package com.sun.identity.saml2.profile;

import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.EncryptedAssertion;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.assertion.Subject;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2FailoverUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.common.SOAPCommunicator;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.SAML2IDPFinder;
import com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter;
import com.sun.identity.saml2.protocol.AuthnRequest;
import com.sun.identity.saml2.protocol.IDPEntry;
import com.sun.identity.saml2.protocol.IDPList;
import com.sun.identity.saml2.protocol.LogoutRequest;
import com.sun.identity.saml2.protocol.LogoutResponse;
import com.sun.identity.saml2.protocol.NameIDPolicy;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Scoping;
import com.sun.identity.saml2.protocol.impl.RequesterIDImpl;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;
import org.forgerock.openam.saml2.audit.SAML2EventLogger;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:com/sun/identity/saml2/profile/IDPProxyUtil.class */
public class IDPProxyUtil {
    private static SAML2MetaManager sm;
    private static Debug debug = SAML2Utils.debug;
    private static SessionProvider sessionProvider;

    private IDPProxyUtil() {
    }

    public static String getPreferredIDP(AuthnRequest authnRequest, String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SAML2Exception {
        List preferredIDP = getIDPProxyFinder(str2, str).getPreferredIDP(authnRequest, str, str2, httpServletRequest, httpServletResponse);
        if (preferredIDP == null || preferredIDP.isEmpty()) {
            return null;
        }
        return (String) preferredIDP.get(0);
    }

    /* JADX WARN: Type inference failed for: r26v0, types: [java.lang.Throwable, com.sun.identity.saml2.meta.SAML2MetaException] */
    public static void sendProxyAuthnRequest(AuthnRequest authnRequest, String str, SPSSODescriptorElement sPSSODescriptorElement, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str3, String str4, String str5) throws SAML2Exception, IOException {
        try {
            IDPSSODescriptorElement iDPSSODescriptor = IDPSSOUtil.metaManager.getIDPSSODescriptor(str3, str);
            SingleSignOnServiceElement matchingSSOEndpoint = getMatchingSSOEndpoint(iDPSSODescriptor.getSingleSignOnService(), str5);
            if (matchingSSOEndpoint == null) {
                SAML2Utils.debug.error("IDPProxyUtil.sendProxyAuthnRequest: Single Sign-on service is not found for the proxying IDP.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotFoundIDPProxy"));
            }
            String binding = matchingSSOEndpoint.getBinding();
            String location = matchingSSOEndpoint.getLocation();
            SPSSODescriptorElement sPSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(str3, str2);
            SPSSOConfigElement sPSSOConfig = IDPSSOUtil.metaManager.getSPSSOConfig(str3, str2);
            AuthnRequest newAuthnRequest = getNewAuthnRequest(str2, location, str3, authnRequest);
            SAML2ServiceProviderAdapter sPAdapterClass = SAML2Utils.getSPAdapterClass(str2, str3);
            if (sPAdapterClass != null) {
                sPAdapterClass.preSingleSignOnRequest(str2, str, str3, httpServletRequest, httpServletResponse, newAuthnRequest);
            }
