package com.sun.identity.saml2.profile;

import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.liberty.ws.soapbinding.Message;
import com.sun.identity.liberty.ws.soapbinding.SOAPBindingException;
import com.sun.identity.liberty.ws.soapbinding.SOAPFaultException;
import com.sun.identity.plugin.datastore.DataStoreProviderException;
import com.sun.identity.plugin.monitoring.FedMonAgent;
import com.sun.identity.plugin.monitoring.FedMonSAML2Svc;
import com.sun.identity.plugin.monitoring.MonitorManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.sae.api.Utils;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.Advice;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Attribute;
import com.sun.identity.saml2.assertion.AttributeStatement;
import com.sun.identity.saml2.assertion.EncryptedAttribute;
import com.sun.identity.saml2.assertion.EncryptedID;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.assertion.Subject;
import com.sun.identity.saml2.common.AccountUtils;
import com.sun.identity.saml2.common.NameIDInfo;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2FailoverUtils;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.common.SOAPCommunicator;
import com.sun.identity.saml2.ecp.ECPFactory;
import com.sun.identity.saml2.ecp.ECPRelayState;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.SAML2PluginsUtils;
import com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter;
import com.sun.identity.saml2.plugins.SPAccountMapper;
import com.sun.identity.saml2.plugins.SPAttributeMapper;
import com.sun.identity.saml2.protocol.Artifact;
import com.sun.identity.saml2.protocol.ArtifactResolve;
import com.sun.identity.saml2.protocol.ArtifactResponse;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;
import org.forgerock.openam.saml2.audit.SAML2EventLogger;
import org.forgerock.openam.utils.ClientUtils;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/saml2/profile/SPACSUtils.class */
public class SPACSUtils {
    private static FedMonAgent agent = MonitorManager.getAgent();
    private static FedMonSAML2Svc saml2Svc = MonitorManager.getSAML2Svc();

    private SPACSUtils() {
    }

    public static ResponseInfo getResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        ResponseInfo responseFromPost;
        String method = httpServletRequest.getMethod();
        if (method.equals(Utils.GET)) {
            if (!SAML2Utils.isSPProfileBindingSupported(str, str2, SAML2Constants.ACS_SERVICE, SAML2Constants.HTTP_ARTIFACT)) {
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
            }
            responseFromPost = getResponseFromGet(httpServletRequest, httpServletResponse, str, str2, sAML2MetaManager);
        } else {
            if (!method.equals(Utils.POST)) {
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 405, "notSupportedHTTPMethod", SAML2Utils.bundle.getString("notSupportedHTTPMethod"));
                throw new SAML2Exception(SAML2Utils.bundle.getString("notSupportedHTTPMethod"));
            }
            String pathInfo = httpServletRequest.getPathInfo();
            if (pathInfo == null || !pathInfo.startsWith("/ECP")) {
                if (!SAML2Utils.isSPProfileBindingSupported(str, str2, SAML2Constants.ACS_SERVICE, SAML2Constants.HTTP_POST)) {
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
                }
                responseFromPost = getResponseFromPost(httpServletRequest, httpServletResponse, str, str2, sAML2MetaManager);
            } else {
                if (!SAML2Utils.isSPProfileBindingSupported(str, str2, SAML2Constants.ACS_SERVICE, SAML2Constants.PAOS)) {
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
                }
                responseFromPost = getResponseFromPostECP(httpServletRequest, httpServletResponse, str, str2, sAML2MetaManager);
            }
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.getResponse: got response=" + responseFromPost.getResponse().toXMLString(true, true));
        }
        return responseFromPost;
    }

    private static ResponseInfo getResponseFromGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        ResponseInfo responseInfo;
        String parameter = httpServletRequest.getParameter("resID");
        if (parameter == null || parameter.length() == 0) {
            String parameter2 = httpServletRequest.getParameter("SAMLart");
            if (parameter2 != null && parameter2.trim().length() != 0) {
                return new ResponseInfo(getResponseFromArtifact(parameter2, str2, httpServletRequest, httpServletResponse, str, sAML2MetaManager), SAML2Constants.HTTP_ARTIFACT, null);
            }
            SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: Artifact string is empty.");
            LogUtil.error(Level.INFO, LogUtil.MISSING_ARTIFACT, null, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "missingArtifact", SAML2Utils.bundle.getString("missingArtifact"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingArtifact"));
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.getResponseFromGet: resID=" + parameter);
        }
        synchronized (SPCache.responseHash) {
            responseInfo = (ResponseInfo) SPCache.responseHash.remove(parameter);
        }
        if (responseInfo != null) {
            return responseInfo;
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.getResponseFromGet: couldn't find Response from resID.");
        }
        LogUtil.error(Level.INFO, LogUtil.RESPONSE_NOT_FOUND_FROM_CACHE, new String[]{parameter}, null);
        SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "SSOFailed", SAML2Utils.bundle.getString("SSOFailed"));
        throw new SAML2Exception(SAML2Utils.bundle.getString("SSOFailed"));
    }

