvider.getProperty(session, "ipaddress")[0]).getHostAddress();
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: exception when getting client ip.");
                }
            }
            NameIdentifier nameIdentifier = subject.getNameIdentifier();
            if (nameIdentifier != null) {
                String name = nameIdentifier.getName();
                String nameQualifier = nameIdentifier.getNameQualifier();
                if ((name != null && !name.equalsIgnoreCase(escapeSpecialCharacters2)) || (nameQualifier != null && !nameQualifier.equalsIgnoreCase(escapeSpecialCharacters))) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: NameIdentifier is different from info in SubjectConfirmation");
                    }
                    throw new SAMLException(SAMLUtils.bundle.getString("wrongNameIdentifier"));
                }
            }
            String authenticationMethod = authenticationQuery.getAuthenticationMethod();
            if (authenticationMethod != null && authenticationMethod.length() != 0 && !authenticationMethod.equalsIgnoreCase(authMethodURI)) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: couldn't form an assertion matching the AuthenticationMethod in the query.");
                }
                throw new SAMLException(SAMLUtils.bundle.getString("authenticationMethodInQueryNotMatch"));
            }
            SubjectLocality subjectLocality = null;
            if (str2 != null && str2.length() != 0) {
                subjectLocality = new SubjectLocality(str2, null);
            }
            AuthenticationStatement authenticationStatement = new AuthenticationStatement(authMethodURI, stringToDate, subject, subjectLocality, null);
            Date newDate = Time.newDate();
            Conditions conditions = new Conditions(new Date(newDate.getTime() - notBeforeSkew), new Date(newDate.getTime() + assertionTimeout));
            String str3 = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
            HashSet hashSet = new HashSet();
            hashSet.add(authenticationStatement);
            Assertion assertion = new Assertion(null, str3, newDate, conditions, hashSet);
            if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
                assertion.signXML();
            }
            String assertionID = assertion.getAssertionID();
            Entry entry = new Entry(assertion, str, null, session);
            try {
                synchronized (idEntryMap) {
                    put = idEntryMap.put(assertionID, entry);
                }
                if (put != null) {
                    assertionTimeoutRunnable.removeElement(assertionID);
                }
                assertionTimeoutRunnable.addElement(assertionID);
                if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CWRITE);
                }
                if (LogUtils.isAccessLoggable(Level.FINER)) {
                    LogUtils.access(Level.FINER, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertion.toString(true, true)});
                } else {
                    LogUtils.access(Level.INFO, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertionID});
                }
                try {
                    sessionProvider.addListener(session, new AssertionSSOTokenListener(assertionID));
                } catch (SessionException e2) {
                    SAMLUtils.debug.error("AssertionManager.getAuthNAssertion: Couldn't add listener to token:", e2);
                }
                return assertion;
            } catch (Exception e3) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: couldn't add assertion to the idEntryMap.", e3);
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
        } catch (Exception e4) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthNAssertion: exception retrieving info from the SSOToken:", e4);
            }
            throw new SAMLException(SAMLUtils.bundle.getString("wrongSubjectConfirmationData"));
        }
    }

    private Assertion getAuthorizationDecisionAssertion(AuthorizationDecisionQuery authorizationDecisionQuery, String str) throws SAMLException {
        return getAuthorizationDecisionAssertion(authorizationDecisionQuery, str, true);
    }

