package com.sun.identity.saml2.profile;

import com.sun.identity.multiprotocol.MultiProtocolUtils;
import com.sun.identity.multiprotocol.SingleLogoutManager;
import com.sun.identity.plugin.monitoring.FedMonAgent;
import com.sun.identity.plugin.monitoring.FedMonSAML2Svc;
import com.sun.identity.plugin.monitoring.MonitorManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.sae.api.Utils;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2FailoverUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.protocol.LogoutRequest;
import com.sun.identity.saml2.protocol.LogoutResponse;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.saml2.protocol.StatusCode;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:com/sun/identity/saml2/profile/IDPSingleLogout.class */
public class IDPSingleLogout {
    static SAML2MetaManager sm;
    static SessionProvider sessionProvider;
    private static final String QUESTION_MARK = "?";
    private static FedMonAgent agent;
    private static FedMonSAML2Svc saml2Svc;
    static Debug debug = SAML2Utils.debug;
    static final Status SUCCESS_STATUS = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
    static final Status PARTIAL_LOGOUT_STATUS = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("partialLogout"));
    static final Status ALREADY_LOGGEDOUT = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("sloAlreadyLoggedout"));

    private IDPSingleLogout() {
    }

    public static void initiateLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, Map map) throws SAML2Exception {
        String[] property;
        if (debug.messageEnabled()) {
            debug.message("in initiateLogoutRequest");
            debug.message("binding : " + str);
            debug.message("logoutAll : " + ((String) map.get(SAML2Constants.LOGOUT_ALL)));
            debug.message("paramsMap : " + map);
        }
        boolean z = false;
        String str2 = (String) map.get(SAML2Constants.LOGOUT_ALL);
        if (str2 != null && str2.equalsIgnoreCase("true")) {
            z = true;
        }
        String str3 = (String) map.get(SAML2Constants.IDP_META_ALIAS);
        try {
            Object session = sessionProvider.getSession(httpServletRequest);
            String principalName = sessionProvider.getPrincipalName(session);
            if (session == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
            }
            if (str3 == null && (property = sessionProvider.getProperty(session, SAML2Constants.IDP_META_ALIAS)) != null && property.length != 0) {
                str3 = property[0];
            }
            if (str3 == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPMetaAlias"));
            }
            map.put("metaAlias", str3);
            String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(str3));
            String entityByMetaAlias = sm.getEntityByMetaAlias(str3);
            if (entityByMetaAlias == null) {
                debug.error("Identity Provider ID is missing");
                LogUtil.error(Level.INFO, LogUtil.INVALID_IDP, new String[]{entityByMetaAlias}, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
            }
            String sessionIndex = IDPSSOUtil.getSessionIndex(session);
            if (sessionIndex == null) {
                if (debug.messageEnabled()) {
                    debug.message("No SP session participant(s)");
                }
                MultiProtocolUtils.invalidateSession(session, httpServletRequest, httpServletResponse, "saml2");
                return;
            }
            if (SAML2FailoverUtils.isSAML2FailoverEnabled() || !isMisroutedRequest(httpServletRequest, httpServletResponse, printWriter, session)) {
                if (debug.messageEnabled()) {
                    debug.message("IDPSingleLogout.initiateLogoutRequest: SAML2 Failover will be attempted. Be sure SFO is properly configured or the attempt will fail");
                }
                IDPSession iDPSession = IDPCache.idpSessionsByIndices.get(sessionIndex);
                if (iDPSession == null) {
                    if (debug.messageEnabled()) {
                        debug.message("IDPSLO.initiateLogoutRequest: IDP Session with session index " + sessionIndex + " already removed.");
                    }
                    try {
                        if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                            SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
                        }
                    } catch (SAML2TokenRepositoryException e) {
                        debug.error("IDPSingleLogout.initiateLogoutReq: Error while deleting token from SAML2 Token Repository for idpSessionIndex:" + sessionIndex, e);
                    }
                    IDPCache.authnContextCache.remove(sessionIndex);
                    MultiProtocolUtils.invalidateSession(session, httpServletRequest, httpServletResponse, "saml2");
                    return;
                }
                if (debug.messageEnabled()) {
                    debug.message("idpSessionIndex=" + sessionIndex);
                }
                List<NameIDandSPpair> nameIDandSPpairs = iDPSession.getNameIDandSPpairs();
                int size = nameIDandSPpairs.size();
                if (debug.messageEnabled()) {
                    debug.message("IDPSingleLogout.initiateLogoutReq: NameIDandSPpairs=" + nameIDandSPpairs + ", size=" + size);
                }
                if (size == 0) {
                    if (debug.messageEnabled()) {
                        debug.message("No SP session participant(s)");
                    }
                    IDPCache.idpSessionsByIndices.remove(sessionIndex);
                    if (agent != null && agent.isRunning() && saml2Svc != null) {
                        saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                    }
                    try {
                        if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                            SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
                        }
                    } catch (SAML2TokenRepositoryException e2) {
                        debug.error("IDPSingleLogout.initiateLogoutReq: Error while deleting token from SAML2 Token Repository for idpSessionIndex:" + sessionIndex, e2);
                    }
                    IDPCache.authnContextCache.remove(sessionIndex);
                    MultiProtocolUtils.invalidateSession(session, httpServletRequest, httpServletResponse, "saml2");
                    return;
                }
                String str4 = (String) map.get("RelayState");
                SAML2Utils.validateRelayStateURL(realm, entityByMetaAlias, str4, SAML2Constants.IDP_ROLE);
                int i = 0;
                iDPSession.setOriginatingLogoutRequestBinding(str);
                for (int i2 = 0; i2 < size; i2++) {
                    NameIDandSPpair remove = nameIDandSPpairs.remove(0);
                    removeTransientNameIDFromCache(remove.getNameID());
                    String sPEntityID = remove.getSPEntityID();
                    if (debug.messageEnabled()) {
                        debug.message("IDPSingleLogout.initLogoutReq: processing spEntityID " + sPEntityID);
                    }
                    List extensionsList = LogoutUtil.getExtensionsList(map);
                    List<SingleLogoutServiceElement> sPSLOServiceEndpoints = getSPSLOServiceEndpoints(realm, sPEntityID);
                    SPSSOConfigElement sPSSOConfig = sm.getSPSSOConfig(realm, sPEntityID);
                    if (z) {
                        sessionIndex = null;
                    }
                    SingleLogoutServiceElement mostAppropriateSLOServiceLocation = LogoutUtil.getMostAppropriateSLOServiceLocation(sPSLOServiceEndpoints, iDPSession.getOriginatingLogoutRequestBinding());
                    if (mostAppropriateSLOServiceLocation != null) {
                        try {
                            String stringBuffer = LogoutUtil.doLogout(str3, sPEntityID, extensionsList, mostAppropriateSLOServiceLocation, str4, sessionIndex, remove.getNameID(), httpServletRequest, httpServletResponse, map, sPSSOConfig).toString();
                            String binding = mostAppropriateSLOServiceLocation.getBinding();
                            if (debug.messageEnabled()) {
                                debug.message("\nIDPSLO.requestIDStr = " + stringBuffer + "\nbinding = " + binding);
                            }
                            if (!stringBuffer.isEmpty() && (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST))) {
                                iDPSession.setPendingLogoutRequestID(stringBuffer);
                                iDPSession.setLogoutAll(z);
                                Map map2 = (Map) map.get("LogoutMap");
                                if (map2 == null || map2.isEmpty()) {
                                    return;
                                }
                                IDPCache.logoutResponseCache.put(stringBuffer, (Map) map.get("LogoutMap"));
                                return;
                            }
                        } catch (SAML2Exception e3) {
                            if (!mostAppropriateSLOServiceLocation.getBinding().equals(SAML2Constants.SOAP)) {
                                throw e3;
                            }
                            debug.error("IDPSingleLogout.initiateLogoutRequest:", e3);
                            i++;
                        }
                    }
                }
                if (z) {
