package com.sun.identity.saml2.common;

import com.sun.identity.common.HttpURLConnectionManager;
import com.sun.identity.common.SystemConfigurationException;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.cot.COTException;
import com.sun.identity.cot.CircleOfTrustManager;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.plugin.datastore.DataStoreProvider;
import com.sun.identity.plugin.datastore.DataStoreProviderException;
import com.sun.identity.plugin.datastore.DataStoreProviderManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLUtilsCommon;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Attribute;
import com.sun.identity.saml2.assertion.AudienceRestriction;
import com.sun.identity.saml2.assertion.AuthnStatement;
import com.sun.identity.saml2.assertion.Conditions;
import com.sun.identity.saml2.assertion.EncryptedAssertion;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.assertion.Subject;
import com.sun.identity.saml2.assertion.SubjectConfirmation;
import com.sun.identity.saml2.assertion.SubjectConfirmationData;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement;
import com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement;
import com.sun.identity.saml2.jaxb.metadata.EndpointType;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper;
import com.sun.identity.saml2.plugins.FedletAdapter;
import com.sun.identity.saml2.plugins.IDPAccountMapper;
import com.sun.identity.saml2.plugins.SAML2IDPFinder;
import com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter;
import com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter;
import com.sun.identity.saml2.plugins.SPAccountMapper;
import com.sun.identity.saml2.plugins.SPAttributeMapper;
import com.sun.identity.saml2.plugins.SPAuthnContextMapper;
import com.sun.identity.saml2.profile.AuthnRequestInfo;
import com.sun.identity.saml2.profile.AuthnRequestInfoCopy;
import com.sun.identity.saml2.profile.CacheCleanUpScheduler;
import com.sun.identity.saml2.profile.IDPCache;
import com.sun.identity.saml2.profile.IDPSSOUtil;
import com.sun.identity.saml2.profile.SPCache;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.RequestAbstract;
import com.sun.identity.saml2.protocol.RequestedAuthnContext;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.saml2.protocol.StatusCode;
import com.sun.identity.security.cert.CRLValidator;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.CookieUtils;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLDecoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.MimeHeader;
import javax.xml.soap.MimeHeaders;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;
import org.forgerock.openam.saml2.SAML2Store;
import org.forgerock.openam.saml2.plugins.ValidRelayStateExtractor;
import org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.IOUtils;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.owasp.esapi.ESAPI;

/* loaded from: input_file:com/sun/identity/saml2/common/SAML2Utils.class */
public class SAML2Utils extends SAML2SDKUtils {
    private static SAML2MetaManager saml2MetaManager;
    private static CircleOfTrustManager cotManager;
    private static String serverPort;
    private static int intServerPort;
    private static final String GET_METHOD = "GET";
    private static final String POST_METHOD = "POST";
    private static final String LOCATION = "Location";
    private static final char EQUALS = '=';
    private static final char SEMI_COLON = ';';
    private static final char DOUBLE_QUOTE = '\"';
    private static String bufferLen;
    private static boolean checkCertStatus;
    private static boolean checkCAStatus;
    private static final RedirectUrlValidator<ValidRelayStateExtractor.SAMLEntityInfo> RELAY_STATE_VALIDATOR;
    private static final AssertionFactory assertionFactory;
    private static final SecureRandom randomGenerator;
    private static KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    private static String serverProtocol = SystemPropertiesManager.get(SAMLConstants.SERVER_PROTOCOL);
    private static String serverHost = SystemPropertiesManager.get(SAMLConstants.SERVER_HOST);
    private static String serverUri = SystemPropertiesManager.get(SAMLConstants.SERVER_URI);
    private static String sessionCookieName = SystemPropertiesManager.get("com.iplanet.am.cookie.name");

    public static Map verifyResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Response response, String str, String str2, String str3) throws SAML2Exception {
        Subject subject;
        List subjectConfirmation;
        if (response == null || str == null || str.length() == 0) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.verifyResponse:response or orgName is null.");
            }
            throw new SAML2Exception(bundle.getString("nullInput"));
        }
        String id = response.getID();
        AuthnRequestInfo authnRequestInfo = null;
        String inResponseTo = response.getInResponseTo();
        if (inResponseTo != null && inResponseTo.length() != 0) {
            authnRequestInfo = (AuthnRequestInfo) SPCache.requestHash.get(inResponseTo);
            if (authnRequestInfo == null) {
                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                    AuthnRequestInfoCopy authnRequestInfoCopy = null;
                    try {
                        authnRequestInfoCopy = (AuthnRequestInfoCopy) SAML2FailoverUtils.retrieveSAML2Token(inResponseTo);
                    } catch (SAML2TokenRepositoryException e) {
                        debug.error("SAML2Utils.verifyResponse:AuthnRequestInfoCopy unable to retrieve from SAML2 repository for inResponseTo: " + inResponseTo);
                    }
                    if (authnRequestInfoCopy == null) {
                        debug.error("SAML2Utils.verifyResponse:InResponseTo attribute in Response is invalid: " + inResponseTo + ", SAML2 failover is enabled");
                        LogUtil.error(Level.INFO, LogUtil.INVALID_INRESPONSETO_RESPONSE, new String[]{id}, null);
                        throw new SAML2Exception(bundle.getString("invalidInResponseToInResponse"));
                    }
                    authnRequestInfo = authnRequestInfoCopy.getAuthnRequestInfo(httpServletRequest, httpServletResponse);
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.verifyResponse:AuthnRequestInfoCopy retrieved from SAML2 repository for inResponseTo: " + inResponseTo);
                    }
                } else {
                    AuthnRequestInfoCopy authnRequestInfoCopy2 = (AuthnRequestInfoCopy) SAML2Store.getTokenFromStore(inResponseTo);
                    if (authnRequestInfoCopy2 == null) {
                        debug.error("SAML2Utils.verifyResponse:InResponseTo attribute in Response is invalid: " + inResponseTo + ", SAML2 failover is enabled");
                        LogUtil.error(Level.INFO, LogUtil.INVALID_INRESPONSETO_RESPONSE, new String[]{id}, null);
                        throw new SAML2Exception(bundle.getString("invalidInResponseToInResponse"));
                    }
                    authnRequestInfo = authnRequestInfoCopy2.getAuthnRequestInfo(httpServletRequest, httpServletResponse);
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.verifyResponse:AuthnRequestInfoCopy retrieved from SAML2 repository for inResponseTo: " + inResponseTo);
                    }
                }
            }
        }
        SAML2ServiceProviderAdapter sPAdapterClass = getSPAdapterClass(str2, str);
        if (sPAdapterClass != null) {
            sPAdapterClass.preSingleSignOnProcess(str2, str, httpServletRequest, httpServletResponse, authnRequestInfo != null ? authnRequestInfo.getAuthnRequest() : null, response, str3);
        }
        String str4 = null;
        Issuer issuer = response.getIssuer();
        if (issuer != null) {
            if (!isSourceSiteValid(issuer, str, str2)) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.verifyResponse:Issuer in Response is not valid.");
                }
                LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_RESPONSE, new String[]{str2, str, id}, null);
                throw new SAML2Exception(bundle.getString("invalidIssuerInResponse"));
            }
            str4 = issuer.getValue();
        }
        Status status = response.getStatus();
        if (status == null || !status.getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
            String value = status == null ? "" : status.getStatusCode().getValue();
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.verifyResponse:Response's status code is not success: " + value);
            }
            String[] strArr = {id, ""};
            if (LogUtil.isErrorLoggable(Level.FINE)) {
                strArr[1] = value;
            }
            LogUtil.error(Level.INFO, LogUtil.WRONG_STATUS_CODE, strArr, null);
            StatusCode statusCode = status.getStatusCode().getStatusCode();
            String value2 = statusCode != null ? statusCode.getValue() : null;
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.verifyResponse:First level status code : " + value);
                if (value2 != null) {
                    debug.message("SAML2Utils.verifyResponse:Second level status code : " + value2);
                }
            }
            throw new InvalidStatusCodeSaml2Exception(value, value2);
        }
        if (saml2MetaManager == null) {
            throw new SAML2Exception(bundle.getString("nullMetaManager"));
        }
        SPSSOConfigElement sPSSOConfig = saml2MetaManager.getSPSSOConfig(str, str2);
        SPSSODescriptorElement sPSSODescriptor = saml2MetaManager.getSPSSODescriptor(str, str2);
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.verifyResponse:binding is :" + str3);
        }
        boolean z = false;
        if (response.isSigned()) {
            try {
                IDPSSODescriptorElement iDPSSODescriptor = saml2MetaManager.getIDPSSODescriptor(str, str4);
                if (iDPSSODescriptor == null) {
                    LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str4}, null);
                    throw new SAML2Exception(bundle.getString("metaDataError"));
                }
                Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(iDPSSODescriptor, str4, SAML2Constants.IDP_ROLE);
                if (CollectionUtils.isEmpty(verificationCerts) || !response.isSignatureValid(verificationCerts)) {
                    debug.error("SAML2Utils.verifyResponse:Response is not signed or signature is not valid.");
                    LogUtil.error(Level.INFO, LogUtil.POST_RESPONSE_INVALID_SIGNATURE, new String[]{str, str2, str4}, null);
                    throw new SAML2Exception(bundle.getString("invalidSignInResponse"));
                }
                z = true;
            } catch (SAML2MetaException e2) {
                LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str, str4}, null);
                throw new SAML2Exception((Throwable) e2);
            }
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.verifyResponse:responseIsSigned is :" + z);
        }
        boolean parseBoolean = Boolean.parseBoolean(getAttributeValueFromSPSSOConfig(sPSSOConfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED));
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.verifyResponse:NeedAssertionEncrypted is :" + parseBoolean);
        }
        List<Assertion> assertion = response.getAssertion();
        if (parseBoolean && !CollectionUtils.isEmpty(assertion)) {
            LogUtil.error(Level.INFO, LogUtil.ASSERTION_NOT_ENCRYPTED, new String[]{id}, null);
            throw new SAML2Exception(bundle.getString("assertionNotEncrypted"));
        }
        List encryptedAssertion = response.getEncryptedAssertion();
        if (encryptedAssertion != null) {
            Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys((BaseConfigType) sPSSOConfig);
            Iterator it = encryptedAssertion.iterator();
            while (it.hasNext()) {
                Assertion decrypt = ((EncryptedAssertion) it.next()).decrypt(decryptionKeys);
                if (assertion == null) {
                    assertion = new ArrayList();
                }
                assertion.add(decrypt);
            }
        }
        if (CollectionUtils.isEmpty(assertion)) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.verifyResponse:no assertion in the Response.");
            }
            LogUtil.error(Level.INFO, LogUtil.MISSING_ASSERTION, new String[]{id}, null);
            throw new SAML2Exception(bundle.getString("missingAssertion"));
        }
        boolean isWantAssertionsSigned = sPSSODescriptor.isWantAssertionsSigned();
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.verifyResponse:wantAssertionsSigned is :" + isWantAssertionsSigned);
        }
        int i = 300;
        String attributeValueFromSPSSOConfig = getAttributeValueFromSPSSOConfig(sPSSOConfig, SAML2Constants.ASSERTION_TIME_SKEW);
        if (attributeValueFromSPSSOConfig != null && attributeValueFromSPSSOConfig.trim().length() > 0) {
            i = Integer.parseInt(attributeValueFromSPSSOConfig);
            if (i < 0) {
                i = 300;
            }
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.verifyResponse:timeskew (s) = " + i);
        }
        Map map = null;
        Set<X509Certificate> set = null;
        boolean z2 = true;
        for (Assertion assertion2 : assertion) {
            String id2 = assertion2.getID();
            Issuer issuer2 = assertion2.getIssuer();
            if (!isSourceSiteValid(issuer2, str, str2)) {
                debug.error("assertion's source site is not valid.");
                LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_ASSERTION, new String[]{id2}, null);
                throw new SAML2Exception(bundle.getString("invalidIssuerInAssertion"));
            }
            if (str4 == null) {
                str4 = issuer2.getValue();
            } else if (!str4.equals(issuer2.getValue())) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.verifyResponse:Issuer in Assertion doesn't match the Issuer in Response or other Assertions in the Response.");
                }
                LogUtil.error(Level.INFO, LogUtil.MISMATCH_ISSUER_ASSERTION, new String[]{id2}, null);
                throw new SAML2Exception(bundle.getString("mismatchIssuer"));
            }
            if (assertion2.isSigned()) {
                if (set == null) {
                    set = KeyUtil.getVerificationCerts(saml2MetaManager.getIDPSSODescriptor(str, str4), str4, SAML2Constants.IDP_ROLE);
                }
                if (CollectionUtils.isEmpty(set) || !assertion2.isSignatureValid(set)) {
                    debug.error("SAML2Utils.verifyResponse:Assertion is not signed or signature is not valid.");
                    LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, new String[]{id2}, null);
                    throw new SAML2Exception(bundle.getString("invalidSignatureOnAssertion"));
                }
            } else {
                z2 = false;
            }
            List<AuthnStatement> authnStatements = assertion2.getAuthnStatements();
            if (authnStatements != null && !authnStatements.isEmpty() && (subject = assertion2.getSubject()) != null && (subjectConfirmation = subject.getSubjectConfirmation()) != null && !subjectConfirmation.isEmpty()) {
                Map isBearerSubjectConfirmation = isBearerSubjectConfirmation(subjectConfirmation, inResponseTo, sPSSODescriptor, id2, i);
                if (((Boolean) isBearerSubjectConfirmation.get(SAML2Constants.IS_BEARER)).booleanValue()) {
                    boolean z3 = false;
                    if (SPCache.assertionByIDCache != null && SPCache.assertionByIDCache.containsKey(id2)) {
                        z3 = true;
                    }
                    if (!z3 && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        try {
                            if (SAML2FailoverUtils.retrieveSAML2Token(id2) != null) {
                                z3 = true;
                            }
                        } catch (SAML2TokenRepositoryException e3) {
                            if (debug.messageEnabled()) {
                                debug.message("Session not found in AMTokenSAML2Repository.", e3);
                            }
                        }
                    }
                    if (z3) {
                        debug.error("Bearer Assertion is one time use only!");
                        throw new SAML2Exception(bundle.getString("usedBearAssertion"));
                    }
                    checkAudience(assertion2.getConditions(), str2, id2);
                    checkConditions(assertion2.getConditions(), str2, id2, i);
                    if (map == null) {
                        map = fillMap(authnStatements, subject, assertion2, assertion, authnRequestInfo, inResponseTo, str, str2, str4, sPSSOConfig, (Date) isBearerSubjectConfirmation.get("NotOnOrAfter"));
                    }
                } else {
                    continue;
                }
            }
        }
        if (map == null) {
            debug.error("No Authentication Assertion in Response.");
            throw new SAML2Exception(bundle.getString("missingAuthnAssertion"));
        }
        if (isWantAssertionsSigned && !z && !z2) {
            debug.error("SAML2Utils.verifyResponse:WantAssertionsSigned is true and response or all assertions are not signed");
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, new String[]{str, str2, str4}, null);
            throw new SAML2Exception(bundle.getString("assertionNotSigned"));
        }
        if (str3.equals(SAML2Constants.HTTP_POST)) {
            boolean wantPOSTResponseSigned = wantPOSTResponseSigned(str, str2, SAML2Constants.SP_ROLE);
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.verifyResponse:wantPostResponseSigned is :" + wantPOSTResponseSigned);
            }
            if (wantPOSTResponseSigned && !z) {
                debug.error("SAML2Utils.verifyResponse:wantPostResponseSigned is true but response is not signed");
                LogUtil.error(Level.INFO, LogUtil.POST_RESPONSE_INVALID_SIGNATURE, new String[]{str, str2, str4}, null);
                throw new SAML2Exception(bundle.getString("responseNotSigned"));
            }
            if (!z && !z2) {
                debug.error("SAML2Utils.verifyResponse:WantAssertionsSigned is true but some or all assertions are not signed");
                LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, new String[]{str, str2, str4}, null);
                throw new SAML2Exception(bundle.getString("assertionNotSigned"));
            }
        }
        return map;
    }

