package com.sun.identity.saml2.profile;

import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.plugin.monitoring.FedMonAgent;
import com.sun.identity.plugin.monitoring.FedMonSAML2Svc;
import com.sun.identity.plugin.monitoring.MonitorManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.sae.api.Utils;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.AccountUtils;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2FailoverUtils;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.FedletAdapter;
import com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter;
import com.sun.identity.saml2.protocol.LogoutRequest;
import com.sun.identity.saml2.protocol.LogoutResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPMessage;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;
import org.forgerock.openam.saml2.SAML2Store;
import org.forgerock.openam.saml2.audit.SAML2EventLogger;

/* loaded from: input_file:com/sun/identity/saml2/profile/SPSingleLogout.class */
public class SPSingleLogout {
    static SAML2MetaManager sm;
    static AssertionFactory af = AssertionFactory.getInstance();
    static Debug debug = SAML2Utils.debug;
    static final Status SUCCESS_STATUS = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
    static final Status PARTIAL_LOGOUT_STATUS = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("partialLogout"));
    static SessionProvider sessionProvider;
    private static FedMonAgent agent;
    private static FedMonSAML2Svc saml2Svc;

    private SPSingleLogout() {
    }

    public static void initiateLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, Map map, SAML2EventLogger sAML2EventLogger) throws SAML2Exception {
        initiateLogoutRequest(httpServletRequest, httpServletResponse, printWriter, str, map, null, null, null, sAML2EventLogger);
    }

    public static void initiateLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, Map map, LogoutRequest logoutRequest, SOAPMessage sOAPMessage, Object obj, SAML2EventLogger sAML2EventLogger) throws SAML2Exception {
        Object session;
        if (debug.messageEnabled()) {
            debug.message("SPSingleLogout:initiateLogoutRequest");
            debug.message("binding : " + str);
            debug.message("paramsMap : " + map);
        }
        String str2 = (String) map.get(SAML2Constants.SP_METAALIAS);
        if (obj != null) {
            session = obj;
        } else {
            try {
                session = sessionProvider.getSession(httpServletRequest);
            } catch (SessionException e) {
                debug.error("Session exception: ", e);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            } catch (SAML2MetaException e2) {
                debug.error("Error retreiving metadata", e2);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
        }
        if (null != sAML2EventLogger) {
            sAML2EventLogger.setSSOTokenId(session);
        }
        if (!SPCache.isFedlet && session == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
        }
        if (str2 == null) {
            if (SPCache.isFedlet) {
                List allHostedServiceProviderMetaAliases = sm.getAllHostedServiceProviderMetaAliases("/");
                if (allHostedServiceProviderMetaAliases != null && !allHostedServiceProviderMetaAliases.isEmpty()) {
                    str2 = (String) allHostedServiceProviderMetaAliases.get(0);
                }
            } else {
                String[] property = sessionProvider.getProperty(session, SAML2Constants.SP_METAALIAS);
                if (property != null && property.length > 0) {
                    str2 = property[0];
                }
            }
        }
        if (str2 == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPMetaAlias"));
        }
        map.put("metaAlias", str2);
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(str2));
        debug.message("realm : " + realm);
        String entityByMetaAlias = sm.getEntityByMetaAlias(str2);
        if (entityByMetaAlias == null) {
            debug.error("Service Provider ID is missing");
            LogUtil.error(Level.INFO, LogUtil.INVALID_SP, new String[]{entityByMetaAlias}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
        }
        debug.message("spEntityID : " + entityByMetaAlias);
        String sessionID = sessionProvider.getSessionID(session);
        String str3 = null;
        if (SPCache.isFedlet) {
            str3 = SAML2Utils.getParameter(map, SAML2Constants.INFO_KEY);
        } else {
            try {
                String[] property2 = sessionProvider.getProperty(session, AccountUtils.getNameIDInfoKeyAttribute());
                if (property2 != null && property2.length > 0) {
                    str3 = property2[0];
                }
            } catch (SessionException e3) {
                debug.error("Unable to get infoKeyString from session.", e3);
                throw new SAML2Exception(SAML2Utils.bundle.getString("errorInfoKeyString"));
            }
        }
        if (debug.messageEnabled()) {
            debug.message("tokenID : " + sessionID);
            debug.message("infoKeyString : " + str3);
        }
        if (sm.getSPSSODescriptor(realm, entityByMetaAlias) == null) {
            LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{entityByMetaAlias}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List extensionsList = LogoutUtil.getExtensionsList(map);
        String parameter = SAML2Utils.getParameter(map, "RelayState");
        if (parameter == null || parameter.equals("")) {
            parameter = SAML2Utils.getAttributeValueFromSSOConfig(realm, entityByMetaAlias, SAML2Constants.SP_ROLE, SAML2Constants.DEFAULT_RELAY_STATE);
        }
        SAML2Utils.validateRelayStateURL(realm, entityByMetaAlias, parameter, SAML2Constants.SP_ROLE);
        if (str3 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str3, SAML2Constants.SECOND_DELIM);
            String str4 = null;
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (NameIDInfoKey.parse(nextToken).getHostEntityID().equals(entityByMetaAlias)) {
                    str4 = prepareForLogout(realm, sessionID, str2, extensionsList, str, parameter, httpServletRequest, httpServletResponse, map, nextToken, logoutRequest, sOAPMessage);
                }
            }
            SOAPMessage sOAPMessage2 = (SOAPMessage) IDPCache.SOAPMessageByLogoutRequestID.get(str4);
            if (sOAPMessage2 != null) {
                IDPProxyUtil.sendProxyLogoutResponseBySOAP(sOAPMessage2, httpServletResponse, printWriter);
            }
            if (str.equals(SAML2Constants.SOAP) || str4 == null) {
                sessionProvider.invalidateSession(session, httpServletRequest, httpServletResponse);
            }
            return;
        }
        debug.warning("SPSingleLogout.initiateLogoutRequest : Unable to get infoKeyString from session.");
        sessionProvider.invalidateSession(session, httpServletRequest, httpServletResponse);
        if (parameter != null && !parameter.equals("")) {
            try {
                httpServletResponse.sendRedirect(parameter);
                return;
            } catch (IOException e4) {
                debug.error("SPSingleLogout.initiateLogoutRequest: Error in send redirect to " + parameter, e4);
                return;
            }
        }
        try {
            httpServletRequest.getRequestDispatcher("saml2/jsp/default.jsp?message=spSloSuccess").forward(httpServletRequest, httpServletResponse);
        } catch (IOException e5) {
            debug.error("SPSingleLogout.initiateLogoutRequest: Error in forwarding to default.jsp", e5);
        } catch (ServletException e6) {
            debug.error("SPSingleLogout.initiateLogoutRequest: Error in forwarding to default.jsp", e6);
        }
    }