                    destroyAllTokenForUser(sessionProvider.getPrincipalName(iDPSession.getSession()), httpServletRequest, httpServletResponse);
                } else {
                    MultiProtocolUtils.invalidateSession(iDPSession.getSession(), httpServletRequest, httpServletResponse, "saml2");
                    IDPCache.idpSessionsByIndices.remove(sessionIndex);
                    if (agent != null && agent.isRunning() && saml2Svc != null) {
                        saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                    }
                    IDPCache.authnContextCache.remove(sessionIndex);
                }
                int i3 = 0;
                boolean isMultipleProtocolSession = MultiProtocolUtils.isMultipleProtocolSession(httpServletRequest, "saml2");
                if (i == size) {
                    if (isMultipleProtocolSession) {
                        i3 = 2;
                    }
                } else if (i > 0 && isMultipleProtocolSession) {
                    i3 = 1;
                }
                if (isMultipleProtocolSession) {
                    HashSet hashSet = new HashSet();
                    hashSet.add(session);
                    boolean z2 = str.equals(SAML2Constants.SOAP);
                    try {
                        debug.message("IDPSingleLogout.initLogReq: MP");
                        int doIDPSingleLogout = SingleLogoutManager.getInstance().doIDPSingleLogout(hashSet, principalName, httpServletRequest, httpServletResponse, z2, true, "saml2", realm, entityByMetaAlias, null, str4, null, null, i3);
                        if (debug.messageEnabled()) {
                            debug.message("IDPSingleLogout.initLogoutRequest: SLOManager return status = " + doIDPSingleLogout);
                        }
                        switch (doIDPSingleLogout) {
                            case 1:
                                throw new SAML2Exception(SAML2Utils.bundle.getString("partialLogout"));
                            case 2:
                                throw new SAML2Exception(SAML2Utils.bundle.getString("sloFailed"));
                        }
                    } catch (Exception e4) {
                        debug.warning("IDPSingleLogout.initiateLoogutReq: MP", e4);
                        throw new SAML2Exception(e4.getMessage());
                    }
                }
            }
        } catch (SessionException e5) {
            debug.error("SessionException: ", e5);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        } catch (SAML2MetaException e6) {
            debug.error("Error retreiving metadata", e6);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static void processLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, String str2) throws SAML2Exception, SessionException {
        List singleLogoutService;
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.processLogoutRequest : IDPSingleLogout:processLogoutRequest");
            debug.message("IDPSingleLogout.processLogoutRequest : samlRequest : " + str);
            debug.message("IDPSingleLogout.processLogoutRequest : relayState : " + str2);
        }
        String method = httpServletRequest.getMethod();
        String str3 = SAML2Constants.HTTP_REDIRECT;
        if (method.equals(Utils.POST)) {
            str3 = SAML2Constants.HTTP_POST;
        }
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        if (!SAML2Utils.isIDPProfileBindingSupported(realm, entityByMetaAlias, SAML2Constants.SLO_SERVICE, str3)) {
            debug.error("IDPSingleLogout.processLogoutRequest : SLO service binding " + str3 + " is not supported for " + entityByMetaAlias);
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
        }
        LogoutRequest logoutRequest = null;
        if (method.equals(Utils.POST)) {
            logoutRequest = LogoutUtil.getLogoutRequestFromPost(str, httpServletResponse);
        } else if (method.equals(Utils.GET)) {
            String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
            if (decodeFromRedirect == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlRequest"));
            }
            logoutRequest = ProtocolFactory.getInstance().createLogoutRequest(decodeFromRedirect);
        }
        if (logoutRequest == null) {
            if (debug.messageEnabled()) {
                debug.message("IDPSingleLogout:processLogoutRequest: logoutReq is null");
                return;
            }
            return;
        }
        String value = logoutRequest.getIssuer().getValue();
        boolean wantLogoutRequestSigned = SAML2Utils.getWantLogoutRequestSigned(realm, entityByMetaAlias, SAML2Constants.IDP_ROLE);
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.processLogoutRequest : metaAlias : " + metaAliasByUri);
            debug.message("IDPSingleLogout.processLogoutRequest : realm : " + realm);
            debug.message("IDPSingleLogout.processLogoutRequest : idpEntityID : " + entityByMetaAlias);
            debug.message("IDPSingleLogout.processLogoutRequest : spEntityID : " + value);
        }
        if (wantLogoutRequestSigned) {
            if (!(str3.equals(SAML2Constants.HTTP_REDIRECT) ? SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.IDP_ROLE, value) : LogoutUtil.verifySLORequest(logoutRequest, realm, value, entityByMetaAlias, SAML2Constants.IDP_ROLE))) {
                debug.error("Invalid signature in SLO Request.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
            }
            IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(realm, entityByMetaAlias);
            String str4 = null;
            if (iDPSSODescriptor != null && (singleLogoutService = iDPSSODescriptor.getSingleLogoutService()) != null && !singleLogoutService.isEmpty()) {
                str4 = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, str3);
                if (str4 == null || str4.length() == 0) {
                    str4 = LogoutUtil.getSLOServiceLocation(singleLogoutService, str3);
                }
            }
            if (!SAML2Utils.verifyDestination(logoutRequest.getDestination(), str4)) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        try {
            Object session = sessionProvider.getSession(httpServletRequest);
            if (session == null || SAML2FailoverUtils.isSAML2FailoverEnabled() || !isMisroutedRequest(httpServletRequest, httpServletResponse, printWriter, session)) {
                if (debug.messageEnabled()) {
                    debug.message("IDPSingleLogout.processLogoutRequest : SAML2 Failover will be attempted. Be sure SFO is properly configured or the attempt will fail");
                }
                LogoutResponse processLogoutRequest = processLogoutRequest(logoutRequest, httpServletRequest, httpServletResponse, printWriter, str3, str2, entityByMetaAlias, realm, true);
                if (processLogoutRequest == null) {
                    return;
                }
                SingleLogoutServiceElement logoutResponseEndpoint = getLogoutResponseEndpoint(realm, value, str3);
                String binding = logoutResponseEndpoint.getBinding();
                String responseLocation = getResponseLocation(logoutResponseEndpoint);
                processLogoutRequest.setDestination(XMLUtils.escapeSpecialCharacters(responseLocation));
                boolean z = false;
                int i = 0;
                if (session != null) {
                    try {
                        if (sessionProvider.isValid(session) && MultiProtocolUtils.isMultipleProtocolSession(session, "saml2")) {
                            z = true;
                            SingleLogoutManager singleLogoutManager = SingleLogoutManager.getInstance();
                            HashSet hashSet = new HashSet();
                            hashSet.add(session);
                            String principalName = sessionProvider.getPrincipalName(session);
                            debug.message("IDPSingleLogout.processLogReq: MP/SPinit/Http");
                            i = singleLogoutManager.doIDPSingleLogout(hashSet, principalName, httpServletRequest, httpServletResponse, false, false, "saml2", realm, entityByMetaAlias, value, str2, logoutRequest.toString(), processLogoutRequest.toXMLString(), getLogoutStatus(processLogoutRequest));
                        }
                    } catch (SessionException e) {
                        debug.message("IDPSingleLogout.processLogoutRequest: session", e);
                    } catch (Exception e2) {
                        debug.message("IDPSingleLogout.processLogoutRequest: MP2", e2);
                        i = 2;
                    }
                }
                if (z && i == 3) {
                    return;
                }
                LogoutResponse updateLogoutResponse = updateLogoutResponse(processLogoutRequest, i);
                List sessionPartners = IDPProxyUtil.getSessionPartners(httpServletRequest);
                if (sessionPartners == null || sessionPartners.isEmpty()) {
                    LogoutUtil.sendSLOResponse(httpServletResponse, httpServletRequest, updateLogoutResponse, responseLocation, str2, realm, entityByMetaAlias, SAML2Constants.IDP_ROLE, value, binding);
                } else {
                    IDPProxyUtil.sendProxyLogoutRequest(httpServletRequest, httpServletResponse, printWriter, logoutRequest, sessionPartners, binding, str2);
                }
            }
        } catch (SessionException e3) {
            sendAlreadyLogedOutResp(httpServletResponse, httpServletRequest, logoutRequest, str2, realm, entityByMetaAlias, value, str3);
        }
    }