    private static Map isBearerSubjectConfirmation(List list, String str, SPSSODescriptorElement sPSSODescriptorElement, String str2, int i) throws SAML2Exception {
        HashMap hashMap = new HashMap();
        boolean z = false;
        Iterator it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SubjectConfirmation subjectConfirmation = (SubjectConfirmation) it.next();
            if (subjectConfirmation != null && subjectConfirmation.getMethod() != null && subjectConfirmation.getMethod().equals(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER)) {
                SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
                if (subjectConfirmationData == null) {
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.isBearerSubjectConfirmation:missing SubjectConfirmationData.");
                    }
                    LogUtil.error(Level.INFO, LogUtil.MISSING_SUBJECT_COMFIRMATION_DATA, new String[]{str2}, null);
                    throw new SAML2Exception(bundle.getString("missingSubjectConfirmationData"));
                }
                validateRecipient(sPSSODescriptorElement, str2, subjectConfirmationData);
                Date notOnOrAfter = subjectConfirmationData.getNotOnOrAfter();
                if (notOnOrAfter == null || notOnOrAfter.getTime() + (i * 1000) < Time.currentTimeMillis()) {
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.isBearerSubjectConfirmation:Time in SubjectConfirmationData of Assertion:" + str2 + " is invalid.");
                    }
                    LogUtil.error(Level.INFO, LogUtil.INVALID_TIME_SUBJECT_CONFIRMATION_DATA, new String[]{str2}, null);
                    throw new SAML2Exception(bundle.getString("invalidTimeOnSubjectConfirmationData"));
                }
                hashMap.put("NotOnOrAfter", notOnOrAfter);
                if (subjectConfirmationData.getNotBefore() != null) {
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.isBearerSubjectConfirmation:SubjectConfirmationData included NotBefore.");
                    }
                    LogUtil.error(Level.INFO, LogUtil.CONTAINED_NOT_BEFORE, new String[]{str2}, null);
                    throw new SAML2Exception(bundle.getString("containedNotBefore"));
                }
                String inResponseTo = subjectConfirmationData.getInResponseTo();
                if (inResponseTo == null || inResponseTo.length() == 0) {
                    if (str != null && str.length() != 0) {
                        if (debug.messageEnabled()) {
                            debug.message("SAML2Utils.isBearerSubjectConfirmation:Assertion doesn't contain InResponseTo, but Response does.");
                        }
                        LogUtil.error(Level.INFO, LogUtil.WRONG_INRESPONSETO_ASSERTION, new String[]{str2}, null);
                        throw new SAML2Exception(bundle.getString("wrongInResponseToInAssertion"));
                    }
                } else if (!inResponseTo.equals(str)) {
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.isBearerSubjectConfirmation:InResponseTo in Assertion is different from the one in Response.");
                    }
                    LogUtil.error(Level.INFO, LogUtil.WRONG_INRESPONSETO_ASSERTION, new String[]{str2}, null);
                    throw new SAML2Exception(bundle.getString("wrongInResponseToInAssertion"));
                }
                z = true;
            }
        }
        hashMap.put(SAML2Constants.IS_BEARER, Boolean.valueOf(z));
        return hashMap;
    }

    public static void validateRecipient(SPSSODescriptorElement sPSSODescriptorElement, String str, SubjectConfirmationData subjectConfirmationData) throws SAML2Exception {
        String recipient = subjectConfirmationData.getRecipient();
        if (StringUtils.isEmpty(recipient)) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.validateRecipient(): missing Recipient in Assertion.");
            }
            LogUtil.error(Level.INFO, LogUtil.MISSING_RECIPIENT, new String[]{str}, null);
            throw new SAML2Exception(bundle.getString("missingRecipient"));
        }
        boolean z = false;
        Iterator it = sPSSODescriptorElement.getAssertionConsumerService().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (recipient.equals(((AssertionConsumerServiceElement) it.next()).getLocation())) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.validateRecipient(): this sp is not the intended recipient.");
        }
        LogUtil.error(Level.INFO, LogUtil.WRONG_RECIPIENT, new String[]{str, recipient}, null);
        throw new SAML2Exception(bundle.getString("wrongRecipient"));
    }

    private static void checkAudience(Conditions conditions, String str, String str2) throws SAML2Exception {
        if (conditions == null) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.checkAudience:Conditions is missing from Assertion.");
            }
            LogUtil.error(Level.INFO, LogUtil.MISSING_CONDITIONS, new String[]{str2}, null);
            throw new SAML2Exception(bundle.getString("missingConditions"));
        }
        List audienceRestrictions = conditions.getAudienceRestrictions();
        if (audienceRestrictions == null) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.checkAudience:missing AudienceRestriction.");
            }
            LogUtil.error(Level.INFO, LogUtil.MISSING_AUDIENCE_RESTRICTION, new String[]{str2}, null);
            throw new SAML2Exception(bundle.getString("missingAudienceRestriction"));
        }
        Iterator it = audienceRestrictions.iterator();
        boolean z = false;
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (((AudienceRestriction) it.next()).getAudience().contains(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.checkAudience:This SP is not the intended audience.");
        }
        LogUtil.error(Level.INFO, LogUtil.WRONG_AUDIENCE, new String[]{str2}, null);
        throw new SAML2Exception(bundle.getString("audienceNotMatch"));
    }

    private static void checkConditions(Conditions conditions, String str, String str2, int i) throws SAML2Exception {
        if (conditions == null) {
            debug.message("{}Conditions is missing from Assertion", new Object[]{"SAML2Utils.checkConditions: "});
            LogUtil.error(Level.INFO, LogUtil.MISSING_CONDITIONS, new String[]{str2}, null);
            throw new SAML2Exception(bundle.getString("missingConditions"));
        }
        Date notOnOrAfter = conditions.getNotOnOrAfter();
        if (debug.messageEnabled()) {
            if (notOnOrAfter == null) {
                debug.message("{}No NotOnOrAfter Condition.", new Object[]{"SAML2Utils.checkConditions: "});
            } else {
                debug.message("{}NotOnOrAfter Condition = {}", new Object[]{"SAML2Utils.checkConditions: ", notOnOrAfter});
            }
        }
        Date notBefore = conditions.getNotBefore();
        if (debug.messageEnabled()) {
            if (notBefore == null) {
                debug.message("{}No NotBefore Condition.", new Object[]{"SAML2Utils.checkConditions: "});
            } else {
                debug.message("{}NotBefore Condition = {}", new Object[]{"SAML2Utils.checkConditions: ", notBefore});
            }
        }
        if (conditions.checkDateValidity(Time.currentTimeMillis(), i)) {
            return;
        }
        debug.message("{}The assertion does not meet NotOnOrAfter or NotBefore condition.", new Object[]{"SAML2Utils.checkConditions: "});
        LogUtil.error(Level.INFO, LogUtil.DATE_CONDITION_NOT_MET, new String[]{str2}, null);
        throw new SAML2Exception(bundle.getString("checkDateValidityNotMatch"));
    }

    private static Map fillMap(List list, Subject subject, Assertion assertion, List list2, AuthnRequestInfo authnRequestInfo, String str, String str2, String str3, String str4, SPSSOConfigElement sPSSOConfigElement, Date date) throws SAML2Exception {
        AuthnStatement authnStatement = (AuthnStatement) list.get(0);
        SPAuthnContextMapper sPAuthnContextMapper = getSPAuthnContextMapper(str2, str3, getAttributeValueFromSPSSOConfig(sPSSOConfigElement, SAML2Constants.SP_AUTHCONTEXT_MAPPER));
        RequestedAuthnContext requestedAuthnContext = null;
        AuthnRequest authnRequest = null;
        if (authnRequestInfo != null) {
            requestedAuthnContext = authnRequestInfo.getAuthnRequest().getRequestedAuthnContext();
            authnRequest = authnRequestInfo.getAuthnRequest();
        }
        int authLevel = sPAuthnContextMapper.getAuthLevel(requestedAuthnContext, authnStatement.getAuthnContext(), str2, str3, str4);
        String sessionIndex = authnStatement.getSessionIndex();
        Date sessionNotOnOrAfter = authnStatement.getSessionNotOnOrAfter();
        HashMap hashMap = new HashMap();
        hashMap.put("Subject", subject);
        hashMap.put("assertion", assertion);
        hashMap.put(SAML2Constants.ASSERTIONS, list2);
        if (authnRequest != null) {
            hashMap.put("AuthnRequest", authnRequest);
        }
        String[] strArr = {assertion.getID(), "", ""};
        if (LogUtil.isAccessLoggable(Level.FINE)) {
            strArr[1] = subject.toXMLString();
        }
        if (sessionIndex != null && sessionIndex.length() != 0) {
            strArr[2] = sessionIndex;
            hashMap.put("SessionIndex", sessionIndex);
        }
        if (authLevel >= 0) {
            hashMap.put("AuthLevel", new Integer(authLevel));
        }
        if (sessionNotOnOrAfter != null) {
            long time = (sessionNotOnOrAfter.getTime() - Time.currentTimeMillis()) / 60000;
            if (time > 0) {
                hashMap.put(SAML2Constants.MAX_SESSION_TIME, new Long(time));
            }
        }
        if (str != null && str.length() != 0) {
            hashMap.put(SAML2Constants.IN_RESPONSE_TO, str);
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.fillMap: Found valid authentication assertion.");
        }
        if (date != null) {
            hashMap.put("NotOnOrAfter", new Long(date.getTime()));
        }
        LogUtil.access(Level.INFO, LogUtil.FOUND_AUTHN_ASSERTION, strArr, null);
        return hashMap;
    }

    public static String getAttributeValueFromSPSSOConfig(SPSSOConfigElement sPSSOConfigElement, String str) {
        String str2 = null;
        if (sPSSOConfigElement == null) {
            return null;
        }
        List<String> list = SAML2MetaUtils.getAttributes(sPSSOConfigElement).get(str);
        if (list != null && list.size() != 0) {
            str2 = list.iterator().next().trim();
        }
        return str2;
    }

    public static List getStrAssertions(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                Assertion assertion = (Assertion) it.next();
                try {
                    arrayList.add(assertion.toXMLString(true, true));
                } catch (SAML2Exception e) {
                    debug.error("Invalid assertion: " + assertion);
                }
            }
        }
        return arrayList;
    }

    public static boolean isPersistentNameID(NameID nameID) {
        boolean z = false;
        if (nameID == null) {
            return false;
        }
        String format = nameID.getFormat();
        if (format != null && (format.equalsIgnoreCase(SAML2Constants.PERSISTENT) || format.equalsIgnoreCase(SAML2Constants.UNSPECIFIED))) {
            z = true;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils:isPersistent : " + z);
        }
        return z;
    }