    /* JADX WARN: Type inference failed for: r19v0, types: [java.lang.Throwable, com.sun.identity.saml2.meta.SAML2MetaException] */
    private static Response getResponseFromArtifact(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str3, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.getResponseFromArtifact: samlArt = " + str);
        }
        try {
            Artifact createArtifact = ProtocolFactory.getInstance().createArtifact(str.trim());
            LogUtil.access(Level.INFO, LogUtil.RECEIVED_ARTIFACT, new String[]{str.trim()}, null);
            String iDPEntityID = getIDPEntityID(createArtifact, httpServletRequest, httpServletResponse, str3, sAML2MetaManager);
            try {
                IDPSSODescriptorElement iDPSSODescriptor = sAML2MetaManager.getIDPSSODescriptor(str3, iDPEntityID);
                String iDPArtifactResolutionServiceUrl = getIDPArtifactResolutionServiceUrl(createArtifact.getEndpointIndex(), iDPEntityID, iDPSSODescriptor, httpServletRequest, httpServletResponse);
                try {
                    ArtifactResolve createArtifactResolve = ProtocolFactory.getInstance().createArtifactResolve();
                    createArtifactResolve.setID(SAML2Utils.generateID());
                    createArtifactResolve.setVersion(SAML2Constants.VERSION_2_0);
                    createArtifactResolve.setIssueInstant(Time.newDate());
                    createArtifactResolve.setArtifact(createArtifact);
                    createArtifactResolve.setDestination(XMLUtils.escapeSpecialCharacters(iDPArtifactResolutionServiceUrl));
                    Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
                    createIssuer.setValue(str2);
                    createArtifactResolve.setIssuer(createIssuer);
                    String attributeValueFromSSOConfig = SAML2Utils.getAttributeValueFromSSOConfig(str3, iDPEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
                    if (attributeValueFromSSOConfig != null && attributeValueFromSSOConfig.equals("true")) {
                        String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(str3, str2, sAML2MetaManager, "signingCertAlias");
                        if (attributeValueFromSPSSOConfig == null) {
                            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
                        }
                        KeyProvider keyProviderInstance = KeyUtil.getKeyProviderInstance();
                        if (keyProviderInstance == null) {
                            throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
                        }
                        createArtifactResolve.sign(keyProviderInstance.getPrivateKey(attributeValueFromSPSSOConfig), keyProviderInstance.getX509Certificate(attributeValueFromSPSSOConfig));
                    }
                    String xMLString = createArtifactResolve.toXMLString(true, true);
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPACSUtils.getResponseFromArtifact: ArtifactResolve=" + xMLString);
                    }
                    Response responseFromSOAP = getResponseFromSOAP(SOAPCommunicator.getInstance().openSOAPConnection().call(SOAPCommunicator.getInstance().createSOAPMessage(xMLString, true), SAML2Utils.fillInBasicAuthInfo(sAML2MetaManager.getIDPSSOConfig(str3, iDPEntityID), iDPArtifactResolutionServiceUrl)), createArtifactResolve, httpServletRequest, httpServletResponse, iDPEntityID, iDPSSODescriptor, str3, str2, sAML2MetaManager);
                    String[] strArr = {str2, iDPEntityID, createArtifact.getArtifactValue(), ""};
                    if (LogUtil.isAccessLoggable(Level.FINE)) {
                        strArr[3] = responseFromSOAP.toXMLString();
                    }
                    LogUtil.access(Level.INFO, LogUtil.GOT_RESPONSE_FROM_ARTIFACT, strArr, null);
                    return responseFromSOAP;
                } catch (SAML2Exception e) {
                    SAML2Utils.debug.error("SPACSUtils.getResponseFromArtifact: couldn't create ArtifactResolve:", e);
                    LogUtil.error(Level.INFO, LogUtil.CANNOT_CREATE_ARTIFACT_RESOLVE, new String[]{str2, createArtifact.getArtifactValue()}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "errorCreateArtifactResolve", SAML2Utils.bundle.getString("errorCreateArtifactResolve"));
                    throw e;
                } catch (SOAPException e2) {
                    SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: couldn't get ArtifactResponse. SOAP error:", e2);
                    LogUtil.error(Level.INFO, LogUtil.CANNOT_GET_SOAP_RESPONSE, new String[]{str2, iDPArtifactResolutionServiceUrl}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "errorInSOAPCommunication", SAML2Utils.bundle.getString("errorInSOAPCommunication"));
                    throw new SAML2Exception(e2.getMessage());
                }
            } catch (SAML2MetaException e3) {
                LogUtil.error(Level.INFO, LogUtil.IDP_META_NOT_FOUND, new String[]{str3, iDPEntityID}, null);
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToGetIDPSSODescriptor", e3.getMessage());
                throw e3;
            }
        } catch (SAML2Exception e4) {
            SAML2Utils.debug.error("SPACSUtils.getResponseFromArtifact: Unable to decode and parse artifact string:" + str);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "errorObtainArtifact", SAML2Utils.bundle.getString("errorObtainArtifact"));
            throw e4;
        }
    }

    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    private static String getIDPEntityID(Artifact artifact, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        String sourceID = artifact.getSourceID();
        r12 = null;
        try {
            for (String str2 : sAML2MetaManager.getAllRemoteIdentityProviderEntities(str)) {
                if (sourceID.equals(SAML2Utils.generateSourceID(str2))) {
                    break;
                }
                str2 = null;
            }
            if (str2 != null) {
                return str2;
            }
            SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: Unable to find the IDP based on the SourceID in the artifact");
            LogUtil.error(Level.INFO, LogUtil.IDP_NOT_FOUND, new String[]{artifact.getArtifactValue(), str}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("cannotFindIDP"));
        } catch (SAML2Exception e) {
            LogUtil.error(Level.INFO, LogUtil.IDP_NOT_FOUND, new String[]{artifact.getArtifactValue(), str}, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "cannotFindIDP", e.getMessage());
            throw e;
        }
    }

    private static String getIDPArtifactResolutionServiceUrl(int i, String str, IDPSSODescriptorElement iDPSSODescriptorElement, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SAML2Exception, IOException {
        List artifactResolutionService = iDPSSODescriptorElement.getArtifactResolutionService();
        String str2 = null;
        String str3 = null;
        String str4 = null;
        for (int i2 = 0; i2 < artifactResolutionService.size(); i2++) {
            ArtifactResolutionServiceElement artifactResolutionServiceElement = (ArtifactResolutionServiceElement) artifactResolutionService.get(i2);
            str2 = artifactResolutionServiceElement.getLocation();
            int index = artifactResolutionServiceElement.getIndex();
            boolean isIsDefault = artifactResolutionServiceElement.isIsDefault();
            if (index == i) {
                break;
            }
            if (isIsDefault) {
                str3 = str2;
            }
            if (i2 == 0) {
                str4 = str2;
            }
            str2 = null;
        }
        if (str2 == null || str2.length() == 0) {
            str2 = str3;
            if (str2 == null || str2.length() == 0) {
                str2 = str4;
                if (str2 == null || str2.length() == 0) {
                    SAML2Utils.debug.error("SPACSUtils: Unable to get the location of artifact resolution service for " + str);
                    LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESOLUTION_URL_NOT_FOUND, new String[]{str}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "cannotFindArtifactResolutionUrl", SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
                }
            }
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils: IDP artifact resolution service url =" + str2);
        }
        return str2;
    }

    /* JADX WARN: Type inference failed for: r18v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r19v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r23v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    private static Response getResponseFromSOAP(SOAPMessage sOAPMessage, ArtifactResolve artifactResolve, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, IDPSSODescriptorElement iDPSSODescriptorElement, String str2, String str3, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        try {
            try {
                ArtifactResponse createArtifactResponse = ProtocolFactory.getInstance().createArtifactResponse(SOAPCommunicator.getInstance().getSamlpElement(sOAPMessage, SAML2SDKUtils.ARTIFACT_RESPONSE));
                if (createArtifactResponse == null) {
                    LogUtil.error(Level.INFO, LogUtil.MISSING_ARTIFACT_RESPONSE, new String[]{str}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "missingArtifactResponse", SAML2Utils.bundle.getString("missingArtifactResponse"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("missingArtifactResponse"));
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.getResponseFromSOAP:Received ArtifactResponse:" + createArtifactResponse.toXMLString(true, true));
                }
                String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(str2, str3, sAML2MetaManager, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
                if (attributeValueFromSPSSOConfig != null && attributeValueFromSPSSOConfig.equals("true")) {
                    Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(iDPSSODescriptorElement, str, SAML2Constants.IDP_ROLE);
                    if (!createArtifactResponse.isSigned() || !createArtifactResponse.isSignatureValid(verificationCerts)) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("SPACSUtils.getResponseFromSOAP:ArtifactResponse's signature is invalid.");
                        }
                        LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_SIGNATURE, new String[]{str}, null);
                        SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "invalidSignature", SAML2Utils.bundle.getString("invalidSignature"));
                        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignature"));
                    }
                }
                String inResponseTo = createArtifactResponse.getInResponseTo();
                if (inResponseTo == null || !inResponseTo.equals(artifactResolve.getID())) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPACSUtils.getResponseFromSOAP:ArtifactResponse's InResponseTo is invalid.");
                    }
                    LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_INRESPONSETO, new String[]{str}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "invalidInResponseTo", SAML2Utils.bundle.getString("invalidInResponseTo"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseTo"));
                }
                Issuer issuer = createArtifactResponse.getIssuer();
                if (issuer == null || !issuer.getValue().equals(str)) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPACSUtils.getResponseFromSOAP:ArtifactResponse's Issuer is invalid.");
                    }
                    LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_ISSUER, new String[]{str}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "invalidIssuerInResponse", SAML2Utils.bundle.getString("invalidIssuerInResponse"));
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidIssuerInResponse"));
                }
                Status status = createArtifactResponse.getStatus();
                if (status != null && status.getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
                    try {
                        return ProtocolFactory.getInstance().createResponse(createArtifactResponse.getAny());
                    } catch (SAML2Exception e) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("SPACSUtils.getResponseFromSOAP:couldn't instantiate Response:", (Throwable) e);
                        }
                        LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_RESPONSE_ARTIFACT, new String[]{str}, null);
                        SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToCreateResponse", e.getMessage());
                        throw e;
                    }
                }
                String value = status == null ? "" : status.getStatusCode().getValue();
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.getResponseFromSOAP:ArtifactResponse's status code is not success." + value);
                }
                String[] strArr = {str, ""};
                if (LogUtil.isErrorLoggable(Level.FINE)) {
                    strArr[1] = value;
                }
                LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_STATUS_CODE, strArr, null);
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "invalidStatusCode", SAML2Utils.bundle.getString("invalidStatusCode"));
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidStatusCode"));
            } catch (SAML2Exception e2) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.getResponseFromSOAP:Couldn't create ArtifactResponse:", (Throwable) e2);
                }
                LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_ARTIFACT_RESPONSE, new String[]{str}, null);
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToCreateArtifactResponse", e2.getMessage());
                throw e2;
            }
        } catch (SAML2Exception e3) {
            LogUtil.error(Level.INFO, LogUtil.SOAP_ERROR, new String[]{str}, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "soapError", e3.getMessage());
            throw e3;
        }
    }