    private static SingleLogoutServiceElement getLogoutResponseEndpoint(String str, String str2, String str3) throws SAML2Exception {
        SingleLogoutServiceElement mostAppropriateSLOServiceLocation = LogoutUtil.getMostAppropriateSLOServiceLocation(getSPSLOServiceEndpoints(str, str2), str3);
        if (mostAppropriateSLOServiceLocation == null) {
            debug.error("Unable to find the SP's single logout response service with " + str3 + " binding");
            throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
        }
        if (!SAML2Constants.SOAP.equals(mostAppropriateSLOServiceLocation.getBinding())) {
            return mostAppropriateSLOServiceLocation;
        }
        debug.error("Unable to send logout response with SOAP binding");
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }

    private static String getResponseLocation(SingleLogoutServiceElement singleLogoutServiceElement) {
        String responseLocation = singleLogoutServiceElement.getResponseLocation();
        if (StringUtils.isBlank(responseLocation)) {
            responseLocation = singleLogoutServiceElement.getLocation();
        }
        return responseLocation;
    }

    public static String getSingleLogoutLocation(String str, String str2, String str3) throws SAML2Exception {
        List<SingleLogoutServiceElement> sPSLOServiceEndpoints = getSPSLOServiceEndpoints(str2, str);
        String sLOResponseServiceLocation = LogoutUtil.getSLOResponseServiceLocation(sPSLOServiceEndpoints, str3);
        if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
            sLOResponseServiceLocation = LogoutUtil.getSLOServiceLocation(sPSLOServiceEndpoints, str3);
            if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                debug.error("Unable to find the IDP's single logout response service with the HTTP-Redirect binding");
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
            }
            if (debug.messageEnabled()) {
                debug.message("SP's single logout response service location = " + sLOResponseServiceLocation);
            }
        } else if (debug.messageEnabled()) {
            debug.message("IDP's single logout response service location = " + sLOResponseServiceLocation);
        }
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.getSLOLocation: loc=" + sLOResponseServiceLocation);
        }
        return sLOResponseServiceLocation;
    }

    private static int getLogoutStatus(LogoutResponse logoutResponse) {
        return logoutResponse.getStatus().getStatusCode().getValue().equals(SAML2Constants.SUCCESS) ? 0 : 2;
    }