    /* JADX WARN: Type inference failed for: r9v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public static boolean isFedInfoExists(String str, String str2, String str3, NameID nameID) {
        boolean z = false;
        if (str == null || str2 == null || str3 == null || nameID == null) {
            return false;
        }
        try {
            NameIDInfo accountFederation = AccountUtils.getAccountFederation(str, str2, str3);
            if (accountFederation != null) {
                if (accountFederation.getNameIDValue().equals(nameID.getValue())) {
                    z = true;
                }
            }
        } catch (SAML2Exception e) {
            debug.error("Failed to get DataStoreProvider " + e.toString());
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils:isFedInfoExists:Stack : ", (Throwable) e);
            }
        } catch (Exception e2) {
            debug.message("SAML2Utils:isFedInfoExists: Exception : ", e2);
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils:isFedInfoExists : " + z);
        }
        return z;
    }

    public static Map getNameIDKeyMap(NameID nameID, String str, String str2, String str3, String str4) throws SAML2Exception {
        NameIDInfoKey nameIDInfoKey;
        if (nameID == null) {
            throw new SAML2Exception(bundle.getString("nullNameID"));
        }
        String sPNameQualifier = nameID.getSPNameQualifier();
        if (sPNameQualifier == null || sPNameQualifier.isEmpty()) {
            nameIDInfoKey = new NameIDInfoKey(nameID.getValue(), str, str2);
        } else {
            AffiliationDescriptorType affiliationDescriptor = saml2MetaManager.getAffiliationDescriptor(str3, sPNameQualifier);
            if (affiliationDescriptor == null) {
                nameIDInfoKey = new NameIDInfoKey(nameID.getValue(), str, str2);
            } else if (SAML2Constants.SP_ROLE.equals(str4)) {
                if (!affiliationDescriptor.getAffiliateMember().contains(str)) {
                    throw new SAML2Exception(bundle.getString("spNotAffiliationMember"));
                }
                nameIDInfoKey = new NameIDInfoKey(nameID.getValue(), sPNameQualifier, str2);
            } else {
                if (!affiliationDescriptor.getAffiliateMember().contains(str2)) {
                    throw new SAML2Exception(bundle.getString("spNotAffiliationMember"));
                }
                nameIDInfoKey = new NameIDInfoKey(nameID.getValue(), str, sPNameQualifier);
            }
        }
        HashSet hashSet = new HashSet();
        hashSet.add(nameIDInfoKey.toValueString());
        HashMap hashMap = new HashMap();
        hashMap.put(AccountUtils.getNameIDInfoKeyAttribute(), hashSet);
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getNameIDKeyMap: " + hashMap);
        }
        return hashMap;
    }

    public static boolean isSourceSiteValid(Issuer issuer, String str, String str2) {
        boolean z = false;
        if (issuer != null) {
            try {
                String trim = issuer.getValue().trim();
                if (trim != null && trim.length() != 0) {
                    z = saml2MetaManager.isTrustedProvider(str, str2, trim);
                }
            } catch (Exception e) {
                debug.error("SAML2Utils.isSourceSiteValid: Exception : ", e);
                return false;
            }
        }
        return z;
    }

    public static DataStoreProvider getDataStoreProvider() throws SAML2Exception {
        try {
            return DataStoreProviderManager.getInstance().getDataStoreProvider("saml2");
        } catch (DataStoreProviderException e) {
            debug.error("SAML2Utils.getDataStoreProvider: DataStoreProviderException : ", e);
            throw new SAML2Exception((Throwable) e);
        }
    }

    public static String encodeForPOST(String str) {
        try {
            return Base64.encode(str.getBytes("UTF-8"), true);
        } catch (UnsupportedEncodingException e) {
            debug.error("SAML2Utils.encodeForPOST", e);
            return null;
        }
    }

    public static String encodeForRedirect(String str) {
        try {
            byte[] bytes = str.getBytes("UTF-8");
            Deflater deflater = new Deflater(-1, true);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater);
            try {
                try {
                    deflaterOutputStream.write(bytes);
                    IOUtils.closeIfNotNull(deflaterOutputStream);
                    String encode = URLEncDec.encode(Base64.encode(byteArrayOutputStream.toByteArray()));
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.encodeForRedirect: out string length : " + encode.length());
                        debug.message("SAML2Utils.encodeForRedirect: out string is ===>" + encode + "<===");
                    }
                    return encode;
                } catch (IOException e) {
                    debug.error("SAML2Utils.encodeForRedirect: There was a problem compressing the input", e);
                    IOUtils.closeIfNotNull(deflaterOutputStream);
                    return null;
                }
            } catch (Throwable th) {
                IOUtils.closeIfNotNull(deflaterOutputStream);
                throw th;
            }
        } catch (UnsupportedEncodingException e2) {
            debug.error("SAML2Utils.encodeForRedirect: cannot get byte array: ", e2);
            return null;
        }
    }

    public static String decodeFromRedirect(String str) {
        if (StringUtils.isEmpty(str)) {
            debug.error("SAML2Utils.decodeFromRedirect: input is null.");
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.decodeFromRedirect: input string length : " + str.length());
            debug.message("SAML2Utils.decodeFromRedirect: input string is ===>" + str + "<===");
        }
        byte[] decode = Base64.decode(removeNewLineChars(str));
        if (decode == null || decode.length == 0) {
            debug.error("SAML2Utils.decodeFromRedirect: Base64 decoded result is null");
            return null;
        }
        byte[] copyOf = Arrays.copyOf(decode, decode.length + 1);
        int i = 2048;
        try {
            if (bufferLen != null && !bufferLen.isEmpty()) {
                i = Integer.parseInt(bufferLen);
            }
        } catch (NumberFormatException e) {
            debug.error("SAML2Utils.decodeFromRedirect: Unable to parse buffer length.", e);
        }
        InflaterInputStream inflaterInputStream = new InflaterInputStream(new ByteArrayInputStream(copyOf), new Inflater(true));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(i);
        try {
            try {
                for (int read = inflaterInputStream.read(); read != -1; read = inflaterInputStream.read()) {
                    byteArrayOutputStream.write(read);
                }
                IOUtils.closeIfNotNull(inflaterInputStream);
                try {
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.decodeFromRedirect: Return value: \n" + byteArrayOutputStream2);
                    }
                    return byteArrayOutputStream2;
                } catch (UnsupportedEncodingException e2) {
                    debug.error("SAML2Utils.decodeFromRedirect: cannot convert byte array to string.", e2);
                    return null;
                }
            } catch (IOException e3) {
                debug.error("SAML2Utils.decodeFromRedirect: There was a problem reading the compressed input", e3);
                IOUtils.closeIfNotNull(inflaterInputStream);
                return null;
            }
        } catch (Throwable th) {
            IOUtils.closeIfNotNull(inflaterInputStream);
            throw th;
        }
    }

    public static String removeNewLineChars(String str) {
        return StringUtils.isBlank(str) ? str : str.replaceAll("(\\n)", "");
    }

    public static SAML2MetaManager getSAML2MetaManager() {
        return saml2MetaManager;
    }

    public static String getRealm(String str) {
        return StringUtils.isEmpty(str) ? "/" : str;
    }

    public static String getParameter(Map<String, String> map, String str) {
        if (null == map || map.isEmpty()) {
            return null;
        }
        return map.get(str);
    }

    public static Map<String, List<String>> getParamsMap(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        insertValue(hashMap, getRelayState(httpServletRequest), "RelayState");
        extractAndAddValue(httpServletRequest, hashMap, "IsPassive");
        extractAndAddValue(httpServletRequest, hashMap, "ForceAuthn");
        extractAndAddValue(httpServletRequest, hashMap, SAML2Constants.ALLOWCREATE);
        extractAndAddValue(httpServletRequest, hashMap, "Consent");
        extractAndAddValue(httpServletRequest, hashMap, SAML2Constants.DESTINATION);
        extractAndAddValue(httpServletRequest, hashMap, "NameIDFormat");
        extractAndAddValue(httpServletRequest, hashMap, SAML2Constants.BINDING);
        extractAndAddValue(httpServletRequest, hashMap, "AssertionConsumerServiceIndex");
        extractAndAddValue(httpServletRequest, hashMap, "AttributeConsumingServiceIndex");
        extractAndAddValue(httpServletRequest, hashMap, SAML2Constants.SP_AUTHCONTEXT_COMPARISON);
        String parameter = httpServletRequest.getParameter(SAML2Constants.AUTH_CONTEXT_DECL_REF);
        if (parameter != null && parameter.length() > 0) {
            hashMap.put(SAML2Constants.AUTH_CONTEXT_DECL_REF, getAuthContextList(parameter));
        }
        String parameter2 = httpServletRequest.getParameter(SAML2Constants.AUTH_CONTEXT_CLASS_REF);
        if (parameter2 != null) {
            hashMap.put(SAML2Constants.AUTH_CONTEXT_CLASS_REF, getAuthContextList(parameter2));
        }
        extractAndAddValueUsingIfNotEmpty(httpServletRequest, hashMap, "AuthLevel");
        extractAndAddValueUsingIfNotEmpty(httpServletRequest, hashMap, SAML2Constants.AUTH_LEVEL_ADVICE);
        extractAndAddValue(httpServletRequest, hashMap, SAML2Constants.REQ_BINDING);
        extractAndAddValue(httpServletRequest, hashMap, "affiliationID");
        String parameter3 = httpServletRequest.getParameter(SAML2Constants.INCLUDE_REQUESTED_AUTHN_CONTEXT);
        if (parameter3 != null) {
            hashMap.put(SAML2Constants.INCLUDE_REQUESTED_AUTHN_CONTEXT, Collections.singletonList(parameter3));
        }
        return hashMap;
    }

    private static void extractAndAddValue(HttpServletRequest httpServletRequest, Map<String, List<String>> map, String str) {
        insertValue(map, httpServletRequest.getParameter(str), str);
    }

    private static void extractAndAddValueUsingIfNotEmpty(HttpServletRequest httpServletRequest, Map<String, List<String>> map, String str) {
        insertValueUsingIfNotEmpty(map, httpServletRequest.getParameter(str), str);
    }

    private static void insertValue(Map<String, List<String>> map, String str, String str2) {
        if (str != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(str);
            map.put(str2, arrayList);
        }
    }

    private static void insertValueUsingIfNotEmpty(Map<String, List<String>> map, String str, String str2) {
        if (StringUtils.isNotEmpty(str)) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(str);
            map.put(str2, arrayList);
        }
    }

    private static List getAuthContextList(String str) {
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
        while (stringTokenizer.hasMoreTokens()) {
            arrayList.add(stringTokenizer.nextToken());
        }
        return arrayList;
    }

    public static String generateSourceID(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            char[] charArray = str.toCharArray();
            byte[] bArr = new byte[charArray.length];
            for (int i = 0; i < charArray.length; i++) {
                bArr[i] = (byte) charArray[i];
            }
            messageDigest.update(bArr);
            return byteArrayToString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            debug.error("SAML2Utils.generateSourceID: ", e);
            return null;
        }
    }

    public static String extractServerId(String str) {
        if (str == null || str.length() < 2) {
            return null;
        }
        return str.substring(str.length() - 2);
    }

    public static String getRemoteServiceURL(String str) {
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getRemoteServiceURL: id = " + str);
        }
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        String extractServerId = extractServerId(str);
        try {
            if (extractServerId.equals(SystemConfigurationUtil.getServerID(serverProtocol, serverHost, intServerPort, serverUri))) {
                return null;
            }
            if (!SystemConfigurationUtil.isSiteId(extractServerId)) {
                return SystemConfigurationUtil.getServerFromID(extractServerId);
            }
            if (!debug.warningEnabled()) {
                return null;
            }
            debug.warning("SAML2Utils.getRemoteServiceURL: the given id refers to a site and not a server: " + extractServerId);
            return null;
        } catch (SystemConfigurationException e) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("SAML2Utils.getRemoteServiceURL:", e);
            return null;
        }
    }

    public static String generateIDWithServerID() {
        if (random == null) {
            return null;
        }
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        return embedServerID("s2" + byteArrayToHexString(bArr));
    }

    public static String generateMessageHandleWithServerID() {
        if (random == null) {
            return null;
        }
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        return embedServerID(byteArrayToString(bArr));
    }

    private static String embedServerID(String str) {
        try {
            String serverID = SystemConfigurationUtil.getServerID(serverProtocol, serverHost, intServerPort, serverUri);
            if (serverID != null && serverID.length() == 2) {
                str = str.substring(0, str.length() - 2) + serverID;
            } else if (debug.messageEnabled()) {
                debug.message("SAML2Utils.appendServerID: invalid server id = " + serverID);
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.appendServerID:", e);
            }
        }
        return str;
    }

