package com.sun.identity.federation.services.fednsso;

import com.sun.identity.cot.COTException;
import com.sun.identity.cot.CircleOfTrustDescriptor;
import com.sun.identity.cot.CircleOfTrustManager;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSRedirectException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.services.FSAuthContextResult;
import com.sun.identity.federation.services.FSAuthnDecisionHandler;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
import com.sun.identity.shared.encode.URLEncDec;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/identity/federation/services/fednsso/FSIDPFinderService.class */
public class FSIDPFinderService extends HttpServlet {
    private static Map requestCotSetMap = Collections.synchronizedMap(new HashMap());

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest == null || httpServletResponse == null) {
            FSUtils.debug.error("FSIDPFinderService.doGet:: Null Input");
            return;
        }
        FSUtils.debug.message("FSIDPFinderService.doGet::Init");
        String parameter = httpServletRequest.getParameter("ProviderID");
        String parameter2 = httpServletRequest.getParameter("RequestID");
        String parameter3 = httpServletRequest.getParameter("Realm");
        if (parameter == null || parameter2 == null || parameter3 == null) {
            FSUtils.debug.error("FSIDPFinderService.doGet:: Request is missingeither ProviderID or the RequestID");
            throw new ServletException("invalidRequest");
        }
        try {
            String commonDomainIDP = getCommonDomainIDP(httpServletRequest, httpServletResponse, parameter3, parameter, parameter2);
            String str = null;
            BaseConfigType baseConfigType = null;
            IDFFMetaManager iDFFMetaManager = FSUtils.getIDFFMetaManager();
            if (iDFFMetaManager != null) {
                try {
                    baseConfigType = iDFFMetaManager.getIDPDescriptorConfig(parameter3, parameter);
                    if (baseConfigType != null) {
                        str = baseConfigType.getMetaAlias();
                    }
                } catch (IDFFMetaException e) {
                    FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in getting proxying hosted meta:", e);
                    return;
                }
            }
            FSAuthnRequest authnRequest = FSSessionManager.getInstance(str).getAuthnRequest(parameter2);
            if (commonDomainIDP == null || commonDomainIDP.equals(parameter)) {
                String loginURL = getLoginURL(authnRequest, parameter3, parameter, httpServletRequest);
                if (loginURL == null) {
                    FSUtils.debug.error("FSIDPFinderService.doGet : login url is null");
                    return;
                } else {
                    httpServletResponse.setHeader("Location", loginURL);
                    httpServletResponse.sendRedirect(loginURL);
                    return;
                }
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIDPFinderService.doGet:IDP to be proxied:" + commonDomainIDP);
            }
            try {
                FSProxyHandler fSProxyHandler = new FSProxyHandler(httpServletRequest, httpServletResponse);
                fSProxyHandler.setHostedEntityId(parameter);
                IDPDescriptorType iDPDescriptorType = null;
                SPDescriptorType sPDescriptorType = null;
                if (iDFFMetaManager != null) {
                    iDPDescriptorType = iDFFMetaManager.getIDPDescriptor(parameter3, parameter);
                    sPDescriptorType = iDFFMetaManager.getSPDescriptor(parameter3, authnRequest.getProviderId());
                }
                fSProxyHandler.setSPDescriptor(sPDescriptorType);
                fSProxyHandler.setHostedDescriptor(iDPDescriptorType);
                fSProxyHandler.setHostedDescriptorConfig(baseConfigType);
                fSProxyHandler.setMetaAlias(str);
                fSProxyHandler.setRealm(parameter3);
                fSProxyHandler.sendProxyAuthnRequest(authnRequest, commonDomainIDP);
            } catch (FSException e2) {
                FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in sending the proxy authentication request.", e2);
            } catch (IDFFMetaException e3) {
                FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in getting proxying hosted meta:", e3);
            }
        } catch (FSRedirectException e4) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIDPFinderService.doGet:Redirection has happened");
            }
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    private String getCommonDomainIDP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws FSRedirectException, IOException {
        String findPreferredIDP = FSUtils.findPreferredIDP(str, httpServletRequest);
        if (findPreferredIDP != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:Preferred IDP found from the common domain." + findPreferredIDP);
            }
            if (requestCotSetMap.containsKey(str3)) {
                requestCotSetMap.remove(str3);
            }
            return findPreferredIDP;
        }
        Set set = (Set) requestCotSetMap.get(str3);
        if (set == null) {
            try {
                IDFFMetaManager iDFFMetaManager = FSUtils.getIDFFMetaManager();
                List list = null;
                if (iDFFMetaManager != null) {
                    list = IDFFMetaUtils.getAttributeValueFromConfig(iDFFMetaManager.getSPDescriptorConfig(str, str2), "cotlist");
                }
                if (list != null) {
                    set = new HashSet();
                    set.addAll(list);
                }
            } catch (IDFFMetaException e) {
                FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:cannot get meta:", e);
                return null;
            }
        }
        if (set == null || set.isEmpty()) {
            FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP::No more Cots.");
            if (!requestCotSetMap.containsKey(str3)) {
                return null;
            }
            requestCotSetMap.remove(str3);
            return null;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str4 = (String) it.next();
            it.remove();
            requestCotSetMap.put(str3, set);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP: Trying Cot: " + str4);
            }
            String str5 = null;
            try {
                CircleOfTrustDescriptor circleOfTrust = new CircleOfTrustManager().getCircleOfTrust(str, str4);
                if (circleOfTrust != null && circleOfTrust.getCircleOfTrustStatus().equalsIgnoreCase("active")) {
                    str5 = circleOfTrust.getIDFFReaderServiceURL();
                }
            } catch (COTException e2) {
                FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:Unable to retrieve reader service url.", e2);
            }
            if (str5 != null) {
                String baseURL = FSServiceUtils.getBaseURL(httpServletRequest);
                StringBuffer stringBuffer = new StringBuffer(300);
                stringBuffer.append(baseURL).append("/idpfinder").append("?").append("RequestID").append("=").append(URLEncDec.encode(str3)).append("&").append("Realm=").append(URLEncDec.encode(str)).append("&").append("ProviderID=").append(URLEncDec.encode(str2));
                StringBuffer stringBuffer2 = new StringBuffer(300);
                stringBuffer2.append(str5).append("?").append("RelayState").append("=").append(URLEncDec.encode(stringBuffer.toString()));
                String stringBuffer3 = stringBuffer2.toString();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:Redirection URL:" + stringBuffer3);
                }
                httpServletResponse.setHeader("Location", stringBuffer3);
                httpServletResponse.sendRedirect(stringBuffer3);
                throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
            }
        }
        return null;
    }