    public static boolean processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, String str2) throws SAML2Exception, SessionException {
        List singleLogoutService;
        if (debug.messageEnabled()) {
            debug.message("processLogoutResponse : samlResponse : " + str);
            debug.message("processLogoutResponse : relayState : " + str2);
        }
        String method = httpServletRequest.getMethod();
        String str3 = SAML2Constants.HTTP_REDIRECT;
        if (method.equals(Utils.POST)) {
            str3 = SAML2Constants.HTTP_POST;
        }
        String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAliasByUri));
        String entityByMetaAlias = sm.getEntityByMetaAlias(metaAliasByUri);
        if (!SAML2Utils.isIDPProfileBindingSupported(realm, entityByMetaAlias, SAML2Constants.SLO_SERVICE, str3)) {
            debug.error("SLO service binding " + str3 + " is not supported:" + entityByMetaAlias);
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
        }
        LogoutResponse logoutResponse = null;
        if (method.equals(Utils.POST)) {
            logoutResponse = LogoutUtil.getLogoutResponseFromPost(str, httpServletResponse);
        } else if (method.equals(Utils.GET)) {
            String decodeFromRedirect = SAML2Utils.decodeFromRedirect(str);
            if (decodeFromRedirect == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
            }
            logoutResponse = ProtocolFactory.getInstance().createLogoutResponse(decodeFromRedirect);
        }
        if (logoutResponse == null) {
            if (!debug.messageEnabled()) {
                return false;
            }
            debug.message("IDPSingleLogout:processLogoutResponse: logoutRes is null");
            return false;
        }
        String value = logoutResponse.getIssuer().getValue();
        Issuer issuer = logoutResponse.getIssuer();
        String inResponseTo = logoutResponse.getInResponseTo();
        SAML2Utils.verifyResponseIssuer(realm, entityByMetaAlias, issuer, inResponseTo);
        boolean wantLogoutResponseSigned = SAML2Utils.getWantLogoutResponseSigned(realm, entityByMetaAlias, SAML2Constants.IDP_ROLE);
        if (debug.messageEnabled()) {
            debug.message("processLogoutResponse : metaAlias : " + metaAliasByUri);
            debug.message("processLogoutResponse : realm : " + realm);
            debug.message("processLogoutResponse : idpEntityID : " + entityByMetaAlias);
            debug.message("processLogoutResponse : spEntityID : " + value);
        }
        if (wantLogoutResponseSigned) {
            if (!(method.equals(Utils.POST) ? LogoutUtil.verifySLOResponse(logoutResponse, realm, value, entityByMetaAlias, SAML2Constants.IDP_ROLE) : SAML2Utils.verifyQueryString(httpServletRequest.getQueryString(), realm, SAML2Constants.IDP_ROLE, value))) {
                debug.error("Invalid signature in SLO Response.");
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
            }
            IDPSSODescriptorElement iDPSSODescriptor = sm.getIDPSSODescriptor(realm, entityByMetaAlias);
            String str4 = null;
            if (iDPSSODescriptor != null && (singleLogoutService = iDPSSODescriptor.getSingleLogoutService()) != null && !singleLogoutService.isEmpty()) {
                str4 = LogoutUtil.getSLOResponseServiceLocation(singleLogoutService, str3);
                if (str4 == null || str4.length() == 0) {
                    str4 = LogoutUtil.getSLOServiceLocation(singleLogoutService, str3);
                }
            }
            if (!SAML2Utils.verifyDestination(logoutResponse.getDestination(), str4)) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidDestination"));
            }
        }
        boolean processLogoutResponse = processLogoutResponse(httpServletRequest, httpServletResponse, printWriter, logoutResponse, str2, metaAliasByUri, entityByMetaAlias, value, realm, str3);
        Map map = (Map) IDPCache.logoutResponseCache.get(inResponseTo);
        if (map != null && !map.isEmpty()) {
            LogoutResponse logoutResponse2 = (LogoutResponse) map.get("LogoutResponse");
            String str5 = (String) map.get("Location");
            String str6 = (String) map.get(SAML2Constants.SPENTITYID);
            String str7 = (String) map.get("idpEntityID");
            if (logoutResponse2 != null && str5 != null && str6 != null && str7 != null) {
                LogoutUtil.sendSLOResponse(httpServletResponse, httpServletRequest, logoutResponse2, str5, str2, "/", str6, SAML2Constants.SP_ROLE, str7, str3);
                return true;
            }
        }
        return processLogoutResponse;
    }

    static boolean processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, LogoutResponse logoutResponse, String str, String str2, String str3, String str4, String str5, String str6) throws SAML2Exception, SessionException {
        Object session = sessionProvider.getSession(httpServletRequest);
        sessionProvider.getSessionID(session);
        String sessionIndex = IDPSSOUtil.getSessionIndex(session);
        if (sessionIndex == null) {
            if (debug.messageEnabled()) {
                debug.message("No SP session participant(s)");
            }
            MultiProtocolUtils.invalidateSession(session, httpServletRequest, httpServletResponse, "saml2");
            return false;
        }
        IDPSession iDPSession = IDPCache.idpSessionsByIndices.get(sessionIndex);
        if (iDPSession == null) {
            if (debug.messageEnabled()) {
                debug.message("IDPSLO.processLogoutResponse : IDP Session with session index " + sessionIndex + " already removed.");
            }
            try {
                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                    SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
                }
            } catch (SAML2TokenRepositoryException e) {
                debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from SAML2 Token Repository for idpSessionIndex:" + sessionIndex, e);
            }
            IDPCache.authnContextCache.remove(sessionIndex);
            MultiProtocolUtils.invalidateSession(session, httpServletRequest, httpServletResponse, "saml2");
            return false;
        }
        if (debug.messageEnabled()) {
            debug.message("idpSessionIndex=" + sessionIndex);
        }
        List<NameIDandSPpair> nameIDandSPpairs = iDPSession.getNameIDandSPpairs();
        debug.message("idpSession.getNameIDandSPpairs()=" + nameIDandSPpairs);
        if (nameIDandSPpairs.isEmpty()) {
            return sendLastResponse(iDPSession, logoutResponse, httpServletRequest, httpServletResponse, printWriter, sessionIndex, session, str5, str3, str);
        }
        Iterator<NameIDandSPpair> it = nameIDandSPpairs.iterator();
        while (it.hasNext()) {
            NameIDandSPpair next = it.next();
            it.remove();
            String sPEntityID = next.getSPEntityID();
            removeTransientNameIDFromCache(next.getNameID());
            HashMap hashMap = new HashMap(httpServletRequest.getParameterMap());
            hashMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
            List<SingleLogoutServiceElement> sPSLOServiceEndpoints = getSPSLOServiceEndpoints(str5, sPEntityID);
            List extensionsList = LogoutUtil.getExtensionsList(httpServletRequest.getParameterMap());
            SPSSOConfigElement sPSSOConfig = sm.getSPSSOConfig(str5, sPEntityID);
            SingleLogoutServiceElement mostAppropriateSLOServiceLocation = LogoutUtil.getMostAppropriateSLOServiceLocation(sPSLOServiceEndpoints, iDPSession.getOriginatingLogoutRequestBinding());
            if (mostAppropriateSLOServiceLocation != null) {
                StringBuffer doLogout = LogoutUtil.doLogout(str2, sPEntityID, extensionsList, mostAppropriateSLOServiceLocation, str, sessionIndex, next.getNameID(), httpServletRequest, httpServletResponse, hashMap, sPSSOConfig);
                String binding = mostAppropriateSLOServiceLocation.getBinding();
                if (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST)) {
                    String stringBuffer = doLogout.toString();
                    if (debug.messageEnabled()) {
                        debug.message("IDPSingleLogout.processLogoutRequest: requestIDStr = " + stringBuffer + "\nbinding = " + binding);
                    }
                    if (stringBuffer == null || stringBuffer.length() == 0) {
                        return true;
                    }
                    iDPSession.setPendingLogoutRequestID(stringBuffer);
                    return true;
                }
            }
        }
        return sendLastResponse(iDPSession, logoutResponse, httpServletRequest, httpServletResponse, printWriter, sessionIndex, session, str5, str3, str);
    }

