package com.sun.identity.federation.services.fednsso;

import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountManager;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSRedirectException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSAMLRequest;
import com.sun.identity.federation.message.FSScoping;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.services.FSAssertionManager;
import com.sun.identity.federation.services.FSAuthContextResult;
import com.sun.identity.federation.services.FSAuthnDecisionHandler;
import com.sun.identity.federation.services.FSIDPProxy;
import com.sun.identity.federation.services.FSRealmIDPProxy;
import com.sun.identity.federation.services.FSSession;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.FSSessionPartner;
import com.sun.identity.federation.services.logout.FSTokenListener;
import com.sun.identity.federation.services.util.FSNameIdentifierHelper;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureManager;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.sae.api.Utils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.xmlsig.SigManager;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.URLEncDec;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/identity/federation/services/fednsso/FSSSOAndFedHandler.class */
public abstract class FSSSOAndFedHandler {
    private static FSIDPProxy proxyFinder;
    private static FSRealmIDPProxy realmProxyFinder;
    protected static IDFFMetaManager metaManager;
    protected HttpServletRequest request;
    protected HttpServletResponse response;
    protected SPDescriptorType spDescriptor;
    protected BaseConfigType spConfig;
    protected String spEntityId;
    protected String relayState;
    protected FSAuthnRequest authnRequest;
    protected Object ssoToken;
    protected String metaAlias;
    protected IDPDescriptorType hostedDesc;
    protected BaseConfigType hostedConfig;
    protected String realm;
    protected String hostedEntityId;
    protected Status noFedStatus;
    protected FSAccountManager accountManager;

    public void setMetaAlias(String str) {
        this.metaAlias = str;
        try {
            this.accountManager = FSAccountManager.getInstance(str);
        } catch (FSAccountMgmtException e) {
            FSUtils.debug.error("FSSSOAndFedHandler: couldn't obtain account manager:", e);
        }
    }

    public void setHostedEntityId(String str) {
        this.hostedEntityId = str;
    }

    public void setHostedDescriptor(IDPDescriptorType iDPDescriptorType) {
        this.hostedDesc = iDPDescriptorType;
    }

    public void setHostedDescriptorConfig(BaseConfigType baseConfigType) {
        this.hostedConfig = baseConfigType;
    }

    public String getHostedEntityId() {
        return this.hostedEntityId;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSSSOAndFedHandler() {
        this.request = null;
        this.response = null;
        this.spDescriptor = null;
        this.spConfig = null;
        this.spEntityId = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.metaAlias = null;
        this.hostedDesc = null;
        this.hostedConfig = null;
        this.realm = null;
        this.hostedEntityId = null;
        this.noFedStatus = null;
        this.accountManager = null;
    }

    public FSSSOAndFedHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, SPDescriptorType sPDescriptorType, BaseConfigType baseConfigType, String str, String str2, Object obj) {
        this.request = null;
        this.response = null;
        this.spDescriptor = null;
        this.spConfig = null;
        this.spEntityId = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.metaAlias = null;
        this.hostedDesc = null;
        this.hostedConfig = null;
        this.realm = null;
        this.hostedEntityId = null;
        this.noFedStatus = null;
        this.accountManager = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.relayState = str2;
        this.authnRequest = fSAuthnRequest;
        this.spDescriptor = sPDescriptorType;
        this.spConfig = baseConfigType;
        this.spEntityId = str;
        this.ssoToken = obj;
    }

    public FSSSOAndFedHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, SPDescriptorType sPDescriptorType, BaseConfigType baseConfigType, String str, String str2) {
        this.request = null;
        this.response = null;
        this.spDescriptor = null;
        this.spConfig = null;
        this.spEntityId = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.metaAlias = null;
        this.hostedDesc = null;
        this.hostedConfig = null;
        this.realm = null;
        this.hostedEntityId = null;
        this.noFedStatus = null;
        this.accountManager = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.authnRequest = fSAuthnRequest;
        this.spDescriptor = sPDescriptorType;
        this.spConfig = baseConfigType;
        this.spEntityId = str;
        this.relayState = str2;
    }

    public FSSSOAndFedHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.request = null;
        this.response = null;
        this.spDescriptor = null;
        this.spConfig = null;
        this.spEntityId = null;
        this.relayState = null;
        this.authnRequest = null;
        this.ssoToken = null;
        this.metaAlias = null;
        this.hostedDesc = null;
        this.hostedConfig = null;
        this.realm = null;
        this.hostedEntityId = null;
        this.noFedStatus = null;
        this.accountManager = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
    }