    private Assertion getAuthorizationDecisionAssertion(AuthorizationDecisionQuery authorizationDecisionQuery, String str, boolean z) throws SAMLException {
        ActionMapper actionMapper;
        if (authorizationDecisionQuery == null) {
            return null;
        }
        if (str == null || str.length() == 0) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: missing destID.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("missingDestID"));
        }
        Map map = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
        if (map == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: empty partnerURL list.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("emptyPartnerURLList"));
        }
        SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(str);
        if (sOAPEntry == null || (actionMapper = sOAPEntry.getActionMapper()) == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: couldn't obtain ActionMapper.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("errorObtainActionMapper"));
        }
        Subject subject = authorizationDecisionQuery.getSubject();
        NameIdentifier nameIdentifier = subject.getNameIdentifier();
        Object obj = null;
        boolean z2 = true;
        String sSOTokenID = actionMapper.getSSOTokenID(authorizationDecisionQuery);
        if (sSOTokenID != null) {
            try {
                if (sessionProvider == null) {
                    throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
                }
                obj = sessionProvider.getSession(sSOTokenID);
                verifySSOTokenAndNI(obj, nameIdentifier);
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: invalid SSO token:", e);
                }
                throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
            }
        } else {
            Assertion sSOAssertion = actionMapper.getSSOAssertion(authorizationDecisionQuery, str);
            if (sSOAssertion != null) {
                Map verifyAssertionAndGetSSOToken = verifyAssertionAndGetSSOToken(subject, sSOAssertion);
                obj = verifyAssertionAndGetSSOToken.get("true");
                if (obj == null) {
                    z2 = false;
                    obj = verifyAssertionAndGetSSOToken.get("false");
                }
            }
        }
        if (obj != null) {
            return getAuthorizationDecisionAssertion(authorizationDecisionQuery, str, true, obj, z2, actionMapper.getAuthorizationDecisions(authorizationDecisionQuery, obj, str));
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: Couldn't obtain ssotoken.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v41, types: [com.sun.identity.saml.assertion.Statement] */
    private Map verifyAssertionAndGetSSOToken(Subject subject, Assertion assertion) throws SAMLException {
        if (subject == null || assertion == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: null input.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
        }
        if (!assertion.isSignatureValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: SSOAssertion is signature invalid.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("assertionSignatureNotValid"));
        }
        if (!assertion.isTimeValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: SSOAssertion is time invalid.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("assertionTimeNotValid"));
        }
        HashMap hashMap = new HashMap();
        String str = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
        String issuer = assertion.getIssuer();
        String assertionID = assertion.getAssertionID();
        if (str == null || !str.equals(issuer) || SAMLUtils.getServerURL(assertionID) != null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion:this server is not the issuer.");
            }
            Iterator it = assertion.getStatement().iterator();
            AuthenticationStatement authenticationStatement = null;
            AuthenticationStatement authenticationStatement2 = null;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                authenticationStatement = (Statement) it.next();
                if (authenticationStatement.getStatementType() == 1) {
                    authenticationStatement2 = authenticationStatement;
                    break;
                }
            }
            if (authenticationStatement2 != null) {
                hashMap.put("false", checkAssertionAndCreateSSOToken(assertion, authenticationStatement, subject));
                return hashMap;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken:  missing AuthenticationStatement in SSOAssertion.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noAuthNStatement"));
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.getAuthZAssertion:this server is the issuer.");
        }
        if (agent != null && agent.isRunning() && saml1Svc != null) {
            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CREAD);
        }
        Entry entry = (Entry) idEntryMap.get(assertionID);
        if (entry != null) {
            if (agent != null && agent.isRunning() && saml1Svc != null) {
                saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CHIT);
            }
            Object sSOToken = entry.getSSOToken();
            if (sSOToken != null) {
                verifySSOTokenAndNI(sSOToken, subject.getNameIdentifier());
                hashMap.put("true", sSOToken);
                return hashMap;
            }
        } else if (agent != null && agent.isRunning() && saml1Svc != null) {
            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CMISS);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.verifyAssertionAndGetSSOToken: either not an AuthN assertion or token is not for this subject.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
    }

    private void verifySSOTokenAndNI(Object obj, NameIdentifier nameIdentifier) throws SAMLException {
        try {
            if (sessionProvider == null) {
                throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
            }
            String escapeSpecialCharacters = XMLUtils.escapeSpecialCharacters(sessionProvider.getPrincipalName(obj));
            String escapeSpecialCharacters2 = XMLUtils.escapeSpecialCharacters(sessionProvider.getProperty(obj, SAML2Constants.ORGANIZATION)[0]);
            if (nameIdentifier == null) {
                return;
            }
            String name = nameIdentifier.getName();
            String nameQualifier = nameIdentifier.getNameQualifier();
            if ((name == null || name.equalsIgnoreCase(escapeSpecialCharacters)) && (nameQualifier == null || nameQualifier.equalsIgnoreCase(escapeSpecialCharacters2))) {
                return;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifySSOTokenAndNI: NameIdentifier is different from info in token.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("wrongNameIdentifier"));
        } catch (Exception e) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.verifySSOTokenAndNI: Session is not valid.", e);
            }
            throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
        }
    }