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("IDPProxyUtil.sendProxyAuthnRequest: New Authentication request:" + newAuthnRequest.toXMLString());
            }
            String id = newAuthnRequest.getID();
            IDPCache.authnRequestCache.put(id, newAuthnRequest);
            IDPCache.proxySPAuthnReqCache.put(id, authnRequest);
            boolean z = iDPSSODescriptor.isWantAuthnRequestsSigned() || sPSSODescriptor.isAuthnRequestsSigned();
            String str6 = null;
            if (str4 != null && str4.length() > 0) {
                str6 = SPSSOFederate.getRelayStateID(str4, authnRequest.getID());
            }
            if (binding.equals(SAML2Constants.HTTP_POST)) {
                if (z) {
                    SPSSOFederate.signAuthnRequest(SPSSOFederate.getParameter(SAML2MetaUtils.getAttributes(sPSSOConfig), "signingCertAlias"), newAuthnRequest);
                }
                SAML2Utils.postToTarget(httpServletRequest, httpServletResponse, "SAMLRequest", SAML2Utils.encodeForPOST(newAuthnRequest.toXMLString(true, true)), "RelayState", str6, location);
            } else {
                String xMLString = newAuthnRequest.toXMLString(true, true);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("IDPProxyUtil.sendProxyAuthnRequest:  AuthnRequest: " + xMLString);
                }
                StringBuffer append = new StringBuffer().append("SAMLRequest").append("=").append(SAML2Utils.encodeForRedirect(xMLString));
                if (str6 != null && str6.length() > 0) {
                    append.append("&").append("RelayState").append("=").append(URLEncDec.encode(str6));
                }
                StringBuffer append2 = new StringBuffer().append(location).append(location.contains("?") ? "&" : "?");
                if (z) {
                    append2.append(SPSSOFederate.signQueryString(append.toString(), SPSSOFederate.getParameter(SAML2MetaUtils.getAttributes(sPSSOConfig), "signingCertAlias")));
                } else {
                    append2.append(append);
                }
                httpServletResponse.sendRedirect(append2.toString());
            }
            LogUtil.access(Level.INFO, LogUtil.REDIRECT_TO_SP, new String[]{location}, null);
            AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(httpServletRequest, httpServletResponse, str3, str2, str, newAuthnRequest, str4, null);
            synchronized (SPCache.requestHash) {
                SPCache.requestHash.put(id, authnRequestInfo);
            }
            if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                try {
                    SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(id, new AuthnRequestInfoCopy(authnRequestInfo), (Time.currentTimeMillis() / 1000) + SPCache.interval);
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("IDPProxyUtil.sendProxyAuthnRequest:  SAVE AuthnRequestInfoCopy for requestID " + id);
                    }
                } catch (SAML2TokenRepositoryException e) {
                    SAML2Utils.debug.error("IDPProxyUtil.sendProxyAuthnRequest:  SAVE AuthnRequestInfoCopy for requestID " + id + ", failed!", e);
                }
            }
        } catch (SAML2MetaException e2) {
            SAML2Utils.debug.error("IDPProxyUtil.sendProxyAuthnRequest: ", (Throwable) e2);
            throw new SAML2Exception(e2.getMessage());
        }
    }