    public boolean processPreAuthnSSO(FSAuthnRequest fSAuthnRequest) {
        boolean z;
        String preferredIDP;
        FSAuthContextResult uRLForAuthnContext;
        FSAuthContextResult uRLForAuthnContext2;
        FSAuthContextResult uRLForAuthnContext3;
        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
        List list = null;
        String str = null;
        String str2 = null;
        FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.metaAlias);
        if (fSAuthnRequest.getAuthnContext() != null) {
            list = fSAuthnRequest.getAuthnContext().getAuthnContextClassRefList();
            if (list == null) {
                list = new ArrayList();
                list.add(IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD);
            }
            str2 = fSAuthnRequest.getAuthContextCompType();
            str = null;
        }
        Object obj = null;
        try {
            SessionProvider provider = SessionManager.getProvider();
            obj = provider.getSession(this.request);
            if (obj == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: session is null. User is not authenticated.");
                }
                z = false;
            } else if (provider.isValid(obj)) {
                FSSession session = fSSessionManager.getSession(obj);
                if (session != null) {
                    str = session.getAuthnContext();
                    if (str == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context information not found using default authentication context");
                        }
                        str = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
                    } else if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User has an existing valid session with authnContext: " + str);
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authenticated session information is not present in FSSessionManager. using default authentication context");
                    }
                    str = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
                }
                z = true;
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: session is not valid. User is not authenticated.");
                }
                z = false;
            }
            if (z) {
                try {
                    provider.addListener(obj, new FSTokenListener(this.metaAlias));
                } catch (Exception e) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Couldn't add listener to session:", e);
                    }
                }
            }
        } catch (SessionException e2) {
            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: SSOException Occured: User does not have session " + e2.getMessage());
            z = false;
        }
        if (!z) {
            try {
                if (isIDPProxyEnabled(fSAuthnRequest) && !fSAuthnRequest.getFederate() && (preferredIDP = getPreferredIDP(fSAuthnRequest)) != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:IDP to be proxied" + preferredIDP);
                    }
                    sendProxyAuthnRequest(fSAuthnRequest, preferredIDP);
                    return true;
                }
            } catch (FSRedirectException e3) {
                if (!FSUtils.debug.messageEnabled()) {
                    return true;
                }
                FSUtils.debug.message("FSSSOAndFedHandle.processPreAuthnSSO:Redirecting for the proxy handling.");
                return true;
            } catch (Exception e4) {
                FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:Exception occured while processing for the proxy.", e4);
                return false;
            }
        }
        try {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication status: " + z);
            }
            FSAuthnDecisionHandler fSAuthnDecisionHandler = new FSAuthnDecisionHandler(this.realm, this.hostedEntityId, this.request);
            ArrayList arrayList = new ArrayList();
            arrayList.add(IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT));
            if (fSAuthnRequest.getIsPassive()) {
                if (fSAuthnRequest.getForceAuthn()) {
                    if (!FSUtils.debug.warningEnabled()) {
                        return false;
                    }
                    FSUtils.debug.warning("FSSSOAndFedHandler.PreAuthnSSO: IDP is passive can't force authentication.");
                    return false;
                }
                if (!z) {
                    if (FSUtils.debug.warningEnabled()) {
                        FSUtils.debug.warning("FSSSOAndFedHandler.processPreAuthnSSO: IDP is passive and user is not authenticated");
                    }
                    this.noFedStatus = new Status(new StatusCode(IFSConstants.SAML_RESPONDER, new StatusCode("lib:NoPassive", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                    return false;
                }
                if (list != null) {
                    uRLForAuthnContext3 = fSAuthnDecisionHandler.decideAuthnContext(list, str, str2);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is default");
                    }
                    uRLForAuthnContext3 = fSAuthnDecisionHandler.getURLForAuthnContext(arrayList, str2);
                }
                if (uRLForAuthnContext3 == null) {
                    return false;
                }
                if (uRLForAuthnContext3.getLoginURL() != null) {
                    FSUtils.forwardRequest(this.request, this.response, formatLoginURL(uRLForAuthnContext3.getLoginURL(), uRLForAuthnContext3.getAuthContextRef()));
                    return true;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is evaluated to be valid");
                }
                return processPostAuthnSSO(fSAuthnRequest);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: AuthnRequest is active");
            }
            if (fSAuthnRequest.getForceAuthn()) {
                FSAuthContextResult uRLForAuthnContext4 = list != null ? fSAuthnDecisionHandler.getURLForAuthnContext(list, str2) : fSAuthnDecisionHandler.getURLForAuthnContext(arrayList);
                if (uRLForAuthnContext4 == null || uRLForAuthnContext4.getLoginURL() == null || uRLForAuthnContext4.getLoginURL().length() == 0) {
                    if (!FSUtils.debug.messageEnabled()) {
                        return false;
                    }
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:AuthnDecision engine failed to take a authn decision");
                    return false;
                }
                if (obj != null) {
                    try {
                        SessionManager.getProvider().invalidateSession(obj, this.request, this.response);
                    } catch (SessionException e5) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:Unable to invalidate the sso session.");
                    }
                }
                String loginURL = uRLForAuthnContext4.getLoginURL();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: AuthnDecision engine returned: " + loginURL);
                }
                FSUtils.forwardRequest(this.request, this.response, formatLoginURL(loginURL, uRLForAuthnContext4.getAuthContextRef()));
                this.response.flushBuffer();
                return true;
            }
            if (z) {
                if (list != null) {
                    uRLForAuthnContext2 = fSAuthnDecisionHandler.decideAuthnContext(list, str, str2);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is default");
                    }
                    uRLForAuthnContext2 = fSAuthnDecisionHandler.getURLForAuthnContext(arrayList, str2);
                }
                if (uRLForAuthnContext2 == null) {
                    return false;
                }
                if (uRLForAuthnContext2.getLoginURL() == null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is evaluated to be valid");
                    }
                    return processPostAuthnSSO(fSAuthnRequest);
                }
                if (uRLForAuthnContext2.getLoginURL().length() == 0) {
                    return false;
                }
                String loginURL2 = uRLForAuthnContext2.getLoginURL();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: AuthnDecision engine returned: " + loginURL2);
                }
                FSUtils.forwardRequest(this.request, this.response, formatLoginURL(loginURL2, uRLForAuthnContext2.getAuthContextRef()));
                return true;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: AuthnRequest is active");
            }
            if (list != null) {
                uRLForAuthnContext = fSAuthnDecisionHandler.getURLForAuthnContext(list, str2);
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: User's authentication context is default");
                }
                uRLForAuthnContext = fSAuthnDecisionHandler.getURLForAuthnContext(arrayList, str2);
            }
            if (uRLForAuthnContext == null || uRLForAuthnContext.getLoginURL() == null || uRLForAuthnContext.getLoginURL().length() == 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO:  AuthnDecision engine failed to take a decision");
                }
                this.noFedStatus = new Status(new StatusCode(IFSConstants.SAML_RESPONDER, new StatusCode("lib:NoAuthnContext", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                return false;
            }
            String loginURL3 = uRLForAuthnContext.getLoginURL();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: AuthnDecision engine returned: " + loginURL3);
            }
            FSUtils.forwardRequest(this.request, this.response, formatLoginURL(loginURL3, uRLForAuthnContext.getAuthContextRef()));
            return true;
        } catch (Exception e6) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: Exception occured");
            return processPostAuthnSSO(fSAuthnRequest);
        }
    }