    private static String prepareForLogout(String str, String str2, String str3, List list, String str4, String str5, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map, String str6, LogoutRequest logoutRequest, SOAPMessage sOAPMessage) throws SAML2Exception, SessionException {
        String str7;
        NameID nameID;
        NameIDInfoKey parse = NameIDInfoKey.parse(str6);
        if (SPCache.isFedlet) {
            str7 = SAML2Utils.getParameter(map, "SessionIndex");
            nameID = AssertionFactory.getInstance().createNameID();
            nameID.setValue(parse.getNameIDValue());
            nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
            nameID.setNameQualifier(parse.getRemoteEntityID());
            nameID.setSPNameQualifier(parse.getHostEntityID());
        } else {
            SPFedSession sPFedSession = null;
            List list2 = (List) SPCache.fedSessionListsByNameIDInfoKey.get(str6);
            if (list2 != null) {
                synchronized (list2) {
                    ListIterator listIterator = list2.listIterator();
                    while (true) {
                        if (!listIterator.hasNext()) {
                            break;
                        }
                        sPFedSession = (SPFedSession) listIterator.next();
                        if (str2.equals(sPFedSession.spTokenID)) {
                            listIterator.remove();
                            if (agent != null && agent.isRunning() && saml2Svc != null) {
                                saml2Svc.setFedSessionCount(SPCache.fedSessionListsByNameIDInfoKey.size());
                            }
                            if (list2.size() == 0) {
                                SPCache.fedSessionListsByNameIDInfoKey.remove(str6);
                            }
                        } else {
                            sPFedSession = null;
                        }
                    }
                }
            }
            if (sPFedSession == null) {
                if (!debug.messageEnabled()) {
                    return null;
                }
                debug.message("No session partner, just do local logout.");
                return null;
            }
            str7 = sPFedSession.idpSessionIndex;
            nameID = sPFedSession.info.getNameID();
        }
        IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(str, parse.getRemoteEntityID());
        if (iDPSSODescriptor == null) {
            LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{parse.getRemoteEntityID()}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List singleLogoutService = iDPSSODescriptor.getSingleLogoutService();
        if (singleLogoutService == null) {
            LogUtil.error(Level.INFO, LogUtil.SLO_NOT_FOUND, new String[]{parse.getRemoteEntityID()}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("sloServiceListNotfound"));
        }
        IDPSSOConfigElement iDPSSOConfigElement = null;
        if (str4.equals(SAML2Constants.SOAP)) {
            iDPSSOConfigElement = sm.getIDPSSOConfig(str, parse.getRemoteEntityID());
        }
        String stringBuffer = LogoutUtil.doLogout(str3, parse.getRemoteEntityID(), singleLogoutService, list, str4, str5, str7, nameID, httpServletRequest, httpServletResponse, map, iDPSSOConfigElement).toString();
        if (debug.messageEnabled()) {
            debug.message("\nSPSLO.requestIDStr = " + stringBuffer + "\nbinding = " + str4);
        }
        if (stringBuffer != null && stringBuffer.length() != 0 && ((str4.equals(SAML2Constants.HTTP_REDIRECT) || str4.equals(SAML2Constants.HTTP_POST)) && logoutRequest != null)) {
            IDPCache.proxySPLogoutReqCache.put(stringBuffer, logoutRequest);
        } else if (stringBuffer != null && stringBuffer.length() != 0 && str4.equals(SAML2Constants.SOAP) && sOAPMessage != null) {
            IDPCache.SOAPMessageByLogoutRequestID.put(stringBuffer, sOAPMessage);
        }
        return stringBuffer;
    }