    private static SingleSignOnServiceElement getMatchingSSOEndpoint(List<SingleSignOnServiceElement> list, String str) {
        SingleSignOnServiceElement singleSignOnServiceElement = null;
        boolean z = true;
        Iterator<SingleSignOnServiceElement> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SingleSignOnServiceElement next = it.next();
            if (z) {
                singleSignOnServiceElement = next;
                z = false;
            }
            if (str.equals(next.getBinding())) {
                singleSignOnServiceElement = next;
                break;
            }
        }
        return singleSignOnServiceElement;
    }

    private static AuthnRequest getNewAuthnRequest(String str, String str2, String str3, AuthnRequest authnRequest) throws SAML2Exception {
        try {
            AuthnRequest createAuthnRequest = ProtocolFactory.getInstance().createAuthnRequest();
            String generateID = SAML2Utils.generateID();
            if (generateID == null || generateID.isEmpty()) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("cannotGenerateID"));
            }
            createAuthnRequest.setID(generateID);
            SPSSODescriptorElement sPSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(str3, str);
            createAuthnRequest.setDestination(XMLUtils.escapeSpecialCharacters(str2));
            createAuthnRequest.setConsent(authnRequest.getConsent());
            createAuthnRequest.setIsPassive(authnRequest.isPassive());
            createAuthnRequest.setForceAuthn(authnRequest.isForceAuthn());
            createAuthnRequest.setAttributeConsumingServiceIndex(authnRequest.getAttributeConsumingServiceIndex());
            createAuthnRequest.setAssertionConsumerServiceIndex(authnRequest.getAssertionConsumerServiceIndex());
            String protocolBinding = authnRequest.getProtocolBinding();
            createAuthnRequest.setProtocolBinding(protocolBinding);
            createAuthnRequest.setAssertionConsumerServiceURL((String) SPSSOFederate.getACSUrl(sPSSODescriptor, protocolBinding).get(0));
            Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
            createIssuer.setValue(str);
            createAuthnRequest.setIssuer(createIssuer);
            NameIDPolicy nameIDPolicy = authnRequest.getNameIDPolicy();
            if (nameIDPolicy != null) {
                NameIDPolicy createNameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
                createNameIDPolicy.setFormat(nameIDPolicy.getFormat());
                createNameIDPolicy.setSPNameQualifier(str);
                createNameIDPolicy.setAllowCreate(nameIDPolicy.isAllowCreate());
                createAuthnRequest.setNameIDPolicy(createNameIDPolicy);
            }
            createAuthnRequest.setRequestedAuthnContext(authnRequest.getRequestedAuthnContext());
            createAuthnRequest.setExtensions(authnRequest.getExtensions());
            createAuthnRequest.setIssueInstant(Time.newDate());
            createAuthnRequest.setVersion(SAML2Constants.VERSION_2_0);
            Scoping scoping = authnRequest.getScoping();
            if (scoping != null) {
                Scoping createScoping = ProtocolFactory.getInstance().createScoping();
                if (scoping.getProxyCount() != null) {
                    createScoping.setProxyCount(new Integer(scoping.getProxyCount().intValue() - 1));
                }
                createScoping.setIDPList(scoping.getIDPList());
                createScoping.setRequesterIDs(scoping.getRequesterIDs());
                addRequesterIDToScope(createScoping, authnRequest.getIssuer().getValue());
                createAuthnRequest.setScoping(createScoping);
            } else {
                Map<String, List<String>> attributes = SAML2MetaUtils.getAttributes(getSPSSOConfigByAuthnRequest(str3, authnRequest));
                Scoping createScoping2 = ProtocolFactory.getInstance().createScoping();
                String parameter = SPSSOFederate.getParameter(attributes, "idpProxyCount");
                if (parameter != null && !parameter.equals("")) {
                    int intValue = Integer.valueOf(parameter).intValue();
                    if (intValue <= 0) {
                        createScoping2.setProxyCount(0);
                    } else {
                        createScoping2.setProxyCount(Integer.valueOf(intValue - 1));
                    }
                }
                addRequesterIDToScope(createScoping2, authnRequest.getIssuer().getValue());
                List<String> list = attributes.get("idpProxyList");
                if (list != null && !list.isEmpty()) {
                    ArrayList arrayList = new ArrayList();
                    for (String str4 : list) {
                        IDPEntry createIDPEntry = ProtocolFactory.getInstance().createIDPEntry();
                        createIDPEntry.setProviderID(str4);
                        arrayList.add(createIDPEntry);
                    }
                    IDPList createIDPList = ProtocolFactory.getInstance().createIDPList();
                    createIDPList.setIDPEntries(arrayList);
                    createScoping2.setIDPList(createIDPList);
                    createAuthnRequest.setScoping(createScoping2);
                }
            }
            return createAuthnRequest;
        } catch (Exception e) {
            SAML2Utils.debug.error("IDPProxyUtil.getNewAuthnRequest: Error in creating new authn request.", e);
            throw new SAML2Exception(e);
        }
    }

    public static void addRequesterIDToScope(Scoping scoping, String str) throws SAML2Exception {
        ArrayList arrayList = new ArrayList();
        if (scoping.getRequesterIDs() != null) {
            arrayList.addAll(scoping.getRequesterIDs());
        }
        RequesterIDImpl requesterIDImpl = new RequesterIDImpl();
        requesterIDImpl.setValue(str);
        arrayList.add(requesterIDImpl);
        scoping.setRequesterIDs(arrayList);
    }