    public String formatLoginURL(String str, String str2) {
        FSUtils.debug.message("FSSSOAndFedHandler.formatLoginURL: Called");
        try {
            if (str == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.formatLoginURL: ");
                return null;
            }
            String singleSignOnServiceURL = this.hostedDesc.getSingleSignOnServiceURL();
            StringBuffer stringBuffer = new StringBuffer(singleSignOnServiceURL);
            if (singleSignOnServiceURL.indexOf(63) == -1) {
                stringBuffer.append("?");
            } else {
                stringBuffer.append("&");
            }
            stringBuffer.append(IFSConstants.AUTHN_INDICATOR_PARAM).append("=").append("true").append("&").append("AuthnContext").append("=").append(URLEncDec.encode(str2)).append("&").append("realm").append("=").append(URLEncDec.encode(this.realm)).append("&").append(IFSConstants.PROVIDER_ID_KEY).append("=").append(URLEncDec.encode(this.hostedEntityId)).append("&").append("metaAlias").append("=").append(URLEncDec.encode(this.metaAlias)).append("&").append("RequestID").append("=").append(URLEncDec.encode(this.authnRequest.getRequestID()));
            String str3 = FSServiceUtils.getBaseURL(this.request) + IFSConstants.POST_LOGIN_PAGE;
            StringBuffer stringBuffer2 = new StringBuffer(str3);
            if (str3.indexOf(63) == -1) {
                stringBuffer2.append("?");
            } else {
                stringBuffer2.append("&");
            }
            stringBuffer2.append("RelayState").append("=").append(URLEncDec.encode(stringBuffer.toString())).append("&").append("sso").append("=").append("true").append("&").append("metaAlias").append("=").append(this.metaAlias);
            StringBuffer stringBuffer3 = new StringBuffer(100);
            stringBuffer3.append(str);
            if (str.indexOf(63) == -1) {
                stringBuffer3.append("?");
            } else {
                stringBuffer3.append("&");
            }
            stringBuffer3.append("goto").append("=").append(URLEncDec.encode(stringBuffer2.toString()));
            stringBuffer3.append("&").append("org").append("=").append(URLEncDec.encode(this.realm));
            int length = stringBuffer3.length() - 1;
            if (stringBuffer3.charAt(length) == '&') {
                stringBuffer3 = stringBuffer3.deleteCharAt(length);
            }
            return stringBuffer3.toString();
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOAndFedHandler.formatLoginURL: Exception: ", e);
            return null;
        }
    }