    public static Map<String, String> processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SAML2Exception, SessionException {
        List allHostedServiceProviderMetaAliases;
        if (debug.messageEnabled()) {
            debug.message("SPSingleLogout:processLogoutResponse : samlResponse : " + str);
            debug.message("SPSingleLogout:processLogoutResponse : relayState : " + str2);
        }
        String method = httpServletRequest.getMethod();
        String str3 = SAML2Constants.HTTP_REDIRECT;
        if (method.equals(Utils.POST)) {
            str3 = SAML2Constants.HTTP_POST;
        }
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        if (SPCache.isFedlet && ((metaAliasByUri == null || metaAliasByUri.length() == 0) && (allHostedServiceProviderMetaAliases = sm.getAllHostedServiceProviderMetaAliases("/")) != null && !allHostedServiceProviderMetaAliases.isEmpty())) {
            metaAliasByUri = (String) allHostedServiceProviderMetaAliases.get(0);
        }
        if (metaAliasByUri == null || metaAliasByUri.length() == 0) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
        }
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        if (!SAML2Utils.isSPProfileBindingSupported(realm, entityByMetaAlias, SAML2Constants.SLO_SERVICE, str3)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
        }
        SAML2Utils.validateRelayStateURL(realm, entityByMetaAlias, str2, SAML2Constants.SP_ROLE);
        LogoutResponse logoutResponse = null;
        if (method.equals(Utils.POST)) {
            logoutResponse = LogoutUtil.getLogoutResponseFromPost(str, httpServletResponse);
        } else if (method.equals(Utils.GET)) {
            String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
            if (decodeFromRedirect == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
            }
            logoutResponse = ProtocolFactory.getInstance().createLogoutResponse(decodeFromRedirect);
        }
        if (logoutResponse == null) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("SSingleLogout:processLogoutResponse: logoutRes is null");
            return null;
        }
        String value = logoutResponse.getIssuer().getValue();
        Issuer issuer = logoutResponse.getIssuer();
        String inResponseTo = logoutResponse.getInResponseTo();
        LogoutRequest logoutRequest = (LogoutRequest) SPCache.logoutRequestIDHash.remove(inResponseTo);
        if (logoutRequest == null) {
            logoutRequest = (LogoutRequest) SAML2Store.getTokenFromStore(inResponseTo);
        }
        if (logoutRequest == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            try {
                logoutRequest = (LogoutRequest) SAML2FailoverUtils.retrieveSAML2Token(inResponseTo);
            } catch (SAML2TokenRepositoryException e) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("LogoutRequestIDandInResponseToDoNotMatch"));
            }
        }
        String str4 = null;
        if (!SPCache.isFedlet) {
            str4 = preSingleLogoutProcess(entityByMetaAlias, realm, httpServletRequest, httpServletResponse, null, logoutRequest, logoutResponse, str3);
        }
        SAML2Utils.verifyResponseIssuer(realm, entityByMetaAlias, issuer, inResponseTo);
        boolean wantLogoutResponseSigned = SAML2Utils.getWantLogoutResponseSigned(realm, entityByMetaAlias, SAML2Constants.SP_ROLE);
        if (debug.messageEnabled()) {
            debug.message("SPSingleLogout:processLogoutResponse : metaAlias : " + metaAliasByUri);
            debug.message("SPSingleLogout:processLogoutResponse : realm : " + realm);
            debug.message("SPSingleLogout:processLogoutResponse : idpEntityID : " + value);
            debug.message("SPSingleLogout:processLogoutResponse : spEntityID : " + entityByMetaAlias);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("entityid", entityByMetaAlias);
        hashMap.put("realm", realm);
        if (wantLogoutResponseSigned) {
            if (!(method.equals(Utils.GET) ? SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.SP_ROLE, value) : LogoutUtil.verifySLOResponse(logoutResponse, realm, value, entityByMetaAlias, SAML2Constants.SP_ROLE))) {
                debug.error("SPSingleLogout.processLogoutResponse: Invalid signature in SLO Response.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
            }