    /* JADX WARN: Type inference failed for: r31v1, types: [java.lang.Throwable, com.sun.identity.plugin.session.SessionException] */
    /* JADX WARN: Type inference failed for: r33v1, types: [java.lang.Throwable, com.sun.identity.plugin.session.SessionException] */
    public static LogoutResponse processLogoutRequest(LogoutRequest logoutRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, String str2, String str3, String str4, boolean z) throws SAML2Exception {
        Status status = null;
        String value = logoutRequest.getIssuer().getValue();
        Object obj = null;
        String parameter = httpServletRequest.getParameter("isLBReq");
        boolean z2 = parameter == null || !parameter.equals("false");
        try {
            SAML2Utils.verifyRequestIssuer(str4, str3, logoutRequest.getIssuer(), logoutRequest.getID());
            List sessionIndex = logoutRequest.getSessionIndex();
            if (sessionIndex == null) {
                debug.error("IDPSingleLogout.processLogoutRequest: session index are null in logout request");
                status = SAML2Utils.generateStatus(SAML2Constants.REQUESTER, "");
            } else {
                int size = sessionIndex.size();
                Iterator it = sessionIndex.iterator();
                String str5 = it.hasNext() ? (String) it.next() : null;
                if (debug.messageEnabled()) {
                    debug.message("IDPLogoutUtil.processLogoutRequest: idpEntityID=" + str3 + ", sessionIndex=" + str5);
                }
                if (str5 == null) {
                    debug.error("IDPLogoutUtil.processLogoutRequest: No session index in logout request");
                    status = SAML2Utils.generateStatus(SAML2Constants.REQUESTER, "");
                } else {
                    String str6 = null;
                    if (z2) {
                        String substring = str5.substring(str5.length() - 2);
                        if (debug.messageEnabled()) {
                            debug.message("IDPSingleLogout.processLogoutRequest: sessionIndex=" + str5 + ", id=" + substring);
                        }
                        str6 = SAML2Utils.getRemoteServiceURL(substring);
                    }
                    IDPSession iDPSession = IDPCache.idpSessionsByIndices.get(str5);
                    if (iDPSession == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        IDPSessionCopy iDPSessionCopy = null;
                        try {
                            iDPSessionCopy = (IDPSessionCopy) SAML2FailoverUtils.retrieveSAML2Token(str5);
                        } catch (SAML2TokenRepositoryException e) {
                            debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from SAML2 Token Repository for sessionIndex:" + str5, e);
                        }
                        if (iDPSessionCopy != null) {
                            iDPSession = new IDPSession(iDPSessionCopy);
                        } else {
                            SAML2Utils.debug.error("IDPSessionCopy is NULL!!!");
                        }
                    }
                    if (iDPSession != null) {
                        if (!z && !LogoutUtil.verifySLORequest(logoutRequest, str4, logoutRequest.getIssuer().getValue(), str3, SAML2Constants.IDP_ROLE)) {
                            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                        }
                        obj = iDPSession.getSession();
                        List<String> list = SAML2MetaUtils.getAttributes(SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(str4, str3)).get(SAML2Constants.APP_LOGOUT_URL);
                        if (debug.messageEnabled()) {
                            debug.message("IDPLogoutUtil.processLogoutRequest: external app logout URL= " + list);
                        }
                        if (list != null && list.size() != 0) {
                            SAML2Utils.postToAppLogout(httpServletRequest, list.get(0), obj);
                        }
                        List<NameIDandSPpair> nameIDandSPpairs = iDPSession.getNameIDandSPpairs();
                        int size2 = nameIDandSPpairs.size();
                        if (debug.messageEnabled()) {
                            debug.message("IDPLogoutUtil.processLogoutRequest: NameIDandSPpair for " + str5 + " is " + nameIDandSPpairs + ", size=" + size2);
                        }
                        String value2 = logoutRequest.getIssuer().getValue();
                        int i = 0;
                        while (true) {
                            if (i >= size2) {
                                break;
                            }
                            NameIDandSPpair nameIDandSPpair = nameIDandSPpairs.get(i);
                            if (nameIDandSPpair.getSPEntityID().equals(value2)) {
                                nameIDandSPpairs.remove(i);
                                removeTransientNameIDFromCache(nameIDandSPpair.getNameID());
                                break;
                            }
                            i++;
                        }
                        boolean z3 = true;
                        if (CollectionUtils.isNotEmpty(iDPSession.getSessionPartners())) {
                            IDPCache.logoutRequestById.put(logoutRequest.getID(), logoutRequest);
                            z3 = false;
                        }
                        int size3 = nameIDandSPpairs.size();
                        if (size3 == 0) {
                            status = destroyTokenAndGenerateStatus(str5, iDPSession.getSession(), httpServletRequest, httpServletResponse, z3);
                            if (z3) {
                                IDPCache.idpSessionsByIndices.remove(str5);
                                if (agent != null && agent.isRunning() && saml2Svc != null) {
                                    saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                                }
                                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                                    try {
                                        SAML2FailoverUtils.deleteSAML2Token(str5);
                                    } catch (SAML2TokenRepositoryException e2) {
                                        debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from SAML2 Token Repository for sessionIndex:" + str5, e2);
                                    }
                                }
                                IDPCache.authnContextCache.remove(str5);
                            }
                        } else {
                            iDPSession.setOriginatingLogoutRequestBinding(str);
                            if (str.equals(SAML2Constants.HTTP_REDIRECT) || str.equals(SAML2Constants.HTTP_POST)) {
                                iDPSession.setOriginatingLogoutRequestID(logoutRequest.getID());
                                iDPSession.setOriginatingLogoutSPEntityID(logoutRequest.getIssuer().getValue());
                            }
                            int i2 = 0;
                            for (int i3 = 0; i3 < size3; i3++) {
                                NameIDandSPpair remove = nameIDandSPpairs.remove(0);
                                removeTransientNameIDFromCache(remove.getNameID());
                                String sPEntityID = remove.getSPEntityID();
                                if (debug.messageEnabled()) {
                                    debug.message("IDPSingleLogout.processLogoutRequest: SP for " + str5 + " is " + sPEntityID);
                                }
                                List<SingleLogoutServiceElement> sPSLOServiceEndpoints = getSPSLOServiceEndpoints(str4, sPEntityID);
                                SPSSOConfigElement sPSSOConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(str4, sPEntityID);
                                String metaAliasByUri = SAML2MetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
                                HashMap hashMap = new HashMap();
                                hashMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
                                SingleLogoutServiceElement mostAppropriateSLOServiceLocation = LogoutUtil.getMostAppropriateSLOServiceLocation(sPSLOServiceEndpoints, iDPSession.getOriginatingLogoutRequestBinding());
                                if (mostAppropriateSLOServiceLocation != null) {
                                    try {
                                        StringBuffer doLogout = LogoutUtil.doLogout(metaAliasByUri, sPEntityID, null, mostAppropriateSLOServiceLocation, str2, str5, remove.getNameID(), httpServletRequest, httpServletResponse, hashMap, sPSSOConfig);
                                        String binding = mostAppropriateSLOServiceLocation.getBinding();
                                        if (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST)) {
                                            String stringBuffer = doLogout.toString();
                                            if (stringBuffer == null || stringBuffer.length() == 0) {
                                                return null;
                                            }
                                            iDPSession.setPendingLogoutRequestID(stringBuffer);
                                            return null;
                                        }
                                    } catch (SAML2Exception e3) {
                                        if (!mostAppropriateSLOServiceLocation.getBinding().equals(SAML2Constants.SOAP)) {
                                            throw e3;
                                        }
                                        debug.error("IDPSingleLogout.initiateLogoutRequest:", e3);
                                        i2++;
                                    }
                                }
                            }
                            if (i2 == size3) {
                                throw new SAML2Exception(SAML2Utils.bundle.getString("sloFailed"));
                            }
                            if (i2 > 0) {
                                throw new SAML2Exception(SAML2Utils.bundle.getString("partialLogout"));
                            }
                            value = iDPSession.getOriginatingLogoutSPEntityID();
                            if (str.equals(SAML2Constants.HTTP_REDIRECT) || str.equals(SAML2Constants.HTTP_POST)) {
                                sendLastResponse(iDPSession, null, httpServletRequest, httpServletResponse, printWriter, str5, obj, str4, str3, str2);
                                return null;
                            }
                            status = destroyTokenAndGenerateStatus(str5, iDPSession.getSession(), httpServletRequest, httpServletResponse, true);
                            if (z3) {
                                IDPCache.idpSessionsByIndices.remove(str5);
                                if (agent != null && agent.isRunning() && saml2Svc != null) {
                                    saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                                }
                                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                                    try {
                                        SAML2FailoverUtils.deleteSAML2Token(str5);
                                    } catch (SAML2TokenRepositoryException e4) {
                                        debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from SAML2 Token Repository for sessionIndex:" + str5, e4);
                                    }
                                }
                                IDPCache.authnContextCache.remove(str5);
                            }
                        }
                    } else if (str6 != null) {
                        boolean z4 = false;
                        String str7 = str6 + SAML2Utils.removeDeployUri(httpServletRequest.getRequestURI());
                        String queryString = httpServletRequest.getQueryString();
                        LogoutResponse forwardToRemoteServer = LogoutUtil.forwardToRemoteServer(logoutRequest, queryString == null ? str7 + "?isLBReq=false" : str7 + QUESTION_MARK + queryString + "&isLBReq=false");
                        if (forwardToRemoteServer == null || isNameNotFound(forwardToRemoteServer)) {
                            z4 = true;
                        } else if (isSuccess(forwardToRemoteServer) && size > 0) {
                            sessionIndex = LogoutUtil.getSessionIndex(forwardToRemoteServer);
                            if (sessionIndex == null || sessionIndex.isEmpty()) {
                            }
                        }
                        status = (z4 || (sessionIndex != null && sessionIndex.size() > 0)) ? PARTIAL_LOGOUT_STATUS : SUCCESS_STATUS;
                    } else {
                        debug.error("IDPLogoutUtil.processLogoutRequest: IDP no longer has this session index " + str5);
                        status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("invalidSessionIndex"));
                    }
                }
            }
        } catch (SessionException e5) {
            debug.error("IDPSingleLogout.processLogoutRequest: unable to get meta for ", (Throwable) e5);
            status = SAML2Utils.generateStatus(str3, e5.toString());
        } catch (SAML2Exception e6) {
            e6.printStackTrace();
            SAML2Utils.debug.error("DB ERROR!!!");
        }
        boolean z5 = false;
        try {
            SessionProvider provider = SessionManager.getProvider();
            if (obj != null && provider.isValid(obj)) {
                if (MultiProtocolUtils.isMultipleProtocolSession(obj, "saml2")) {
                    z5 = true;
                }
            }
        } catch (SessionException e7) {
        }
        LogoutResponse generateResponse = LogoutUtil.generateResponse(status, logoutRequest.getID(), SAML2Utils.createIssuer(str3), str4, SAML2Constants.IDP_ROLE, null);
        if (!z5) {
            return generateResponse;
        }
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(obj);
            String principalName = SessionManager.getProvider().getPrincipalName(obj);
            boolean equals = str.equals(SAML2Constants.SOAP);
            generateResponse.setDestination(XMLUtils.escapeSpecialCharacters(getResponseLocation(getLogoutResponseEndpoint(str4, value, str))));
            debug.message("IDPSingleLogout.processLogReq : call MP");
            int doIDPSingleLogout = SingleLogoutManager.getInstance().doIDPSingleLogout(hashSet, principalName, httpServletRequest, httpServletResponse, equals, false, "saml2", str4, str3, value, str2, logoutRequest.toXMLString(true, true), generateResponse.toXMLString(true, true), 0);
            if (doIDPSingleLogout != 3) {
                return updateLogoutResponse(generateResponse, doIDPSingleLogout);
            }
            return null;
        } catch (SessionException e8) {
            debug.error("IDPSingleLogout.ProcessLogoutRequest: SP initiated SOAP logout", (Throwable) e8);
            throw new SAML2Exception(e8.getMessage());
        } catch (Exception e9) {
            debug.error("IDPSingleLogout.ProcessLogoutRequest: SP initiated SOAP logout (MP)", e9);
            throw new SAML2Exception(e9.getMessage());
        }
    }