    public static String getLocalServerID() {
        String str = null;
        try {
            str = SystemConfigurationUtil.getServerID(serverProtocol, serverHost, intServerPort, serverUri);
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getLocalServerID:", e);
            }
        }
        return str;
    }

    public static void putHeaders(MimeHeaders mimeHeaders, HttpServletResponse httpServletResponse) {
        if (debug.messageEnabled()) {
            debug.message("SAML2Util.putHeaders: Header=" + mimeHeaders.toString());
        }
        Iterator allHeaders = mimeHeaders.getAllHeaders();
        while (allHeaders.hasNext()) {
            MimeHeader mimeHeader = (MimeHeader) allHeaders.next();
            String[] header = mimeHeaders.getHeader(mimeHeader.getName());
            if (debug.messageEnabled()) {
                debug.message("SAML2Util.putHeaders: Header name=" + mimeHeader.getName() + ", value=" + Arrays.toString(header));
            }
            if (header.length == 1) {
                httpServletResponse.setHeader(mimeHeader.getName(), mimeHeader.getValue());
            } else {
                StringBuilder sb = new StringBuilder();
                for (int i = 0; i < header.length; i++) {
                    if (i != 0) {
                        sb.append(',');
                    }
                    sb.append(header[i]);
                }
                httpServletResponse.setHeader(mimeHeader.getName(), sb.toString());
            }
        }
    }

    public static Status generateStatus(String str, String str2) {
        return generateStatus(str, null, str2);
    }

    public static Status generateStatus(String str, String str2, String str3) {
        Status status = null;
        try {
            status = ProtocolFactory.getInstance().createStatus();
            StatusCode createStatusCode = ProtocolFactory.getInstance().createStatusCode();
            createStatusCode.setValue(str);
            status.setStatusCode(createStatusCode);
            if (str3 != null && str3.length() != 0) {
                status.setStatusMessage(str3);
            }
            if (str2 != null) {
                StatusCode createStatusCode2 = ProtocolFactory.getInstance().createStatusCode();
                createStatusCode2.setValue(str2);
                createStatusCode.setStatusCode(createStatusCode2);
            }
        } catch (SAML2Exception e) {
            debug.error("SAML2Utils.generateStatus:", e);
        }
        return status;
    }

    public static Response getErrorResponse(RequestAbstract requestAbstract, String str, String str2, String str3, String str4) throws SAML2Exception {
        Response createResponse = ProtocolFactory.getInstance().createResponse();
        createResponse.setStatus(generateStatus(str, str2, str3));
        String generateID = generateID();
        if (generateID == null) {
            debug.error("Unable to generate response ID.");
            return null;
        }
        createResponse.setID(generateID);
        if (requestAbstract != null) {
            createResponse.setInResponseTo(requestAbstract.getID());
        }
        createResponse.setVersion(SAML2Constants.VERSION_2_0);
        createResponse.setIssueInstant(Time.newDate());
        if (str4 != null) {
            Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
            createIssuer.setValue(str4);
            createResponse.setIssuer(createIssuer);
        }
        if (debug.messageEnabled()) {
            debug.message("IDPSSOUtil.getErrorResponse: Error Response is : " + createResponse.toXMLString());
        }
        return createResponse;
    }

    public static List<String> getEncryptionCertAliases(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getEncryptionCertAliases : realm - {}; hostEntityId - {}; entityRole - {}", new Object[]{str, str2, str3});
        }
        return getAllAttributeValueFromSSOConfig(str, str2, str3, "encryptionCertAlias");
    }

    public static String getSigningCertAlias(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getSigningCertAlias : realm - " + str);
            debug.message("getSigningCertAlias : hostEntityId - " + str2);
            debug.message("getSigningCertAlias : entityRole - " + str3);
        }
        return getAttributeValueFromSSOConfig(str, str2, str3, "signingCertAlias");
    }

    public static String getSigningCertEncryptedKeyPass(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getSigningCertEncryptedKeyPass : realm - " + str);
            debug.message("getSigningCertEncryptedKeyPass : hostEntityId - " + str2);
            debug.message("getSigningCertEncryptedKeyPass : entityRole - " + str3);
        }
        return getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.SIGNING_CERT_KEYPASS);
    }

    public static boolean getWantAssertionEncrypted(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantAssertionEncrypted : realm - " + str);
            debug.message("getWantAssertionEncrypted : hostEntityId - " + str2);
            debug.message("getWantAssertionEncrypted : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantAttributeEncrypted(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantAttributeEncrypted : realm - " + str);
            debug.message("getWantAttributeEncrypted : hostEntityId - " + str2);
            debug.message("getWantAttributeEncrypted : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ATTRIBUTE_ENCRYPTED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantNameIDEncrypted(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantNameIDEncrypted : realm - " + str);
            debug.message("getWantNameIDEncrypted : hostEntityId - " + str2);
            debug.message("getWantNameIDEncrypted : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_NAMEID_ENCRYPTED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantArtifactResolveSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantArtifactResolveSigned : realm - " + str);
            debug.message("getWantArtifactResolveSigned : hostEntityId - " + str2);
            debug.message("getWantArtifactResolveSigned : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantArtifactResponseSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantArtifactResponseSigned : realm - " + str);
            debug.message("getWantArtifactResponseSigned : hostEntityId - " + str2);
            debug.message("getWantArtifactResponseSigned : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantLogoutRequestSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantLogoutRequestSigned : realm - " + str);
            debug.message("getWantLogoutRequestSigned : hostEntityId - " + str2);
            debug.message("getWantLogoutRequestSigned : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_LOGOUT_REQUEST_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantLogoutResponseSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantLogoutResponseSigned : realm - " + str);
            debug.message("getWantLogoutResponseSigned : hostEntityId - " + str2);
            debug.message("getWantLogoutResponseSigned : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_LOGOUT_RESPONSE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantMNIRequestSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantMNIRequestSigned : realm - " + str);
            debug.message("getWantMNIRequestSigned : hostEntityId - " + str2);
            debug.message("getWantMNIRequestSigned : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_MNI_REQUEST_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getWantMNIResponseSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantMNIResponseSigned : realm - " + str);
            debug.message("getWantMNIResponseSigned : hostEntityId - " + str2);
            debug.message("getWantMNIResponseSigned : entityRole - " + str3);
        }
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_MNI_RESPONSE_SIGNED);
        if (attributeValueFromSSOConfig == null) {
            attributeValueFromSSOConfig = "false";
        }
        return attributeValueFromSSOConfig.equalsIgnoreCase("true");
    }

    public static boolean getBooleanAttributeValueFromSSOConfig(String str, String str2, String str3, String str4) {
        List<String> allAttributeValueFromSSOConfig = getAllAttributeValueFromSSOConfig(str, str2, str3, str4);
        if (allAttributeValueFromSSOConfig == null || allAttributeValueFromSSOConfig.isEmpty()) {
            return false;
        }
        return "true".equalsIgnoreCase(allAttributeValueFromSSOConfig.get(0));
    }

    public static String getAttributeValueFromSSOConfig(String str, String str2, String str3, String str4) {
        if (debug.messageEnabled()) {
            debug.message("getAttributeValueFromSSOConfig : realm - " + str);
            debug.message("getAttributeValueFromSSOConfig : hostEntityId - " + str2);
            debug.message("getAttributeValueFromSSOConfig : entityRole - " + str3);
            debug.message("getAttributeValueFromSSOConfig : attrName - " + str4);
        }
        List<String> allAttributeValueFromSSOConfig = getAllAttributeValueFromSSOConfig(str, str2, str3, str4);
        if (debug.messageEnabled()) {
            debug.message("getAttributeValueFromSSOConfig: values=" + allAttributeValueFromSSOConfig);
        }
        if (allAttributeValueFromSSOConfig == null || allAttributeValueFromSSOConfig.isEmpty()) {
            return null;
        }
        return allAttributeValueFromSSOConfig.get(0);
    }

    public static List<String> getAllAttributeValueFromSSOConfig(String str, String str2, String str3, String str4) {
        Map<String, List<String>> attributes;
        if (debug.messageEnabled()) {
            debug.message("getAllAttributeValueFromSSOConfig : realm - " + str);
            debug.message("getAllAttributeValueFromSSOConfig : hostEntityId - " + str2);
            debug.message("getAllAttributeValueFromSSOConfig : entityRole - " + str3);
            debug.message("getAllAttributeValueFromSSOConfig : attrName - " + str4);
        }
        try {
            SPSSOConfigElement sPSSOConfigElement = null;
            if (str3.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
                sPSSOConfigElement = saml2MetaManager.getSPSSOConfig(str, str2);
            } else if (str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
                sPSSOConfigElement = saml2MetaManager.getIDPSSOConfig(str, str2);
            } else if (str3.equalsIgnoreCase(SAML2Constants.ATTR_AUTH_ROLE)) {
                sPSSOConfigElement = saml2MetaManager.getAttributeAuthorityConfig(str, str2);
            } else if (str3.equalsIgnoreCase(SAML2Constants.AUTHN_AUTH_ROLE)) {
                sPSSOConfigElement = saml2MetaManager.getAuthnAuthorityConfig(str, str2);
            } else if (str3.equalsIgnoreCase(SAML2Constants.ATTR_QUERY_ROLE)) {
                sPSSOConfigElement = saml2MetaManager.getAttributeQueryConfig(str, str2);
            }
            if (sPSSOConfigElement == null || (attributes = SAML2MetaUtils.getAttributes(sPSSOConfigElement)) == null) {
                return null;
            }
            return attributes.get(str4);
        } catch (SAML2MetaException e) {
            debug.message("get SSOConfig failed:", e);
            return null;
        }
    }

    public static String getHostEntityRole(Map map) throws SAML2Exception {
        String parameter = getParameter(map, SAML2Constants.ROLE);
        if (parameter.equalsIgnoreCase(SAML2Constants.SP_ROLE) || parameter.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            return parameter;
        }
        throw new SAML2Exception(bundle.getString("unknownHostEntityRole"));
    }

    public static boolean isDualRole(String str, String str2) {
        try {
            if (saml2MetaManager.getSPSSOConfig(str2, str) == null) {
                return false;
            }
            return saml2MetaManager.getIDPSSOConfig(str2, str) != null;
        } catch (Exception e) {
            return false;
        }
    }

    public static void redirectAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws IOException {
        String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.AUTH_URL);
        if (attributeValueFromSSOConfig == null || attributeValueFromSSOConfig.trim().length() == 0) {
            String requestURI = httpServletRequest.getRequestURI();
            String str4 = requestURI;
            int indexOf = requestURI.indexOf("/", requestURI.indexOf("/") + 1);
            if (indexOf != -1) {
                str4 = requestURI.substring(0, indexOf);
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).append(str4).append("/UI/Login?realm=").append(str);
            attributeValueFromSSOConfig = stringBuffer.toString();
        }
        String str5 = (attributeValueFromSSOConfig.indexOf("?") == -1 ? attributeValueFromSSOConfig + "?goto=" : attributeValueFromSSOConfig + "&goto=") + URLEncDec.encode(httpServletRequest.getRequestURL().toString() + "?" + httpServletRequest.getQueryString());
        if (debug.messageEnabled()) {
            debug.message("redirectAuthentication: New URL for authentication: " + str5);
        }
        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, str5);
    }

    public static Issuer createIssuer(String str) throws SAML2Exception {
        Issuer createIssuer = assertionFactory.createIssuer();
        createIssuer.setValue(str);
        if (debug.messageEnabled()) {
            debug.message("createIssuer: Issuer : " + createIssuer.toXMLString());
        }
        return createIssuer;
    }

    public static String signQueryString(String str, String str2, String str3, String str4) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message("signQueryString : queryString :" + str);
        }
        String signingCertAlias = getSigningCertAlias(str2, str3, str4);
        String signingCertEncryptedKeyPass = getSigningCertEncryptedKeyPass(str2, str3, str4);
        if (debug.messageEnabled()) {
            debug.message("signQueryString : realm is : " + str2);
            debug.message("signQueryString : hostEntity is : " + str3);
            debug.message("signQueryString : Host Entity role is : " + str4);
            debug.message("signQueryString : Signing Cert Alias is : " + signingCertAlias);
            if (signingCertEncryptedKeyPass != null && !signingCertEncryptedKeyPass.isEmpty()) {
                debug.message("signQueryString : Using provided Signing Cert KeyPass");
            }
        }
        PrivateKey privateKey = (signingCertEncryptedKeyPass == null || signingCertEncryptedKeyPass.isEmpty()) ? keyProvider.getPrivateKey(signingCertAlias) : keyProvider.getPrivateKey(signingCertAlias, signingCertEncryptedKeyPass);
        if (privateKey != null) {
            return QuerySignatureUtil.sign(str, privateKey);
        }
        debug.error("Incorrect configuration for Signing Certificate.");
        throw new SAML2Exception(bundle.getString("metaDataError"));
    }