    private Object checkAssertionAndCreateSSOToken(Assertion assertion, AuthenticationStatement authenticationStatement, Subject subject) throws SAMLException {
        SAMLServiceManager.SOAPEntry sourceSite = SAMLUtils.getSourceSite(assertion.getIssuer());
        if (sourceSite == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.checkAssertionAndCreateSSOToken: issuer is not on the partnerURL list.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
        }
        if (authenticationStatement == null || (subject != null && subject.equals(authenticationStatement.getSubject()))) {
            return createTempSSOToken(assertion, subject, sourceSite);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.verifyAndGetSSOToken: wrong subject in evidence.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("cannotVerifySubject"));
    }

    private Object createTempSSOToken(Assertion assertion, Subject subject, SAMLServiceManager.SOAPEntry sOAPEntry) throws SAMLException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(assertion);
        String sourceID = sOAPEntry.getSourceID();
        String str = null;
        String str2 = null;
        PartnerAccountMapper partnerAccountMapper = sOAPEntry.getPartnerAccountMapper();
        if (partnerAccountMapper != null) {
            Map user = partnerAccountMapper.getUser(arrayList, sourceID, null);
            str = (String) user.get("name");
            str2 = (String) user.get("org");
        }
        if (str2 == null || str == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createTempSSOToken: couldn't map the subject to a local user.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("cannotMapSubject"));
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager.createTempSSOToken: org = " + str2 + ", name = " + str);
        }
        try {
            HashMap hashMap = new HashMap();
            if (str2 == null || str2.length() == 0) {
                hashMap.put("realm", "/");
            } else {
                hashMap.put("realm", str2);
            }
            hashMap.put(SessionProvider.PRINCIPAL_NAME, str);
            hashMap.put("AuthLevel", "0");
            return SAMLUtils.generateSession(null, null, hashMap);
        } catch (Exception e) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManger.createTempSSOToken: Couldn't retrieve the ssotoken.", e);
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
        }
    }

    private Assertion getAuthorizationDecisionAssertion(AuthorizationDecisionQuery authorizationDecisionQuery, String str, boolean z, Object obj, boolean z2, Map map) throws SAMLException {
        int i;
        Object put;
        if (map == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: actionMap from ActionMapper is null.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("nullAuthZDecision"));
        }
        validateNumberOfAssertions(idEntryMap);
        List list = (List) map.get("Permit");
        List list2 = list;
        if (list != null) {
            i = 1;
        } else {
            List list3 = (List) map.get("Deny");
            list2 = list3;
            if (list3 != null) {
                i = 2;
            } else {
                list2 = (List) map.get("Indeterminate");
                if (list2 == null) {
                    list2 = authorizationDecisionQuery.getAction();
                }
                i = 3;
            }
        }
        AuthorizationDecisionStatement authorizationDecisionStatement = new AuthorizationDecisionStatement(authorizationDecisionQuery.getSubject(), authorizationDecisionQuery.getResource(), i, list2, authorizationDecisionQuery.getEvidence());
        Date newDate = Time.newDate();
        Conditions conditions = new Conditions(new Date(newDate.getTime() - notBeforeSkew), new Date(newDate.getTime() + assertionTimeout));
        String str2 = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
        HashSet hashSet = new HashSet();
        hashSet.add(authorizationDecisionStatement);
        Assertion assertion = new Assertion(null, str2, newDate, conditions, hashSet);
        if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
            assertion.signXML();
        }
        String assertionID = assertion.getAssertionID();
        if (z) {
            if (z2) {
                AssertionSSOTokenListener assertionSSOTokenListener = new AssertionSSOTokenListener(assertionID);
                try {
                    if (sessionProvider == null) {
                        throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
                    }
                    sessionProvider.addListener(obj, assertionSSOTokenListener);
                } catch (SessionException e) {
                    SAMLUtils.debug.error("AssertionManager.getAuthNAssertion: Couldn't get listener to token:", e);
                }
            }
            Entry entry = new Entry(assertion, str, null, null);
            try {
                synchronized (idEntryMap) {
                    put = idEntryMap.put(assertionID, entry);
                }
                if (put != null) {
                    assertionTimeoutRunnable.removeElement(assertionID);
                }
                assertionTimeoutRunnable.addElement(assertionID);
                if (agent != null && agent.isRunning() && saml1Svc != null) {
                    saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CWRITE);
                }
                if (LogUtils.isAccessLoggable(Level.FINER)) {
                    LogUtils.access(Level.FINER, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertion.toString(true, true)});
                } else {
                    LogUtils.access(Level.INFO, "ASSERTION_CREATED", new String[]{SAMLUtils.bundle.getString("assertionCreated"), assertionID});
                }
            } catch (Exception e2) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("AssertionManager.getAuthZAssertion: couldn't add assertion to the idAssertionMap.", e2);
                }
                throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
            }
        }
        return assertion;
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference) throws SAMLException {
        return getAssertion(assertionIDReference, (Set) null, false);
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference, Object obj) throws SAMLException {
        if (obj == null) {
            SAMLUtils.debug.error("AssertionManager.getAssertion(idRef, token): input token is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (isSuperUser(obj)) {
            return getAssertion(assertionIDReference, (Set) null, true);
        }
        SAMLUtils.debug.error("AssertionManager.getAssertion(idRef, token): Session doesn't have the privilege.");
        throw new SAMLException(SAMLUtils.bundle.getString("noPrivilege"));
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference, String str) throws SAMLException {
        if (str == null) {
            return getAssertion(assertionIDReference, (Set) null, false);
        }
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        return getAssertion(assertionIDReference, (Set) hashSet, false);
    }