    public boolean processPostAuthnSSO(FSAuthnRequest fSAuthnRequest) {
        FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: Called");
        try {
            SessionProvider provider = SessionManager.getProvider();
            if (this.ssoToken == null) {
                this.ssoToken = provider.getSession(this.request);
            }
            if (this.ssoToken == null || !provider.isValid(this.ssoToken)) {
                FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: session is not valid.");
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: session is valid.");
            }
            try {
                String principalName = provider.getPrincipalName(this.ssoToken);
                String sessionID = provider.getSessionID(this.ssoToken);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: UserID of the principal in the session: " + principalName + "sessionID of the session: " + sessionID);
                }
                FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.metaAlias);
                FSSession session = fSSessionManager.getSession(principalName, sessionID);
                if (session != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: An existing SSO session found with ID:" + session.getSessionID());
                    }
                    session.addSessionPartner(new FSSessionPartner(this.spEntityId, false));
                    fSSessionManager.addSession(principalName, session);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: No existing SSO session found. Entering a new session to the session manager with ID: " + sessionID);
                    }
                    session = new FSSession(sessionID);
                    session.setSessionIndex(SAMLUtils.generateID());
                    session.addSessionPartner(new FSSessionPartner(this.spEntityId, false));
                    fSSessionManager.addSession(principalName, session);
                }
                String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostedConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
                if (!fSAuthnRequest.getFederate() && (firstAttributeValueFromConfig == null || !firstAttributeValueFromConfig.equalsIgnoreCase("true"))) {
                    return doSingleSignOn(this.ssoToken, fSAuthnRequest.getRequestID());
                }
                FSAccountFedInfo doAccountFederation = doAccountFederation(this.ssoToken, fSAuthnRequest, session);
                if (doAccountFederation == null) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: Accountfederation failed");
                    return false;
                }
                NameIdentifier remoteNameIdentifier = doAccountFederation.getRemoteNameIdentifier();
                NameIdentifier localNameIdentifier = doAccountFederation.getLocalNameIdentifier();
                if (localNameIdentifier == null) {
                    localNameIdentifier = doAccountFederation.getRemoteNameIdentifier();
                    if (localNameIdentifier == null) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: Opaque handle not found");
                        return false;
                    }
                }
                if (remoteNameIdentifier == null) {
                    remoteNameIdentifier = localNameIdentifier;
                }
                return doSingleSignOn(this.ssoToken, fSAuthnRequest.getRequestID(), remoteNameIdentifier, localNameIdentifier);
            } catch (SessionException e) {
                FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: SessionException occured. Principal information not found in the session: ", e);
                return false;
            }
        } catch (SessionException e2) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: ", e2);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSAuthnResponse createAuthnResponse(Object obj, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse:  Called");
        try {
            String requestID = this.authnRequest.getRequestID();
            FSAssertion createFSAssertion = FSAssertionManager.getInstance(this.metaAlias).createFSAssertion(SessionManager.getProvider().getSessionID(obj), null, this.realm, this.spEntityId, nameIdentifier, nameIdentifier2, str, this.authnRequest.getMinorVersion());
            Status status = new Status(new StatusCode("samlp:Success"));
            ArrayList arrayList = new ArrayList();
            arrayList.add(createFSAssertion);
            FSAuthnResponse fSAuthnResponse = new FSAuthnResponse(null, requestID, status, arrayList, this.relayState);
            fSAuthnResponse.setMinorVersion(this.authnRequest.getMinorVersion());
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse: CHECK1: " + this.hostedEntityId);
            }
            fSAuthnResponse.setProviderId(this.hostedEntityId);
            return fSAuthnResponse;
        } catch (FSException e) {
            FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: FSException: ", e);
            return null;
        } catch (SessionException e2) {
            FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: SessionException: ", e2);
            return null;
        } catch (SAMLException e3) {
            FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: SAMLException: ", e3);
            return null;
        }
    }

    protected boolean doSingleSignOn(Object obj, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        return false;
    }