    /* JADX WARN: Type inference failed for: r19v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r21v0, types: [java.lang.Throwable, com.sun.identity.saml2.meta.SAML2MetaException] */
    private static ResponseInfo getResponseFromPostECP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        try {
            Message message = new Message(SOAPCommunicator.getInstance().getSOAPMessage(httpServletRequest));
            List otherSOAPHeaders = message.getOtherSOAPHeaders();
            ECPRelayState eCPRelayState = null;
            if (otherSOAPHeaders != null && !otherSOAPHeaders.isEmpty()) {
                Iterator it = otherSOAPHeaders.iterator();
                while (it.hasNext()) {
                    try {
                        eCPRelayState = ECPFactory.getInstance().createECPRelayState((Element) it.next());
                        break;
                    } catch (SAML2Exception e) {
                    }
                }
            }
            String value = eCPRelayState != null ? eCPRelayState.getValue() : null;
            List bodies = message.getBodies();
            if (bodies == null || bodies.isEmpty()) {
                LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SAML_RESPONSE_FROM_ECP, new String[]{str2}, null);
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "missingSAMLResponse", SAML2Utils.bundle.getString("missingSAMLResponse"));
                throw new SAML2Exception(SAML2Utils.bundle.getString("missingSAMLResponse"));
            }
            try {
                Response createResponse = ProtocolFactory.getInstance().createResponse((Element) bodies.get(0));
                String value2 = createResponse.getIssuer().getValue();
                try {
                    Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(sAML2MetaManager.getIDPSSODescriptor(str, value2), value2, SAML2Constants.IDP_ROLE);
                    List<Assertion> assertion = createResponse.getAssertion();
                    if (assertion != null && !assertion.isEmpty()) {
                        for (Assertion assertion2 : assertion) {
                            if (!assertion2.isSigned()) {
                                if (SAML2Utils.debug.messageEnabled()) {
                                    SAML2Utils.debug.message("SPACSUtils.getResponseFromPostECP:  Assertion is not signed.");
                                }
                                LogUtil.error(Level.INFO, LogUtil.ECP_ASSERTION_NOT_SIGNED, new String[]{value2}, null);
                                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "assertionNotSigned", SAML2Utils.bundle.getString("assertionNotSigned"));
                                throw new SAML2Exception(SAML2Utils.bundle.getString("assertionNotSigned"));
                            }
                            if (!assertion2.isSignatureValid(verificationCerts)) {
                                if (SAML2Utils.debug.messageEnabled()) {
                                    SAML2Utils.debug.message("SPACSUtils.getResponseFromPostECP:  Assertion signature is invalid.");
                                }
                                LogUtil.error(Level.INFO, LogUtil.ECP_ASSERTION_INVALID_SIGNATURE, new String[]{value2}, null);
                                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "invalidSignature", SAML2Utils.bundle.getString("invalidSignature"));
                                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignature"));
                            }
                        }
                    }
                    return new ResponseInfo(createResponse, SAML2Constants.PAOS, value);
                } catch (SAML2MetaException e2) {
                    LogUtil.error(Level.INFO, LogUtil.IDP_META_NOT_FOUND, new String[]{str, value2}, null);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToGetIDPSSODescriptor", e2.getMessage());
                    throw e2;
                }
            } catch (SAML2Exception e3) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.getResponseFromPostECP:Couldn't create Response:", (Throwable) e3);
                }
                LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SAML_RESPONSE_FROM_ECP, new String[]{str2}, null);
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToCreateResponse", e3.getMessage());
                throw e3;
            }
        } catch (SOAPException e4) {
            LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SOAP_MESSAGE_ECP, new String[]{str2}, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToCreateSOAPMessage", e4.getMessage());
            throw new SAML2Exception(e4.getMessage());
        } catch (SOAPBindingException e5) {
            LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SOAP_MESSAGE_ECP, new String[]{str2}, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToCreateSOAPMessage", e5.getMessage());
            throw new SAML2Exception(e5.getMessage());
        } catch (SOAPFaultException e6) {
            LogUtil.error(Level.INFO, LogUtil.RECEIVE_SOAP_FAULT_ECP, new String[]{str2}, null);
            String faultString = e6.getSOAPFaultMessage().getSOAPFault().getFaultString();
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToCreateSOAPMessage", faultString);
            throw new SAML2Exception(faultString);
        }
    }