            if (!SAML2Utils.verifyDestination(logoutResponse.getDestination(), getSLOResponseLocationOrLocation(sm.getSPSSODescriptor(realm, entityByMetaAlias), str3))) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        if (inResponseTo == null || inResponseTo.length() == 0) {
            if (debug.messageEnabled()) {
                debug.message("LogoutResponse inResponseTo is null");
            }
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullInResponseToFromSamlResponse"));
        }
        if (logoutRequest == null) {
            if (debug.messageEnabled()) {
                debug.message("LogoutResponse inResponseTo does not match LogoutRequest ID.");
            }
            throw new SAML2Exception(SAML2Utils.bundle.getString("LogoutRequestIDandInResponseToDoNotMatch"));
        }
        if (debug.messageEnabled()) {
            debug.message("LogoutResponse inResponseTo matches LogoutRequest ID.");
        }
        hashMap.put(SAML2Constants.IN_RESPONSE_TO, inResponseTo);
        hashMap.put("RelayState", str2);
        try {
            Object session = sessionProvider.getSession(httpServletRequest);
            if (session != null && sessionProvider.isValid(session)) {
                sessionProvider.invalidateSession(session, httpServletRequest, httpServletResponse);
            }
        } catch (SessionException e2) {
            debug.message("SPSingleLogout.processLogoutResponse() : Unable to invalidate session: " + e2.getMessage());
        }
        if (SPCache.isFedlet) {
            FedletAdapter fedletAdapterClass = SAML2Utils.getFedletAdapterClass(entityByMetaAlias, realm);
            if (fedletAdapterClass != null) {
                if (!isSuccess(logoutResponse)) {
                    fedletAdapterClass.onFedletSLOFailure(httpServletRequest, httpServletResponse, logoutRequest, logoutResponse, entityByMetaAlias, value, str3);
                    throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "sloFailed", null);
                }
                fedletAdapterClass.onFedletSLOSuccess(httpServletRequest, httpServletResponse, logoutRequest, logoutResponse, entityByMetaAlias, value, str3);
            }
        } else {
            if (!isSuccess(logoutResponse)) {
                throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "sloFailed", null);
            }
            postSingleLogoutSuccess(entityByMetaAlias, realm, httpServletRequest, httpServletResponse, str4, logoutRequest, logoutResponse, str3);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String preSingleLogoutProcess(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str3, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String str4) throws SAML2Exception {
        SAML2ServiceProviderAdapter sAML2ServiceProviderAdapter = null;
        try {
            sAML2ServiceProviderAdapter = SAML2Utils.getSPAdapterClass(str, str2);
        } catch (SAML2Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.invokeSPAdapterForPreSLOProcess", e);
            }
        }
        if (sAML2ServiceProviderAdapter != null) {
            if (str3 == null) {
                try {
                    Object session = sessionProvider.getSession(httpServletRequest);
                    if (session != null) {
                        str3 = sessionProvider.getPrincipalName(session);
                    }
                } catch (SessionException e2) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPACSUtils.invokeSPAdapterForPreSLOProcess2", e2);
                    }
                }
            }
            sAML2ServiceProviderAdapter.preSingleLogoutProcess(str, str2, httpServletRequest, httpServletResponse, str3, logoutRequest, logoutResponse, str4);
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void postSingleLogoutSuccess(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str3, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String str4) {
        SAML2ServiceProviderAdapter sAML2ServiceProviderAdapter = null;
        try {
            sAML2ServiceProviderAdapter = SAML2Utils.getSPAdapterClass(str, str2);
        } catch (SAML2Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("SPACSUtils.invokeSPAdapterForPostSLOProcess", e);
            }
        }
        if (sAML2ServiceProviderAdapter != null) {
            sAML2ServiceProviderAdapter.postSingleLogoutSuccess(str, str2, httpServletRequest, httpServletResponse, str3, logoutRequest, logoutResponse, str4);
        }
    }

