package org.forgerock.openam.saml2;

import com.sun.identity.multiprotocol.MultiProtocolUtils;
import com.sun.identity.plugin.monitoring.FedMonAgent;
import com.sun.identity.plugin.monitoring.FedMonSAML2Svc;
import com.sun.identity.plugin.monitoring.MonitorManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml2.assertion.AuthnContext;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.profile.CacheObject;
import com.sun.identity.saml2.profile.ClientFaultException;
import com.sun.identity.saml2.profile.IDPCache;
import com.sun.identity.saml2.profile.IDPSSOUtil;
import com.sun.identity.saml2.profile.IDPSession;
import com.sun.identity.saml2.profile.ServerFaultException;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.NameIDPolicy;
import com.sun.identity.saml2.protocol.Response;
import java.io.PrintWriter;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:org/forgerock/openam/saml2/UtilProxySAMLAuthenticatorLookup.class */
public class UtilProxySAMLAuthenticatorLookup extends SAMLBase implements SAMLAuthenticatorLookup {
    private final HttpServletRequest request;
    private final HttpServletResponse response;
    private final IDPSSOFederateRequest data;
    private final PrintWriter out;

    public UtilProxySAMLAuthenticatorLookup(IDPSSOFederateRequest iDPSSOFederateRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter) {
        this.data = iDPSSOFederateRequest;
        this.out = printWriter;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
    }

    /* JADX WARN: Type inference failed for: r20v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    @Override // org.forgerock.openam.saml2.SAMLAuthenticatorLookup
    public void retrieveAuthenticationFromCache() throws SessionException, ServerFaultException, ClientFaultException {
        CacheObject cacheObject;
        CacheObject cacheObject2;
        CacheObject cacheObject3;
        FedMonSAML2Svc sAML2Svc;
        SessionProvider provider = SessionManager.getProvider();
        try {
            this.data.setSession(provider.getSession(this.request));
            this.data.getEventAuditor().setSSOTokenId(this.data.getSession());
        } catch (SessionException e) {
            SAML2Utils.debug.error("An error occurred while retrieving the session: " + e.getMessage());
            this.data.setSession(null);
        }
        synchronized (IDPCache.authnRequestCache) {
            cacheObject = (CacheObject) IDPCache.authnRequestCache.get(this.data.getRequestID());
        }
        if (cacheObject != null) {
            this.data.setAuthnRequest((AuthnRequest) cacheObject.getObject());
        }
        this.data.setRelayState((String) IDPCache.relayStateCache.get(this.data.getRequestID()));
        if (isSessionValid(provider) && !preSendResponse(this.request, this.response, this.data)) {
            synchronized (IDPCache.authnRequestCache) {
                cacheObject2 = (CacheObject) IDPCache.authnRequestCache.remove(this.data.getRequestID());
            }
            if (cacheObject2 != null) {
                this.data.setAuthnRequest((AuthnRequest) cacheObject2.getObject());
            }
            synchronized (IDPCache.idpAuthnContextCache) {
                cacheObject3 = (CacheObject) IDPCache.idpAuthnContextCache.remove(this.data.getRequestID());
            }
            if (cacheObject3 != null) {
                this.data.setMatchingAuthnContext((AuthnContext) cacheObject3.getObject());
            }
            this.data.setRelayState((String) IDPCache.relayStateCache.remove(this.data.getRequestID()));
            if (this.data.getAuthnRequest() == null) {
                authNotAvailable();
                return;
            }
            SAML2Utils.debug.message("{} RequestID= {}", new Object[]{"UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: ", this.data.getRequestID()});
            boolean z = false;
            if (CollectionUtils.isNotEmpty(IDPCache.isSessionUpgradeCache)) {
                z = IDPCache.isSessionUpgradeCache.contains(this.data.getRequestID());
            }
            if (z) {
                IDPSession iDPSession = (IDPSession) IDPCache.oldIDPSessionCache.remove(this.data.getRequestID());
                String sessionIndex = IDPSSOUtil.getSessionIndex(this.data.getSession());
                if (StringUtils.isNotEmpty(sessionIndex)) {
                    IDPCache.idpSessionsByIndices.put(sessionIndex, iDPSession);
                    FedMonAgent agent = MonitorManager.getAgent();
                    if (agent != null && agent.isRunning() && (sAML2Svc = MonitorManager.getSAML2Svc()) != null) {
                        sAML2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                    }
                }
            }
            if (this.data.getSession() != null) {
                MultiProtocolUtils.addFederationProtocol(this.data.getSession(), "saml2");
            }
            this.data.setSpEntityID(this.data.getAuthnRequest().getIssuer().getValue());
            NameIDPolicy nameIDPolicy = this.data.getAuthnRequest().getNameIDPolicy();
            try {
                IDPSSOUtil.sendResponseToACS(this.request, this.response, this.out, this.data.getSession(), this.data.getAuthnRequest(), this.data.getSpEntityID(), this.data.getIdpEntityID(), this.data.getIdpMetaAlias(), this.data.getRealm(), nameIDPolicy == null ? null : nameIDPolicy.getFormat(), this.data.getRelayState(), this.data.getMatchingAuthnContext());
            } catch (SAML2Exception e2) {
                SAML2Utils.debug.error("UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: Unable to do sso or federation.", (Throwable) e2);
                throw new ServerFaultException(this.data.getIdpAdapter(), "UnableToDOSSOOrFederation", e2.getMessage());
            }
        }
    }