    private static ResponseInfo getResponseFromPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, IOException {
        SAML2Utils.debug.message("SPACSUtils:getResponseFromPost");
        String parameter = httpServletRequest.getParameter("SAMLart");
        if (parameter != null && parameter.trim().length() != 0) {
            return new ResponseInfo(getResponseFromArtifact(parameter, str2, httpServletRequest, httpServletResponse, str, sAML2MetaManager), SAML2Constants.HTTP_ARTIFACT, null);
        }
        String parameter2 = httpServletRequest.getParameter("SAMLResponse");
        if (parameter2 == null) {
            LogUtil.error(Level.INFO, LogUtil.MISSING_SAML_RESPONSE_FROM_POST, null, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "missingSAMLResponse", SAML2Utils.bundle.getString("missingSAMLResponse"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSAMLResponse"));
        }
        Response response = null;
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                byte[] decode = Base64.decode(parameter2);
                if (decode != null) {
                    byteArrayInputStream = new ByteArrayInputStream(decode);
                    Document dOMDocument = XMLUtils.toDOMDocument(byteArrayInputStream, SAML2Utils.debug);
                    if (dOMDocument != null) {
                        response = ProtocolFactory.getInstance().createResponse(dOMDocument.getDocumentElement());
                    }
                }
                if (response == null) {
                    if (!SAML2Utils.debug.messageEnabled()) {
                        return null;
                    }
                    SAML2Utils.debug.message("SPACSUtils.getResponse: Decoded response, resp is null");
                    return null;
                }
                String[] strArr = {""};
                if (LogUtil.isAccessLoggable(Level.FINE)) {
                    strArr[0] = response.toXMLString();
                }
                LogUtil.access(Level.INFO, LogUtil.GOT_RESPONSE_FROM_POST, strArr, null);
                return new ResponseInfo(response, SAML2Constants.HTTP_POST, null);
            } finally {
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("SPACSUtils.getResponse: Exception when close the input stream:", e);
                        }
                    }
                }
            }
        } catch (SAML2Exception e2) {
            SAML2Utils.debug.error("SPACSUtils.getResponse: Exception when instantiating SAMLResponse:", e2);
            LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_RESPONSE_POST, null, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "errorObtainResponse", SAML2Utils.bundle.getString("errorObtainResponse"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorObtainResponse"));
        } catch (Exception e3) {
            SAML2Utils.debug.error("SPACSUtils.getResponse: Exception when decoding SAMLResponse:", e3);
            LogUtil.error(Level.INFO, LogUtil.CANNOT_DECODE_RESPONSE, null, null);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "errorDecodeResponse", SAML2Utils.bundle.getString("errorDecodeResponse"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorDecodeResponse"));
        }
    }