    public static void processLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, String str2) throws SAML2Exception, SessionException {
        if (debug.messageEnabled()) {
            debug.message("processLogoutRequest : samlRequest : " + str);
            debug.message("processLogoutRequest : relayState : " + str2);
        }
        String method = httpServletRequest.getMethod();
        String str3 = SAML2Constants.HTTP_REDIRECT;
        if (method.equals(Utils.POST)) {
            str3 = SAML2Constants.HTTP_POST;
        }
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        if (SPCache.isFedlet && (metaAliasByUri == null || metaAliasByUri.length() == 0)) {
            List allHostedServiceProviderMetaAliases = sm.getAllHostedServiceProviderMetaAliases("/");
            if (allHostedServiceProviderMetaAliases != null && !allHostedServiceProviderMetaAliases.isEmpty()) {
                metaAliasByUri = (String) allHostedServiceProviderMetaAliases.get(0);
            }
            if (metaAliasByUri == null || metaAliasByUri.length() == 0) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
            }
        }
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        if (!SAML2Utils.isSPProfileBindingSupported(realm, entityByMetaAlias, SAML2Constants.SLO_SERVICE, str3)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
        }
        LogoutRequest logoutRequest = null;
        if (method.equals(Utils.POST)) {
            logoutRequest = LogoutUtil.getLogoutRequestFromPost(str, httpServletResponse);
        } else if (method.equals(Utils.GET)) {
            String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
            if (decodeFromRedirect == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlRequest"));
            }
            logoutRequest = ProtocolFactory.getInstance().createLogoutRequest(decodeFromRedirect);
        }
        if (logoutRequest == null) {
            if (debug.messageEnabled()) {
                debug.message("SPSingleLogout:processLogoutRequest: logoutReq is null");
                return;
            }
            return;
        }
        String value = logoutRequest.getIssuer().getValue();
        boolean wantLogoutRequestSigned = SAML2Utils.getWantLogoutRequestSigned(realm, entityByMetaAlias, SAML2Constants.SP_ROLE);
        if (debug.messageEnabled()) {
            debug.message("processLogoutRequest : metaAlias : " + metaAliasByUri);
            debug.message("processLogoutRequest : realm : " + realm);
            debug.message("processLogoutRequest : idpEntityID : " + value);
            debug.message("processLogoutRequest : spEntityID : " + entityByMetaAlias);
        }
        if (wantLogoutRequestSigned) {
            if (!(method.equals(Utils.POST) ? LogoutUtil.verifySLORequest(logoutRequest, realm, value, entityByMetaAlias, SAML2Constants.SP_ROLE) : SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.SP_ROLE, value))) {
                debug.error("SPSingleLogout.processLogoutRequest: Invalid signature in SLO Request.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
            }
            if (!SAML2Utils.verifyDestination(logoutRequest.getDestination(), getSLOResponseLocationOrLocation(sm.getSPSSODescriptor(realm, entityByMetaAlias), str3))) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(realm, value);
        if (iDPSSODescriptor == null) {
            LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{value}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List singleLogoutService = iDPSSODescriptor.getSingleLogoutService();
        if (singleLogoutService == null) {
            LogUtil.error(Level.INFO, LogUtil.SLO_NOT_FOUND, new String[]{value}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("sloServiceListNotfound"));
        }
        String sLOResponseServiceLocation = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, str3);
        if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
            sLOResponseServiceLocation = LogoutUtil.getSLOServiceLocation(singleLogoutService, str3);
            if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                debug.error("Unable to find the IDP's single logout response service with the HTTP-Redirect binding");
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
            }
            if (debug.messageEnabled()) {
                debug.message("SP's single logout response service location = " + sLOResponseServiceLocation);
            }
        } else if (debug.messageEnabled()) {
            debug.message("IDP's single logout response service location = " + sLOResponseServiceLocation);
        }
        List sPSessionPartners = IDPProxyUtil.getSPSessionPartners(httpServletRequest);
        if (sPSessionPartners == null || sPSessionPartners.isEmpty()) {
            LogoutResponse processLogoutRequest = processLogoutRequest(logoutRequest, entityByMetaAlias, realm, httpServletRequest, httpServletResponse, true, str3, true);
            processLogoutRequest.setDestination(XMLUtils.escapeSpecialCharacters(sLOResponseServiceLocation));
            LogoutUtil.sendSLOResponse(httpServletResponse, httpServletRequest, processLogoutRequest, sLOResponseServiceLocation, str2, realm, entityByMetaAlias, SAML2Constants.SP_ROLE, value, str3);
        } else {
            LogoutResponse processLogoutRequest2 = processLogoutRequest(logoutRequest, entityByMetaAlias, realm, httpServletRequest, httpServletResponse, false, false, str3, true);
            processLogoutRequest2.setDestination(XMLUtils.escapeSpecialCharacters(sLOResponseServiceLocation));
            IDPProxyUtil.sendIDPInitProxyLogoutRequest(httpServletRequest, httpServletResponse, printWriter, processLogoutRequest2, sLOResponseServiceLocation, entityByMetaAlias, value, str3, realm);
        }
    }