    protected boolean doSingleSignOn(Object obj, String str) {
        NameIdentifier localNameIdentifier;
        String nameQualifier;
        FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn(2):  Called");
        try {
            String providerId = this.authnRequest.getProviderId();
            String affiliationID = this.authnRequest.getAffiliationID();
            if (affiliationID != null) {
                providerId = affiliationID;
            }
            String principalName = SessionManager.getProvider().getPrincipalName(obj);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: Initiating SSO for user with ID: " + principalName);
            }
            FSAccountFedInfo readAccountFedInfo = this.accountManager.readAccountFedInfo(principalName, providerId);
            if (readAccountFedInfo == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: Account Federation Information not found for user with ID: " + principalName);
                this.noFedStatus = new Status(new StatusCode(IFSConstants.SAML_RESPONDER, new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                LogUtil.error(Level.INFO, LogUtil.USER_ACCOUNT_FEDERATION_INFO_NOT_FOUND, new String[]{principalName}, obj);
                return false;
            }
            if (readAccountFedInfo != null && readAccountFedInfo.isFedStatusActive() && readAccountFedInfo.getLocalNameIdentifier() != null && (nameQualifier = (localNameIdentifier = readAccountFedInfo.getLocalNameIdentifier()).getNameQualifier()) != null && nameQualifier.equals(this.hostedEntityId)) {
                NameIdentifier nameIdentifier = new NameIdentifier(localNameIdentifier.getName(), providerId);
                NameIdentifier remoteNameIdentifier = readAccountFedInfo.getRemoteNameIdentifier();
                if (remoteNameIdentifier != null) {
                    remoteNameIdentifier = new NameIdentifier(remoteNameIdentifier.getName(), providerId);
                }
                FSAccountFedInfoKey fSAccountFedInfoKey = new FSAccountFedInfoKey(providerId, nameIdentifier.getName());
                readAccountFedInfo = new FSAccountFedInfo(providerId, nameIdentifier, remoteNameIdentifier, false);
                this.accountManager.writeAccountFedInfo(principalName, fSAccountFedInfoKey, readAccountFedInfo);
                this.accountManager.removeAccountFedInfoKey(principalName, new FSAccountFedInfoKey(this.hostedEntityId, nameIdentifier.getName()));
            }
            NameIdentifier localNameIdentifier2 = readAccountFedInfo.getLocalNameIdentifier();
            if (localNameIdentifier2 == null) {
                localNameIdentifier2 = readAccountFedInfo.getRemoteNameIdentifier();
                if (localNameIdentifier2 == null) {
                    FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: NameIdentifier not found");
                    return false;
                }
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: IDP generated opaque handle: " + localNameIdentifier2.getName());
            }
            NameIdentifier remoteNameIdentifier2 = readAccountFedInfo.getRemoteNameIdentifier();
            if (remoteNameIdentifier2 == null) {
                remoteNameIdentifier2 = localNameIdentifier2;
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: SP generated opaque handle: " + remoteNameIdentifier2.getName());
            }
            return doSingleSignOn(obj, str, remoteNameIdentifier2, localNameIdentifier2);
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: Exception during Single Sign-On:", e);
            return false;
        }
    }

    protected FSAccountFedInfo doAccountFederation(Object obj, FSAuthnRequest fSAuthnRequest, FSSession fSSession) {
        FSAccountFedInfoKey fSAccountFedInfoKey;
        FSAccountFedInfo readAccountFedInfo;
        FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: Called");
        String nameIDPolicy = fSAuthnRequest.getNameIDPolicy();
        String affiliationID = fSAuthnRequest.getAffiliationID();
        boolean z = false;
        if (affiliationID != null) {
            try {
                z = metaManager.isAffiliateMember(this.realm, this.hostedEntityId, affiliationID);
            } catch (Exception e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation:Error in checking for the affiliation:", e);
                }
            }
        }
        try {
            String principalName = SessionManager.getProvider().getPrincipalName(obj);
            if (z && (readAccountFedInfo = this.accountManager.readAccountFedInfo(principalName, affiliationID)) != null && readAccountFedInfo.isFedStatusActive()) {
                return readAccountFedInfo;
            }
            String providerId = fSAuthnRequest.getProviderId();
            FSAccountFedInfo readAccountFedInfo2 = this.accountManager.readAccountFedInfo(principalName, providerId);
            if (readAccountFedInfo2 != null && readAccountFedInfo2.isFedStatusActive()) {
                return readAccountFedInfo2;
            }
            String createNameIdentifier = new FSNameIdentifierHelper(this.hostedConfig).createNameIdentifier();
            if (createNameIdentifier == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: Could not generate handle");
                return null;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: Generated handle: " + createNameIdentifier);
            }
            if (z) {
                providerId = affiliationID;
            }
            NameIdentifier nameIdentifier = new NameIdentifier(createNameIdentifier, providerId);
            if (fSAuthnRequest.getMinorVersion() == 2) {
                if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
                    nameIdentifier.setFormat(IFSConstants.NI_FEDERATED_FORMAT_URI);
                } else {
                    nameIdentifier.setFormat(IFSConstants.NI_ONETIME_FORMAT_URI);
                }
            }
            FSAccountFedInfo fSAccountFedInfo = new FSAccountFedInfo(fSAuthnRequest.getProviderId(), nameIdentifier, (NameIdentifier) null, false);
            if (z) {
                fSAccountFedInfoKey = new FSAccountFedInfoKey(affiliationID, createNameIdentifier);
                fSAccountFedInfo.setAffiliation(true);
            } else {
                fSAccountFedInfoKey = new FSAccountFedInfoKey(fSAuthnRequest.getProviderId(), createNameIdentifier);
            }
            if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
                this.accountManager.writeAccountFedInfo(principalName, fSAccountFedInfoKey, fSAccountFedInfo);
            } else {
                fSSession.setOneTime(true);
                fSSession.setAccountFedInfo(fSAccountFedInfo);
                fSSession.setUserID(principalName);
            }
            return fSAccountFedInfo;
        } catch (Exception e2) {
            FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: Exception when doing account federation", e2);
            return null;
        }
    }