    public static boolean isIDPProxyEnabled(AuthnRequest authnRequest, String str) throws SAML2Exception {
        Map<String, List<String>> map = null;
        Scoping scoping = authnRequest.getScoping();
        if (scoping == null) {
            SPSSOConfigElement sPSSOConfigByAuthnRequest = getSPSSOConfigByAuthnRequest(str, authnRequest);
            if (sPSSOConfigByAuthnRequest == null) {
                return false;
            }
            Map<String, List<String>> attributes = SAML2MetaUtils.getAttributes(sPSSOConfigByAuthnRequest);
            Boolean attrValueFromMap = SPSSOFederate.getAttrValueFromMap(attributes, SAML2Constants.ALWAYS_IDP_PROXY);
            Boolean attrValueFromMap2 = SPSSOFederate.getAttrValueFromMap(attributes, "enableIDPProxy");
            return attrValueFromMap != null && attrValueFromMap.booleanValue() && attrValueFromMap2 != null && attrValueFromMap2.booleanValue();
        }
        Integer proxyCount = scoping.getProxyCount();
        if ((proxyCount == null ? 1 : proxyCount.intValue()) <= 0) {
            return false;
        }
        SPSSOConfigElement sPSSOConfig = IDPSSOUtil.metaManager.getSPSSOConfig(str, authnRequest.getIssuer().getValue());
        if (sPSSOConfig != null) {
            map = SAML2MetaUtils.getAttributes(sPSSOConfig);
        }
        Boolean attrValueFromMap3 = SPSSOFederate.getAttrValueFromMap(map, "enableIDPProxy");
        if (attrValueFromMap3 == null) {
            return false;
        }
        return attrValueFromMap3.booleanValue();
    }

    public static boolean isIDPProxyEnabled(String str) {
        return IDPCache.proxySPAuthnReqCache.containsKey(str);
    }

    private static void sendProxyResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, String str2, Object obj, String str3, SAML2EventLogger sAML2EventLogger) throws SAML2Exception {
        AuthnRequest authnRequest = (AuthnRequest) IDPCache.proxySPAuthnReqCache.get(str);
        if (SAML2Utils.debug.messageEnabled()) {
            try {
                SAML2Utils.debug.message("IDPProxyUtil.sendProxyResponse: " + authnRequest.toXMLString());
            } catch (Exception e) {
                SAML2Utils.debug.error("IDPProxyUtil.sendProxyResponse: toString(): Failed.", e);
            }
        }
        IDPCache.proxySPAuthnReqCache.remove(str);
        String value = authnRequest.getIssuer().getValue();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("IDPProxyUtil.sendProxyResponse: :Original requesting service provider id:" + value);
        }
        IDPCache.spSessionPartnerBySessionID.put(sessionProvider.getSessionID(obj), value);
        IDPSSOUtil.doSSOFederate(httpServletRequest, httpServletResponse, printWriter, authnRequest, authnRequest.getIssuer().getValue(), str2, str3, (String) IDPCache.relayStateCache.get(authnRequest.getID()), obj, sAML2EventLogger);
    }

    public static void sendResponseWithStatus(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, String str2, String str3, String str4, String str5, String str6) throws SAML2Exception {
        AuthnRequest authnRequest = (AuthnRequest) IDPCache.proxySPAuthnReqCache.remove(str);
        IDPSSOUtil.sendResponseWithStatus(httpServletRequest, httpServletResponse, printWriter, str2, str3, str4, authnRequest, (String) IDPCache.relayStateCache.remove(authnRequest.getID()), authnRequest.getIssuer().getValue(), str5, str6);
    }

    public static void generateProxyResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, ResponseInfo responseInfo, Object obj, SAML2EventLogger sAML2EventLogger) throws SAML2Exception {
        Response response = responseInfo.getResponse();
        String inResponseTo = response.getInResponseTo();
        String nameIDFormat = getNameIDFormat(response, str);
        if (nameIDFormat != null && SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("NAME ID Format= " + nameIDFormat);
        }
        httpServletRequest.setAttribute(SAML2Constants.SAML_PROXY_IDP_RESPONSE_KEY, response);
        sendProxyResponse(httpServletRequest, httpServletResponse, printWriter, inResponseTo, str, obj, nameIDFormat, sAML2EventLogger);
    }