    public static boolean verifyQueryString(String str, String str2, String str3, String str4) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message("verifyQueryString : queryString :" + str);
        }
        Set<X509Certificate> verificationCerts = str3.equalsIgnoreCase(SAML2Constants.IDP_ROLE) ? KeyUtil.getVerificationCerts(saml2MetaManager.getSPSSODescriptor(str2, str4), str4, SAML2Constants.SP_ROLE) : KeyUtil.getVerificationCerts(saml2MetaManager.getIDPSSODescriptor(str2, str4), str4, SAML2Constants.IDP_ROLE);
        if (debug.messageEnabled()) {
            debug.message("verifyQueryString : realm is : " + str2);
            debug.message("verifyQueryString : Host Entity role is : " + str3);
            debug.message("verifyQueryString : remoteEntity is : " + str4);
        }
        if (!verificationCerts.isEmpty()) {
            return QuerySignatureUtil.verify(str, verificationCerts);
        }
        debug.error("Incorrect configuration for Signing Certificate.");
        throw new SAML2Exception(bundle.getString("metaDataError"));
    }

    public static Object checkSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Map map) throws SAML2Exception {
        Object obj;
        try {
            obj = SessionManager.getProvider().getSession(httpServletRequest);
        } catch (SessionException e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.checkSession : ", e);
            }
            obj = null;
        }
        String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
        String hostEntityRole = getHostEntityRole(map);
        if (obj == null) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.checkSession : session is missing.redirect to the authentication service");
            }
            try {
                redirectAuthentication(httpServletRequest, httpServletResponse, realmByMetaAlias, saml2MetaManager.getEntityByMetaAlias(str), hostEntityRole);
            } catch (IOException e2) {
                debug.error("Unable to redirect to authentication.");
                throw new SAML2Exception(e2.toString());
            }
        }
        return obj;
    }

    public static String createNameIdentifier() {
        String str = null;
        try {
            byte[] bArr = new byte[21];
            randomGenerator.nextBytes(bArr);
            str = Base64.encode(bArr);
            if (debug.messageEnabled()) {
                debug.message("createNameIdentifier String: " + str);
            }
        } catch (Exception e) {
            debug.message("createNameIdentifier: Exception during proccessing request" + e.getMessage());
        }
        return str;
    }

    public static SPAuthnContextMapper getSPAuthnContextMapper(String str, String str2, String str3) {
        SPAuthnContextMapper sPAuthnContextMapper = (SPAuthnContextMapper) SPCache.authCtxObjHash.get(str2 + "|" + str);
        if (debug.messageEnabled()) {
            debug.message("AuthContext Class Name is :" + str3);
        }
        if (sPAuthnContextMapper == null && str3 != null && str3.length() != 0) {
            try {
                sPAuthnContextMapper = (SPAuthnContextMapper) Class.forName(str3).newInstance();
                SPCache.authCtxObjHash.put(str2 + "|" + str, sPAuthnContextMapper);
            } catch (ClassNotFoundException e) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils: Mapper not configured using Default AuthnContext Mapper");
                }
            } catch (IllegalAccessException e2) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils: illegalaccess");
                    debug.message("SAML2Utils:Error :  using Default AuthnContext Mapper");
                }
            } catch (InstantiationException e3) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils: Instantiation ");
                    debug.message("SAML2Utils:Error instantiating :  using Default AuthnContext Mapper");
                }
            } catch (Exception e4) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils:Error :  using Default AuthnContext Mapper");
                }
            }
        }
        if (sPAuthnContextMapper == null) {
            sPAuthnContextMapper = new DefaultSPAuthnContextMapper();
            SPCache.authCtxObjHash.put(str2 + "|" + str, sPAuthnContextMapper);
        }
        return sPAuthnContextMapper;
    }

    public static boolean verifyRequestIssuer(String str, String str2, Issuer issuer, String str3) throws SAML2Exception {
        boolean isSourceSiteValid = isSourceSiteValid(issuer, str, str2);
        if (isSourceSiteValid) {
            return isSourceSiteValid;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils Issuer in Request is not valid.");
        }
        LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_REQUEST, new String[]{str2, str, str3}, null);
        throw new SAML2Exception(bundle.getString("invalidIssuerInRequest"));
    }

    public static boolean verifyResponseIssuer(String str, String str2, Issuer issuer, String str3) throws SAML2Exception {
        boolean isSourceSiteValid = isSourceSiteValid(issuer, str, str2);
        if (isSourceSiteValid) {
            return isSourceSiteValid;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils Issuer in Response is not valid.");
        }
        LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_RESPONSE, new String[]{str2, str, str3}, null);
        throw new SAML2Exception(bundle.getString("invalidIssuerInResponse"));
    }

    public static String getReaderURL(String str) {
        String str2 = null;
        try {
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            String entityByMetaAlias = saml2MetaManager.getEntityByMetaAlias(str);
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils:getReaderURL:metaAlias is :" + str);
                debug.message("SAML2Utils:getReaderURL:Realm is :" + realmByMetaAlias);
                debug.message("SAML2Utils:getReaderURL:spEntityID is :" + entityByMetaAlias);
            }
            SPSSOConfigElement sPSSOConfig = saml2MetaManager.getSPSSOConfig(realmByMetaAlias, entityByMetaAlias);
            if (sPSSOConfig != null) {
                str2 = cotManager.getCircleOfTrust(realmByMetaAlias, SAML2MetaUtils.getAttributes(sPSSOConfig).get("cotlist").iterator().next()).getSAML2ReaderServiceURL();
            }
        } catch (COTException e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils:getReaderURL:Error retreiving circle of trust", e);
            }
        } catch (SAML2Exception e2) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils:getReaderURL:Error getting reader URL : ", e2);
            }
        } catch (Exception e3) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils:getReaderURL:Error getting reader URL : ", e3);
            }
        }
        return str2;
    }

    public static String getBaseURL(HttpServletRequest httpServletRequest) {
        String scheme = httpServletRequest.getScheme();
        String header = httpServletRequest.getHeader(SessionProvider.HOST);
        if (header == null) {
            header = httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort();
        }
        String str = scheme + "://" + header + "/";
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String substring = scheme.equals("http") ? stringBuffer.substring(8) : stringBuffer.substring(9);
        String substring2 = substring.substring(substring.indexOf("/") + 1);
        if (substring2 != null && substring2.length() != 0) {
            str = str + substring2;
        }
        return str;
    }

    public static String getPreferredIDP(HttpServletRequest httpServletRequest) {
        String str;
        String parameter = httpServletRequest.getParameter("_saml_idp");
        String str2 = null;
        if (parameter != null && parameter.length() > 0) {
            StringTokenizer stringTokenizer = new StringTokenizer(parameter.trim(), " ");
            String str3 = null;
            while (true) {
                str = str3;
                if (stringTokenizer.hasMoreTokens()) {
                    str3 = stringTokenizer.nextToken();
                } else {
                    try {
                        break;
                    } catch (Exception e) {
                        debug.message("Error decoding : ", e);
                    }
                }
            }
            str2 = new String(Base64.decode(str));
        }
        return str2;
    }

    public static String getRedirectURL(String str, String str2, HttpServletRequest httpServletRequest) {
        StringBuilder append = new StringBuilder().append(str).append("?RelayState=");
        StringBuilder append2 = new StringBuilder().append(getBaseURL(httpServletRequest));
        if (append2.indexOf("?") == -1) {
            append2.append("?");
        } else {
            append2.append("&");
        }
        append2.append("requestID=").append(str2);
        append.append(URLEncDec.encode(append2.toString()));
        return append.toString();
    }

    public static IDPAccountMapper getIDPAccountMapper(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, SAML2Constants.IDP_ROLE, SAML2Constants.IDP_ACCOUNT_MAPPER);
            if (attributeValueFromSSOConfig == null) {
                attributeValueFromSSOConfig = SAML2Constants.DEFAULT_IDP_ACCOUNT_MAPPER_CLASS;
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.getIDPAccountMapper: use " + SAML2Constants.DEFAULT_IDP_ACCOUNT_MAPPER_CLASS);
                }
            }
            IDPAccountMapper iDPAccountMapper = (IDPAccountMapper) IDPCache.idpAccountMapperCache.get(attributeValueFromSSOConfig);
            if (iDPAccountMapper == null) {
                iDPAccountMapper = (IDPAccountMapper) Class.forName(attributeValueFromSSOConfig).newInstance();
                IDPCache.idpAccountMapperCache.put(attributeValueFromSSOConfig, iDPAccountMapper);
            } else if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getIDPAccountMapper: got the IDPAccountMapper from cache");
            }
            return iDPAccountMapper;
        } catch (Exception e) {
            debug.error("SAML2Utils.getIDPAccountMapper: Unable to get IDP Account Mapper.", e);
            throw new SAML2Exception(e);
        }
    }

    public static SAML2IdentityProviderAdapter getIDPAdapterClass(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromIDPSSOConfig = IDPSSOUtil.getAttributeValueFromIDPSSOConfig(str, str2, SAML2Constants.IDP_ADAPTER_CLASS);
            if (attributeValueFromIDPSSOConfig == null || attributeValueFromIDPSSOConfig.trim().isEmpty()) {
                attributeValueFromIDPSSOConfig = SAML2Constants.DEFAULT_IDP_ADAPTER;
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.getIDPAdapterClass:  uses " + SAML2Constants.DEFAULT_IDP_ADAPTER);
                }
            }
            SAML2IdentityProviderAdapter sAML2IdentityProviderAdapter = (SAML2IdentityProviderAdapter) IDPCache.idpAdapterCache.get(str + "$" + str2 + "$" + attributeValueFromIDPSSOConfig);
            if (sAML2IdentityProviderAdapter == null) {
                sAML2IdentityProviderAdapter = (SAML2IdentityProviderAdapter) Class.forName(attributeValueFromIDPSSOConfig).newInstance();
                sAML2IdentityProviderAdapter.initialize(str2, str);
                IDPCache.idpAdapterCache.put(str + "$" + str2 + "$" + attributeValueFromIDPSSOConfig, sAML2IdentityProviderAdapter);
            } else if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getIDPAdapterClass:  got the IDPAdapter from cache");
            }
            return sAML2IdentityProviderAdapter;
        } catch (Exception e) {
            debug.error("SAML2Utils.getIDPAdapterClass:  unable to get IDP Adapter.", e);
            throw new SAML2Exception(e);
        }
    }

    public static SAML2ServiceProviderAdapter getSPAdapterClass(String str, String str2) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getSPAdapterClass: get SPAdapter for " + str + " under realm " + str2);
        }
        SAML2ServiceProviderAdapter sAML2ServiceProviderAdapter = null;
        try {
            String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str2, str, SAML2Constants.SP_ROLE, SAML2Constants.SP_ADAPTER_CLASS);
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getSPAdapterClass: get SPAdapter class " + attributeValueFromSSOConfig);
            }
            if (attributeValueFromSSOConfig != null && attributeValueFromSSOConfig.length() != 0) {
                sAML2ServiceProviderAdapter = (SAML2ServiceProviderAdapter) SPCache.spAdapterClassCache.get(str2 + str + attributeValueFromSSOConfig);
                if (sAML2ServiceProviderAdapter == null) {
                    sAML2ServiceProviderAdapter = (SAML2ServiceProviderAdapter) Class.forName(attributeValueFromSSOConfig).newInstance();
                    Map<String, String> parseEnvList = parseEnvList(getAllAttributeValueFromSSOConfig(str2, str, SAML2Constants.SP_ROLE, SAML2Constants.SP_ADAPTER_ENV));
                    parseEnvList.put("HOSTED_ENTITY_ID", str);
                    parseEnvList.put(SAML2ServiceProviderAdapter.REALM, str2);
                    sAML2ServiceProviderAdapter.initialize(parseEnvList);
                    SPCache.spAdapterClassCache.put(str2 + str + attributeValueFromSSOConfig, sAML2ServiceProviderAdapter);
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.getSPAdapterClass: create new SPAdapter " + attributeValueFromSSOConfig + " for " + str + " under realm " + str2);
                    }
                } else if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.getSPAdapterClass: got the SPAdapter " + attributeValueFromSSOConfig + " from cache");
                }
            }
            return sAML2ServiceProviderAdapter;
        } catch (ClassNotFoundException e) {
            debug.error("SAML2Utils.getSPAdapterClass: SP Adapter class not found.", e);
            throw new SAML2Exception(e);
        } catch (IllegalAccessException e2) {
            debug.error("SAML2Utils.getSPAdapterClass: Unable to get SP Adapter class.", e2);
            throw new SAML2Exception(e2);
        } catch (InstantiationException e3) {
            debug.error("SAML2Utils.getSPAdapterClass: Unable to get SP Adapter class instance.", e3);
            throw new SAML2Exception(e3);
        }
    }