    protected void returnErrorResponse() {
    }

    public FSResponse processSAMLRequest(FSSAMLRequest fSSAMLRequest) {
        FSUtils.debug.error("FSSSOAndFedHandler.processSAMLRequest: Call should not resolve here, abstract class.");
        return null;
    }

    public void processAuthnRequest(FSAuthnRequest fSAuthnRequest, boolean z) {
        FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: Called");
        this.authnRequest = fSAuthnRequest;
        String requestID = fSAuthnRequest.getRequestID();
        this.spEntityId = fSAuthnRequest.getProviderId();
        try {
            this.spDescriptor = metaManager.getSPDescriptor(this.realm, this.spEntityId);
            this.spConfig = metaManager.getSPDescriptorConfig(this.realm, this.spEntityId);
            if (!metaManager.isTrustedProvider(this.realm, this.hostedEntityId, this.spEntityId)) {
                FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: RemoteProvider is not trusted");
                FSAuthnResponse fSAuthnResponse = new FSAuthnResponse(null, requestID, new Status(new StatusCode(IFSConstants.SAML_RESPONDER), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                fSAuthnResponse.setMinorVersion(fSAuthnRequest.getMinorVersion());
                sendAuthnResponse(fSAuthnResponse);
                return;
            }
            if (z) {
                if (processPostAuthnSSO(fSAuthnRequest)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing successful");
                        return;
                    }
                    return;
                } else {
                    if (FSUtils.debug.warningEnabled()) {
                        FSUtils.debug.warning("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing failed");
                    }
                    FSAuthnResponse fSAuthnResponse2 = new FSAuthnResponse(null, requestID, this.noFedStatus != null ? this.noFedStatus : new Status(new StatusCode(IFSConstants.SAML_RESPONDER), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                    fSAuthnResponse2.setMinorVersion(fSAuthnRequest.getMinorVersion());
                    sendAuthnResponse(fSAuthnResponse2);
                    return;
                }
            }
            boolean isAuthnRequestsSigned = this.spDescriptor.isAuthnRequestsSigned();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: ProviderID : " + this.spEntityId + " AuthnRequestSigned :this is for testing " + isAuthnRequestsSigned);
            }
            if (FSServiceUtils.isSigningOn() && isAuthnRequestsSigned) {
                if (!verifyRequestSignature(fSAuthnRequest)) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Signature Verification Failed");
                    String string = FSUtils.bundle.getString("signatureVerificationFailed");
                    LogUtil.error(Level.INFO, LogUtil.SIGNATURE_VERIFICATION_FAILED, new String[]{string}, this.ssoToken);
                    FSAuthnResponse fSAuthnResponse3 = new FSAuthnResponse(null, requestID, new Status(new StatusCode(IFSConstants.SAML_RESPONDER, new StatusCode("lib:UnsignedAuthnRequest", null)), string, null), null, this.relayState);
                    fSAuthnResponse3.setMinorVersion(fSAuthnRequest.getMinorVersion());
                    sendAuthnResponse(fSAuthnResponse3);
                    return;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler. processAuthnRequest: AuthnRequest Signature Verified");
                }
            }
            if (processPreAuthnSSO(fSAuthnRequest)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing successful");
                    return;
                }
                return;
            }
            if (FSUtils.debug.warningEnabled()) {
                FSUtils.debug.warning("FSSSOAndFedHandler.processAuthnRequest: AuthnRequest Processing failed");
            }
            LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, new String[]{FSUtils.bundle.getString("AuthnRequestProcessingFailed")}, this.ssoToken);
            Status status = new Status(new StatusCode(IFSConstants.SAML_RESPONDER), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
            if (this.noFedStatus != null) {
                status = this.noFedStatus;
            }
            FSAuthnResponse fSAuthnResponse4 = new FSAuthnResponse(null, requestID, status, null, this.relayState);
            fSAuthnResponse4.setMinorVersion(fSAuthnRequest.getMinorVersion());
            sendAuthnResponse(fSAuthnResponse4);
        } catch (Exception e) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            e.printStackTrace(new PrintStream(byteArrayOutputStream));
            FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: Exception Occured: " + e.getMessage() + "Stack trace is " + byteArrayOutputStream.toString());
            try {
                FSAuthnResponse fSAuthnResponse5 = new FSAuthnResponse(null, requestID, new Status(new StatusCode(IFSConstants.SAML_RESPONDER), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), null, this.relayState);
                fSAuthnResponse5.setMinorVersion(fSAuthnRequest.getMinorVersion());
                sendAuthnResponse(fSAuthnResponse5);
            } catch (Exception e2) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: Exception Occured: ", e2);
                }
            }
        }
    }