    private static String getNameIDFormat(Response response, String str) {
        Assertion assertion;
        NameID nameID;
        if (response == null) {
            return null;
        }
        List assertion2 = response.getAssertion();
        if (CollectionUtils.isEmpty(assertion2)) {
            List encryptedAssertion = response.getEncryptedAssertion();
            if (CollectionUtils.isEmpty(encryptedAssertion)) {
                return null;
            }
            try {
                assertion = ((EncryptedAssertion) encryptedAssertion.get(0)).decrypt(KeyUtil.getDecryptionKeys((BaseConfigType) sm.getSPSSOConfig(SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(str)), sm.getEntityByMetaAlias(str))));
            } catch (SAML2Exception e) {
                SAML2Utils.debug.error("getNameIDFormat failed decrypting EncryptedAssertion", e);
                return null;
            }
        } else {
            assertion = (Assertion) assertion2.get(0);
        }
        Subject subject = assertion.getSubject();
        if (subject == null || (nameID = subject.getNameID()) == null) {
            return null;
        }
        return nameID.getFormat();
    }

    public static void initiateSPLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, String str2, String str3, LogoutRequest logoutRequest, SOAPMessage sOAPMessage, IDPSession iDPSession, String str4, String str5) {
        Object session = iDPSession.getSession();
        try {
            if (session == null) {
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "nullSSOToken", SAML2Utils.bundle.getString("nullSSOToken"));
                return;
            }
            String[] property = SessionManager.getProvider().getProperty(session, SAML2Constants.SP_METAALIAS);
            String str6 = null;
            if (property != null && property.length > 0) {
                str6 = property[0];
            }
            if (str6 == null) {
                str6 = str2;
            }
            HashMap hashMap = new HashMap();
            hashMap.put(SAML2Constants.SP_METAALIAS, str6);
            hashMap.put("idpEntityID", str);
            hashMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
            hashMap.put(SAML2Constants.BINDING, str4);
            String location = getLocation(str3, str, str4);
            if (location == null || location.equals("")) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
            }
            hashMap.put(SAML2Constants.DESTINATION, location);
            hashMap.put("Consent", httpServletRequest.getParameter("Consent"));
            hashMap.put("Extension", httpServletRequest.getParameter("Extension"));
            if (str5 != null) {
                hashMap.put("RelayState", str5);
            }
            iDPSession.removeSessionPartner(str);
            SPSingleLogout.initiateLogoutRequest(httpServletRequest, httpServletResponse, printWriter, str4, hashMap, logoutRequest, sOAPMessage, session, null);
        } catch (SAML2Exception e) {
            SAML2Utils.debug.error("Error sending Logout Request ", e);
            try {
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "LogoutRequestCreationError", SAML2Utils.bundle.getString("LogoutRequestCreationError"));
            } catch (Exception e2) {
                SAML2Utils.debug.error("IDPProxyUtil.initiateSPLogoutRequest: ", e2);
            }
        } catch (Exception e3) {
            SAML2Utils.debug.error("Error initializing Request ", e3);
            try {
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "LogoutRequestCreationError", SAML2Utils.bundle.getString("LogoutRequestCreationError"));
            } catch (Exception e4) {
                SAML2Utils.debug.error("IDPProxyUtil.initiateSPLogoutRequest: ", e4);
            }
        }
    }