    /* JADX WARN: Type inference failed for: r0v151, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r0v160, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r0v182, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r0v291, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r0v294, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r0v301, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r0v70, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r0v75, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r24v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r40v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r50v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r50v1, types: [java.lang.Throwable, com.sun.identity.plugin.datastore.DataStoreProviderException] */
    /* JADX WARN: Type inference failed for: r52v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r56v0, types: [java.lang.Throwable, com.sun.identity.plugin.session.SessionException] */
    /* JADX WARN: Type inference failed for: r64v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public static Object processResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, Object obj, ResponseInfo responseInfo, String str2, String str3, SAML2MetaManager sAML2MetaManager, SAML2EventLogger sAML2EventLogger) throws SAML2Exception {
        NameIDInfo nameIDInfo;
        List nameIDFormat;
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.processResponse: Response : " + responseInfo.getResponse());
        }
        Map map = null;
        try {
            map = SAML2Utils.verifyResponse(httpServletRequest, httpServletResponse, responseInfo.getResponse(), str2, str3, responseInfo.getProfileBinding());
            Subject subject = (Subject) map.get("Subject");
            NameID nameID = subject.getNameID();
            EncryptedID encryptedID = subject.getEncryptedID();
            Assertion assertion = (Assertion) map.get("assertion");
            String str4 = (String) map.get("SessionIndex");
            responseInfo.setSessionIndex(str4);
            Integer num = (Integer) map.get("AuthLevel");
            String str5 = (String) map.get(SAML2Constants.IN_RESPONSE_TO);
            List list = (List) map.get(SAML2Constants.ASSERTIONS);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.processResponse: Assertions : " + list);
            }
            SPSSOConfigElement sPSSOConfig = sAML2MetaManager.getSPSSOConfig(str2, str3);
            SPAccountMapper sPAccountMapper = SAML2Utils.getSPAccountMapper(str2, str3);
            SPAttributeMapper sPAttributeMapper = SAML2Utils.getSPAttributeMapper(str2, str3);
            boolean parseBoolean = Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSPSSOConfig(sPSSOConfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED));
            boolean needAttributeEncrypted = getNeedAttributeEncrypted(parseBoolean, sPSSOConfig);
            boolean needNameIDEncrypted = getNeedNameIDEncrypted(parseBoolean, sPSSOConfig);
            Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys((BaseConfigType) sPSSOConfig);
            if (needNameIDEncrypted && encryptedID == null) {
                SAML2Utils.debug.error("SPACSUtils.processResponse: process: NameID was not encrypted.");
                ?? sAML2Exception = new SAML2Exception(SAML2Utils.bundle.getString("nameIDNotEncrypted"));
                invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 1, sAML2Exception);
                throw sAML2Exception;
            }
            if (encryptedID != null) {
                try {
                    nameID = encryptedID.decrypt(decryptionKeys);
                } catch (SAML2Exception e) {
                    invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 1, e);
                    throw e;
                }
            }
            responseInfo.setNameId(nameID);
            SPSSODescriptorElement sPSSODescriptorElement = null;
            try {
                sPSSODescriptorElement = sAML2MetaManager.getSPSSODescriptor(str2, str3);
            } catch (SAML2MetaException e2) {
                SAML2Utils.debug.error("SPACSUtils.processResponse: ", e2);
            }
            if (sPSSODescriptorElement == null) {
                ?? sAML2Exception2 = new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
                invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 11, sAML2Exception2);
                throw sAML2Exception2;
            }
            String format = nameID.getFormat();
            if (format != null && (nameIDFormat = sPSSODescriptorElement.getNameIDFormat()) != null && !nameIDFormat.isEmpty() && !nameIDFormat.contains(format)) {
                ?? sAML2Exception3 = new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "unsupportedNameIDFormatSP", new Object[]{format});
                invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 1, sAML2Exception3);
                throw sAML2Exception3;
            }
            boolean equals = SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(format);
            boolean isIgnoredProfile = SAML2PluginsUtils.isIgnoredProfile(obj, str2);
            String str6 = null;
            try {
                SessionProvider provider = SessionManager.getProvider();
                if (obj != null) {
                    try {
                        str6 = provider.getPrincipalName(obj);
                    } catch (SessionException e3) {
                        ?? sAML2Exception4 = new SAML2Exception((Throwable) e3);
                        invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 4, sAML2Exception4);
                        throw sAML2Exception4;
                    }
                }
                String value = assertion.getIssuer().getValue();
                String str7 = null;
                boolean z = false;
                boolean z2 = (equals || isIgnoredProfile || !sPAccountMapper.shouldPersistNameIDFormat(str2, str3, value, format)) ? false : true;
                if (z2) {
                    try {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("SPACSUtils.processResponse: querying data store for existing federation links: realm = " + str2 + " hostEntityID = " + str3 + " remoteEntityID = " + value);
                        }
                        try {
                            str7 = SAML2Utils.getDataStoreProvider().getUserID(str2, SAML2Utils.getNameIDKeyMap(nameID, str3, value, str2, SAML2Constants.SP_ROLE));
                        } catch (DataStoreProviderException e4) {
                            SAML2Utils.debug.error("SPACSUtils.processResponse: DataStoreProviderException whilst retrieving NameID information", (Throwable) e4);
                            throw new SAML2Exception(e4.getMessage());
                        }
                    } catch (SAML2Exception e5) {
                        invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 6, e5);
                        throw e5;
                    }
                }
                if (str7 == null) {
                    str7 = sPAccountMapper.getIdentity(assertion, str3, str2);
                    z = true;
                }
                if (str7 == null && responseInfo.isLocalLogin()) {
                    str7 = str6;
                }
                if (null != sAML2EventLogger) {
                    sAML2EventLogger.setUserId(str7);
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.processResponse: process: userName =[" + str7 + "]");
                }
                ArrayList arrayList = null;
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    List<Attribute> sAMLAttributes = getSAMLAttributes((Assertion) it.next(), needAttributeEncrypted, decryptionKeys);
                    if (sAMLAttributes != null && !sAMLAttributes.isEmpty()) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.addAll(sAMLAttributes);
                    }
                }
                Map<String, Set<String>> map2 = null;
                if (arrayList != null) {
                    try {
                        map2 = sPAttributeMapper.getAttributes(arrayList, str7, str3, value, str2);
                    } catch (SAML2Exception e6) {
                        invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 5, e6);
                        throw e6;
                    }
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.processResponse: process: remoteHostId = " + value);
                    SAML2Utils.debug.message("SPACSUtils.processResponse: process: attrMap = " + map2);
                }
                responseInfo.setAttributeMap(map2);
                if (StringUtils.isEmpty(str7)) {
                    if (obj != null) {
                        try {
                            provider.invalidateSession(obj, httpServletRequest, httpServletResponse);
                        } catch (SessionException e7) {
                            SAML2Utils.debug.error("An error occurred while trying to invalidate session", e7);
                        }
                    }
                    throw new SAML2Exception(SAML2Utils.bundle.getString("noUserMapping"));
                }
                boolean z3 = z && z2;
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.processResponse: userName : " + str7);
                    SAML2Utils.debug.message("SPACSUtils.processResponse: writeFedInfo : " + z3);
                }
                AuthnRequest authnRequest = null;
                if (map != null) {
                    authnRequest = (AuthnRequest) map.get("AuthnRequest");
                }
                if (str5 != null && str5.length() != 0) {
                    SPCache.requestHash.remove(str5);
                }
                HashMap hashMap = new HashMap();
                hashMap.put("realm", str2);
                hashMap.put(SessionProvider.PRINCIPAL_NAME, str7);
                String clientIPAddress = ClientUtils.getClientIPAddress(httpServletRequest);
                hashMap.put(SessionProvider.HOST, clientIPAddress);
                hashMap.put(SessionProvider.HOST_NAME, clientIPAddress);
                hashMap.put("AuthLevel", String.valueOf(num));
                httpServletRequest.setAttribute(SessionProvider.ATTR_MAP, map2);
                try {
                    Object createSession = provider.createSession(hashMap, httpServletRequest, httpServletResponse, null);
                    String[] strArr = {str};
                    try {
                        setAttrMapInSession(provider, map2, createSession);
                        setDiscoBootstrapCredsInSSOToken(provider, assertion, createSession);
                        provider.setProperty(createSession, SAML2Constants.SP_METAALIAS, strArr);
                        String sPNameQualifier = nameID.getSPNameQualifier();
                        boolean isDualRole = SAML2Utils.isDualRole(str3, str2);
                        AffiliationDescriptorType affiliationDescriptorType = null;
                        if (sPNameQualifier != null && !sPNameQualifier.isEmpty()) {
                            affiliationDescriptorType = sAML2MetaManager.getAffiliationDescriptor(str2, sPNameQualifier);
                        }
                        if (affiliationDescriptorType == null) {
                            nameIDInfo = isDualRole ? new NameIDInfo(str3, value, nameID, SAML2Constants.DUAL_ROLE, false) : new NameIDInfo(str3, value, nameID, SAML2Constants.SP_ROLE, false);
                        } else {
                            if (!affiliationDescriptorType.getAffiliateMember().contains(str3)) {
                                throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
                            }
                            nameIDInfo = isDualRole ? new NameIDInfo(sPNameQualifier, value, nameID, SAML2Constants.DUAL_ROLE, true) : new NameIDInfo(sPNameQualifier, value, nameID, SAML2Constants.SP_ROLE, true);
                        }
                        HashMap hashMap2 = new HashMap();
                        String nameIDValue = nameIDInfo.getNameIDValue();
                        hashMap2.put("NameID", nameIDInfo.getNameIDValue());
                        try {
                            String principalName = provider.getPrincipalName(createSession);
                            LogUtil.access(Level.INFO, LogUtil.SUCCESS_FED_SSO, new String[]{principalName, nameIDValue}, createSession, hashMap2);
                            if (z3) {
                                try {
                                    AccountUtils.setAccountFederation(nameIDInfo, principalName);
                                    String[] strArr2 = {principalName, ""};
                                    if (LogUtil.isAccessLoggable(Level.FINE)) {
                                        strArr2[1] = nameIDInfo.toValueString();
                                    }
                                    LogUtil.access(Level.INFO, LogUtil.FED_INFO_WRITTEN, strArr2, createSession, hashMap2);
                                } catch (SAML2Exception e8) {
                                    invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 3, e8);
                                    throw e8;
                                }
                            }
                            saveInfoInMemory(provider, createSession, str4, str, nameIDInfo, IDPProxyUtil.isIDPProxyEnabled(responseInfo.getResponse().getInResponseTo()), equals);
                            SAML2ServiceProviderAdapter sPAdapterClass = SAML2Utils.getSPAdapterClass(str3, str2);
                            if (sPAdapterClass != null) {
                                try {
                                    provider.setProperty(createSession, SAML2Constants.RESPONSE_REDIRECTED, sPAdapterClass.postSingleSignOnSuccess(str3, str2, httpServletRequest, httpServletResponse, printWriter, createSession, authnRequest, responseInfo.getResponse(), responseInfo.getProfileBinding(), z3) ? new String[]{"true"} : new String[]{"false"});
                                } catch (SessionException e9) {
                                    SAML2Utils.debug.warning("SPSingleLogout.processResp", e9);
                                } catch (UnsupportedOperationException e10) {
                                    SAML2Utils.debug.warning("SPSingleLogout.processResp", e10);
                                }
                            }
                            String id = assertion.getID();
                            if (responseInfo.getProfileBinding().equals(SAML2Constants.HTTP_POST)) {
                                SPCache.assertionByIDCache.put(id, SAML2Constants.ONETIME);
                                try {
                                    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                                        SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(id, SAML2Constants.ONETIME, ((Long) map.get("NotOnOrAfter")).longValue() / 1000);
                                    }
                                } catch (SAML2TokenRepositoryException e11) {
                                    SAML2Utils.debug.error("SPACSUtils.processResponse: There was a problem saving the assertionID to the SAML2 Token Repository for assertionID:" + id, e11);
                                }
                            }
                            responseInfo.setAssertion(assertion);
                            return createSession;
                        } catch (SessionException e12) {
                            ?? sAML2Exception5 = new SAML2Exception((Throwable) e12);
                            invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 4, sAML2Exception5);
                            throw sAML2Exception5;
                        }
                    } catch (SessionException e13) {
                        ?? sAML2Exception6 = new SAML2Exception((Throwable) e13);
                        invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 4, sAML2Exception6);
                        throw sAML2Exception6;
                    }
                } catch (SessionException e14) {
                    int i = 10;
                    int errCode = e14.getErrCode();
                    if (errCode == SessionException.AUTH_USER_INACTIVE) {
                        i = 7;
                    } else if (errCode == SessionException.AUTH_USER_LOCKED) {
                        i = 8;
                    } else if (errCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
                        i = 9;
                    }
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPACSUtils.processResponse : error code=" + errCode, (Throwable) e14);
                    }
                    ?? sAML2Exception7 = new SAML2Exception((Throwable) e14);
                    invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, i, sAML2Exception7);
                    throw sAML2Exception7;
                }
            } catch (SessionException e15) {
                ?? sAML2Exception8 = new SAML2Exception((Throwable) e15);
                invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 4, sAML2Exception8);
                throw sAML2Exception8;
            }
        } catch (SAML2Exception e16) {
            invokeSPAdapterForSSOFailure(str3, str2, httpServletRequest, httpServletResponse, map, responseInfo, 1, e16);
            throw e16;
        }
    }