    protected void sendAuthnResponse(FSAuthnResponse fSAuthnResponse) {
        FSUtils.debug.error("FSSSOAndFedHandler.sendAuthnResponse: Call should not resolve here. error");
    }

    public void setSPDescriptor(SPDescriptorType sPDescriptorType) {
        this.spDescriptor = sPDescriptorType;
    }

    public SPDescriptorType getProvider() {
        return this.spDescriptor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifyRequestSignature(FSAuthnRequest fSAuthnRequest) {
        String str;
        FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Called");
        try {
            X509Certificate verificationCert = KeyUtil.getVerificationCert(this.spDescriptor, this.spEntityId, false);
            if (verificationCert == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: couldn't obtain this site's cert.");
                }
                throw new FSException(IFSConstants.NO_CERT, (Object[]) null);
            }
            if (!this.request.getMethod().equals(Utils.GET)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Request is sent by POST ");
                }
                int minorVersion = fSAuthnRequest.getMinorVersion();
                if (minorVersion == 0) {
                    return SigManager.getSigInstance().verify(fSAuthnRequest.getSignedXMLString(), "id", Collections.singleton(verificationCert));
                }
                if (minorVersion == 2) {
                    return SigManager.getSigInstance().verify(fSAuthnRequest.getSignedXMLString(), "RequestID", Collections.singleton(verificationCert));
                }
                FSUtils.debug.message("invalid minor version.");
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Request is sent by GET");
            }
            String parameter = this.request.getParameter(SAML2Constants.SIG_ALG);
            String parameter2 = this.request.getParameter("Signature");
            if (parameter == null || parameter.length() == 0 || parameter2 == null || parameter2.length() == 0) {
                return false;
            }
            if (parameter.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
                str = "SHA1withDSA";
            } else {
                if (!parameter.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                    FSUtils.debug.error("FSSSOAndFedHandler.signAndReturnQueryString: Invalid signature algorithim");
                    return false;
                }
                str = "SHA1withRSA";
            }
            String queryString = this.request.getQueryString();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: queryString:" + queryString);
            }
            String substring = queryString.substring(0, queryString.indexOf("&Signature"));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Signature: " + parameter2 + "Algorithm: " + str);
            }
            byte[] decode = Base64.decode(parameter2);
            FSSignatureManager fSSignatureManager = FSSignatureManager.getInstance();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: String to be verified: " + substring);
            }
            return fSSignatureManager.verifySignature(substring, decode, str, verificationCert);
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOAndFedHandler.verifyRequestSignature: Exception occured while verifying SP's signature:", e);
            return false;
        }
    }