    private static LogoutResponse updateLogoutResponse(LogoutResponse logoutResponse, int i) throws SAML2Exception {
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.updateLogoutResponse: response=" + logoutResponse.toXMLString() + "\nstatus = " + i);
        }
        if (i == 0) {
            return logoutResponse;
        }
        StatusCode statusCode = logoutResponse.getStatus().getStatusCode();
        if (statusCode.getValue().equals(SAML2Constants.SUCCESS)) {
            statusCode.setValue(SAML2Constants.RESPONDER);
        }
        return logoutResponse;
    }

    private static Status destroyTokenAndGenerateStatus(String str, Object obj, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws SAML2Exception {
        Status generateStatus;
        if (obj != null) {
            if (z) {
                try {
                    MultiProtocolUtils.invalidateSession(obj, httpServletRequest, httpServletResponse, "saml2");
                } catch (Exception e) {
                    debug.error("IDPLogoutUtil.destroyTAGR: ", e);
                    generateStatus = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, "");
                }
            }
            if (debug.messageEnabled()) {
                debug.message("IDPLogoutUtil.destroyTAGR: Local session destroyed.");
            }
            generateStatus = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, "");
        } else {
            if (debug.messageEnabled()) {
                debug.message("IDPLogoutUtil.destroyTAGR: No such session with index " + str + " exists.");
            }
            generateStatus = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, "");
        }
        return generateStatus;
    }