    public static FedletAdapter getFedletAdapterClass(String str, String str2) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getFedletAdapterClass: get FedletAdapter for " + str + " under realm " + str2);
        }
        FedletAdapter fedletAdapter = null;
        try {
            String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str2, str, SAML2Constants.SP_ROLE, SAML2Constants.FEDLET_ADAPTER_CLASS);
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getFedletAdapterClass: get FedletAdapter class " + attributeValueFromSSOConfig);
            }
            if (attributeValueFromSSOConfig != null && attributeValueFromSSOConfig.length() != 0) {
                fedletAdapter = (FedletAdapter) SPCache.fedletAdapterClassCache.get(str2 + str + attributeValueFromSSOConfig);
                if (fedletAdapter == null) {
                    fedletAdapter = (FedletAdapter) Class.forName(attributeValueFromSSOConfig).newInstance();
                    Map<String, String> parseEnvList = parseEnvList(getAllAttributeValueFromSSOConfig(str2, str, SAML2Constants.SP_ROLE, SAML2Constants.FEDLET_ADAPTER_ENV));
                    parseEnvList.put("HOSTED_ENTITY_ID", str);
                    fedletAdapter.initialize(parseEnvList);
                    SPCache.fedletAdapterClassCache.put(str2 + str + attributeValueFromSSOConfig, fedletAdapter);
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.getFedletAdapterClass: create new FedletAdapter " + attributeValueFromSSOConfig + " for " + str + " under realm " + str2);
                    }
                } else if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.getFedletAdapterClass: got the FedletAdapter " + attributeValueFromSSOConfig + " from cache");
                }
            }
            return fedletAdapter;
        } catch (ClassNotFoundException e) {
            debug.error("SAML2Utils.getFedletAdapterClass: Fedlet Adapter class not found.", e);
            throw new SAML2Exception(e);
        } catch (IllegalAccessException e2) {
            debug.error("SAML2Utils.getFedletAdapterClass: Unable to get Fedlet Adapter class.", e2);
            throw new SAML2Exception(e2);
        } catch (InstantiationException e3) {
            debug.error("SAML2Utils.getFedletAdapterClass: Unable to get Fedlet Adapter class instance.", e3);
            throw new SAML2Exception(e3);
        }
    }

    private static Map<String, String> parseEnvList(List<String> list) {
        HashMap hashMap = new HashMap();
        if (list == null || list.isEmpty()) {
            return hashMap;
        }
        for (String str : list) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.parseEnvList : processing " + str);
            }
            if (str != null && str.length() != 0) {
                int indexOf = str.indexOf("=");
                if (indexOf != -1) {
                    hashMap.put(str.substring(0, indexOf), str.substring(indexOf + 1));
                } else if (debug.warningEnabled()) {
                    debug.warning("SAML2Utils.parseEnvList : invalid value : " + str + ". Value must be in key=value format.");
                }
            }
        }
        return hashMap;
    }

    public static SPAccountMapper getSPAccountMapper(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.SP_ACCOUNT_MAPPER);
            if (attributeValueFromSSOConfig == null) {
                attributeValueFromSSOConfig = SAML2Constants.DEFAULT_SP_ACCOUNT_MAPPER_CLASS;
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.getSPAccountMapper: use " + SAML2Constants.DEFAULT_SP_ACCOUNT_MAPPER_CLASS);
                }
            }
            SPAccountMapper sPAccountMapper = (SPAccountMapper) SPCache.spAccountMapperCache.get(attributeValueFromSSOConfig);
            if (sPAccountMapper == null) {
                sPAccountMapper = (SPAccountMapper) Class.forName(attributeValueFromSSOConfig).newInstance();
                SPCache.spAccountMapperCache.put(attributeValueFromSSOConfig, sPAccountMapper);
            } else if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getSPAccountMapper: got the SPAccountMapper from cache");
            }
            return sPAccountMapper;
        } catch (Exception e) {
            debug.error("SAML2Utils.getSPAccountMapper: Unable to get SP Account Mapper.", e);
            throw new SAML2Exception(e);
        }
    }

    public static SAML2IDPFinder getECPIDPFinder(String str, String str2) throws SAML2Exception {
        String attributeValueFromSSOConfig;
        SAML2IDPFinder sAML2IDPFinder = null;
        try {
            attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.ECP_REQUEST_IDP_LIST_FINDER_IMPL);
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getECPIDPFinder: use " + attributeValueFromSSOConfig);
            }
        } catch (Exception e) {
            if (debug.warningEnabled()) {
                debug.warning("SAML2Utils.getECPIDPFinder: Unable to get ECP Request IDP List Finder.", e);
            }
        }
        if (attributeValueFromSSOConfig == null || attributeValueFromSSOConfig.trim().length() == 0) {
            return null;
        }
        sAML2IDPFinder = (SAML2IDPFinder) SPCache.ecpRequestIDPListFinderCache.get(attributeValueFromSSOConfig);
        if (sAML2IDPFinder == null) {
            sAML2IDPFinder = (SAML2IDPFinder) Class.forName(attributeValueFromSSOConfig).newInstance();
            SPCache.ecpRequestIDPListFinderCache.put(attributeValueFromSSOConfig, sAML2IDPFinder);
        } else if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getECPIDPFinder: got the ECP Request IDP List Finder from cache");
        }
        return sAML2IDPFinder;
    }

    public static String getRelayState(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("RelayState");
        if (StringUtils.isEmpty(parameter)) {
            String parameter2 = httpServletRequest.getParameter(SAML2Constants.RELAY_STATE_ALIAS);
            if (parameter2 != null && parameter2.length() > 0) {
                StringTokenizer stringTokenizer = new StringTokenizer(parameter2, "|");
                while (stringTokenizer.hasMoreTokens()) {
                    parameter = httpServletRequest.getParameter(stringTokenizer.nextToken());
                    if (StringUtils.isNotEmpty(parameter)) {
                        break;
                    }
                }
            }
            if (parameter == null) {
                parameter = httpServletRequest.getParameter("goto");
            }
        }
        return parameter;
    }

    public static boolean verifyDestination(String str, String str2) {
        return (str2 == null || str2.length() == 0 || str == null || str.length() == 0 || !str2.equalsIgnoreCase(str)) ? false : true;
    }

    public static Map getSAEAttrs(String str, String str2, String str3, String str4) {
        Map<String, List<String>> attributes;
        if (str4 == null || str4.length() == 0) {
            return null;
        }
        try {
            if (str3.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
                SPSSOConfigElement sPSSOConfig = saml2MetaManager.getSPSSOConfig(str, str2);
                if (sPSSOConfig == null) {
                    return null;
                }
                attributes = SAML2MetaUtils.getAttributes(sPSSOConfig);
            } else {
                IDPSSOConfigElement iDPSSOConfig = saml2MetaManager.getIDPSSOConfig(str, str2);
                if (iDPSSOConfig == null) {
                    debug.message("SAML2Utils.getSAEAttrs: idpconfig is null");
                    return null;
                }
                attributes = SAML2MetaUtils.getAttributes(iDPSSOConfig);
            }
            if (attributes == null) {
                debug.message("SAML2Utils.getSAEAttrs: no extended attrs");
                return null;
            }
            List<String> list = attributes.get(SAML2Constants.SAE_APP_SECRET_LIST);
            if (list != null && list.size() != 0) {
                for (String str5 : list) {
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.getSAEAttrs: value=" + str5);
                    }
                    StringTokenizer stringTokenizer = new StringTokenizer(str5, "|");
                    HashMap hashMap = null;
                    while (stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        int indexOf = nextToken.indexOf("=");
                        String substring = nextToken.substring(0, indexOf);
                        String substring2 = nextToken.substring(indexOf + 1, nextToken.length());
                        if (debug.messageEnabled()) {
                            debug.message("SAML2Utils.getSAEAttrs: tok:name=" + substring + " val=" + substring2);
                        }
                        if (SAML2Constants.SAE_XMETA_URL.equals(substring)) {
                            if (!str4.startsWith(substring2)) {
                                break;
                            }
                            hashMap = new HashMap();
                        } else if ("secret".equals(substring)) {
                            substring2 = SAMLUtilsCommon.decodePassword(substring2);
                        }
                        hashMap.put(substring, substring2);
                    }
                    if (hashMap != null) {
                        String signingCertAlias = getSigningCertAlias(str, str2, str3);
                        if (signingCertAlias != null) {
                            hashMap.put("privatekeyalias", signingCertAlias);
                        }
                        if (debug.messageEnabled()) {
                            debug.message("SAML2Utils.getSAEAttrs: PKEY=" + signingCertAlias + ":");
                        }
                        return hashMap;
                    }
                }
            }
            return null;
        } catch (SAML2MetaException e) {
            debug.message("get SSOConfig failed:", e);
            return null;
        }
    }

    public static String getNameIDStringFromResponse(Response response) {
        List assertion;
        Subject subject;
        NameID nameID;
        if (response == null || (assertion = response.getAssertion()) == null || assertion.size() <= 0 || (subject = ((Assertion) assertion.get(0)).getSubject()) == null || (nameID = subject.getNameID()) == null) {
            return null;
        }
        return nameID.getValue();
    }

    public static void logAccess(Level level, String str, String[] strArr, Object obj, String str2, String str3, String str4, String str5, Map map) {
        LogUtil.access(level, str, strArr, obj, accumulateLogProps(str2, str3, str4, str5, map));
    }

    public static void logError(Level level, String str, String[] strArr, Object obj, String str2, String str3, String str4, String str5, Map map) {
        LogUtil.error(level, str, strArr, obj, accumulateLogProps(str2, str3, str4, str5, map));
    }

    private static Map accumulateLogProps(String str, String str2, String str3, String str4, Map map) {
        if (map == null) {
            map = new HashMap();
        }
        if (str != null) {
            map.put(LogUtil.IP_ADDR, str);
        }
        if (str2 != null) {
            map.put(LogUtil.LOGIN_ID, str2);
        }
        if (str3 != null) {
            map.put(LogUtil.DOMAIN, str3);
        }
        if (str4 != null) {
            map.put(LogUtil.MODULE_NAME, str4);
        }
        return map;
    }

    public static String getAttributeValueFromXACMLConfig(String str, String str2, String str3, String str4) {
        List<String> list;
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils:getAttributeValueFromXACMLConfig : realm - " + str);
            debug.message("SAML2Utils:getAttributeValueFromXACMLConfig : entityRole - " + str2);
            debug.message("SAML2Utils:getAttributeValueFromXACMLConfig : EntityId - " + str3);
            debug.message("SAML2Utils:getAttributeValueFromXACMLConfig : attrName - " + str4);
        }
        String str5 = null;
        try {
            Map<String, List<String>> map = null;
            if (str2.equalsIgnoreCase(SAML2Constants.PEP_ROLE)) {
                XACMLAuthzDecisionQueryConfigElement policyEnforcementPointConfig = saml2MetaManager.getPolicyEnforcementPointConfig(str, str3);
                if (policyEnforcementPointConfig != null) {
                    map = SAML2MetaUtils.getAttributes(policyEnforcementPointConfig);
                }
            } else {
                XACMLPDPConfigElement policyDecisionPointConfig = saml2MetaManager.getPolicyDecisionPointConfig(str, str3);
                if (policyDecisionPointConfig != null) {
                    map = SAML2MetaUtils.getAttributes(policyDecisionPointConfig);
                }
            }
            if (map != null && (list = map.get(str4)) != null && list.size() != 0) {
                str5 = list.get(0);
            }
        } catch (SAML2MetaException e) {
            debug.message("Retreiving XACML Config failed:", e);
        }
        if (debug.messageEnabled()) {
            debug.message("Attribute value is : " + str5);
        }
        return str5;
    }

    public static boolean getWantXACMLAuthzDecisionQuerySigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("getWantArtifactResponseSigned : realm - " + str);
            debug.message("getWantArtifactResponseSigned : entityID - " + str2);
            debug.message("getWantArtifactResponseSigned : entityRole - " + str3);
        }
        String attributeValueFromXACMLConfig = getAttributeValueFromXACMLConfig(str, str3, str2, SAML2Constants.WANT_XACML_AUTHZ_DECISION_QUERY_SIGNED);
        if (attributeValueFromXACMLConfig == null) {
            attributeValueFromXACMLConfig = "false";
        }
        return attributeValueFromXACMLConfig.equalsIgnoreCase("true");
    }

    public static boolean validateCertificate(X509Certificate x509Certificate) {
        if (!checkCertStatus) {
            if (debug.messageEnabled()) {
                debug.message("validateCertificate :  CRL check is not configured. Just return it is good.");
            }
            return true;
        }
        boolean validateCertificate = CRLValidator.validateCertificate(x509Certificate, checkCAStatus);
        if (debug.messageEnabled()) {
            debug.message("validateCertificate :  certificate is validated to " + validateCertificate);
        }
        return validateCertificate;
    }

    public static SPAttributeMapper getSPAttributeMapper(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromSSOConfig = getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.SP_ATTRIBUTE_MAPPER);
            if (attributeValueFromSSOConfig == null) {
                attributeValueFromSSOConfig = SAML2Constants.DEFAULT_SP_ATTRIBUTE_MAPPER_CLASS;
            }
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getSPAttributeMapper: using " + attributeValueFromSSOConfig);
            }
            return (SPAttributeMapper) Class.forName(attributeValueFromSSOConfig).asSubclass(SPAttributeMapper.class).newInstance();
        } catch (Exception e) {
            debug.error("SAML2Utils.getSPAttributeMapper: Unable to get SP Attribute Mapper.", e);
            throw new SAML2Exception(e);
        }
    }