    public static String getLocation(String str, String str2, String str3) {
        try {
            IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(str, str2);
            if (iDPSSODescriptor == null) {
                LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, new String[]{str2}, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
            List singleLogoutService = iDPSSODescriptor.getSingleLogoutService();
            if (singleLogoutService == null) {
                LogUtil.error(Level.INFO, LogUtil.SLO_NOT_FOUND, new String[]{str2}, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloServiceListNotfound"));
            }
            String sLOServiceLocation = LogoutUtil.getSLOServiceLocation(singleLogoutService, str3);
            if (SAML2Utils.debug.messageEnabled() && sLOServiceLocation != null && !sLOServiceLocation.equals("")) {
                SAML2Utils.debug.message("Location URL: " + sLOServiceLocation);
            }
            return sLOServiceLocation;
        } catch (SAML2Exception e) {
            return null;
        }
    }

    public static List getSessionPartners(HttpServletRequest httpServletRequest) {
        try {
            String sessionID = sessionProvider.getSessionID(sessionProvider.getSession(httpServletRequest));
            IDPSession iDPSession = null;
            if (sessionID != null && !sessionID.equals("")) {
                iDPSession = IDPCache.idpSessionsBySessionID.get(sessionID);
            }
            List<SAML2SessionPartner> sessionPartners = iDPSession != null ? iDPSession.getSessionPartners() : null;
            if (SAML2Utils.debug.messageEnabled() && sessionPartners != null && !sessionPartners.isEmpty()) {
                for (SAML2SessionPartner sAML2SessionPartner : sessionPartners) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SESSION PARTNER's Provider ID:  " + sAML2SessionPartner.getPartner());
                    }
                }
            }
            return sessionPartners;
        } catch (SessionException e) {
            return null;
        }
    }

    public static void sendProxyLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, LogoutRequest logoutRequest, List list, String str, String str2) {
        try {
            String sessionID = sessionProvider.getSessionID(sessionProvider.getSession(httpServletRequest));
            IDPSession iDPSession = null;
            if (sessionID != null && !sessionID.equals("")) {
                iDPSession = IDPCache.idpSessionsBySessionID.get(sessionID);
            }
            SAML2SessionPartner sAML2SessionPartner = (SAML2SessionPartner) list.iterator().next();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("CURRENT PARTNER's provider ID: " + sAML2SessionPartner.getPartner());
                SAML2Utils.debug.message("Starting IDP proxy logout.");
            }
            String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
            String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
            String partner = sAML2SessionPartner.getPartner();
            if (iDPSession != null) {
                iDPSession.removeSessionPartner(partner);
                IDPCache.idpSessionsBySessionID.remove(sessionID);
                initiateSPLogoutRequest(httpServletRequest, httpServletResponse, printWriter, partner, metaAliasByUri, realm, logoutRequest, null, iDPSession, str, str2);
            }
        } catch (SessionException e) {
            SAML2Utils.debug.error("sendProxyLogoutRequest: ", e);
        }
    }

    public static void sendProxyLogoutResponse(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, String str, Map<String, String> map, String str2, String str3) throws SAML2Exception {
        String str4 = map.get("entityid");
        if (StringUtils.isEmpty(str4)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("Proxy IDP EntityID=" + str4);
        }
        String str5 = map.get("realm");
        if (StringUtils.isEmpty(str5)) {
            str5 = "/";
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("Proxy IDP Realm=" + str5);
        }
        LogoutResponse generateResponse = LogoutUtil.generateResponse(null, str, SAML2Utils.createIssuer(str4), str5, SAML2Constants.IDP_ROLE, str2);
        String singleLogoutLocation = IDPSingleLogout.getSingleLogoutLocation(str2, str5, SAML2Constants.HTTP_REDIRECT);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("Proxy to: " + singleLogoutLocation);
        }
        generateResponse.setDestination(XMLUtils.escapeSpecialCharacters(singleLogoutLocation));
        LogoutUtil.sendSLOResponse(httpServletResponse, httpServletRequest, generateResponse, singleLogoutLocation, map.get("RelayState"), str5, str4, SAML2Constants.IDP_ROLE, str2, str3);
    }