    public static String cleanMetaAlias(HttpServletRequest httpServletRequest) {
        FSUtils.debug.message("FSSSOAndFedHandler.cleanMetaAlias: Called");
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        String str = new String();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            if (str2.equalsIgnoreCase("metaAlias")) {
                FSUtils.debug.message("FSSSOAndFedHandler.cleanMetaAlias: found metaAlias");
            } else {
                String parameter = httpServletRequest.getParameter(str2);
                str = (str == null || str.length() < 1) ? str2 + "=" + URLEncDec.encode(parameter) : str + "&" + str2 + "=" + URLEncDec.encode(parameter);
            }
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.cleanMetaAlias:  returning with " + str);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendProxyAuthnRequest(FSAuthnRequest fSAuthnRequest, String str) throws FSException, IOException {
        FSAuthnRequest newAuthnRequest = getNewAuthnRequest(fSAuthnRequest);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.sendProxyAuthnRequest:New Authentication request:" + newAuthnRequest.toXMLString());
        }
        FSSessionManager fSSessionManager = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(this.realm, this.hostedEntityId, IFSConstants.SP, null));
        String requestID = newAuthnRequest.getRequestID();
        fSSessionManager.setAuthnRequest(requestID, newAuthnRequest);
        fSSessionManager.setProxySPDescriptor(requestID, this.spDescriptor);
        fSSessionManager.setProxySPAuthnRequest(requestID, fSAuthnRequest);
        fSSessionManager.setIDPEntityID(requestID, str);
        try {
            String singleSignOnServiceURL = metaManager.getIDPDescriptor(this.realm, str).getSingleSignOnServiceURL();
            if (singleSignOnServiceURL == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.sendProxyAuthnRequest: Single Sign-on service is not found for the proxying IDP");
                return;
            }
            SPDescriptorType sPDescriptor = metaManager.getSPDescriptor(this.realm, this.hostedEntityId);
            SPDescriptorConfigElement sPDescriptorConfig = metaManager.getSPDescriptorConfig(this.realm, this.hostedEntityId);
            String uRLEncodedQueryString = newAuthnRequest.toURLEncodedQueryString();
            if (FSServiceUtils.isSigningOn()) {
                String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(sPDescriptorConfig, "signingCertAlias");
                if (sPDescriptor.isAuthnRequestsSigned()) {
                    uRLEncodedQueryString = FSSignatureUtil.signAndReturnQueryString(uRLEncodedQueryString, firstAttributeValueFromConfig);
                }
            }
            StringBuffer stringBuffer = new StringBuffer(1000);
            if (singleSignOnServiceURL.indexOf("?") != -1) {
                stringBuffer.append(singleSignOnServiceURL).append("&").append(uRLEncodedQueryString);
            } else {
                stringBuffer.append(singleSignOnServiceURL).append("?").append(uRLEncodedQueryString);
            }
            String stringBuffer2 = stringBuffer.toString();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.sendProxyAuthnRequest:SSO URL to be redirected" + stringBuffer2);
            }
            HttpServletResponse httpServletResponse = this.response;
            HttpServletResponse httpServletResponse2 = this.response;
            httpServletResponse.setStatus(302);
            this.response.setHeader("Location", stringBuffer2);
            this.response.sendRedirect(stringBuffer2);
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOAndFedHandler.sendProxyAuthnRequest:", e);
        }
    }

    protected boolean isIDPProxyEnabled(FSAuthnRequest fSAuthnRequest) throws FSException {
        String firstAttributeValueFromConfig;
        if (fSAuthnRequest.getMinorVersion() != 2) {
            return false;
        }
        FSScoping scoping = fSAuthnRequest.getScoping();
        return (scoping == null || scoping.getProxyCount() != 0) && (firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.spConfig, "enableIDPProxy")) != null && firstAttributeValueFromConfig.equalsIgnoreCase("true");
    }

    private String getPreferredIDP(FSAuthnRequest fSAuthnRequest) throws FSRedirectException {
        return realmProxyFinder != null ? realmProxyFinder.getPreferredIDP(fSAuthnRequest, this.realm, this.hostedEntityId, this.request, this.response) : proxyFinder.getPreferredIDP(fSAuthnRequest, this.hostedEntityId, this.request, this.response);
    }

    private FSAuthnRequest getNewAuthnRequest(FSAuthnRequest fSAuthnRequest) throws FSException {
        int proxyCount;
        try {
            FSAuthnRequest fSAuthnRequest2 = new FSAuthnRequest(null, fSAuthnRequest.getRespondWith(), this.hostedEntityId, fSAuthnRequest.getForceAuthn(), fSAuthnRequest.getIsPassive(), false, fSAuthnRequest.getNameIDPolicy(), fSAuthnRequest.getProtocolProfile(), fSAuthnRequest.getAuthnContext(), fSAuthnRequest.getRelayState(), fSAuthnRequest.getAuthContextCompType());
            fSAuthnRequest2.setMinorVersion(2);
            FSScoping scoping = fSAuthnRequest.getScoping();
            if (scoping != null && (proxyCount = scoping.getProxyCount()) > 0) {
                FSScoping fSScoping = new FSScoping();
                fSScoping.setProxyCount(proxyCount - 1);
                fSScoping.setIDPList(scoping.getIDPList());
                fSAuthnRequest2.setScoping(fSScoping);
            }
            return fSAuthnRequest2;
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOAndFedHandler.getNewAuthnRequest:Error in creating new authn request.", e);
            throw new FSException(e);
        }
    }

    static {
        proxyFinder = null;
        realmProxyFinder = null;
        metaManager = null;
        metaManager = FSUtils.getIDFFMetaManager();
        try {
            String property = SystemConfigurationUtil.getProperty("com.sun.identity.federation.proxyfinder");
            if (property != null && property.length() != 0) {
                Object newInstance = Thread.currentThread().getContextClassLoader().loadClass(property).newInstance();
                if (newInstance instanceof FSRealmIDPProxy) {
                    realmProxyFinder = (FSRealmIDPProxy) newInstance;
                } else if (newInstance instanceof FSIDPProxy) {
                    proxyFinder = (FSIDPProxy) newInstance;
                }
            }
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOAndFedHandler:Static Init Failed", e);
        }
    }
}