    public Assertion getAssertion(AssertionIDReference assertionIDReference, Set set) throws SAMLException {
        return getAssertion(assertionIDReference, set, false);
    }

    private Assertion getAssertion(AssertionIDReference assertionIDReference, Set set, boolean z) throws SAMLException {
        String destID;
        String serverURL;
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("getAssertion(idRef): destID set=" + set);
        }
        if (assertionIDReference == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionIDRef): null AssertionID.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        String assertionIDReference2 = assertionIDReference.getAssertionIDReference();
        if (!z && (serverURL = SAMLUtils.getServerURL(assertionIDReference2)) != null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(idRef): calling another server in lb site:" + serverURL);
            }
            return new AssertionManagerClient(SAMLUtils.getFullServiceURL(serverURL)).getAssertion(assertionIDReference, set);
        }
        Entry entry = (Entry) idEntryMap.get(assertionIDReference2);
        if (agent != null && agent.isRunning() && saml1Svc != null) {
            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CREAD);
        }
        if (entry == null) {
            if (agent != null && agent.isRunning() && saml1Svc != null) {
                saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CMISS);
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionIDRef): no matching assertion found in idEntryMap.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        if (agent != null && agent.isRunning() && saml1Svc != null) {
            saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CHIT);
        }
        Assertion assertion = entry.getAssertion();
        if (assertion == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionIDRef): no matching assertion found.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("noMatchingAssertion"));
        }
        if (!z && (destID = entry.getDestID()) != null && (set == null || !set.contains(destID))) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.getAssertion(AssertionID): destID doesn't match.");
            }
            throw new SAMLException(SAMLUtils.bundle.getString("destIDNotMatch"));
        }
        if (assertion.isTimeValid()) {
            return assertion;
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManager: assertion " + assertionIDReference2 + " is expired.");
        }
        throw new SAMLException("assertionTimeNotValid");
    }

    public AssertionArtifact createAssertionArtifact(String str, String str2) throws SAMLException {
        return createAssertionArtifact(str, str2, null, null);
    }

    public AssertionArtifact createAssertionArtifact(String str, String str2, String str3, String str4) throws SAMLException {
        return createAssertionArtifact(str, str2, null, null, str3, str4);
    }