    public static LogoutResponse processLogoutRequest(LogoutRequest logoutRequest, String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, String str3, boolean z2) {
        return processLogoutRequest(logoutRequest, str, str2, httpServletRequest, httpServletResponse, z, true, str3, z2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v166, types: [java.util.List] */
    /* JADX WARN: Type inference failed for: r25v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r25v1, types: [java.lang.Throwable, com.sun.identity.plugin.session.SessionException] */
    public static LogoutResponse processLogoutRequest(LogoutRequest logoutRequest, String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2, String str3, boolean z3) {
        String sPNameQualifier;
        NameID nameID = null;
        Status status = null;
        Issuer issuer = null;
        String value = logoutRequest.getIssuer().getValue();
        String str4 = null;
        try {
            SAML2Utils.verifyRequestIssuer(str2, str, logoutRequest.getIssuer(), logoutRequest.getID());
            issuer = SAML2Utils.createIssuer(str);
            List sessionIndex = logoutRequest.getSessionIndex();
            int i = 0;
            if (sessionIndex != null) {
                i = sessionIndex.size();
                if (debug.messageEnabled()) {
                    debug.message("processLogoutRequest : Number of session indices in the logout request is " + i);
                }
            }
            nameID = LogoutUtil.getNameIDFromSLORequest(logoutRequest, str2, str, SAML2Constants.SP_ROLE);
            if (nameID == null) {
                debug.error("processLogoutRequest : LogoutRequest does not contain Name ID");
                status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("missing_name_identifier"));
            } else {
                String valueString = new NameIDInfoKey(nameID.getValue(), str, value).toValueString();
                if (debug.messageEnabled()) {
                    debug.message("processLogoutRequest : infokey=" + valueString);
                }
                if (!SPCache.isFedlet) {
                    List list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(valueString);
                    if (debug.messageEnabled()) {
                        debug.message("processLogoutRequest : SPFedsessions=" + list);
                    }
                    if ((list == null || list.isEmpty()) && ((sPNameQualifier = nameID.getSPNameQualifier()) == null || sPNameQualifier.length() == 0)) {
                        list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(new NameIDInfoKey(nameID.getValue(), str, nameID.getNameQualifier()).toValueString());
                    }
                    boolean z4 = false;
                    List list2 = null;
                    if (z) {
                        list2 = FSUtils.getRemoteServiceURLs(httpServletRequest);
                        z4 = (list2 == null || list2.isEmpty()) ? false : true;
                    }
                    if (debug.messageEnabled()) {
                        debug.message("processLogoutRequest : isLBReq = " + z + ", foundPeer = " + z4);
                    }
                    if (list != null && !list.isEmpty()) {
                        if (!z3 && !LogoutUtil.verifySLORequest(logoutRequest, str2, logoutRequest.getIssuer().getValue(), str, SAML2Constants.SP_ROLE)) {
                            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                        }
                        try {
                            str4 = sessionProvider.getPrincipalName(sessionProvider.getSession(((SPFedSession) list.iterator().next()).spTokenID));
                            if (SAML2Utils.debug.messageEnabled()) {
                                SAML2Utils.debug.message("SPSingleLogout.processLogoutRequest, user = " + str4);
                            }
                        } catch (SessionException e) {
                            if (SAML2Utils.debug.messageEnabled()) {
                                SAML2Utils.debug.message("SPSingleLogout.processLogoutRequest", e);
                            }
                        }
                        str4 = preSingleLogoutProcess(str, str2, httpServletRequest, httpServletResponse, str4, logoutRequest, null, str3);
                        List<String> list3 = SAML2MetaUtils.getAttributes(SAML2Utils.getSAML2MetaManager().getSPSSOConfig(str2, str)).get(SAML2Constants.APP_LOGOUT_URL);
                        if (debug.messageEnabled()) {
                            debug.message("IDPLogoutUtil.processLogoutRequest: external app logout URL= " + list3);
                        }
                        if (i == 0) {
                            ArrayList arrayList = new ArrayList();
                            synchronized (list) {
                                ListIterator listIterator = list.listIterator();
                                while (listIterator.hasNext()) {
                                    arrayList.add(((SPFedSession) listIterator.next()).spTokenID);
                                    listIterator.remove();
                                    if (agent != null && agent.isRunning() && saml2Svc != null) {
                                        saml2Svc.setFedSessionCount(SPCache.fedSessionListsByNameIDInfoKey.size());
                                    }
                                }
                            }
                            ListIterator listIterator2 = arrayList.listIterator();
                            while (listIterator2.hasNext()) {
                                String str5 = (String) listIterator2.next();
                                try {
                                    Object session = sessionProvider.getSession(str5);
                                    if (debug.messageEnabled()) {
                                        debug.message("processLogoutRequest : destroy token " + str5);
                                    }
                                    if (list3 != null && list3.size() != 0) {
                                        SAML2Utils.postToAppLogout(httpServletRequest, list3.get(0), session);
                                    }
                                    if (z2) {
                                        sessionProvider.invalidateSession(session, httpServletRequest, httpServletResponse);
                                    }
                                } catch (SessionException e2) {
                                    debug.error("processLogoutRequest : Could not create session from token ID = " + str5);
                                }
                            }
                            if (z4) {
                                boolean z5 = false;
                                Iterator it = list2.iterator();
                                while (it.hasNext()) {
                                    LogoutResponse forwardToRemoteServer = LogoutUtil.forwardToRemoteServer(logoutRequest, getRemoteLogoutURL((String) it.next(), httpServletRequest));
                                    if (forwardToRemoteServer == null || (!isSuccess(forwardToRemoteServer) && !isNameNotFound(forwardToRemoteServer))) {
                                        z5 = true;
                                    }
                                }
                                status = z5 ? PARTIAL_LOGOUT_STATUS : SUCCESS_STATUS;
                            }
                        } else {
                            ArrayList arrayList2 = new ArrayList();
                            for (int i2 = 0; i2 < i; i2++) {
                                String str6 = (String) sessionIndex.get(i2);
                                String str7 = null;
                                synchronized (list) {
                                    ListIterator listIterator3 = list.listIterator();