    public static void sendProxyLogoutRequestSOAP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, SOAPMessage sOAPMessage, List list, IDPSession iDPSession) {
        SAML2SessionPartner sAML2SessionPartner = (SAML2SessionPartner) list.iterator().next();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("CURRENT PARTNER's provider ID: " + sAML2SessionPartner.getPartner());
            SAML2Utils.debug.message("Starting IDP proxy logout.");
        }
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String partner = sAML2SessionPartner.getPartner();
        iDPSession.removeSessionPartner(partner);
        initiateSPLogoutRequest(httpServletRequest, httpServletResponse, printWriter, partner, metaAliasByUri, realm, null, sOAPMessage, iDPSession, SAML2Constants.SOAP, null);
    }

    public static Map getSessionPartners(SOAPMessage sOAPMessage) {
        try {
            HashMap hashMap = new HashMap();
            List sessionIndex = ProtocolFactory.getInstance().createLogoutRequest(SOAPCommunicator.getInstance().getSamlpElement(sOAPMessage, "LogoutRequest")).getSessionIndex();
            if (sessionIndex == null) {
                if (!SAML2Utils.debug.messageEnabled()) {
                    return null;
                }
                SAML2Utils.debug.message("getSessionPartners: Number of session indices in the logout request is null");
                return null;
            }
            int size = sessionIndex.size();
            if (debug.messageEnabled()) {
                debug.message("Number of session indices in the logout request is " + size);
            }
            String str = (String) sessionIndex.get(0);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("getSessionPartners: SessionIndex= " + str);
            }
            IDPSession iDPSession = IDPCache.idpSessionsByIndices.get(str);
            if (iDPSession == null) {
                return hashMap;
            }
            hashMap.put("SessionIndex", str);
            hashMap.put(SAML2Constants.IDP_SESSION, iDPSession);
            IDPSession iDPSession2 = IDPCache.idpSessionsBySessionID.get(sessionProvider.getSessionID(iDPSession.getSession()));
            List<SAML2SessionPartner> sessionPartners = iDPSession2 != null ? iDPSession2.getSessionPartners() : null;
            if (SAML2Utils.debug.messageEnabled() && sessionPartners != null && !sessionPartners.isEmpty()) {
                for (SAML2SessionPartner sAML2SessionPartner : sessionPartners) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SESSION PARTNER's Provider ID:  " + sAML2SessionPartner.getPartner());
                    }
                }
            }
            hashMap.put(SAML2Constants.PARTNERS, sessionPartners);
            return hashMap;
        } catch (SAML2Exception e) {
            SAML2Utils.debug.error("getSessionPartners: ", e);
            return null;
        }
    }

    public static void sendProxyLogoutResponseBySOAP(SOAPMessage sOAPMessage, HttpServletResponse httpServletResponse, PrintWriter printWriter) {
        try {
            if (sOAPMessage.saveRequired()) {
                sOAPMessage.saveChanges();
            }
            httpServletResponse.setStatus(200);
            SAML2Utils.putHeaders(sOAPMessage.getMimeHeaders(), httpServletResponse);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            sOAPMessage.writeTo(byteArrayOutputStream);
            printWriter.println(byteArrayOutputStream.toString());
            printWriter.flush();
        } catch (IOException e) {
            SAML2Utils.debug.error("sendProxyLogoutResponseBySOAP: ", e);
        } catch (SOAPException e2) {
            SAML2Utils.debug.error("sendProxyLogoutResponseBySOAP: ", e2);
        }
    }