    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable, com.sun.identity.saml2.meta.SAML2MetaException] */
    public static Map getConfigAttributeMap(String str, String str2, String str3) throws SAML2Exception {
        if (str == null) {
            throw new SAML2Exception(bundle.getString("nullRealm"));
        }
        if (str2 == null) {
            throw new SAML2Exception(bundle.getString("nullHostEntityID"));
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getConfigAttributeMap: DefaultAttrMapper: relam=" + str + ", entity id=" + str2 + ", role=" + str3);
        }
        try {
            SPSSOConfigElement sPSSOConfigElement = null;
            if (str3.equals(SAML2Constants.SP_ROLE)) {
                sPSSOConfigElement = saml2MetaManager.getSPSSOConfig(str, str2);
            } else if (str3.equals(SAML2Constants.IDP_ROLE)) {
                sPSSOConfigElement = saml2MetaManager.getIDPSSOConfig(str, str2);
            }
            if (sPSSOConfigElement == null) {
                if (debug.warningEnabled()) {
                    debug.warning("SAML2Utils.getConfigAttributeMap: configuration is not defined.");
                }
                return Collections.EMPTY_MAP;
            }
            List<String> list = SAML2MetaUtils.getAttributes(sPSSOConfigElement).get(SAML2Constants.ATTRIBUTE_MAP);
            if (list != null && !list.isEmpty()) {
                return getMappedAttributes(list);
            }
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getConfigAttributeMap:Attribute map is not defined for entity: " + str2);
            }
            return Collections.EMPTY_MAP;
        } catch (SAML2MetaException e) {
            debug.error("SAML2Utils.getConfigAttributeMap: ", (Throwable) e);
            throw new SAML2Exception(e.getMessage());
        }
    }

    public static Map<String, String> getMappedAttributes(List<String> list) {
        if (list == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap(list.size());
        for (String str : list) {
            int indexOf = str.indexOf("=");
            if (indexOf != -1) {
                hashMap.put(str.substring(0, indexOf), str.substring(indexOf + 1));
            } else if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getMappedAttributes: Invalid entry: " + str);
            }
        }
        return hashMap;
    }

    public static Attribute getSAMLAttribute(String str, String[] strArr) throws SAML2Exception {
        String str2;
        String str3;
        if (str == null) {
            throw new SAML2Exception(bundle.getString("nullInput"));
        }
        Attribute createAttribute = AssertionFactory.getInstance().createAttribute();
        int indexOf = str.indexOf(SAML2Constants.DELIMITER);
        if (indexOf == -1) {
            str2 = str;
            str3 = SAML2Constants.BASIC_NAME_FORMAT;
        } else {
            if (indexOf >= str.length() - 1) {
                throw new SAML2Exception("Wrong format of the attribute Name");
            }
            str3 = str.substring(0, indexOf);
            str2 = str.substring(indexOf + 1);
        }
        createAttribute.setName(str2);
        createAttribute.setNameFormat(str3);
        if (strArr != null) {
            ArrayList arrayList = new ArrayList();
            for (String str4 : strArr) {
                arrayList.add(XMLUtils.escapeSpecialCharacters(str4));
            }
            createAttribute.setAttributeValueString(arrayList);
        }
        return createAttribute;
    }

    public static void postToTarget(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5) throws SAML2Exception {
        httpServletRequest.setAttribute("TARGET_URL", ESAPI.encoder().encodeForHTML(str5));
        httpServletRequest.setAttribute("SAML_MESSAGE_NAME", ESAPI.encoder().encodeForHTML(str));
        httpServletRequest.setAttribute("SAML_MESSAGE_VALUE", ESAPI.encoder().encodeForHTML(str2));
        httpServletRequest.setAttribute("RELAY_STATE_NAME", ESAPI.encoder().encodeForHTML(str3));
        httpServletRequest.setAttribute("RELAY_STATE_VALUE", ESAPI.encoder().encodeForHTML(str4));
        httpServletRequest.setAttribute("SAML_POST_KEY", bundle.getString("samlPostKey"));
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache,no-store");
        try {
            httpServletRequest.getRequestDispatcher("/saml2/jsp/autosubmitaccessrights.jsp").forward(httpServletRequest, httpServletResponse);
        } catch (ServletException e) {
            handleForwardException(e);
        } catch (IOException e2) {
            handleForwardException(e2);
        }
    }

    private static void handleForwardException(Exception exc) throws SAML2Exception {
        debug.error("Failed to forward to auto submitting JSP", exc);
        throw new SAML2Exception(bundle.getString("postToTargetFailed"));
    }

    public static String verifyNameIDFormat(String str, SPSSODescriptorElement sPSSODescriptorElement, IDPSSODescriptorElement iDPSSODescriptorElement) throws SAML2Exception {
        List nameIDFormat = sPSSODescriptorElement.getNameIDFormat();
        List list = null;
        if (iDPSSODescriptorElement != null) {
            list = iDPSSODescriptorElement.getNameIDFormat();
        }
        if (str != null && str.length() != 0) {
            if (str.equals("persistent") || str.equals("transient")) {
                str = SAML2Constants.NAMEID_FORMAT_NAMESPACE + str;
            }
            if (nameIDFormat != null && !nameIDFormat.isEmpty() && !nameIDFormat.contains(str)) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.verifyNameIDFormat: NameIDFormat not supported by SP: " + str);
                }
                throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "unsupportedNameIDFormatSP", new Object[]{str});
            }
            if (list != null && !list.isEmpty() && !list.contains(str)) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.verifyNameIDFormat: NameIDFormat not supported by IDP: " + str);
                }
                throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "unsupportedNameIDFormatIDP", new Object[]{str});
            }
        } else {
            if (list == null || list.isEmpty()) {
                return (nameIDFormat == null || nameIDFormat.isEmpty()) ? SAML2Constants.PERSISTENT : (String) nameIDFormat.get(0);
            }
            if (nameIDFormat == null || nameIDFormat.isEmpty()) {
                return (String) list.get(0);
            }
            str = null;
            Iterator it = nameIDFormat.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str2 = (String) it.next();
                if (list.contains(str2)) {
                    str = str2;
                    break;
                }
            }
            if (str == null) {
                throw new SAML2Exception(bundle.getString("unsupportedNameIDFormatIDPSP"));
            }
        }
        return str;
    }

    public static boolean isAuthnContextMatching(List list, String str, String str2, Map map) {
        Integer num = (Integer) map.get(str);
        if (num == null) {
            if (!debug.messageEnabled()) {
                return false;
            }
            debug.message("SAML2Utils.isAuthnContextMatching: AuthnContextClassRef " + str + " is not supported.");
            return false;
        }
        int intValue = num.intValue();
        if (str2 == null || str2.length() == 0 || str2.equals("exact")) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                if (((String) it.next()).equals(str)) {
                    return true;
                }
            }
            return false;
        }
        debug.message("SAML2Utils.isAuthnContextMatching: acClassRef = {}, level = {}, comparison = {}", new Object[]{str, Integer.valueOf(intValue), str2});
        if (str2.equals(IFSConstants.MINIMUM)) {
            Iterator it2 = list.iterator();
            while (it2.hasNext()) {
                String str3 = (String) it2.next();
                Integer num2 = (Integer) map.get(str3);
                int intValue2 = num2 == null ? 0 : num2.intValue();
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.isAuthnContextMatching: requstedACClassRef = " + str3 + ", level = " + intValue2);
                }
                if (intValue >= intValue2) {
                    return true;
                }
            }
            return false;
        }
        if (str2.equals(IFSConstants.BETTER)) {
            Iterator it3 = list.iterator();
            while (it3.hasNext()) {
                String str4 = (String) it3.next();
                Integer num3 = (Integer) map.get(str4);
                int intValue3 = num3 == null ? 0 : num3.intValue();
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.isAuthnContextMatching: requstedACClassRef = " + str4 + ", level = " + intValue3);
                }
                if (intValue <= intValue3) {
                    return false;
                }
            }
            return true;
        }
        if (!str2.equals(IFSConstants.MAXIMUM)) {
            return false;
        }
        Iterator it4 = list.iterator();
        while (it4.hasNext()) {
            String str5 = (String) it4.next();
            Integer num4 = (Integer) map.get(str5);
            int intValue4 = num4 == null ? 0 : num4.intValue();
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.isAuthnContextMatching: requstedACClassRef = " + str5 + ", level = " + intValue4);
            }
            if (intValue <= intValue4) {
                return true;
            }
        }
        return false;
    }

    public static void postToAppLogout(HttpServletRequest httpServletRequest, String str, Object obj) {
        String[] property;
        if (str != null) {
            try {
                if (str.length() == 0) {
                    return;
                }
                String str2 = str;
                String str3 = null;
                int indexOf = str.indexOf("appsessionproperty=");
                if (indexOf != -1) {
                    int indexOf2 = str.indexOf("&", indexOf);
                    if (indexOf2 != -1) {
                        str3 = str.substring(indexOf + SAML2Constants.APP_SESSION_PROPERTY.length() + 1, indexOf2);
                        str2 = str.substring(0, indexOf) + str.substring(indexOf2 + 1);
                    } else {
                        str3 = str.substring(indexOf + SAML2Constants.APP_SESSION_PROPERTY.length() + 1);
                        str2 = str.substring(0, indexOf - 1);
                    }
                }
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.postToAppLogout: appLogoutURL=" + str + ", real logoutURL=" + str2 + ", session property name: " + str3);
                }
                HttpURLConnection connection = HttpURLConnectionManager.getConnection(new URL(str2));
                connection.setDoOutput(true);
                connection.setRequestMethod("POST");
                HttpURLConnection.setFollowRedirects(false);
                connection.setInstanceFollowRedirects(false);
                String cookiesString = getCookiesString(httpServletRequest);
                if (cookiesString != null) {
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.postToAppLogout: Sending cookies : " + cookiesString);
                    }
                    connection.setRequestProperty("Cookie", cookiesString);
                }
                connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("");
                if (str3 != null && obj != null && (property = SessionManager.getProvider().getProperty(obj, str3)) != null && property.length != 0) {
                    int i = 0;
                    while (true) {
                        connection.setRequestProperty(URLEncDec.encode(str3), URLEncDec.encode(property[i]));
                        stringBuffer.append(URLEncDec.encode(str3)).append('=');
                        int i2 = i;
                        i++;
                        stringBuffer.append(URLEncDec.encode(property[i2]));
                        if (i == property.length) {
                            break;
                        } else {
                            stringBuffer.append('&');
                        }
                    }
                }
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.postToAppLogout: Sending content: " + stringBuffer.toString());
                }
                OutputStream outputStream = connection.getOutputStream();
                outputStream.write(stringBuffer.toString().getBytes());
                outputStream.flush();
                outputStream.close();
                if (connection.getResponseCode() != 200) {
                    debug.error("SAML2Utils.postToAppLogout: Response code NOT OK: " + connection.getResponseCode());
                } else if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.postToAppLogout: Response code OK");
                }
            } catch (SessionException e) {
                debug.error("SAML2Utils.postToAppLogout:  post to external app failed.", e);
            } catch (IOException e2) {
                debug.error("SAML2Utils.postToAppLogout:  post to external app failed.", e2);
            }
        }
    }

    public static String getCookiesString(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        StringBuffer stringBuffer = null;
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.getCookiesString: Cookie name = " + cookies[i].getName());
                    debug.message("SAML2Utils.getCookiesString:  Cookie value = " + cookies[i].getValue());
                }
                if (stringBuffer == null) {
                    stringBuffer = new StringBuffer();
                } else {
                    stringBuffer.append(';').append(" ");
                }
                if (cookies[i].getName().equals(sessionCookieName)) {
                    stringBuffer.append(cookies[i].getName()).append('=').append('\"').append(cookies[i].getValue()).append('\"');
                } else {
                    stringBuffer.append(cookies[i].getName()).append('=').append(cookies[i].getValue());
                }
            }
        }
        return stringBuffer != null ? stringBuffer.toString() : null;
    }

    public static boolean wantPOSTResponseSigned(String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils:getWantPOSTResponseSigned : : realm - " + str + "/: hostEntityId - " + str2 + ": entityRole - " + str3);
        }
        return "true".equalsIgnoreCase(getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.WANT_POST_RESPONSE_SIGNED));
    }

    public static boolean isSPProfileBindingSupported(String str, String str2, String str3, String str4) {
        if (saml2MetaManager == null || str == null || str2 == null || str3 == null || str4 == null) {
            return false;
        }
        try {
            SPSSODescriptorElement sPSSODescriptor = saml2MetaManager.getSPSSODescriptor(str, str2);
            List list = null;
            if (SAML2Constants.ACS_SERVICE.equals(str3)) {
                list = sPSSODescriptor.getAssertionConsumerService();
            } else if (SAML2Constants.SLO_SERVICE.equals(str3)) {
                list = sPSSODescriptor.getSingleLogoutService();
            } else if (SAML2Constants.MNI_SERVICE.equals(str3)) {
                list = sPSSODescriptor.getManageNameIDService();
            }
            if (list != null && !list.isEmpty()) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    if (str4.equals(((EndpointType) it.next()).getBinding())) {
                        return true;
                    }
                }
            }
            return false;
        } catch (SAML2MetaException e) {
            debug.error("SAML2Utils.isSPProfileBindingSupported:", e);
            return false;
        }
    }