                                    while (true) {
                                        if (!listIterator3.hasNext()) {
                                            break;
                                        }
                                        SPFedSession sPFedSession = (SPFedSession) listIterator3.next();
                                        if (str6.equals(sPFedSession.idpSessionIndex)) {
                                            if (debug.messageEnabled()) {
                                                debug.message("processLogoutRequest :  found si + " + str6);
                                            }
                                            str7 = sPFedSession.spTokenID;
                                            listIterator3.remove();
                                            if (agent != null && agent.isRunning() && saml2Svc != null) {
                                                saml2Svc.setFedSessionCount(SPCache.fedSessionListsByNameIDInfoKey.size());
                                            }
                                        }
                                    }
                                }
                                if (str7 != null) {
                                    try {
                                        Object session2 = sessionProvider.getSession(str7);
                                        if (debug.messageEnabled()) {
                                            debug.message("processLogoutRequest : destroy token (2) " + str7);
                                        }
                                        if (list3 != null && list3.size() != 0) {
                                            SAML2Utils.postToAppLogout(httpServletRequest, list3.get(0), session2);
                                        }
                                        if (z2) {
                                            sessionProvider.invalidateSession(session2, httpServletRequest, httpServletResponse);
                                        }
                                    } catch (SessionException e3) {
                                        debug.error("processLogoutRequest : Could not create session from token ID = " + str7);
                                    }
                                } else {
                                    arrayList2.add(str6);
                                }
                            }
                            if (z) {
                                if (!z4 || arrayList2.isEmpty()) {
                                    status = SUCCESS_STATUS;
                                } else {
                                    boolean z6 = false;
                                    LogoutRequest copyAndMakeMutable = copyAndMakeMutable(logoutRequest);
                                    Iterator it2 = list2.iterator();
                                    while (it2.hasNext()) {
                                        copyAndMakeMutable.setSessionIndex(arrayList2);
                                        LogoutResponse forwardToRemoteServer2 = LogoutUtil.forwardToRemoteServer(copyAndMakeMutable, getRemoteLogoutURL((String) it2.next(), httpServletRequest));
                                        if (forwardToRemoteServer2 != null && !isNameNotFound(forwardToRemoteServer2)) {
                                            if (isSuccess(forwardToRemoteServer2)) {
                                                arrayList2 = LogoutUtil.getSessionIndex(forwardToRemoteServer2);
                                            } else {
                                                z6 = true;
                                            }
                                        }
                                        if (debug.messageEnabled()) {
                                            debug.message("processLogoutRequest : siNotFound = " + arrayList2);
                                        }
                                        if (arrayList2 == null || arrayList2.isEmpty()) {
                                            z6 = false;
                                            break;
                                        }
                                    }
                                    status = (z6 || !(arrayList2 == null || arrayList2.isEmpty())) ? PARTIAL_LOGOUT_STATUS : SUCCESS_STATUS;
                                }
                            } else if (arrayList2.isEmpty()) {
                                status = SUCCESS_STATUS;
                            } else {
                                status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
                                LogoutUtil.setSessionIndex(status, arrayList2);
                            }
                        }
                    } else if (z4) {
                        boolean z7 = false;
                        Iterator it3 = list2.iterator();
                        while (it3.hasNext()) {
                            LogoutResponse forwardToRemoteServer3 = LogoutUtil.forwardToRemoteServer(logoutRequest, getRemoteLogoutURL((String) it3.next(), httpServletRequest));
                            if (forwardToRemoteServer3 != null && !isNameNotFound(forwardToRemoteServer3)) {
                                if (!isSuccess(forwardToRemoteServer3)) {
                                    z7 = true;
                                } else if (i > 0) {
                                    sessionIndex = LogoutUtil.getSessionIndex(forwardToRemoteServer3);
                                    if (sessionIndex == null || sessionIndex.isEmpty()) {
                                        z7 = false;
                                        break;
                                    }
                                } else {
                                    continue;
                                }
                            }
                        }
                        status = (z7 || (sessionIndex != null && sessionIndex.size() > 0)) ? PARTIAL_LOGOUT_STATUS : SUCCESS_STATUS;
                    } else {
                        debug.error("processLogoutRequest : invalid Name ID received");
                        status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("invalid_name_identifier"));
                    }
                } else {
                    if (!z3 && !LogoutUtil.verifySLORequest(logoutRequest, str2, value, str, SAML2Constants.SP_ROLE)) {
                        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                    }
                    FedletAdapter fedletAdapterClass = SAML2Utils.getFedletAdapterClass(str, str2);
                    status = fedletAdapterClass != null ? fedletAdapterClass.doFedletSLO(httpServletRequest, httpServletResponse, logoutRequest, str, value, sessionIndex, nameID.getValue(), str3) : false ? SUCCESS_STATUS : SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("appLogoutFailed"));
                }
            }
        } catch (SessionException e4) {
            debug.error("processLogoutRequest: ", (Throwable) e4);
            status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, e4.toString());
        } catch (SAML2Exception e5) {
            debug.error("processLogoutRequest: failed to create response", (Throwable) e5);
            status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, e5.toString());
        }
        if (str == null) {
            str = nameID.getSPNameQualifier();
        }
        LogoutResponse generateResponse = LogoutUtil.generateResponse(status, logoutRequest.getID(), issuer, str2, SAML2Constants.SP_ROLE, value);
        if (isSuccess(generateResponse)) {
            postSingleLogoutSuccess(str, str2, httpServletRequest, httpServletResponse, str4, logoutRequest, generateResponse, str3);
        }
        return generateResponse;
    }