    public AssertionArtifact createAssertionArtifact(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str3, String str4) throws SAMLException {
        if (str == null || str2 == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager: null input for method createAssertionArtifact.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        Map map = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
        if (map == null || !map.containsKey(str2)) {
            SAMLUtils.debug.error("AssertionManager.createAssertionArtifact:(String, String): destID not in partner list.");
            throw new SAMLException(SAMLUtils.bundle.getString("destIDNotFound"));
        }
        String generateAssertionHandle = SAMLUtils.generateAssertionHandle();
        if (generateAssertionHandle == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("AssertionManager.createAssertionArtifact: couldn't generate assertion handle.");
            }
            throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
        }
        AssertionArtifact assertionArtifact = new AssertionArtifact((String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID), generateAssertionHandle);
        Assertion createSSOAssertion = createSSOAssertion(str, assertionArtifact, httpServletRequest, httpServletResponse, str2, str3, str4);
        if (str4 != null) {
            try {
                StringTokenizer stringTokenizer = new StringTokenizer(str4, ".");
                if (stringTokenizer.countTokens() == 2) {
                    createSSOAssertion.setMajorVersion(Integer.parseInt(stringTokenizer.nextToken().trim()));
                    createSSOAssertion.setMinorVersion(Integer.parseInt(stringTokenizer.nextToken().trim()));
                }
            } catch (NumberFormatException e) {
                throw new SAMLException(e.getMessage());
            }
        }
        return assertionArtifact;
    }

    public int isAllowed(AuthorizationDecisionQuery authorizationDecisionQuery, String str) {
        if (authorizationDecisionQuery == null) {
            SAMLUtils.debug.error("AssertionManager.isAllowed: null input.");
            return 3;
        }
        try {
            Assertion authorizationDecisionAssertion = getAuthorizationDecisionAssertion(authorizationDecisionQuery, str, false);
            if (authorizationDecisionAssertion == null) {
                return 3;
            }
            Set<Statement> statement = authorizationDecisionAssertion.getStatement();
            if (statement == null || statement.isEmpty()) {
                SAMLUtils.debug.error("AssertionManager.isAllowed: no statements in assertion.");
                return 3;
            }
            for (Statement statement2 : statement) {
                if (statement2.getStatementType() == 2) {
                    return ((AuthorizationDecisionStatement) statement2).getDecision();
                }
            }
            SAMLUtils.debug.error("AssertionManager.isAllowed: no authZstatement in assertion.");
            return 3;
        } catch (SAMLException e) {
            SAMLUtils.debug.error("AssertionManager.isAllowed: exception thrown when trying to get an assertion from authZQuery. ", e);
            return 3;
        }
    }

    boolean validateNumberOfAssertions(Map map) throws SAMLResponderException {
        int intValue = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_MAX_NUMBER_NAME)).intValue();
        if (intValue == 0 || map.size() <= intValue) {
            return false;
        }
        SAMLUtils.debug.error("AssertionManager.createAssertionArtifact(assertion,String): reached maxNumber of assertions.");
        throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
    }

    static {
        superUser = null;
        sessionProvider = null;
        superUser = SystemConfigurationUtil.getProperty(SUPER_USER);
        try {
            sessionProvider = SessionManager.getProvider();
        } catch (SessionException e) {
            SAMLUtils.debug.error("Static: Couldn't get SessionProvider.", e);
            sessionProvider = null;
        }
        cleanUpInterval = ((Integer) SAMLServiceManager.getAttribute("iplanet-am-saml-cleanup-interval")).intValue() * 1000;
        artifactTimeout = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ARTIFACT_TIMEOUT_NAME)).intValue() * 1000;
        assertionTimeout = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.ASSERTION_TIMEOUT_NAME)).intValue() * 1000;
        notBeforeSkew = ((Integer) SAMLServiceManager.getAttribute(SAMLConstants.NOTBEFORE_TIMESKEW_NAME)).intValue() * 1000;
        agent = MonitorManager.getAgent();
        saml1Svc = MonitorManager.getSAML1Svc();
        instance = null;
        artEntryMap = null;
        idEntryMap = null;
        assertionVersion = null;
        protocolVersion = null;
    }
}