    private static boolean getNeedNameIDEncrypted(boolean z, SPSSOConfigElement sPSSOConfigElement) {
        if (z) {
            return false;
        }
        return Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSPSSOConfig(sPSSOConfigElement, SAML2Constants.WANT_NAMEID_ENCRYPTED));
    }

    public static boolean getNeedAttributeEncrypted(boolean z, SPSSOConfigElement sPSSOConfigElement) {
        if (z) {
            return false;
        }
        return Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSPSSOConfig(sPSSOConfigElement, SAML2Constants.WANT_ATTRIBUTE_ENCRYPTED));
    }

    private static void invokeSPAdapterForSSOFailure(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map, ResponseInfo responseInfo, int i, SAML2Exception sAML2Exception) {
        SAML2ServiceProviderAdapter sAML2ServiceProviderAdapter = null;
        try {
            sAML2ServiceProviderAdapter = SAML2Utils.getSPAdapterClass(str, str2);
        } catch (SAML2Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.invokeSPAdapterForSSOFailure", e);
            }
        }
        if (sAML2ServiceProviderAdapter != null) {
            AuthnRequest authnRequest = null;
            if (map != null) {
                authnRequest = (AuthnRequest) map.get("AuthnRequest");
            }
            sAML2Exception.setRedirectionDone(sAML2ServiceProviderAdapter.postSingleSignOnFailure(str, str2, httpServletRequest, httpServletResponse, authnRequest, responseInfo.getResponse(), responseInfo.getProfileBinding(), i));
        }
    }

    public static void saveInfoInMemory(SessionProvider sessionProvider, Object obj, String str, String str2, NameIDInfo nameIDInfo, boolean z, boolean z2) throws SAML2Exception {
        String[] strArr;
        String valueString = new NameIDInfoKey(nameIDInfo.getNameIDValue(), nameIDInfo.getHostEntityID(), nameIDInfo.getRemoteEntityID()).toValueString();
        String nameIDInfoKeyAttribute = AccountUtils.getNameIDInfoKeyAttribute();
        try {
            String[] property = sessionProvider.getProperty(obj, nameIDInfoKeyAttribute);
            if (property == null || property.length == 0 || property[0] == null || property[0].length() == 0) {
                sessionProvider.setProperty(obj, nameIDInfoKeyAttribute, new String[]{valueString});
            } else if (property[0].indexOf(valueString) == -1) {
                sessionProvider.setProperty(obj, nameIDInfoKeyAttribute, new String[]{property[0] + SAML2Constants.SECOND_DELIM + valueString});
            }
            if (z2) {
                String valueString2 = nameIDInfo.toValueString();
                String nameIDInfoAttribute = AccountUtils.getNameIDInfoAttribute();
                String[] property2 = sessionProvider.getProperty(obj, nameIDInfoAttribute);
                if (property2 == null) {
                    strArr = new String[]{valueString2};
                } else {
                    HashSet hashSet = new HashSet();
                    for (String str3 : property2) {
                        hashSet.add(str3);
                    }
                    hashSet.add(valueString2);
                    strArr = (String[]) hashSet.toArray(new String[hashSet.size()]);
                }
                sessionProvider.setProperty(obj, nameIDInfoAttribute, strArr);
            }
            String sessionID = sessionProvider.getSessionID(obj);
            if (!SPCache.isFedlet) {
                List list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(valueString);
                if (z) {
                    IDPSession iDPSession = IDPCache.idpSessionsBySessionID.get(sessionID);
                    if (iDPSession == null) {
                        iDPSession = new IDPSession(obj);
                        IDPCache.idpSessionsBySessionID.put(sessionID, iDPSession);
                    }
                    SAML2Utils.debug.message("Add Session Partner: {}", new Object[]{nameIDInfo.getRemoteEntityID()});
                    iDPSession.addSessionPartner(new SAML2SessionPartner(nameIDInfo.getRemoteEntityID(), true));
                }
                if (list == null) {
                    synchronized (SPCache.fedSessionListsByNameIDInfoKey) {
                        list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(valueString);
                        if (list == null) {
                            list = new ArrayList();
                        }
                    }
                    synchronized (list) {
                        list.add(new SPFedSession(str, sessionID, nameIDInfo, str2));
                        SPCache.fedSessionListsByNameIDInfoKey.put(valueString, list);
                    }
                    if (agent != null && agent.isRunning() && saml2Svc != null) {
                        saml2Svc.setFedSessionCount(SPCache.fedSessionListsByNameIDInfoKey.size());
                    }
                } else {
                    synchronized (list) {
                        Iterator it = list.iterator();
                        boolean z3 = false;
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            SPFedSession sPFedSession = (SPFedSession) it.next();
                            String str4 = sPFedSession != null ? sPFedSession.idpSessionIndex : null;
                            if (str4 != null && str4.equals(str)) {
                                sPFedSession.spTokenID = sessionID;
                                sPFedSession.info = nameIDInfo;
                                z3 = true;
                                break;
                            }
                        }
                        if (!z3) {
                            list.add(new SPFedSession(str, sessionID, nameIDInfo, str2));
                            SPCache.fedSessionListsByNameIDInfoKey.put(valueString, list);
                            if (agent != null && agent.isRunning() && saml2Svc != null) {
                                saml2Svc.setFedSessionCount(SPCache.fedSessionListsByNameIDInfoKey.size());
                            }
                        }
                    }
                }
                SPCache.fedSessionListsByNameIDInfoKey.put(valueString, list);
                if (agent != null && agent.isRunning() && saml2Svc != null) {
                    saml2Svc.setFedSessionCount(SPCache.fedSessionListsByNameIDInfoKey.size());
                }
            }
            try {
                sessionProvider.addListener(obj, new SPSessionListener(valueString, sessionID));
            } catch (SessionException e) {
                SAML2Utils.debug.error("SPACSUtils.saveInfoInMemory: Unable to add session listener.");
            }
        } catch (SessionException e2) {
            throw new SAML2Exception((Throwable) e2);
        }
    }

    public static void setAttrMapInSession(SessionProvider sessionProvider, Map map, Object obj) throws SessionException {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            Set set = (Set) entry.getValue();
            if (set != null && !set.isEmpty()) {
                sessionProvider.setProperty(obj, str, (String[]) set.toArray(new String[set.size()]));
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPACSUtils.setAttrMapInSessioin: AttrMap:" + str + " , " + set);
                }
            }
        }
    }