    static boolean isSuccess(LogoutResponse logoutResponse) {
        return logoutResponse.getStatus().getStatusCode().getValue().equals(SAML2Constants.SUCCESS);
    }

    static boolean isNameNotFound(LogoutResponse logoutResponse) {
        Status status = logoutResponse.getStatus();
        String statusMessage = status.getStatusMessage();
        return status.getStatusCode().getValue().equals(SAML2Constants.RESPONDER) && statusMessage != null && statusMessage.equals(SAML2Utils.bundle.getString("invalid_name_identifier"));
    }

    private static LogoutRequest copyAndMakeMutable(LogoutRequest logoutRequest) {
        LogoutRequest createLogoutRequest = ProtocolFactory.getInstance().createLogoutRequest();
        try {
            createLogoutRequest.setNotOnOrAfter(logoutRequest.getNotOnOrAfter());
            createLogoutRequest.setReason(logoutRequest.getReason());
            createLogoutRequest.setEncryptedID(logoutRequest.getEncryptedID());
            createLogoutRequest.setNameID(logoutRequest.getNameID());
            createLogoutRequest.setBaseID(logoutRequest.getBaseID());
            createLogoutRequest.setSessionIndex(logoutRequest.getSessionIndex());
            createLogoutRequest.setIssuer(logoutRequest.getIssuer());
            createLogoutRequest.setExtensions(logoutRequest.getExtensions());
            createLogoutRequest.setID(logoutRequest.getID());
            createLogoutRequest.setVersion(logoutRequest.getVersion());
            createLogoutRequest.setIssueInstant(logoutRequest.getIssueInstant());
            createLogoutRequest.setDestination(XMLUtils.escapeSpecialCharacters(logoutRequest.getDestination()));
            createLogoutRequest.setConsent(logoutRequest.getConsent());
        } catch (SAML2Exception e) {
            debug.error("SPLogoutUtil.copyAndMakeMutable:", e);
        }
        return createLogoutRequest;
    }

    private static String getSLOResponseLocationOrLocation(SPSSODescriptorElement sPSSODescriptorElement, String str) {
        List singleLogoutService;
        String str2 = null;
        if (sPSSODescriptorElement != null && (singleLogoutService = sPSSODescriptorElement.getSingleLogoutService()) != null && !singleLogoutService.isEmpty()) {
            str2 = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, str);
            if (str2 == null || str2.length() == 0) {
                str2 = LogoutUtil.getSLOServiceLocation(singleLogoutService, str);
            }
        }
        return str2;
    }

    private static String getRemoteLogoutURL(String str, HttpServletRequest httpServletRequest) {
        if (str == null || httpServletRequest == null) {
            return null;
        }
        String queryString = httpServletRequest.getQueryString();
        return queryString == null ? str + SAML2Utils.removeDeployUri(httpServletRequest.getRequestURI()) + "?isLBReq=false" : str + SAML2Utils.removeDeployUri(httpServletRequest.getRequestURI()) + "?" + queryString + "&isLBReq=false";
    }

    static {
        sm = null;
        sessionProvider = null;
        try {
            sm = new SAML2MetaManager();
        } catch (SAML2MetaException e) {
            debug.error("Error retrieving metadata.", e);
        }
        try {
            sessionProvider = SessionManager.getProvider();
        } catch (SessionException e2) {
            debug.error("Error retrieving session provider.", e2);
        }
        agent = MonitorManager.getAgent();
        saml2Svc = MonitorManager.getSAML2Svc();
    }
}