    public static void sendIDPInitProxyLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, LogoutResponse logoutResponse, String str, String str2, String str3, String str4, String str5) throws SAML2Exception {
        String parameter = httpServletRequest.getParameter(SAML2Constants.LOGOUT_ALL);
        HashMap hashMap = new HashMap();
        hashMap.put("metaAlias", sm.getIDPSSOConfig(str5, str2).getMetaAlias());
        hashMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
        hashMap.put(SAML2Constants.BINDING, SAML2Constants.HTTP_REDIRECT);
        hashMap.put(SAML2Constants.DESTINATION, httpServletRequest.getParameter(SAML2Constants.DESTINATION));
        hashMap.put("Consent", httpServletRequest.getParameter("Consent"));
        hashMap.put("Extension", httpServletRequest.getParameter("Extension"));
        HashMap hashMap2 = new HashMap();
        if (logoutResponse != null) {
            hashMap2.put("LogoutResponse", logoutResponse);
        }
        if (str != null && !str.equals("")) {
            hashMap2.put("Location", str);
        }
        if (str2 != null && !str2.equals("")) {
            hashMap2.put(SAML2Constants.SPENTITYID, str2);
        }
        if (str3 != null && !str3.equals("")) {
            hashMap2.put("idpEntityID", str3);
        }
        hashMap.put("LogoutMap", hashMap2);
        if (parameter != null) {
            hashMap.put(SAML2Constants.LOGOUT_ALL, parameter);
        }
        IDPSingleLogout.initiateLogoutRequest(httpServletRequest, httpServletResponse, printWriter, str4, hashMap);
    }

    public static List getSPSessionPartners(HttpServletRequest httpServletRequest) {
        try {
            String sessionID = sessionProvider.getSessionID(sessionProvider.getSession(httpServletRequest));
            String str = null;
            if (sessionID != null && !sessionID.equals("")) {
                str = IDPCache.spSessionPartnerBySessionID.get(sessionID);
                IDPCache.spSessionPartnerBySessionID.remove(sessionID);
            }
            ArrayList arrayList = null;
            if (str != null && !str.equals("")) {
                arrayList = new ArrayList();
                SAML2Utils.debug.message("SP SESSION PARTNER's Provider ID:  " + str);
                arrayList.add(str);
            }
            return arrayList;
        } catch (SessionException e) {
            return null;
        }
    }

    static SAML2IDPFinder getIDPProxyFinder(String str, String str2) throws SAML2Exception {
        try {
            String attributeValueFromIDPSSOConfig = IDPSSOUtil.getAttributeValueFromIDPSSOConfig(str, str2, SAML2Constants.PROXY_IDP_FINDER_CLASS);
            if (attributeValueFromIDPSSOConfig == null || attributeValueFromIDPSSOConfig.isEmpty()) {
                attributeValueFromIDPSSOConfig = SAML2Constants.DEFAULT_IDP_PROXY_FINDER;
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("IDPProxyUtil.getIDPProxyFinder: use " + SAML2Constants.DEFAULT_IDP_PROXY_FINDER);
                }
            }
            SAML2IDPFinder sAML2IDPFinder = (SAML2IDPFinder) IDPCache.idpProxyFinderCache.get(attributeValueFromIDPSSOConfig);
            if (sAML2IDPFinder == null) {
                sAML2IDPFinder = (SAML2IDPFinder) Class.forName(attributeValueFromIDPSSOConfig).newInstance();
                IDPCache.idpProxyFinderCache.put(attributeValueFromIDPSSOConfig, sAML2IDPFinder);
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("IDPProxyUtil.getIDPProxyFinder: got the IDPProxyFinder from cache");
            }
            return sAML2IDPFinder;
        } catch (Exception e) {
            SAML2Utils.debug.error("IDPProxyUtil.getIDPProxyFinder: Unable to get IDP Proxy Finder.", e);
            throw new SAML2Exception(e);
        }
    }

    private static SPSSOConfigElement getSPSSOConfigByAuthnRequest(String str, AuthnRequest authnRequest) throws SAML2MetaException {
        return IDPSSOUtil.metaManager.getSPSSOConfig(str, authnRequest.getIssuer().getValue());
    }

    static {
        sm = null;
        sessionProvider = null;
        try {
            sm = new SAML2MetaManager();
            sessionProvider = SessionManager.getProvider();
        } catch (Exception e) {
            SAML2Utils.debug.error("IDPSSOFederate:Static Init Failed", e);
        }
    }
}