    private static void destroyAllTokenForUser(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Enumeration<String> keys = IDPCache.idpSessionsByIndices.keys();
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.destroyAllTokenForUser: User to logoutAll : " + str);
        }
        while (keys.hasMoreElements()) {
            String nextElement = keys.nextElement();
            IDPSession iDPSession = IDPCache.idpSessionsByIndices.get(nextElement);
            if (iDPSession != null) {
                Object session = iDPSession.getSession();
                if (session != null) {
                    try {
                        if (str.equalsIgnoreCase(sessionProvider.getPrincipalName(session))) {
                            MultiProtocolUtils.invalidateSession(session, httpServletRequest, httpServletResponse, "saml2");
                            IDPCache.idpSessionsByIndices.remove(nextElement);
                            IDPCache.authnContextCache.remove(nextElement);
                            if (agent != null && agent.isRunning() && saml2Svc != null) {
                                saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                            }
                        }
                    } catch (SessionException e) {
                        debug.error(SAML2Utils.bundle.getString("invalidSSOToken"), e);
                    }
                }
            } else {
                IDPCache.idpSessionsByIndices.remove(nextElement);
                if (agent != null && agent.isRunning() && saml2Svc != null) {
                    saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                }
                try {
                    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        SAML2FailoverUtils.deleteSAML2Token(nextElement);
                    }
                } catch (SAML2TokenRepositoryException e2) {
                    debug.error("IDPSingleLogout.destroyAllTokenForUser: Error while deleting token from SAML2 Token Repository for idpSessionIndex:" + nextElement, e2);
                }
                IDPCache.authnContextCache.remove(nextElement);
            }
        }
    }

    static boolean isSuccess(LogoutResponse logoutResponse) {
        return logoutResponse.getStatus().getStatusCode().getValue().equals(SAML2Constants.SUCCESS);
    }

    static boolean isNameNotFound(LogoutResponse logoutResponse) {
        Status status = logoutResponse.getStatus();
        String statusMessage = status.getStatusMessage();
        return status.getStatusCode().getValue().equals(SAML2Constants.RESPONDER) && statusMessage != null && statusMessage.equals(SAML2Utils.bundle.getString("invalid_name_identifier"));
    }

    private static void removeTransientNameIDFromCache(NameID nameID) {
        if (nameID != null && SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameID.getFormat())) {
            String value = nameID.getValue();
            if (IDPCache.userIDByTransientNameIDValue.containsKey(value)) {
                IDPCache.userIDByTransientNameIDValue.remove(value);
            }
        }
    }

    private static boolean isMisroutedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, Object obj) throws SAML2Exception, SessionException {
        String sessionIndex = IDPSSOUtil.getSessionIndex(obj);
        if (sessionIndex == null) {
            if (debug.messageEnabled()) {
                debug.message("IDPSingleLogout.isMisroutedRequest : No SP session participant(s)");
            }
            MultiProtocolUtils.invalidateSession(obj, httpServletRequest, httpServletResponse, "saml2");
            return true;
        }
        String substring = sessionIndex.substring(sessionIndex.length() - 2);
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.isMisroutedRequest : idpSessionIndex=" + sessionIndex + ", id=" + substring);
        }
        if (substring.equals(SAML2Utils.getLocalServerID())) {
            return false;
        }
        if (debug.warningEnabled()) {
            debug.warning("IDPSingleLogout.isMisroutedRequest : SLO request is mis-routed, we are " + SAML2Utils.getLocalServerID() + " and request is owned by " + substring);
        }
        String str = SAML2Utils.getRemoteServiceURL(substring) + SAML2Utils.removeDeployUri(httpServletRequest.getRequestURI());
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            str = str + QUESTION_MARK + queryString;
        }
        HashMap sendRequestToOrigServer = SAML2Utils.sendRequestToOrigServer(httpServletRequest, httpServletResponse, str);
        String str2 = null;
        String str3 = null;
        if (sendRequestToOrigServer != null && !sendRequestToOrigServer.isEmpty()) {
            str2 = (String) sendRequestToOrigServer.get(SAML2Constants.AM_REDIRECT_URL);
            str3 = (String) sendRequestToOrigServer.get(SAML2Constants.OUTPUT_DATA);
        }
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.isMisroutedRequest : redirect_url : " + str2);
            debug.message("IDPSingleLogout.isMisroutedRequest : output_data : " + str3);
        }
        if (str2 != null && !str2.equals("")) {
            if (debug.messageEnabled()) {
                debug.message("IDPSingleLogout.isMisroutedRequest : Redirecting the response, redirect actioned by the JSP");
            }
            try {
                httpServletResponse.sendRedirect(str2);
                return true;
            } catch (IOException e) {
                debug.error("IDPSingleLogout.isMisroutedRequest : Error when redirecting", e);
                return true;
            }
        }
        if (str3 == null || str3.equals("")) {
            return false;
        }
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.isMisroutedRequest : Printing the forwarded response");
        }
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        printWriter.println(str3);
        return true;
    }

    private static void sendAlreadyLogedOutResp(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, LogoutRequest logoutRequest, String str, String str2, String str3, String str4, String str5) throws SAML2Exception {
        debug.message("IDPSingleLogout.sendAlreadyLogedOutRespNo session in the IdP. We are already logged out. Generating success logout");
        LogoutResponse generateResponse = LogoutUtil.generateResponse(ALREADY_LOGGEDOUT, logoutRequest.getID(), SAML2Utils.createIssuer(str3), str2, SAML2Constants.IDP_ROLE, logoutRequest.getIssuer().getSPProvidedID());
        SingleLogoutServiceElement logoutResponseEndpoint = getLogoutResponseEndpoint(str2, str4, str5);
        String binding = logoutResponseEndpoint.getBinding();
        String responseLocation = getResponseLocation(logoutResponseEndpoint);
        debug.message("IDPSingleLogout.sendAlreadyLogedOutRespLocation found: " + responseLocation + " for binding " + binding);
        generateResponse.setDestination(XMLUtils.escapeSpecialCharacters(responseLocation));
        LogoutUtil.sendSLOResponse(httpServletResponse, httpServletRequest, generateResponse, responseLocation, str, str2, str3, SAML2Constants.IDP_ROLE, str4, binding);
    }