    public static boolean isIDPProfileBindingSupported(String str, String str2, String str3, String str4) {
        if (saml2MetaManager == null || str == null || str2 == null || str3 == null || str4 == null) {
            return false;
        }
        try {
            IDPSSODescriptorElement iDPSSODescriptor = saml2MetaManager.getIDPSSODescriptor(str, str2);
            List list = null;
            if ("sso".equals(str3)) {
                list = iDPSSODescriptor.getSingleSignOnService();
            } else if (SAML2Constants.NAMEID_MAPPING_SERVICE.equals(str3)) {
                list = iDPSSODescriptor.getNameIDMappingService();
            } else if (SAML2Constants.ASSERTION_ID_REQUEST_SERVICE.equals(str3)) {
                list = saml2MetaManager.getAuthnAuthorityDescriptor(str, str2).getAssertionIDRequestService();
            } else if (SAML2Constants.ARTIFACT_RESOLUTION_SERVICE.equals(str3)) {
                list = iDPSSODescriptor.getArtifactResolutionService();
            } else if (SAML2Constants.SLO_SERVICE.equals(str3)) {
                list = iDPSSODescriptor.getSingleLogoutService();
            } else if (SAML2Constants.MNI_SERVICE.equals(str3)) {
                list = iDPSSODescriptor.getManageNameIDService();
            }
            if (list != null && !list.isEmpty()) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    if (str4.equals(((EndpointType) it.next()).getBinding())) {
                        return true;
                    }
                }
            }
            return false;
        } catch (SAML2MetaException e) {
            debug.error("SAML2Utils.isIDPProfileBindingSupported:", e);
            return false;
        }
    }

    public static boolean isRelayStateURLValid(HttpServletRequest httpServletRequest, String str, String str2) {
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        if (metaAliasByUri == null) {
            metaAliasByUri = httpServletRequest.getParameter("metaAlias");
        }
        return isRelayStateURLValid(metaAliasByUri, str, str2);
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public static boolean isRelayStateURLValid(String str, String str2, String str3) {
        boolean z = false;
        if (str != null) {
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            try {
                String entityByMetaAlias = saml2MetaManager.getEntityByMetaAlias(str);
                if (entityByMetaAlias != null) {
                    validateRelayStateURL(realmByMetaAlias, entityByMetaAlias, str2, str3);
                    z = true;
                }
            } catch (SAML2Exception e) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.isRelayStateURLValid(): relayState " + str2 + " for role " + str3 + " triggered an exception: " + e.getMessage(), (Throwable) e);
                }
                z = false;
            }
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.isRelayStateURLValid(): relayState " + str2 + " for role " + str3 + " was valid? " + z);
        }
        return z;
    }

    public static void validateRelayStateURL(String str, String str2, String str3, String str4) throws SAML2Exception {
        if (str3 != null && !str3.isEmpty() && !RELAY_STATE_VALIDATOR.isRedirectUrlValid(str3, ValidRelayStateExtractor.SAMLEntityInfo.from(str, str2, str4))) {
            throw new SAML2Exception(bundle.getString("invalidRelayStateUrl"));
        }
    }

    /* JADX WARN: Finally extract failed */
    public static HashMap sendRequestToOrigServer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        HashMap hashMap = new HashMap();
        if (debug.messageEnabled()) {
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str2 = (String) headerNames.nextElement();
                debug.message("SAML2Utils.sendRequestToOrigServer: Header name = " + str2 + " Value = " + httpServletRequest.getHeaders(str2));
            }
        }
        try {
            URL url = new URL(str);
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.sendRequestToOrigServer: Connecting to : " + url);
            }
            HttpURLConnection connection = HttpURLConnectionManager.getConnection(url);
            boolean equalsIgnoreCase = httpServletRequest.getMethod().equalsIgnoreCase("GET");
            if (equalsIgnoreCase) {
                connection.setRequestMethod("GET");
            } else {
                connection.setDoOutput(true);
                connection.setRequestMethod("POST");
            }
            HttpURLConnection.setFollowRedirects(false);
            connection.setInstanceFollowRedirects(false);
            String cookiesString = getCookiesString(httpServletRequest);
            if (cookiesString != null) {
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.sendRequestToOrigServer: Sending cookies : " + cookiesString);
                }
                connection.setRequestProperty("Cookie", cookiesString);
            }
            connection.setRequestProperty(SessionProvider.HOST, httpServletRequest.getHeader("host"));
            connection.setRequestProperty(SAMLConstants.ACCEPT_LANG_HEADER, httpServletRequest.getHeader(SAMLConstants.ACCEPT_LANG_HEADER));
            if (equalsIgnoreCase) {
                connection.connect();
            } else {
                String str3 = "";
                for (Map.Entry entry : httpServletRequest.getParameterMap().entrySet()) {
                    str3 = str3 + ((String) entry.getKey()) + "=" + URLEncDec.encode(((String[]) entry.getValue())[0]) + "&";
                }
                String substring = str3.substring(0, str3.length() - 1);
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.sendRequestToOrigServer: DATA to be SENT: " + substring);
                }
                OutputStreamWriter outputStreamWriter = null;
                try {
                    try {
                        outputStreamWriter = new OutputStreamWriter(connection.getOutputStream());
                        outputStreamWriter.write(substring);
                        outputStreamWriter.close();
                    } catch (IOException e) {
                        debug.error("SAML2Utils.sendRequestToOrigServer: Could not write to the destination", e);
                        outputStreamWriter.close();
                    }
                } catch (Throwable th) {
                    outputStreamWriter.close();
                    throw th;
                }
            }
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.sendRequestToOrigServer: RECEIVING DATA ... ");
                debug.message("SAML2Utils.sendRequestToOrigServer: Response Code: " + connection.getResponseCode());
                debug.message("SAML2Utils.sendRequestToOrigServer: Response Message: " + connection.getResponseMessage());
                debug.message("SAML2Utils.sendRequestToOrigServer: Follow redirect : " + HttpURLConnection.getFollowRedirects());
            }
            StringBuilder sb = new StringBuilder();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8"));
            char[] cArr = new char[1024];
            while (true) {
                int read = bufferedReader.read(cArr, 0, cArr.length);
                if (read == -1) {
                    break;
                }
                sb.append(cArr, 0, read);
            }
            String sb2 = sb.toString();
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.sendRequestToOrigServer: Received response data : " + sb2);
            }
            hashMap.put(SAML2Constants.OUTPUT_DATA, sb2);
            String headerField = connection.getHeaderField(LOCATION);
            if (headerField != null) {
                hashMap.put(SAML2Constants.AM_REDIRECT_URL, headerField);
            }
            hashMap.put(SAML2Constants.RESPONSE_CODE, Integer.toString(connection.getResponseCode()));
            processCookies(connection.getHeaderFields(), httpServletRequest, httpServletResponse);
        } catch (Exception e2) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.sendRequestToOrigServer: send exception : ", e2);
            }
        }
        return hashMap;
    }

    private static void processCookies(Map map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (debug.messageEnabled()) {
            debug.message("processCookies : headers : " + map);
        }
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            if (str != null && (str.equalsIgnoreCase("Set-cookie") || str.equalsIgnoreCase("Cookie"))) {
                List<String> list = (List) entry.getValue();
                if (list != null && !list.isEmpty()) {
                    String str2 = null;
                    String str3 = null;
                    String str4 = null;
                    String str5 = null;
                    for (String str6 : list) {
                        if (debug.messageEnabled()) {
                            debug.message("processCookies : cookie : " + str6);
                        }
                        StringTokenizer stringTokenizer = new StringTokenizer(str6, SAML2Constants.SECOND_DELIM);
                        while (stringTokenizer.hasMoreTokens()) {
                            String nextToken = stringTokenizer.nextToken();
                            int indexOf = nextToken.indexOf("=");
                            if (indexOf != -1) {
                                String trim = nextToken.substring(0, indexOf).trim();
                                String substring = nextToken.substring(indexOf + 1);
                                if (!trim.equalsIgnoreCase("JSESSIONID")) {
                                    if (isURLEncoded(substring)) {
                                        try {
                                            substring = URLDecoder.decode(substring, "UTF-8");
                                        } catch (UnsupportedEncodingException e) {
                                        }
                                    }
                                    if (trim.equalsIgnoreCase(LogUtil.DOMAIN)) {
                                        str2 = substring;
                                    } else if (!trim.equalsIgnoreCase("Expires") && !trim.equalsIgnoreCase("Max-Age") && !trim.equalsIgnoreCase(SAML2Constants.VERSION)) {
                                        if (trim.equalsIgnoreCase("Path")) {
                                            str3 = substring;
                                        } else {
                                            str4 = trim;
                                            str5 = substring;
                                        }
                                    }
                                }
                            }
                        }
                        Cookie createCookie = createCookie(str4, str5, str2, str3);
                        if ("LOGOUT".equals(str5)) {
                            createCookie.setMaxAge(0);
                        }
                        if (str4.equals(sessionCookieName)) {
                            createCookie.setMaxAge(0);
                        }
                        httpServletResponse.addCookie(createCookie);
                    }
                }
            }
        }
    }

    private static boolean isURLEncoded(String str) {
        boolean z = false;
        if (str != null && (str.indexOf("%") != -1 || str.indexOf("+") != -1)) {
            z = true;
        }
        return z;
    }

    public static Cookie createCookie(String str, String str2, String str3, String str4) {
        if (debug.messageEnabled()) {
            debug.message("cookieName   : " + str);
            debug.message("cookieValue  : " + str2);
            debug.message("cookieDomain : " + str3);
            debug.message("path : " + str4);
        }
        Cookie cookie = null;
        try {
            cookie = CookieUtils.newCookie(str, str2, str4, str3);
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("Error creating cookie. : " + e.getMessage());
            }
        }
        if (debug.messageEnabled()) {
            debug.message("createCookie Cookie is set : " + cookie);
        }
        return cookie;
    }

    public static boolean isIgnoreProfileSet(Object obj) throws SessionException {
        boolean z = false;
        if (obj != null) {
            String[] property = SessionManager.getProvider().getProperty(obj, "UserProfile");
            String str = "";
            if (property != null && property.length > 0) {
                str = property[0];
                z = "Ignore".equals(str);
            }
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.isIgnoreProfileSet: User profile from session = " + str + " ignoreProfile = " + z);
            }
        } else if (debug.messageEnabled()) {
            debug.message("SAML2Utils.isIgnoreProfileSet: User session was null");
        }
        return z;
    }

    public static String getSingleValuedSessionProperty(Object obj, String str) throws SessionException {
        return SessionManager.getProvider().getProperty(obj, str)[0];
    }

    static {
        saml2MetaManager = null;
        cotManager = null;
        serverPort = SystemPropertiesManager.get(SAMLConstants.SERVER_PORT);
        intServerPort = 0;
        bufferLen = (String) (SAML2ConfigService.getAttribute("bufferLength") == null ? "8192" : SAML2ConfigService.getAttribute("bufferLength"));
        checkCertStatus = false;
        checkCAStatus = false;
        RELAY_STATE_VALIDATOR = new RedirectUrlValidator<>(new ValidRelayStateExtractor());
        if (StringUtils.isBlank(serverPort)) {
            serverPort = String.valueOf(SAML2Constants.DEFAULT_SERVER_PORT);
            intServerPort = SAML2Constants.DEFAULT_SERVER_PORT;
        } else {
            try {
                intServerPort = Integer.parseInt(serverPort);
            } catch (NumberFormatException e) {
                debug.error("Unable to parse port " + serverPort, e);
                intServerPort = SAML2Constants.DEFAULT_SERVER_PORT;
            }
        }
        String property = SystemConfigurationUtil.getProperty(SAML2Constants.CHECK_SAML2_CERTIFICATE_STATUS, null);
        if (property != null) {
            checkCertStatus = Boolean.valueOf(property).booleanValue();
            checkCAStatus = Boolean.valueOf(SystemConfigurationUtil.getProperty(SAML2Constants.CHECK_SAML2_CA_STATUS, "false")).booleanValue();
            if (debug.messageEnabled()) {
                debug.message("SAML2 :  CRL check is configured to " + checkCertStatus);
                debug.message("SAML2 :  CRL check for CA is configured to " + checkCAStatus);
            }
        } else {
            checkCertStatus = CRLValidator.isCRLCheckEnabled();
            if (debug.messageEnabled()) {
                debug.message("SAML2 : CRL check is configured with old config style.");
            }
        }
        try {
            saml2MetaManager = new SAML2MetaManager();
        } catch (SAML2MetaException e2) {
            debug.error("Error retreiving metadata", e2);
        }
        try {
            cotManager = new CircleOfTrustManager();
        } catch (COTException e3) {
            debug.error("Error retreiving COT ", e3);
        }
        if (SystemConfigurationUtil.isServerMode() || SPCache.isFedlet) {
            CacheCleanUpScheduler.doSchedule();
        }
        assertionFactory = AssertionFactory.getInstance();
        randomGenerator = new SecureRandom();
    }
}