    private static void setDiscoBootstrapCredsInSSOToken(SessionProvider sessionProvider, Assertion assertion, Object obj) throws SessionException {
        List additionalInfo;
        if (assertion == null) {
            return;
        }
        HashSet hashSet = null;
        Advice advice = assertion.getAdvice();
        if (advice != null && (additionalInfo = advice.getAdditionalInfo()) != null && !additionalInfo.isEmpty()) {
            if (0 == 0) {
                hashSet = new HashSet();
            }
            hashSet.addAll(additionalInfo);
        }
        if (hashSet != null) {
            sessionProvider.setProperty(obj, SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS, (String[]) hashSet.toArray(new String[hashSet.size()]));
        }
    }

    public static String getRelayState(String str, String str2, String str3, SAML2MetaManager sAML2MetaManager) {
        String str4 = null;
        if (str != null && str.trim().length() != 0) {
            CacheObject cacheObject = (CacheObject) SPCache.relayStateHash.remove(str);
            if (cacheObject != null) {
                str4 = (String) cacheObject.getObject();
            } else if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                String str5 = str + str;
                try {
                    String str6 = (String) SAML2FailoverUtils.retrieveSAML2Token(str5);
                    if (str6 != null) {
                        str4 = str6;
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("SPACUtils.getRelayState: relayState retrieved from SAML2 repository for key: " + str5);
                        }
                    }
                } catch (SAML2TokenRepositoryException e) {
                    SAML2Utils.debug.error("SPACUtils.getRelayState: Unable to retrieve relayState for key " + str5, e);
                }
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACUtils.getRelayState: relayState is null for relayStateID: " + str + ", SAML2 failover is disabled");
            }
            if (str4 == null || str4.trim().length() == 0) {
                str4 = str;
            }
        }
        if (str4 == null || str4.trim().length() == 0) {
            str4 = getAttributeValueFromSPSSOConfig(str2, str3, sAML2MetaManager, SAML2Constants.DEFAULT_RELAY_STATE);
        }
        return str4;
    }

    public static String getIntermediateURL(String str, String str2, SAML2MetaManager sAML2MetaManager) {
        return getAttributeValueFromSPSSOConfig(str, str2, sAML2MetaManager, SAML2Constants.INTERMEDIATE_URL);
    }

    public static String prepareForLocalLogin(String str, String str2, SAML2MetaManager sAML2MetaManager, ResponseInfo responseInfo, String str3) {
        String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(str, str2, sAML2MetaManager, SAML2Constants.LOCAL_AUTH_URL);
        if (StringUtils.isEmpty(attributeValueFromSPSSOConfig)) {
            try {
                int indexOf = str3.indexOf("Consumer/metaAlias");
                if (indexOf != -1) {
                    attributeValueFromSPSSOConfig = str3.substring(0, indexOf) + "UI/Login?realm=" + str;
                }
            } catch (IndexOutOfBoundsException e) {
                attributeValueFromSPSSOConfig = null;
            }
            if (StringUtils.isEmpty(attributeValueFromSPSSOConfig)) {
                attributeValueFromSPSSOConfig = SystemConfigurationUtil.getProperty(SAMLConstants.SERVER_PROTOCOL) + "://" + SystemConfigurationUtil.getProperty(SAMLConstants.SERVER_HOST) + SystemConfigurationUtil.getProperty(SAMLConstants.SERVER_PORT) + "/UI/Login?realm=" + str;
            }
        }
        responseInfo.setIsLocalLogin(true);
        synchronized (SPCache.responseHash) {
            SPCache.responseHash.put(responseInfo.getResponse().getID(), responseInfo);
        }
        SAML2Utils.debug.message("SPACSUtils:prepareForLocalLogin: localLoginUrl = {}", new Object[]{attributeValueFromSPSSOConfig});
        return attributeValueFromSPSSOConfig;
    }

    private static String getAttributeValueFromSPSSOConfig(String str, String str2, SAML2MetaManager sAML2MetaManager, String str3) {
        SPSSOConfigElement sPSSOConfig;
        String str4 = null;
        try {
            sPSSOConfig = sAML2MetaManager.getSPSSOConfig(str, str2);
        } catch (SAML2MetaException e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.getAttributeValueFromSPSSOConfig:", e);
            }
            str4 = null;
        }
        if (sPSSOConfig == null) {
            return null;
        }
        List<String> list = SAML2MetaUtils.getAttributes(sPSSOConfig).get(str3);
        if (list != null && list.size() != 0) {
            str4 = list.iterator().next().trim();
        }
        return str4;
    }

    public static List<Attribute> getSAMLAttributes(Assertion assertion, boolean z, Set<PrivateKey> set) {
        ArrayList arrayList = null;
        if (assertion != null) {
            List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
            if (CollectionUtils.isNotEmpty(attributeStatements)) {
                for (AttributeStatement attributeStatement : attributeStatements) {
                    List<Attribute> attribute = attributeStatement.getAttribute();
                    if (z && attribute != null && !attribute.isEmpty()) {
                        SAML2Utils.debug.error("Attribute not encrypted.");
                        return null;
                    }
                    if (attribute != null) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.addAll(attribute);
                    }
                    List<EncryptedAttribute> encryptedAttribute = attributeStatement.getEncryptedAttribute();
                    if (encryptedAttribute != null) {
                        for (EncryptedAttribute encryptedAttribute2 : encryptedAttribute) {
                            if (arrayList == null) {
                                arrayList = new ArrayList();
                            }
                            try {
                                arrayList.add(encryptedAttribute2.decrypt(set));
                            } catch (SAML2Exception e) {
                                SAML2Utils.debug.error("Decryption error:", e);
                                return null;
                            }
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    public static Map processResponseForFedlet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter) throws SAML2Exception, IOException, SessionException, ServletException {
        String str;
        if (httpServletRequest == null) {
            String format = MessageFormat.format(SAML2SDKUtils.bundle.getString("nullInputMessage"), "request");
            SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet: " + format);
            throw new ServletException(format);
        }
        if (httpServletResponse == null) {
            String format2 = MessageFormat.format(SAML2SDKUtils.bundle.getString("nullInputMessage"), "response");
            SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet: " + format2);
            throw new ServletException(format2);
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        SAML2MetaManager sAML2MetaManager = new SAML2MetaManager();
        if (sAML2MetaManager == null) {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorMetaManager"));
        }
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(stringBuffer);
        if (metaAliasByUri == null || metaAliasByUri.length() == 0) {
            metaAliasByUri = httpServletRequest.getParameter("metaAlias");
            if (metaAliasByUri == null || metaAliasByUri.length() == 0) {
                List allHostedServiceProviderMetaAliases = sAML2MetaManager.getAllHostedServiceProviderMetaAliases("/");
                if (allHostedServiceProviderMetaAliases != null && !allHostedServiceProviderMetaAliases.isEmpty()) {
                    metaAliasByUri = (String) allHostedServiceProviderMetaAliases.get(0);
                }
                if (metaAliasByUri == null || metaAliasByUri.length() == 0) {
                    throw new ServletException(SAML2SDKUtils.bundle.getString("nullSPEntityID"));
                }
            }
        }
        try {
            String entityByMetaAlias = sAML2MetaManager.getEntityByMetaAlias(metaAliasByUri);
            if (entityByMetaAlias == null) {
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
            }
            String parameter = httpServletRequest.getParameter("RelayState");
            try {
                SessionProvider provider = SessionManager.getProvider();
                ResponseInfo response = getResponse(httpServletRequest, httpServletResponse, "/", entityByMetaAlias, sAML2MetaManager);
                Object processResponse = processResponse(httpServletRequest, httpServletResponse, printWriter, metaAliasByUri, null, response, "/", entityByMetaAlias, sAML2MetaManager, null);
                SAML2SDKUtils.debug.message("SSO SUCCESS");
                String[] property = provider.getProperty(processResponse, SAML2Constants.RESPONSE_REDIRECTED);
                if (property != null && property.length != 0 && property[0].equals("true")) {
                    SAML2SDKUtils.debug.message("Already redirected in SPAdapter.");
                    return createMapForFedlet(response, null, entityByMetaAlias);
                }
                String relayState = getRelayState(parameter, "/", entityByMetaAlias, sAML2MetaManager);
                String str2 = relayState;
                if (relayState != null && relayState.length() != 0) {
                    try {
                        str2 = provider.rewriteURL(processResponse, relayState);
                    } catch (SessionException e) {
                        SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet", e);
                        str2 = relayState;
                    }
                }
                String intermediateURL = getIntermediateURL("/", entityByMetaAlias, sAML2MetaManager);
                if (intermediateURL == null || intermediateURL.length() == 0) {
                    str = relayState;
                } else if (str2 == null || str2.length() == 0) {
                    str = intermediateURL;
                } else {
                    String str3 = (intermediateURL.indexOf("?") != -1 ? intermediateURL + "&goto=" : intermediateURL + "?goto=") + URLEncDec.encode(str2);
                    try {
                        str = provider.rewriteURL(processResponse, str3);
                    } catch (SessionException e2) {
                        SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet: rewriting failed.", e2);
                        str = str3;
                    }
                }
                return createMapForFedlet(response, str, entityByMetaAlias);
            } catch (SessionException e3) {
                SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", e3);
                throw new SAML2Exception((Throwable) e3);
            }
        } catch (SAML2MetaException e4) {
            SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", e4);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
        }
    }