    private static boolean sendLastResponse(IDPSession iDPSession, LogoutResponse logoutResponse, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, Object obj, String str2, String str3, String str4) throws SAML2Exception, SessionException {
        String originatingLogoutRequestBinding = iDPSession.getOriginatingLogoutRequestBinding();
        String originatingLogoutRequestID = iDPSession.getOriginatingLogoutRequestID();
        String originatingLogoutSPEntityID = iDPSession.getOriginatingLogoutSPEntityID();
        List sessionPartners = IDPProxyUtil.getSessionPartners(httpServletRequest);
        if (CollectionUtils.isNotEmpty(sessionPartners)) {
            IDPProxyUtil.sendProxyLogoutRequest(httpServletRequest, httpServletResponse, printWriter, (LogoutRequest) IDPCache.logoutRequestById.remove(originatingLogoutRequestID), sessionPartners, originatingLogoutRequestBinding, str4);
            return false;
        }
        if (originatingLogoutRequestID == null) {
            if (iDPSession.getLogoutAll()) {
                destroyAllTokenForUser(sessionProvider.getPrincipalName(iDPSession.getSession()), httpServletRequest, httpServletResponse);
            } else {
                IDPCache.idpSessionsByIndices.remove(str);
                if (agent != null && agent.isRunning() && saml2Svc != null) {
                    saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                }
                try {
                    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        SAML2FailoverUtils.deleteSAML2Token(str);
                    }
                } catch (SAML2TokenRepositoryException e) {
                    debug.error("IDPSingleLogout.sendLastResponse: Error while deleting token from SAML2 Token Repository for idpSessionIndex:" + str, e);
                }
                IDPCache.authnContextCache.remove(str);
                if (MultiProtocolUtils.isMultipleProtocolSession(iDPSession.getSession(), "saml2")) {
                    MultiProtocolUtils.removeFederationProtocol(iDPSession.getSession(), "saml2");
                    SingleLogoutManager singleLogoutManager = SingleLogoutManager.getInstance();
                    HashSet hashSet = new HashSet(1);
                    hashSet.add(obj);
                    String principalName = SessionManager.getProvider().getPrincipalName(obj);
                    debug.message("IDPSingleLogout.sendLastResponse: MP/Http");
                    try {
                        if (singleLogoutManager.doIDPSingleLogout(hashSet, principalName, httpServletRequest, httpServletResponse, false, true, "saml2", str2, str3, originatingLogoutSPEntityID, str4, null, null, getLogoutStatus(logoutResponse)) == 3) {
                            return true;
                        }
                    } catch (SAML2Exception e2) {
                        throw e2;
                    } catch (Exception e3) {
                        debug.error("IDPSIngleLogout.sendLastResponse: MP/IDP initiated HTTP", e3);
                        throw new SAML2Exception(e3.getMessage());
                    }
                } else {
                    sessionProvider.invalidateSession(iDPSession.getSession(), httpServletRequest, httpServletResponse);
                }
            }
            debug.message("IDP initiated SLO Success");
            return false;
        }
        List<SingleLogoutServiceElement> sPSLOServiceEndpoints = getSPSLOServiceEndpoints(str2, originatingLogoutSPEntityID);
        String sLOResponseServiceLocation = LogoutUtil.getSLOResponseServiceLocation(sPSLOServiceEndpoints, originatingLogoutRequestBinding);
        if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.isEmpty()) {
            sLOResponseServiceLocation = LogoutUtil.getSLOServiceLocation(sPSLOServiceEndpoints, originatingLogoutRequestBinding);
            if (sLOResponseServiceLocation == null || sLOResponseServiceLocation.length() == 0) {
                debug.error("Unable to find the IDP's single logout response service with the HTTP-Redirect binding");
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
            }
            if (debug.messageEnabled()) {
                debug.message("SP's single logout response service location = " + sLOResponseServiceLocation);
            }
        } else if (debug.messageEnabled()) {
            debug.message("IDP's single logout response service location = " + sLOResponseServiceLocation);
        }
        LogoutResponse generateResponse = LogoutUtil.generateResponse(destroyTokenAndGenerateStatus(str, iDPSession.getSession(), httpServletRequest, httpServletResponse, true), originatingLogoutRequestID, SAML2Utils.createIssuer(str3), str2, SAML2Constants.IDP_ROLE, null);
        if (generateResponse == null) {
            IDPCache.idpSessionsByIndices.remove(str);
            if (agent != null && agent.isRunning() && saml2Svc != null) {
                saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
            }
            try {
                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                    SAML2FailoverUtils.deleteSAML2Token(str);
                }
            } catch (SAML2TokenRepositoryException e4) {
                debug.error("IDPSingleLogout.sendLastResponse: Error while deleting token from SAML2 Token Repository for idpSessionIndex:" + str, e4);
            }
            IDPCache.authnContextCache.remove(str);
            return false;
        }
        generateResponse.setDestination(XMLUtils.escapeSpecialCharacters(sLOResponseServiceLocation));
        IDPCache.idpSessionsByIndices.remove(str);
        if (agent != null && agent.isRunning() && saml2Svc != null) {
            saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
        }
        try {
            if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                SAML2FailoverUtils.deleteSAML2Token(str);
            }
        } catch (SAML2TokenRepositoryException e5) {
            debug.error("IDPSingleLogout.sendLastResponse: Error while deleting token from SAML2 Token Repository for idpSessionIndex:" + str, e5);
        }
        IDPCache.authnContextCache.remove(str);
        boolean z = false;
        int i = 0;
        try {
            SessionProvider provider = SessionManager.getProvider();
            Object session = iDPSession.getSession();
            if (session != null && provider.isValid(session) && MultiProtocolUtils.isMultipleProtocolSession(session, "saml2")) {
                z = true;
                SingleLogoutManager singleLogoutManager2 = SingleLogoutManager.getInstance();
                HashSet hashSet2 = new HashSet();
                hashSet2.add(session);
                String principalName2 = provider.getPrincipalName(session);
                debug.message("IDPSingleLogout.sendLastResponse: MP/Http");
                i = singleLogoutManager2.doIDPSingleLogout(hashSet2, principalName2, httpServletRequest, httpServletResponse, false, true, "saml2", str2, str3, originatingLogoutSPEntityID, str4, null, generateResponse.toXMLString(), getLogoutStatus(generateResponse));
            }
        } catch (SessionException e6) {
            debug.message("IDPSingleLogout.sendLastResponse: session", e6);
        } catch (Exception e7) {
            debug.message("IDPSingleLogout.sendLastResponse: MP2", e7);
            i = 2;
        }
        if (z && i == 3) {
            return false;
        }
        LogoutUtil.sendSLOResponse(httpServletResponse, httpServletRequest, updateLogoutResponse(generateResponse, i), sLOResponseServiceLocation, str4, str2, str3, SAML2Constants.IDP_ROLE, originatingLogoutSPEntityID, originatingLogoutRequestBinding);
        return true;
    }

    public static List<SingleLogoutServiceElement> getSPSLOServiceEndpoints(String str, String str2) throws SAML2Exception {
        SPSSODescriptorElement sPSSODescriptor = sm.getSPSSODescriptor(str, str2);
        if (sPSSODescriptor != null) {
            return sPSSODescriptor.getSingleLogoutService();
        }
        LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str2}, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }

    static {
        sm = null;
        sessionProvider = null;
        try {
            sm = new SAML2MetaManager();
        } catch (SAML2MetaException e) {
            debug.error("Error retreiving metadata", e);
        }
        try {
            sessionProvider = SessionManager.getProvider();
        } catch (SessionException e2) {
            debug.error("Error retreiving session provider.", e2);
        }
        agent = MonitorManager.getAgent();
        saml2Svc = MonitorManager.getSAML2Svc();
    }
}