    private String getLoginURL(FSAuthnRequest fSAuthnRequest, String str, String str2, HttpServletRequest httpServletRequest) {
        if (fSAuthnRequest == null) {
            FSUtils.debug.error("FSIDPFinderServer.getLoginURL: null authnrequest");
            return null;
        }
        if (str2 == null) {
            FSUtils.debug.error("FSIDPFinderServer.getLoginURL: null hostProviderID");
            return null;
        }
        try {
            IDFFMetaManager iDFFMetaManager = FSUtils.getIDFFMetaManager();
            IDPDescriptorType iDPDescriptor = iDFFMetaManager.getIDPDescriptor(str, str2);
            IDPDescriptorConfigElement iDPDescriptorConfig = iDFFMetaManager.getIDPDescriptorConfig(str, str2);
            FSAuthContextResult uRLForAuthnContext = new FSAuthnDecisionHandler(str, str2, httpServletRequest).getURLForAuthnContext(IDFFMetaUtils.getAttributeValueFromConfig(iDPDescriptorConfig, IFSConstants.DEFAULT_AUTHNCONTEXT), fSAuthnRequest.getAuthContextCompType());
            return formatLoginURL(uRLForAuthnContext.getLoginURL(), uRLForAuthnContext.getAuthContextRef(), str, str2, iDPDescriptor, iDPDescriptorConfig, fSAuthnRequest, httpServletRequest);
        } catch (Exception e) {
            FSUtils.debug.error("FSIDPFinderServer.getLoginURL : exception while retrieving meta config", e);
            return null;
        }
    }

    private String formatLoginURL(String str, String str2, String str3, String str4, IDPDescriptorType iDPDescriptorType, BaseConfigType baseConfigType, FSAuthnRequest fSAuthnRequest, HttpServletRequest httpServletRequest) {
        FSUtils.debug.message("FSIDPFinderService.formatLoginURL: Called");
        try {
            if (str == null) {
                FSUtils.debug.error("FSIDPFinderService.formatLoginURL: ");
                return null;
            }
            String metaAlias = baseConfigType.getMetaAlias();
            String singleSignOnServiceURL = iDPDescriptorType.getSingleSignOnServiceURL();
            StringBuffer stringBuffer = new StringBuffer(singleSignOnServiceURL);
            if (singleSignOnServiceURL.indexOf(63) == -1) {
                stringBuffer.append("?");
            } else {
                stringBuffer.append("&");
            }
            stringBuffer.append(IFSConstants.AUTHN_INDICATOR_PARAM).append("=").append("true").append("&").append("AuthnContext").append("=").append(URLEncDec.encode(str2)).append("&").append("realm").append("=").append(URLEncDec.encode(str3)).append("&").append(IFSConstants.PROVIDER_ID_KEY).append("=").append(URLEncDec.encode(str4)).append("&").append("metaAlias").append("=").append(URLEncDec.encode(metaAlias)).append("&").append("RequestID").append("=").append(URLEncDec.encode(fSAuthnRequest.getRequestID()));
            String str5 = FSServiceUtils.getBaseURL(httpServletRequest) + IFSConstants.POST_LOGIN_PAGE;
            StringBuffer stringBuffer2 = new StringBuffer(str5);
            if (str5.indexOf(63) == -1) {
                stringBuffer2.append("?");
            } else {
                stringBuffer2.append("&");
            }
            stringBuffer2.append("RelayState").append("=").append(URLEncDec.encode(stringBuffer.toString())).append("&").append("sso").append("=").append("true").append("&").append("metaAlias").append("=").append(metaAlias);
            StringBuffer stringBuffer3 = new StringBuffer(100);
            stringBuffer3.append(str);
            if (str.indexOf(63) == -1) {
                stringBuffer3.append("?");
            } else {
                stringBuffer3.append("&");
            }
            stringBuffer3.append("goto").append("=").append(URLEncDec.encode(stringBuffer2.toString()));
            if (str3 != null && str3.length() != 0) {
                stringBuffer3.append("&").append("org").append("=").append(URLEncDec.encode(str3));
            }
            int length = stringBuffer3.length() - 1;
            if (stringBuffer3.charAt(length) == '&') {
                stringBuffer3 = stringBuffer3.deleteCharAt(length);
            }
            return stringBuffer3.toString();
        } catch (Exception e) {
            FSUtils.debug.error("FSIDPFinderService.formatLoginURL: Exception: ", e);
            return null;
        }
    }
}