    private static Map createMapForFedlet(ResponseInfo responseInfo, String str, String str2) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put("RelayState", str);
        }
        hashMap.put("Response", responseInfo.getResponse());
        Assertion assertion = responseInfo.getAssertion();
        hashMap.put("Assertion", assertion);
        hashMap.put("Subject", assertion.getSubject());
        hashMap.put("idpEntityID", assertion.getIssuer().getValue());
        hashMap.put(SAML2Constants.SPENTITYID, str2);
        hashMap.put("NameID", responseInfo.getNameId());
        hashMap.put(SAML2Constants.ATTRIBUTE_MAP, responseInfo.getAttributeMap());
        hashMap.put("SessionIndex", responseInfo.getSessionIndex());
        return hashMap;
    }

    public static String getPrincipalWithoutLogin(Subject subject, Assertion assertion, String str, String str2, SAML2MetaManager sAML2MetaManager, String str3, String str4) throws SAML2Exception {
        EncryptedID encryptedID = subject.getEncryptedID();
        SPSSOConfigElement sPSSOConfig = sAML2MetaManager.getSPSSOConfig(str, str2);
        Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys((BaseConfigType) sPSSOConfig);
        SPAccountMapper sPAccountMapper = SAML2Utils.getSPAccountMapper(str, str2);
        boolean z = false;
        NameID nameID = subject.getNameID();
        if (!Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSPSSOConfig(sPSSOConfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED))) {
            z = Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSPSSOConfig(sPSSOConfig, SAML2Constants.WANT_NAMEID_ENCRYPTED));
        }
        if (z && encryptedID == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nameIDNotEncrypted"));
        }
        if (encryptedID != null) {
            nameID = encryptedID.decrypt(decryptionKeys);
        }
        SPSSODescriptorElement sPSSODescriptorElement = null;
        try {
            sPSSODescriptorElement = sAML2MetaManager.getSPSSODescriptor(str, str2);
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("Unable to read SPSSODescription", e);
        }
        if (sPSSODescriptorElement == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        String format = nameID.getFormat();
        if (format != null) {
            List nameIDFormat = sPSSODescriptorElement.getNameIDFormat();
            if (CollectionUtils.isNotEmpty(nameIDFormat) && !nameIDFormat.contains(format)) {
                throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "unsupportedNameIDFormatSP", new Object[]{format});
            }
        }
        boolean z2 = (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(format) || SAML2PluginsUtils.isIgnoredProfile(null, str) || !sPAccountMapper.shouldPersistNameIDFormat(str, str2, str3, format)) ? false : true;
        String str5 = null;
        boolean z3 = false;
        try {
            if (z2) {
                try {
                    str5 = SAML2Utils.getDataStoreProvider().getUserID(str, SAML2Utils.getNameIDKeyMap(nameID, str2, str3, str, SAML2Constants.SP_ROLE));
                } catch (DataStoreProviderException e2) {
                    throw new SAML2Exception(e2.getMessage());
                }
            }
            if (str5 == null) {
                str5 = sPAccountMapper.getIdentity(assertion, str2, str);
                z3 = true;
            }
            if (z3 && z2) {
                try {
                    writeFedData(nameID, str2, str, sAML2MetaManager, str3, str5, str4);
                } catch (SAML2Exception e3) {
                    return str5;
                }
            }
            return str5;
        } catch (SAML2Exception e4) {
            return null;
        }
    }

    private static void writeFedData(NameID nameID, String str, String str2, SAML2MetaManager sAML2MetaManager, String str3, String str4, String str5) throws SAML2Exception {
        NameIDInfo nameIDInfo;
        String sPNameQualifier = nameID.getSPNameQualifier();
        boolean isDualRole = SAML2Utils.isDualRole(str, str2);
        AffiliationDescriptorType affiliationDescriptorType = null;
        if (sPNameQualifier != null && !sPNameQualifier.isEmpty()) {
            affiliationDescriptorType = sAML2MetaManager.getAffiliationDescriptor(str2, sPNameQualifier);
        }
        if (affiliationDescriptorType == null) {
            nameIDInfo = isDualRole ? new NameIDInfo(str, str3, nameID, SAML2Constants.DUAL_ROLE, false) : new NameIDInfo(str, str3, nameID, SAML2Constants.SP_ROLE, false);
        } else {
            if (!affiliationDescriptorType.getAffiliateMember().contains(str)) {
                throw new SAML2Exception("Unable to locate SP Entity ID in the affiliate descriptor.");
            }
            nameIDInfo = isDualRole ? new NameIDInfo(sPNameQualifier, str3, nameID, SAML2Constants.DUAL_ROLE, true) : new NameIDInfo(sPNameQualifier, str3, nameID, SAML2Constants.SP_ROLE, true);
        }
        SPCache.fedAccountHash.put(str5, "true");
        AccountUtils.setAccountFederation(nameIDInfo, str4);
    }

    public static List<Attribute> getAttrs(Assertion assertion, boolean z, Set<PrivateKey> set) {
        List<Attribute> sAMLAttributes = getSAMLAttributes(assertion, z, set);
        ArrayList arrayList = null;
        if (sAMLAttributes != null && !sAMLAttributes.isEmpty()) {
            arrayList = new ArrayList();
            arrayList.addAll(sAMLAttributes);
        }
        return arrayList;
    }
}