    private void authNotAvailable() throws ServerFaultException {
        Integer num;
        SAML2Utils.debug.error("UtilProxySAMLAuthenticatorLookup.authNotavailableUnable to get AuthnRequest from cache, sending error response");
        try {
            SAML2Utils.debug.message("Invoking IDP adapter preSendFailureResponse hook");
            try {
                this.data.getIdpAdapter().preSendFailureResponse(this.request, this.response, SAML2Constants.SERVER_FAULT, "UnableToGetAuthnReq");
            } catch (SAML2Exception e) {
                SAML2Utils.debug.error("Error invoking the IDP Adapter", e);
            }
            Response errorResponse = SAML2Utils.getErrorResponse(null, SAML2Constants.RESPONDER, null, null, this.data.getIdpEntityID());
            errorResponse.setInResponseTo(this.data.getRequestID());
            StringBuffer stringBuffer = new StringBuffer();
            String parameter = this.request.getParameter(SAML2Constants.SPENTITYID);
            String parameter2 = this.request.getParameter("acsURL");
            String parameter3 = this.request.getParameter(SAML2Constants.BINDING);
            try {
                num = Integer.valueOf(this.request.getParameter("index"));
            } catch (NumberFormatException e2) {
                num = null;
            }
            IDPSSOUtil.sendResponse(this.request, this.response, this.out, stringBuffer.toString(), parameter, this.data.getIdpEntityID(), this.data.getIdpMetaAlias(), this.data.getRealm(), this.data.getRelayState(), IDPSSOUtil.getACSurl(parameter, this.data.getRealm(), parameter2, parameter3, num, this.request, stringBuffer), errorResponse, this.data.getSession());
        } catch (SAML2Exception e3) {
            SAML2Utils.debug.error("UtilProxySAMLAuthenticatorLookup.authNotavailablean error occured while sending error response", e3);
            throw new ServerFaultException(this.data.getIdpAdapter(), "UnableToGetAuthnReq");
        }
    }

    private boolean isSessionValid(SessionProvider sessionProvider) throws ServerFaultException, ClientFaultException, SessionException {
        if (this.data.getSession() != null && IDPSSOUtil.isValidSessionInRealm(this.data.getRealm(), this.data.getSession())) {
            return true;
        }
        if (this.data.getAuthnRequest() != null && Boolean.TRUE.equals(this.data.getAuthnRequest().isPassive())) {
            this.data.setSpEntityID(this.data.getAuthnRequest().getIssuer().getValue());
            try {
                IDPSSOUtil.sendResponseWithStatus(this.request, this.response, this.out, this.data.getIdpMetaAlias(), this.data.getIdpEntityID(), this.data.getRealm(), this.data.getAuthnRequest(), this.data.getRelayState(), this.data.getSpEntityID(), SAML2Constants.RESPONDER, SAML2Constants.NOPASSIVE);
                return false;
            } catch (SAML2Exception e) {
                SAML2Utils.debug.error("UtilProxySAMLAuthenticatorLookup.validteSesison", e);
                throw new ServerFaultException(this.data.getIdpAdapter(), "metaDataError");
            }
        }
        String remoteAddr = this.request.getRemoteAddr();
        String str = "";
        try {
            str = this.data.getAuthnRequest() == null ? "" : this.data.getAuthnRequest().toXMLString();
        } catch (SAML2Exception e2) {
            SAML2Utils.debug.error("UtilProxySAMLAuthenticatorLookup.validteSesisonCould not obtain the AuthnReq to be logged");
        }
        if (this.data.getSession() == null) {
            SAML2Utils.debug.error("UtilProxySAMLAuthenticatorLookup.validteSesisonThe IdP has not been able to create a session");
            logError(Level.INFO, LogUtil.SSO_NOT_FOUND, null, null, IDPSSOUtil.NULL, this.data.getRealm(), this.data.getIdpEntityID(), remoteAddr, str);
        } else {
            SAML2Utils.debug.error("UtilProxySAMLAuthenticatorLookup.validteSesisonThe realm of the session does not correspond to that of the IdP");
            logError(Level.INFO, LogUtil.INVALID_REALM_FOR_SESSION, this.data.getSession(), null, sessionProvider.getProperty(this.data.getSession(), SAML2Constants.ORGANIZATION)[0], this.data.getRealm(), this.data.getIdpEntityID(), remoteAddr, str);
        }
        throw new ClientFaultException(this.data.getIdpAdapter(), "UnableToDOSSOOrFederation");
    }
}
